From 90419f2d07d6eb01cfa904d82bf192ecf8e78145 Mon Sep 17 00:00:00 2001 From: Quan Tian Date: Mon, 6 Jun 2022 12:01:54 +0800 Subject: [PATCH] Reduce dataplane overhead caused by ct action (#3858) To support performing both SNAT and DNAT for traffic, Antrea uses two CT zones for SNAT and DNAT separately. For each packet, multiple CT actions are executed to go through the zones. And because SNAT is performed after DNAT, reply traffic wouldn't be unNATed correctly if they go through the zones in the same order as request traffic, an extra CT action for unSNAT was added before DNAT to resolve it. These CT actions introduce measurable overhead to the dataplane. Since the first unSNAT action is for reply traffic of SNATed connections only, and there are only few cases needing SNAT, this patch adds conditions to the unSNAT flow to make irrelevant traffic bypass it. With less CT action and less recirculation caused by it, the dataplane performance is significantly increased. TCP_RR and TCP_CRR improvement in a kind cluster is as below: ``` Test old TPS new TPS delta TCP_RR 14568.69 17826.26 +22.36% TCP_CRR 2781.7 3498.12 +25.75% ``` Signed-off-by: Quan Tian --- pkg/agent/openflow/framework.go | 4 +- pkg/agent/openflow/pipeline.go | 63 +++++++++++++++---------- pkg/agent/openflow/pipeline_test.go | 12 ++--- test/integration/agent/openflow_test.go | 48 ++++++++++--------- 4 files changed, 71 insertions(+), 56 deletions(-) diff --git a/pkg/agent/openflow/framework.go b/pkg/agent/openflow/framework.go index 8007bc97642..08c92b4be56 100644 --- a/pkg/agent/openflow/framework.go +++ b/pkg/agent/openflow/framework.go @@ -219,14 +219,14 @@ func (f *featureService) getRequiredTables() []*Table { return []*Table{DNATTable} } tables := []*Table{ - SNATConntrackTable, + UnSNATTable, PreRoutingClassifierTable, SessionAffinityTable, ServiceLBTable, EndpointDNATTable, L3ForwardingTable, ServiceMarkTable, - SNATConntrackCommitTable, + SNATTable, ConntrackCommitTable, L2ForwardingOutTable, } diff --git a/pkg/agent/openflow/pipeline.go b/pkg/agent/openflow/pipeline.go index 88fd010bd42..da5031f01d4 100644 --- a/pkg/agent/openflow/pipeline.go +++ b/pkg/agent/openflow/pipeline.go @@ -73,7 +73,7 @@ var ( // * If you want to add a table called `FooTable` just after `ConntrackStateTable` in pipelineARP, then the // table should be declared after `ConntrackStateTable`: // ```go - // SNATConntrackTable = newTable("SNATConntrackZone", stageConntrackState, pipelineIP) + // UnSNATTable = newTable("UnSNAT", stageConntrackState, pipelineIP) // ConntrackTable = newTable("ConntrackZone", stageConntrackState, pipelineIP) // ConntrackStateTable = newTable("ConntrackState", stageConntrackState, pipelineIP) // FooTable = newTable("Foo", stageConntrackState, pipelineIP) @@ -129,7 +129,7 @@ var ( PipelineIPClassifierTable = newTable("PipelineIPClassifier", stageValidation, pipelineIP) // Tables in stageConntrackState: - SNATConntrackTable = newTable("SNATConntrackZone", stageConntrackState, pipelineIP) + UnSNATTable = newTable("UnSNAT", stageConntrackState, pipelineIP) ConntrackTable = newTable("ConntrackZone", stageConntrackState, pipelineIP) ConntrackStateTable = newTable("ConntrackState", stageConntrackState, pipelineIP) @@ -155,8 +155,8 @@ var ( L3DecTTLTable = newTable("L3DecTTL", stageRouting, pipelineIP) // Tables in stagePostRouting: - ServiceMarkTable = newTable("ServiceMark", stagePostRouting, pipelineIP) - SNATConntrackCommitTable = newTable("SNATConntrackCommit", stagePostRouting, pipelineIP) + ServiceMarkTable = newTable("ServiceMark", stagePostRouting, pipelineIP) + SNATTable = newTable("SNAT", stagePostRouting, pipelineIP) // Tables in stageSwitching: L2ForwardingCalcTable = newTable("L2ForwardingCalc", stageSwitching, pipelineIP) @@ -722,17 +722,11 @@ func (f *featureService) snatConntrackFlows() []binding.Flow { cookieID := f.cookieAllocator.Request(f.category).Raw() var flows []binding.Flow for _, ipProtocol := range f.ipProtocols { + gatewayIP, _ := f.gatewayIPs[ipProtocol] + // virtualIP is used as SNAT IP when a request's source IP is gateway IP and we need to forward it back to + // gateway interface to avoid asymmetry path. + virtualIP, _ := f.virtualIPs[ipProtocol] flows = append(flows, - // This generates the flow to transform destination IP of reply packets from tracked SNATed Service connection - // committed in SNAT CT zone. - SNATConntrackTable.ofTable.BuildFlow(priorityNormal). - Cookie(cookieID). - MatchProtocol(ipProtocol). - Action().CT(false, SNATConntrackTable.GetNext(), f.snatCtZones[ipProtocol], nil). - NAT(). - CTDone(). - Done(), - // SNAT should be performed for the following connections: // - Hairpin Service connection initiated through a local Pod, and SNAT should be performed with the Antrea // gateway IP. @@ -749,46 +743,65 @@ func (f *featureService) snatConntrackFlows() []binding.Flow { // This generates the flow to match the first packet of hairpin Service connection initiated through the Antrea // gateway with ConnSNATCTMark and HairpinCTMark, then perform SNAT in SNAT CT zone with a virtual IP. - SNATConntrackCommitTable.ofTable.BuildFlow(priorityNormal). + SNATTable.ofTable.BuildFlow(priorityNormal). Cookie(cookieID). MatchProtocol(ipProtocol). MatchCTStateNew(true). MatchCTStateTrk(true). MatchRegMark(FromGatewayRegMark). MatchCTMark(HairpinCTMark). - Action().CT(true, SNATConntrackCommitTable.GetNext(), f.snatCtZones[ipProtocol], nil). - SNAT(&binding.IPRange{StartIP: f.virtualIPs[ipProtocol], EndIP: f.virtualIPs[ipProtocol]}, nil). + Action().CT(true, SNATTable.GetNext(), f.snatCtZones[ipProtocol], nil). + SNAT(&binding.IPRange{StartIP: virtualIP, EndIP: virtualIP}, nil). LoadToCtMark(ServiceCTMark, HairpinCTMark). CTDone(). Done(), + // This generates the flow to unSNAT reply packets of connections committed in SNAT CT zone by the above flow. + UnSNATTable.ofTable.BuildFlow(priorityNormal). + Cookie(cookieID). + MatchProtocol(ipProtocol). + MatchDstIP(virtualIP). + Action().CT(false, UnSNATTable.GetNext(), f.snatCtZones[ipProtocol], nil). + NAT(). + CTDone(). + Done(), + // This generates the flow to match the first packet of hairpin Service connection initiated through a Pod with // ConnSNATCTMark and HairpinCTMark, then perform SNAT in SNAT CT zone with the Antrea gateway IP. - SNATConntrackCommitTable.ofTable.BuildFlow(priorityNormal). + SNATTable.ofTable.BuildFlow(priorityNormal). Cookie(cookieID). MatchProtocol(ipProtocol). MatchCTStateNew(true). MatchCTStateTrk(true). MatchRegMark(FromLocalRegMark). MatchCTMark(HairpinCTMark). - Action().CT(true, SNATConntrackCommitTable.GetNext(), f.snatCtZones[ipProtocol], nil). - SNAT(&binding.IPRange{StartIP: f.gatewayIPs[ipProtocol], EndIP: f.gatewayIPs[ipProtocol]}, nil). + Action().CT(true, SNATTable.GetNext(), f.snatCtZones[ipProtocol], nil). + SNAT(&binding.IPRange{StartIP: gatewayIP, EndIP: gatewayIP}, nil). LoadToCtMark(ServiceCTMark, HairpinCTMark). CTDone(). Done(), // This generates the flow to match the first packet of NodePort / LoadBalancer connection (non-hairpin) initiated // through the Antrea gateway with ConnSNATCTMark, then perform SNAT in SNAT CT zone with the Antrea gateway IP. - SNATConntrackCommitTable.ofTable.BuildFlow(priorityLow). + SNATTable.ofTable.BuildFlow(priorityLow). Cookie(cookieID). MatchProtocol(ipProtocol). MatchCTStateNew(true). MatchCTStateTrk(true). MatchRegMark(FromGatewayRegMark). MatchCTMark(ConnSNATCTMark). - Action().CT(true, SNATConntrackCommitTable.GetNext(), f.snatCtZones[ipProtocol], nil). - SNAT(&binding.IPRange{StartIP: f.gatewayIPs[ipProtocol], EndIP: f.gatewayIPs[ipProtocol]}, nil). + Action().CT(true, SNATTable.GetNext(), f.snatCtZones[ipProtocol], nil). + SNAT(&binding.IPRange{StartIP: gatewayIP, EndIP: gatewayIP}, nil). LoadToCtMark(ServiceCTMark). CTDone(). Done(), + // This generates the flow to unSNAT reply packets of connections committed in SNAT CT zone by the above flows. + UnSNATTable.ofTable.BuildFlow(priorityNormal). + Cookie(cookieID). + MatchProtocol(ipProtocol). + MatchDstIP(gatewayIP). + Action().CT(false, UnSNATTable.GetNext(), f.snatCtZones[ipProtocol], nil). + NAT(). + CTDone(). + Done(), // This generates the flow to match the subsequent request packets of connection whose first request packet has // been committed in SNAT CT zone, then commit the packets in SNAT CT zone again to perform SNAT. // For example: @@ -821,14 +834,14 @@ func (f *featureService) snatConntrackFlows() []binding.Flow { */ // As a result, subsequent request packets like packet 3 will only perform SNAT when they pass through SNAT // CT zone the second time, after they are DNATed in DNAT CT zone. - SNATConntrackCommitTable.ofTable.BuildFlow(priorityNormal). + SNATTable.ofTable.BuildFlow(priorityNormal). Cookie(cookieID). MatchProtocol(ipProtocol). MatchCTMark(ConnSNATCTMark). MatchCTStateNew(false). MatchCTStateTrk(true). MatchCTStateRpl(false). - Action().CT(false, SNATConntrackCommitTable.GetNext(), f.snatCtZones[ipProtocol], nil). + Action().CT(false, SNATTable.GetNext(), f.snatCtZones[ipProtocol], nil). NAT(). CTDone(). Done(), diff --git a/pkg/agent/openflow/pipeline_test.go b/pkg/agent/openflow/pipeline_test.go index 32e9e446604..5ce9894d517 100644 --- a/pkg/agent/openflow/pipeline_test.go +++ b/pkg/agent/openflow/pipeline_test.go @@ -58,7 +58,7 @@ func TestBuildPipeline(t *testing.T) { ClassifierTable, SpoofGuardTable, IPv6Table, - SNATConntrackTable, + UnSNATTable, ConntrackTable, ConntrackStateTable, PreRoutingClassifierTable, @@ -74,7 +74,7 @@ func TestBuildPipeline(t *testing.T) { EgressMarkTable, L3DecTTLTable, ServiceMarkTable, - SNATConntrackCommitTable, + SNATTable, L2ForwardingCalcTable, AntreaPolicyIngressRuleTable, IngressRuleTable, @@ -105,7 +105,7 @@ func TestBuildPipeline(t *testing.T) { ClassifierTable, SpoofGuardTable, IPv6Table, - SNATConntrackTable, + UnSNATTable, ConntrackTable, ConntrackStateTable, PreRoutingClassifierTable, @@ -121,7 +121,7 @@ func TestBuildPipeline(t *testing.T) { EgressMarkTable, L3DecTTLTable, ServiceMarkTable, - SNATConntrackCommitTable, + SNATTable, L2ForwardingCalcTable, AntreaPolicyIngressRuleTable, IngressRuleTable, @@ -185,7 +185,7 @@ func TestBuildPipeline(t *testing.T) { pipelineIP: { ClassifierTable, SpoofGuardTable, - SNATConntrackTable, + UnSNATTable, ConntrackTable, ConntrackStateTable, PreRoutingClassifierTable, @@ -200,7 +200,7 @@ func TestBuildPipeline(t *testing.T) { EgressMarkTable, L3DecTTLTable, ServiceMarkTable, - SNATConntrackCommitTable, + SNATTable, L2ForwardingCalcTable, AntreaPolicyIngressRuleTable, IngressRuleTable, diff --git a/test/integration/agent/openflow_test.go b/test/integration/agent/openflow_test.go index 9a571cb08f0..4961768cc65 100644 --- a/test/integration/agent/openflow_test.go +++ b/test/integration/agent/openflow_test.go @@ -756,7 +756,7 @@ func expectedProxyServiceGroupAndFlows(gid uint32, svc svcConfig, endpointList [ if ep.GetIsLocal() { hairpinFlows.flows = append(hairpinFlows.flows, &ofTestUtils.ExpectFlow{ MatchStr: fmt.Sprintf("priority=190,ct_state=+new+trk,ip,nw_src=%s,nw_dst=%s", ep.IP(), ep.IP()), - ActStr: "ct(commit,table=SNATConntrackCommit,zone=65520,exec(load:0x1->NXM_NX_CT_MARK[5],load:0x1->NXM_NX_CT_MARK[6]))", + ActStr: "ct(commit,table=SNAT,zone=65520,exec(load:0x1->NXM_NX_CT_MARK[5],load:0x1->NXM_NX_CT_MARK[6]))", }) } } @@ -1068,7 +1068,7 @@ func preparePodFlows(podIPs []net.IP, podMAC net.HardwareAddr, podOFPort uint32, []*ofTestUtils.ExpectFlow{ { MatchStr: fmt.Sprintf("priority=210,ip,in_port=%d%s,dl_dst=%s", 3, matchVlanVIDString, podMAC.String()), - ActStr: fmt.Sprintf("load:0x1->NXM_NX_REG8[12..15],load:0x4->NXM_NX_REG0[0..3],load:%s->NXM_NX_REG8[0..11],goto_table:SNATConntrackZone", vlanVIDString), + ActStr: fmt.Sprintf("load:0x1->NXM_NX_REG8[12..15],load:0x4->NXM_NX_REG0[0..3],load:%s->NXM_NX_REG8[0..11],goto_table:UnSNAT", vlanVIDString), }, }, }}...) @@ -1078,7 +1078,7 @@ func preparePodFlows(podIPs []net.IP, podMAC net.HardwareAddr, podOFPort uint32, []*ofTestUtils.ExpectFlow{ { MatchStr: fmt.Sprintf("priority=210,ip,in_port=LOCAL,vlan_tci=0x0000/0x1fff,dl_dst=%s", podMAC.String()), - ActStr: fmt.Sprintf("load:0x1->NXM_NX_REG8[12..15],load:0x5->NXM_NX_REG0[0..3],goto_table:SNATConntrackZone"), + ActStr: fmt.Sprintf("load:0x1->NXM_NX_REG8[12..15],load:0x5->NXM_NX_REG0[0..3],goto_table:UnSNAT"), }, }, }}...) @@ -1118,7 +1118,7 @@ func preparePodFlows(podIPs []net.IP, podMAC net.HardwareAddr, podOFPort uint32, }, }, }) - nextTableForSpoofguard = "SNATConntrackZone" + nextTableForSpoofguard = "UnSNAT" } else { ipProto = "ipv6" nwSrcField = "ipv6_src" @@ -1193,7 +1193,7 @@ func prepareGatewayFlows(gwIPs []net.IP, gwMAC net.HardwareAddr, vMAC net.Hardwa []*ofTestUtils.ExpectFlow{ { MatchStr: fmt.Sprintf("priority=200,ip,in_port=%d", config1.HostGatewayOFPort), - ActStr: fmt.Sprintf("%sgoto_table:SNATConntrackZone", actionSetCtZoneField), + ActStr: fmt.Sprintf("%sgoto_table:UnSNAT", actionSetCtZoneField), }, }, }, @@ -1254,7 +1254,7 @@ func prepareTunnelFlows(tunnelPort uint32, vMAC net.HardwareAddr) []expectTableF []*ofTestUtils.ExpectFlow{ { MatchStr: fmt.Sprintf("priority=200,in_port=%d", tunnelPort), - ActStr: "load:0x1->NXM_NX_REG0[0..3],load:0x1->NXM_NX_REG0[9],goto_table:SNATConntrackZone", + ActStr: "load:0x1->NXM_NX_REG0[0..3],load:0x1->NXM_NX_REG0[9],goto_table:UnSNAT", }, }, }, @@ -1352,8 +1352,8 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { tableName: "ConntrackCommit", flows: []*ofTestUtils.ExpectFlow{{MatchStr: "priority=0", ActStr: fmt.Sprintf("goto_table:%s", outputStageTable)}}, } - tableSNATConntrackCommitFlows := expectTableFlows{ - tableName: "SNATConntrackCommit", + tableSNATFlows := expectTableFlows{ + tableName: "SNAT", } tableL3ForwardingFlows := expectTableFlows{ "L3Forwarding", @@ -1363,8 +1363,8 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { tableName: "L3DecTTL", flows: []*ofTestUtils.ExpectFlow{{MatchStr: "priority=0", ActStr: "goto_table:ServiceMark"}}, } - tableSNATConntrackZoneFlows := expectTableFlows{ - tableName: "SNATConntrackZone", + tableUnSNATFlows := expectTableFlows{ + tableName: "UnSNAT", flows: []*ofTestUtils.ExpectFlow{{MatchStr: "priority=0", ActStr: "goto_table:ConntrackZone"}}, } tableConntrackZoneFlows := expectTableFlows{ @@ -1373,15 +1373,16 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { } tableServiceMarkFlows := expectTableFlows{ tableName: "ServiceMark", - flows: []*ofTestUtils.ExpectFlow{{MatchStr: "priority=0", ActStr: "goto_table:SNATConntrackCommit"}}, + flows: []*ofTestUtils.ExpectFlow{{MatchStr: "priority=0", ActStr: "goto_table:SNAT"}}, } if config.enableIPv4 { tableARPResponderFlows.flows = append(tableARPResponderFlows.flows, &ofTestUtils.ExpectFlow{MatchStr: "priority=190,arp", ActStr: "NORMAL"}, &ofTestUtils.ExpectFlow{MatchStr: "priority=0", ActStr: "drop"}, ) - tableSNATConntrackZoneFlows.flows = append(tableSNATConntrackZoneFlows.flows, - &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ip", ActStr: "ct(table=ConntrackZone,zone=65521,nat)"}, + tableUnSNATFlows.flows = append(tableUnSNATFlows.flows, + &ofTestUtils.ExpectFlow{MatchStr: fmt.Sprintf("priority=200,ip,nw_dst=%s", config.nodeConfig.GatewayConfig.IPv4), ActStr: "ct(table=ConntrackZone,zone=65521,nat)"}, + &ofTestUtils.ExpectFlow{MatchStr: fmt.Sprintf("priority=200,ip,nw_dst=%s", config1.VirtualServiceIPv4), ActStr: "ct(table=ConntrackZone,zone=65521,nat)"}, ) tableConntrackZoneFlows.flows = append(tableConntrackZoneFlows.flows, &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ip", ActStr: fmt.Sprintf("ct(table=ConntrackState,zone=%s,nat)", ctZone)}, @@ -1392,7 +1393,7 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { tableConntrackCommitFlows.flows = append(tableConntrackCommitFlows.flows, &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ct_mark=0/0x10,ip", ActStr: fmt.Sprintf("ct(commit,table=%s,zone=%s,exec(move:NXM_NX_REG0[0..3]->NXM_NX_CT_MARK[0..3]))", outputStageTable, ctZone)}, ) - tableSNATConntrackCommitFlows.flows = append(tableSNATConntrackCommitFlows.flows, + tableSNATFlows.flows = append(tableSNATFlows.flows, &ofTestUtils.ExpectFlow{ MatchStr: "priority=200,ct_state=+new+trk,ct_mark=0x40/0x40,ip,reg0=0x2/0xf", ActStr: fmt.Sprintf("ct(commit,table=L2ForwardingCalc,zone=65521,nat(src=%s),exec(load:0x1->NXM_NX_CT_MARK[4],load:0x1->NXM_NX_CT_MARK[6]))", config1.VirtualServiceIPv4), @@ -1415,8 +1416,8 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { &ofTestUtils.ExpectFlow{MatchStr: fmt.Sprintf("priority=190,ip,reg0=0/0x200%s,nw_dst=%s", matchVLANString, podCIDR), ActStr: "goto_table:L2ForwardingCalc"}, ) tableServiceMarkFlows.flows = append(tableServiceMarkFlows.flows, - &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ip,reg0=0x22/0xff", ActStr: fmt.Sprintf("ct(commit,table=SNATConntrackCommit,zone=%s,exec(load:0x1->NXM_NX_CT_MARK[5],load:0x1->NXM_NX_CT_MARK[6]))", ctZone)}, - &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ip,reg0=0x12/0xff,reg4=0x200000/0x200000", ActStr: fmt.Sprintf("ct(commit,table=SNATConntrackCommit,zone=%s,exec(load:0x1->NXM_NX_CT_MARK[5]))", ctZone)}, + &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ip,reg0=0x22/0xff", ActStr: fmt.Sprintf("ct(commit,table=SNAT,zone=%s,exec(load:0x1->NXM_NX_CT_MARK[5],load:0x1->NXM_NX_CT_MARK[6]))", ctZone)}, + &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ip,reg0=0x12/0xff,reg4=0x200000/0x200000", ActStr: fmt.Sprintf("ct(commit,table=SNAT,zone=%s,exec(load:0x1->NXM_NX_CT_MARK[5]))", ctZone)}, ) tableL3DecTTLFlows.flows = append(tableL3DecTTLFlows.flows, &ofTestUtils.ExpectFlow{MatchStr: "priority=210,ip,reg0=0x2/0xf", ActStr: "goto_table:ServiceMark"}, @@ -1424,8 +1425,9 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { ) } if config.enableIPv6 { - tableSNATConntrackZoneFlows.flows = append(tableSNATConntrackZoneFlows.flows, - &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ipv6", ActStr: "ct(table=ConntrackZone,zone=65511,nat)"}, + tableUnSNATFlows.flows = append(tableUnSNATFlows.flows, + &ofTestUtils.ExpectFlow{MatchStr: fmt.Sprintf("priority=200,ipv6,ipv6_dst=%s", config.nodeConfig.GatewayConfig.IPv6), ActStr: "ct(table=ConntrackZone,zone=65511,nat)"}, + &ofTestUtils.ExpectFlow{MatchStr: fmt.Sprintf("priority=200,ipv6,ipv6_dst=%s", config1.VirtualServiceIPv6), ActStr: "ct(table=ConntrackZone,zone=65511,nat)"}, ) tableConntrackZoneFlows.flows = append(tableConntrackZoneFlows.flows, &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ipv6", ActStr: fmt.Sprintf("ct(table=ConntrackState,zone=%s,nat)", ctZoneV6)}, @@ -1436,7 +1438,7 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { tableConntrackCommitFlows.flows = append(tableConntrackCommitFlows.flows, &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ct_mark=0/0x10,ipv6", ActStr: fmt.Sprintf("ct(commit,table=Output,zone=%s,exec(move:NXM_NX_REG0[0..3]->NXM_NX_CT_MARK[0..3]))", ctZoneV6)}, ) - tableSNATConntrackCommitFlows.flows = append(tableSNATConntrackCommitFlows.flows, + tableSNATFlows.flows = append(tableSNATFlows.flows, &ofTestUtils.ExpectFlow{ MatchStr: "priority=200,ct_state=+new+trk,ct_mark=0x40/0x40,ipv6,reg0=0x2/0xf", ActStr: fmt.Sprintf("ct(commit,table=L2ForwardingCalc,zone=65511,nat(src=%s),exec(load:0x1->NXM_NX_CT_MARK[4],load:0x1->NXM_NX_CT_MARK[6]))", config1.VirtualServiceIPv6), @@ -1459,8 +1461,8 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { &ofTestUtils.ExpectFlow{MatchStr: fmt.Sprintf("priority=190,ipv6,reg0=0/0x200,ipv6_dst=%s", podCIDR), ActStr: "goto_table:L2ForwardingCalc"}, ) tableServiceMarkFlows.flows = append(tableServiceMarkFlows.flows, - &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ipv6,reg0=0x22/0xff", ActStr: "ct(commit,table=SNATConntrackCommit,zone=65510,exec(load:0x1->NXM_NX_CT_MARK[5],load:0x1->NXM_NX_CT_MARK[6]))"}, - &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ipv6,reg0=0x12/0xff,reg4=0x200000/0x200000", ActStr: "ct(commit,table=SNATConntrackCommit,zone=65510,exec(load:0x1->NXM_NX_CT_MARK[5]))"}, + &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ipv6,reg0=0x22/0xff", ActStr: "ct(commit,table=SNAT,zone=65510,exec(load:0x1->NXM_NX_CT_MARK[5],load:0x1->NXM_NX_CT_MARK[6]))"}, + &ofTestUtils.ExpectFlow{MatchStr: "priority=200,ct_state=+new+trk,ipv6,reg0=0x12/0xff,reg4=0x200000/0x200000", ActStr: "ct(commit,table=SNAT,zone=65510,exec(load:0x1->NXM_NX_CT_MARK[5]))"}, ) tableL3DecTTLFlows.flows = append(tableL3DecTTLFlows.flows, &ofTestUtils.ExpectFlow{MatchStr: "priority=210,ipv6,reg0=0x2/0xf", ActStr: "goto_table:ServiceMark"}, @@ -1480,10 +1482,10 @@ func prepareDefaultFlows(config *testConfig) []expectTableFlows { tableConntrackZoneFlows, tableConntrackStateFlows, tableConntrackCommitFlows, - tableSNATConntrackCommitFlows, + tableSNATFlows, tableL3ForwardingFlows, tableL3DecTTLFlows, - tableSNATConntrackZoneFlows, + tableUnSNATFlows, tableServiceMarkFlows, tableVLANFlows, {