Added support in the kernel for fullcone 3-tuple unique nat. #100
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
will this get into linux kernel main stream? |
This was referenced Sep 20, 2019
marian-pritsak
previously approved these changes
Oct 28, 2019
AkhileshSamineni
added a commit
to AkhileshSamineni/sonic-swss
that referenced
this pull request
Nov 11, 2019
- Added natsyncd and warmboot related changes. Link to NAT HLD : https://github.com/Azure/SONiC/blob/master/doc/nat/nat_design_spec.md Depends on: sonic-swss : sonic-swss-common : sonic-net/sonic-swss-common#304 sonic-linux-kernel : sonic-net/sonic-linux-kernel#100 sonic-sairedis : sonic-net/sonic-sairedis#519
kirankella
force-pushed
the
nat_changes_in_sonic
branch
from
56bb27f
to
2c12741
Compare
arlakshm
previously approved these changes
Nov 12, 2019
|
retest this please |
stepanblyschak
previously approved these changes
Dec 2, 2019
AkhileshSamineni
added a commit
to AkhileshSamineni/sonic-swss
that referenced
this pull request
Dec 10, 2019
- Added natsyncd and warmboot related changes. Link to NAT HLD : https://github.com/Azure/SONiC/blob/master/doc/nat/nat_design_spec.md Depends on: sonic-swss : sonic-swss-common : sonic-net/sonic-swss-common#304 sonic-linux-kernel : sonic-net/sonic-linux-kernel#100 sonic-sairedis : sonic-net/sonic-sairedis#519
|
@AkhileshSamineni, @kirankella, |
kirankella
dismissed stale reviews from stepanblyschak, arlakshm, and marian-pritsak
via
f976c3d
Signed-off-by: kiran.kella@broadcom.com
kirankella
force-pushed
the
nat_changes_in_sonic
branch
from
f976c3d
to
918e6e7
Compare
arlakshm
approved these changes
Jan 17, 2020
stepanblyschak
approved these changes
Jan 17, 2020
paulmenzel
added a commit
to paulmenzel/sonic-linux-kernel
that referenced
this pull request
Nov 6, 2020
Copy the description (including Signed-off-by line) of merge/pull request sonic-net#100 (Added support in the kernel for fullcone 3-tuple unique nat.) [1]. [1]: sonic-net#100
paulmenzel
added a commit
to paulmenzel/sonic-linux-kernel
that referenced
this pull request
Nov 6, 2020
Copy the description (including Signed-off-by line) of merge/pull request sonic-net#100 (Added support in the kernel for fullcone 3-tuple unique nat.) [1]. [1]: sonic-net#100
Kalimuthu-Velappan
pushed a commit
to Kalimuthu-Velappan/sonic-linux-kernel
that referenced
this pull request
Dec 10, 2020
Copy the description (including Signed-off-by line) of merge/pull request sonic-net#100 (Added support in the kernel for fullcone 3-tuple unique nat.) [1]. [1]: sonic-net#100
paulmenzel
added a commit
to paulmenzel/sonic-linux-kernel
that referenced
this pull request
Jan 18, 2021
Copy the description (including Signed-off-by line) of merge/pull request sonic-net#100 (Added support in the kernel for fullcone 3-tuple unique nat.) [1]. [1]: sonic-net#100
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes done in the kernel to ensure 3-tuple uniqueness of the conntrack entries for the fullcone nat functionality.
Hashlist is maintained for the 3-tuple unique keys (Protocol/Source IP/Port) for all the conntrack entries.
When NAT table rules are created with the fullcone option, the SNAT/POSTROUTING stage ensures the ports from the pool are picked up in such a way that the 3-tuple is uniquely assigned.
In the DNAT/POSTROUTING stage, the fullcone behavior is ensured by checking and reusing the 3-tuple for the Source IP/Port in the original direction.
When the pool is exhausted of the 3-tuple assignments, the packets are dropped, else, they will be going out of the router they being 5-tuple unique (which is not intended).
Passing fullcone option using iptables is part of another PR (in sonic-buildimage repo).
The kernel changes mentioned above are done to counter the challenges explained in the section "3.4.2.1 Handling NAT model mismatch between the ASIC and the Kernel" in the NAT HLD.
Link to NAT HLD:
https://github.com/kirankella/SONiC/blob/nat_doc_changes/doc/nat/nat_design_spec.md
Signed-off-by: kiran.kella@broadcom.com