Today, dpd pulls NAT state from Nexus here:
|
pub async fn ipv4_nat_workflow( |
That is a small loop which fetches the latest generation of NAT entries from Nexus periodically, and ensures they're all added to the ASIC tables. dpd then stores the latest valid NAT state generation number, which Nexus separately pulls and uses to clean up old NAT state in the database in its own background task.
We'd like to switch the sense of this propagation, pushing the state from Nexus to dpd rather than pulling it. The main reason for this is that it enables easier updates. dpd would no longer be a client of Nexus's internal API, so not "client-side versioned" in the terminology of RFD 567.
This issue covers removing this task for fetching and ensuring the NAT state. There will be a separate issue in Omicron for adding propagation from Nexus to dpd.
Today,
dpdpulls NAT state from Nexus here:dendrite/dpd/src/rpw/mod.rs
Line 102 in 4c6f4b8
That is a small loop which fetches the latest generation of NAT entries from Nexus periodically, and ensures they're all added to the ASIC tables.
dpdthen stores the latest valid NAT state generation number, which Nexus separately pulls and uses to clean up old NAT state in the database in its own background task.We'd like to switch the sense of this propagation, pushing the state from Nexus to
dpdrather than pulling it. The main reason for this is that it enables easier updates.dpdwould no longer be a client of Nexus's internal API, so not "client-side versioned" in the terminology of RFD 567.This issue covers removing this task for fetching and ensuring the NAT state. There will be a separate issue in Omicron for adding propagation from Nexus to
dpd.