[ovs-discuss] why ct_snat in gateway router without recirc_table

Guru Shetty guru at ovn.org
Wed Nov 1 15:59:33 UTC 2017


On 1 November 2017 at 03:05, Wei Li <liw at dtdream.com> wrote:

> Hello everyone
>
> In https://github.com/openvswitch/ovs/blob/master/ovn/lib/
> actions.c?utf8=%E2%9C%93#L833
>
> } else if (snat && ep->is_gateway_router) {
>         /* For performance reasons, we try to prevent additional
>          * recirculations.  ct_snat which is used in a gateway router
>          * does not need a recirculation.  ct_snat(IP) does need a
>          * recirculation.  ct_snat in a distributed router needs
>          * recirculation regardless of whether an IP address is
>          * specified.
>          * XXX Should we consider a method to let the actions specify
>          * whether an action needs recirculation if there are more use
>          * cases?. */
>         ct->recirc_table = NX_CT_RECIRC_NONE;
>     }
>
> but in https://github.com/openvswitch/ovs/blob/master/ovn/northd/
> ovn-northd.8.xml?utf8=%E2%9C%93#L1390
>
>         <p>
>           If the Gateway router has been configured to force SNAT any
>           previously DNATted packets to <var>B</var>, a priority-110 flow
>           matches <code>ip &amp;&amp; ip4.dst == <var>B</var></code> with
>           an action <code>ct_snat; next;</code>.
>         </p>
>
>
> Action "ct_snat" already include "resubmit next table", why delete it and
> add a "next" action?
>
> What is the difference between "ct_snat without recirc_table and next" and
> "ct_snat with recirc_table"?
>

A single recirculation means that the first packet of a flow would need to
go to the userspace (ovs-vswitchd) twice. You add more recirculations, and
the penalty linearly increases. This makes it expensive. In a gateway
router, we want to avoid the number of recirculations to prevent
unnecessary penalty.


>
>
> Thanks in advance
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20171101/e5a2dce0/attachment.html>


More information about the discuss mailing list