This is the Omicron side of oxidecomputer/dendrite#83.
Today, dpd pulls NAT state periodically from Nexus and updates its ASIC tables with the latest generation. That makes dpd a client of Nexus's internal API, which complicates updates. Instead, we'd like to push this information from Nexus to dpd, periodically and possibly whenever the state changes.
Nexus also has a separate background task that pulls the latest generation number from dpd, and cleans up database records for out-of-date NAT entries. I'm not sure if pushing the NAT state will impact that task, but it could.
Note that today, dpd only pulls IPv4 NAT entries. As part of migrating this, we probably want to ensure we propagate IPv6 NAT entries as well.
This is the Omicron side of oxidecomputer/dendrite#83.
Today,
dpdpulls NAT state periodically from Nexus and updates its ASIC tables with the latest generation. That makesdpda client of Nexus's internal API, which complicates updates. Instead, we'd like to push this information from Nexus todpd, periodically and possibly whenever the state changes.Nexus also has a separate background task that pulls the latest generation number from
dpd, and cleans up database records for out-of-date NAT entries. I'm not sure if pushing the NAT state will impact that task, but it could.Note that today,
dpdonly pulls IPv4 NAT entries. As part of migrating this, we probably want to ensure we propagate IPv6 NAT entries as well.