Skip to content

Update NAT conntrack entries from natmgr instead of natorch#1274

Merged
arlakshm merged 4 commits intosonic-net:masterfrom
AkhileshSamineni:update_conntrack_entries
Jul 8, 2020
Merged

Update NAT conntrack entries from natmgr instead of natorch#1274
arlakshm merged 4 commits intosonic-net:masterfrom
AkhileshSamineni:update_conntrack_entries

Conversation

@AkhileshSamineni
Copy link
Contributor

@AkhileshSamineni AkhileshSamineni commented Apr 27, 2020
edited
Loading

Approach:

  1. All NAT conntrack entries would be updated with large timeout (432000) value initially (when entry is created) by sending notifcation from NatSync to NatMgr.
  2. All NAT conntrack enrries would be updated with Zero timeout value (when entry is deleted) be sending notification from OA to NatMgr.
  3. Added a 1 day timer in NatMgr to reset the timeout for all conntrack entries to large time (43200) value.
  4. NatOrch caches the time in secs whenever the entry is active, and compares it with specific timeout for every 30 secs when entry is not active.

Code changes:

NatSync:

  1. Added a new timeout notification producer to send notifications to NatMgr.
  2. Send a notification (whenever a new entry to created) to NatMgr to set 43200 time for that conntrack entry.

NatMgr:

  1. While creating conntrack for Static entries, sets the timeout to max value (432000).
  2. Added a new Refresh Timer for 1 day to set the timeout for all Static conntrack entries to max value (432000).
  3. Added a new flush notification consumer for command “sonic-clear nat translations” and handling “Flushing all conntrack entries and added all existing Static conntrack entries” (This is moved from OA code).
  4. Added an another new timeout notification consumer to handle timeout notifications from NatSync and NatOrch.
  5. Setting the timeout for conntrack entries as per received notifications based on entry’s Key.

NatOrch:

  1. Added a new variable for every entry, it caches the current time whenever entry becomes Active.
  2. If entry is not Active, compares the cached time with current time and if it greater than global timeout, sends a age-out (0 timeout) notification to delete the conntrack entry.
  3. Added a new timeout notification producer to send notification whenever an entry needs to be deleted.
  4. Added a new Refresh Timer for 1 day to send SET (432000) timeout notifications to NatMgr for all dynamic entries.

Depends on:
sonic-net/sonic-utilities#892
sonic-net/sonic-buildimage#4596

Signed-off-by: Akhilesh Samineni akhilesh.samineni@broadcom.com

@AkhileshSamineni
Update NAT conntrack entries from natmgr instead of natorch
b8cd4e6 
 Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
@AkhileshSamineni AkhileshSamineni mentioned this pull request Apr 28, 2020
Merged
@lguohan
Copy link
Contributor

lguohan commented Apr 29, 2020

need vs test for this feature.

@AkhileshSamineni
Copy link
Contributor Author

AkhileshSamineni commented Apr 30, 2020

need vs test for this feature.
@lguohan No new functionality added here, this PR is to address review comment ( #1125 (comment))

@AkhileshSamineni AkhileshSamineni mentioned this pull request May 7, 2020
Closed
@AkhileshSamineni AkhileshSamineni mentioned this pull request May 14, 2020
Merged
arlakshm
arlakshm reviewed May 28, 2020
View reviewed changes
@arlakshm
Copy link
Contributor

arlakshm commented May 28, 2020

need vs test for this feature.
@lguohan No new functionality added here, this PR is to address review comment ( #1125 (comment))
@AkhileshSamineni I think we still need to add a unit test to the new logic to update the conntrack timeouts

arlakshm
arlakshm reviewed May 28, 2020
View reviewed changes
orchagent/natorch.cpp
SWSS_LOG_ERROR("Update %s NAT entry [ip %s]", natIter->second.nat_type.c_str(), natIter->first.to_string().c_str());
std::vector<FieldValueTuple> fvVector;
std::string key = natIter->first.to_string();
setTimeoutNotifier->send("SET-SINGLE-NAT", key, fvVector);
Copy link
Contributor

@arlakshm arlakshm May 28, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the Timeout value is set to max for active entries in queryhitBits(), why do we need to update the timeout here again

Copy link
Contributor Author

@AkhileshSamineni AkhileshSamineni Jun 8, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The timeout is set to max value (432000) when entries got added in NatMgr code, in queryhitBits() we are deleting the entries which are not active. Here in this section of code (funtion updateAllConntrackEntries() ) called for every 86400 secs (1 day) to set all dynamic active entries conntrack timeout to Max value (432000).

@AkhileshSamineni
Reverted the copp json file changes as to addressing this issue in d…
c058e1a 
…ifferent PR.

 Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
@AkhileshSamineni
New testcase to verify the conntrack entries timeout
a66b4be 
 Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
@AkhileshSamineni
Copy link
Contributor Author

AkhileshSamineni commented Jun 8, 2020

need vs test for this feature.
@lguohan No new functionality added here, this PR is to address review comment ( #1125 (comment))
@AkhileshSamineni I think we still need to add a unit test to the new logic to update the conntrack timeouts

@arlakshm Added a new test case to verify the conntrack entries timeout value.

@AkhileshSamineni
Copy link
Contributor Author

AkhileshSamineni commented Jun 9, 2020

Retest this please.

arlakshm
arlakshm approved these changes Jul 8, 2020
View reviewed changes
Copy link
Contributor

@arlakshm arlakshm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@arlakshm arlakshm merged commit 5ddea37 into sonic-net:master Jul 8, 2020
@abdosi
Copy link
Contributor

abdosi commented Aug 9, 2020

@AkhileshSamineni Please create PR for 201911. Cherry-pick has conflict

@arlakshm @rlhui

EdenGri pushed a commit to EdenGri/sonic-swss that referenced this pull request Feb 28, 2022
@Blueve
[consutil][test] Add unit tests for consutil clear command (sonic-net…
6fabbed 
…#1274)

* [consutil] Add UT for consutil clear command
* Fix test cases

Signed-off-by: Jing Kan jika@microsoft.com
Janetxxx pushed a commit to Janetxxx/sonic-swss that referenced this pull request Nov 10, 2025
@AkhileshSamineni
[NAT]: Update NAT conntrack entries from natmgr instead of natorch (s…
904d1c2 
…onic-net#1274)

* Update NAT conntrack entries from natmgr instead of natorch

 Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arlakshm arlakshm arlakshm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@AkhileshSamineni @lguohan @arlakshm @abdosi