Page MenuHomeVyOS Platform
Create Task
Maniphest T7237

NAT checking translation address is an expensive operation
Closed, ResolvedPublicBUG
Actions

Description

NAT checking translation address is an expensive operation https://github.com/vyos/vyos-1x/blob/b70e3686981e08e69938d6879575ca3f0f9adfbe/src/conf_mode/nat.py#L180-L183

For hundred rules the commit time ~8min

time commit

real    8m17.280s
user    0m5.896s
sys     0m6.912s

but without this check only 33 sec

# time commit

real    0m33.802s
user    0m5.816s
sys     0m6.842s

Check was commented:

addr = dict_search('translation.address', config)
# if addr != None and addr != 'masquerade' and not is_ip_network(addr):
#     for ip in addr.split('-'):
#         if not is_addr_assigned(ip):
#             Warning(f'IP address {ip} does not exist on the system!')

Affects only NAT changes (source NAT)
If change other options commit seems good
The NAT rules a mix of unassigned IP/ranges

set nat source rule 1 source address 10.0.1.0/24
set nat source rule 1 translation address '192.0.2.1'
set nat source rule 2 source address 10.0.2.0/24
set nat source rule 2 translation address '192.0.2.2'
set nat source rule 3 source address 10.0.3.0/24
set nat source rule 3 translation address '192.0.2.3'
set nat source rule 4 source address 10.0.4.0/24
set nat source rule 4 translation address '192.0.2.4-192.0.2.58'
...

Details

Version
1.4.2
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

Viacheslav created this task.Mar 11 2025, 10:49 AM
Viacheslav triaged this task as High priority.
Viacheslav updated the task description. (Show Details)Mar 11 2025, 10:51 AM
pasik subscribed.Mar 11 2025, 10:53 AM
Viacheslav added a parent task: T6302: The root task for bugs and improvements related to commit time and boot.Mar 11 2025, 10:57 AM
dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.3), VyOS Rolling, VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.2).Mar 12 2025, 5:55 PM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
sarthurdev claimed this task.May 22 2025, 2:09 PM
sarthurdev changed the task status from Open to Needs testing.May 31 2025, 1:44 PM
sarthurdev moved this task from Need Triage to Backport Candidates on the VyOS Rolling board.

PR: https://github.com/vyos/vyos-1x/pull/4537

sarthurdev mentioned this in rVYOSONEX99a9fafb980c: nat: T7237: Remove expensive NAT address check.Jun 2 2025, 8:34 PM
Restricted Repository Identity mentioned this in rVYOSONEXc32b30f1e8f5: Merge pull request #4537 from sarthurdev/T7237.Jun 2 2025, 8:34 PM
sarthurdev closed this task as Resolved.Jun 18 2025, 1:18 PM
sarthurdev moved this task from Backport Candidates to Completed on the VyOS Rolling board.
sarthurdev moved this task from Open to Finished on the VyOS 1.5 Circinus board.
sarthurdev moved this task from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.3) board.
dmbaturin edited projects, added VyOS 1.5 Circinus (1.5-stream-2025-Q2); removed VyOS 1.5 Circinus.Jul 9 2025, 1:02 PM
dmbaturin moved this task from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q2) board.Jul 15 2025, 12:28 PM
dmbaturin mentioned this in 1.4.3.Jul 17 2025, 8:18 AM