NAT checking translation address is an expensive operation
Open, HighPublicBUG
Actions

Assigned To

None

Authored By

	Viacheslav
	Tue, Mar 11, 10:49 AM

Description

NAT checking translation address is an expensive operation https://github.com/vyos/vyos-1x/blob/b70e3686981e08e69938d6879575ca3f0f9adfbe/src/conf_mode/nat.py#L180-L183

For hundred rules the commit time ~8min

time commit

real    8m17.280s
user    0m5.896s
sys     0m6.912s

but without this check only 33 sec

# time commit

real    0m33.802s
user    0m5.816s
sys     0m6.842s

Check was commented:

addr = dict_search('translation.address', config)
# if addr != None and addr != 'masquerade' and not is_ip_network(addr):
#     for ip in addr.split('-'):
#         if not is_addr_assigned(ip):
#             Warning(f'IP address {ip} does not exist on the system!')

Affects only NAT changes (source NAT)
If change other options commit seems good
The NAT rules a mix of unassigned IP/ranges

set nat source rule 1 source address 10.0.1.0/24
set nat source rule 1 translation address '192.0.2.1'
set nat source rule 2 source address 10.0.2.0/24
set nat source rule 2 translation address '192.0.2.2'
set nat source rule 3 source address 10.0.3.0/24
set nat source rule 3 translation address '192.0.2.3'
set nat source rule 4 source address 10.0.4.0/24
set nat source rule 4 translation address '192.0.2.4-192.0.2.58'
...

Details

Version: 1.4.2
Is it a breaking change?: Perfectly compatible
Issue type: Bug (incorrect behavior)
Story points: 3

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open	BUG	None	T6302 The root task for bugs and improvements related to commit time and boot
		Open	BUG	None	T7237 NAT checking translation address is an expensive operation