noironetworks / opflex / 2212 / 1

79%

master: 68%

push

travis-ci-com

<a href="https://github.com/noironetworks/opflex/commit/<a class=hub.com/noironetworks/opflex/commit/6db40dc6ae34892786f98c6e123655d03daf316f">6db40dc6a<a href="https://github.com/noironetworks/opflex/commit/6db40dc6ae34892786f98c6e123655d03daf316f">&quot;&gt;Fix nat rules priority across all routed prefixes. (#382)

This is a rework of
https://github.com/noironetworks/opflex/commit/</a><a class="double-link" href="https://github.com/noironetworks/opflex/commit/<a class="double-link" href="https://github.com/noironetworks/opflex/commit/aee03cc208f2733cae3a35478db6d36570baade7">aee03cc20</a>">aee03cc20</a><a href="https://github.com/noironetworks/opflex/commit/6db40dc6ae34892786f98c6e123655d03daf316f">

By giving nat flows +1 prio, does not fully solve the problem.
we can have another routed prefix that would fall at the same
priority as the nat one and if the subnets are overlapping the
packets would take the non nat path.

In bosch they had
nw_dst=10.128.0.0/9 non-nat
nw_dst=10.0.0.0/9 non-nat
nw_dst=10.0.0.0/8 nat

with current code this would result in all the 3 flows to use prio=159 which
makes it non deterministic and back to the original problem we had.
I took this approach initially because we did not have a big enough hole
for all the priorities esp for v6.

But since it does not work the fix considered 2 designs
- assign nat priorities dynamically based on subnet/prefix of existing
  routed flows.
- move ext subnet routed prio down from 150 to 40 to create a window
  big enough to satisfy v6.

The first approach needs tracking subnet/prefix and dynamically
computing overlapping nat subnet/prefix prio based on that. however
as far as total priorities we might need in worst case goes its same
as the second approach.

Signed-off-by: Madhu Challa <challa@gmail.com>

22316 of 28266 relevant lines covered (78.95%)

3579.95 hits per line