Stateful NAT allocator: Keep valid sessions open on configuration updates #838
Description
This is a follow-up to #790.
On configuration updates, we simply replace the old allocator by a brand new one, and we plan to wipe all existing sessions from the flow table (pending the move for NAT to the new flow table implementation).
Longer term, we would like to be able to keep the valid sessions open.
This require reporting the internal state from the old allocator to the new allocator. The issue is the following:
- If we don't report the internal state from the old allocator to the new allocator, the new allocator does not know what IP addresses and ports have been allocated yet, and risks re-allocating IP/port combinations that are already in use for some existing sessions.
- Reporting the internal state from the old allocator to the new allocator is tricky, because we don't want to lock completely the allocators during the process. If we report the state incrementally after switching to the new allocator, we risk allocating IPs/ports that are already in use. If we report the state incrementally before switching to the new allocator, the old allocator remains in use and keeps being (potentially) updated during the process, making it hard to report the state accurately.