search

sonic-net / sonic-buildimage

Scripts which perform an installable binary image build for SONiC
Other
727 stars 1.39k forks source link

[NAT][202012] NAT translation entries cannot be removed #9272

Open vmorokhx opened 2 years ago

vmorokhx commented 2 years ago

Description

Steps to reproduce the issue:

  1. Add NAT configuration:

    sudo config feature state nat enabled
sudo config nat feature enable
sudo config nat add pool test_pool 10.1.0.32 100-5000
sudo config nat add binding test_binding test_pool test_acl_table
sonic-cfggen -j acl_table.json --write-to-db
sudo config nat add interface Loopback0 -nat_zone 1
sudo config nat add interface PortChannel0001  -nat_zone 1

  2. Perform TCP handshake and generate TCP traffic

  3. Clear all NAT entries:

    sudo config nat remove static all
sudo config nat remove bindings
sudo config nat remove pools
sudo config nat remove interfaces
sudo sonic-clear nat translations

  4. Perform step 2

  5. Establish two-way UDP conversation and generate UDP traffic

  6. Clear all NAT entries (step 3) and verify that all entries are removed

The same behavior can be obtained by running nat/test_dynamic_nat.py::TestDynamicNat::test_nat_dynamic_full_cone in sonic-mgmt

Describe the results you received:

NAT entries are not removed and does not expire over time.

Static NAT Entries         ..................... 0
Static NAPT Entries        ..................... 0
Dynamic NAT Entries        ..................... 0
Dynamic NAPT Entries       ..................... 2
Static Twice NAT Entries   ..................... 0
Static Twice NAPT Entries  ..................... 0
Dynamic Twice NAT Entries  ..................... 0
Dynamic Twice NAPT Entries ..................... 0
Total SNAT/SNAPT Entries   ..................... 1
Total DNAT/DNAPT Entries   ..................... 1
Total Entries              ..................... 2

Protocol    Source             Destination    Translated Source    Translated Destination
----------  -----------------  -------------  -------------------  ------------------------
udp         ---                10.1.0.32:161  ---                  192.168.0.101:161
udp         192.168.0.101:161  ---            10.1.0.32:161        ---

Describe the results you expected:

NAT translations table are cleared

Static NAT Entries         ..................... 0
Static NAPT Entries        ..................... 0
Dynamic NAT Entries        ..................... 0
Dynamic NAPT Entries       ..................... 0
Static Twice NAT Entries   ..................... 0
Static Twice NAPT Entries  ..................... 0
Dynamic Twice NAT Entries  ..................... 0
Dynamic Twice NAPT Entries ..................... 0
Total SNAT/SNAPT Entries   ..................... 0
Total DNAT/DNAPT Entries   ..................... 0
Total Entries              ..................... 0
Protocol    Source    Destination    Translated Source    Translated Destination
----------  --------  -------------  -------------------  ------------------------

Output of show version:

SONiC Software Version: SONiC.202012.51262-dirty-20211115.081405
Distribution: Debian 10.11
Kernel: 4.19.0-12-2-amd64
Build commit: 36f1a547b
Build date: Mon Nov 15 13:54:35 UTC 2021
Built by: AzDevOps@sonic-build-workers-000WAG

Platform: x86_64-arista_7170_64c
HwSKU: Arista-7170-64C
ASIC: barefoot
ASIC Count: 1

Docker images:
REPOSITORY                    TAG                                  IMAGE ID            SIZE
docker-syncd-bfn              202012.51262-dirty-20211115.081405   56a39f88fd5e        1.11GB
docker-syncd-bfn              latest                               56a39f88fd5e        1.11GB
docker-fpm-frr                202012.51262-dirty-20211115.081405   f5fbe270d670        401MB
docker-fpm-frr                latest                               f5fbe270d670        401MB
docker-teamd                  202012.51262-dirty-20211115.081405   7a1758774751        383MB
docker-teamd                  latest                               7a1758774751        383MB
docker-nat                    202012.51262-dirty-20211115.081405   9f0c440458cb        386MB
docker-nat                    latest                               9f0c440458cb        386MB
docker-router-advertiser      202012.51262-dirty-20211115.081405   1b7eb7455789        372MB
docker-router-advertiser      latest                               1b7eb7455789        372MB
docker-platform-monitor       202012.51262-dirty-20211115.081405   40f9c37b09a1        554MB
docker-platform-monitor       latest                               40f9c37b09a1        554MB
docker-lldp                   202012.51262-dirty-20211115.081405   4e1a71424cd3        412MB
docker-lldp                   latest                               4e1a71424cd3        412MB
docker-dhcp-relay             202012.51262-dirty-20211115.081405   8c35a7311e72        386MB
docker-dhcp-relay             latest                               8c35a7311e72        386MB
docker-database               202012.51262-dirty-20211115.081405   305f16bc3553        372MB
docker-database               latest                               305f16bc3553        372MB
docker-orchagent              202012.51262-dirty-20211115.081405   c7af4c0f88df        401MB
docker-orchagent              latest                               c7af4c0f88df        401MB
docker-sonic-telemetry        202012.51262-dirty-20211115.081405   b0eb7111ae7a        462MB
docker-sonic-telemetry        latest                               b0eb7111ae7a        462MB
docker-snmp                   202012.51262-dirty-20211115.081405   e467c9856cf9        414MB
docker-snmp                   latest                               e467c9856cf9        414MB
docker-sonic-mgmt-framework   202012.51262-dirty-20211115.081405   08f4ef6bb529        785MB
docker-sonic-mgmt-framework   latest                               08f4ef6bb529        785MB
docker-sflow                  202012.51262-dirty-20211115.081405   e0ba3f5584fb        384MB
docker-sflow                  latest                               e0ba3f5584fb        384MB
docker-mux                    202012.51262-dirty-20211115.081405   cc905326dfa8        425MB
docker-mux                    latest                               cc905326dfa8        425MB

Output of show techsupport:

(paste your output here or download and attach the file here )

Additional information you deem important (e.g. issue happens only occasionally):

zhangyanzhao commented 2 years ago

Need Intel to take a look.

zhangyanzhao commented 2 years ago

@kperumalbfn