From patchwork Thu Jan 9 10:32:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1220295 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47tj9Q6nk6z9sPW for ; Thu, 9 Jan 2020 21:32:26 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 0164086AF9; Thu, 9 Jan 2020 10:32:24 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOqF48Wn+jSS; Thu, 9 Jan 2020 10:32:23 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 44DD08609C; Thu, 9 Jan 2020 10:32:23 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 09AB7C18DC; Thu, 9 Jan 2020 10:32:23 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id AF9D2C0881 for ; Thu, 9 Jan 2020 10:32:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 9981886447 for ; Thu, 9 Jan 2020 10:32:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oUcCudsPxqf4 for ; Thu, 9 Jan 2020 10:32:19 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by whitealder.osuosl.org (Postfix) with ESMTPS id 3DB098609C for ; Thu, 9 Jan 2020 10:32:18 +0000 (UTC) Received: from nummac.local (unknown [27.7.0.178]) (Authenticated sender: numans@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 871A4100007; Thu, 9 Jan 2020 10:32:15 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Thu, 9 Jan 2020 16:02:06 +0530 Message-Id: <20200109103206.887751-1-numans@ovn.org> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn] Restrict ARP replies for LB VIP only on chassis redirect port X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Numan Siddique Presently when ARP request for the load balance VIP is received from the provider network, all the ovn-controllers' reply to the ARP request which have ovn-bridge-mappings configured. This patch restricts these ARP replies only on the chassis where the chassis redirect port of the distributed router port is resident. Signed-off-by: Numan Siddique --- northd/ovn-northd.8.xml | 14 ++++++++++++++ northd/ovn-northd.c | 4 ++++ 2 files changed, 18 insertions(+) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index c6d5d96b9..4b227ca71 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1680,6 +1680,13 @@ flags.loopback = 1; output; +

+ If the router port P is a distributed gateway router + port, then the is_chassis_resident(P) is + also added in the match condition for the load balancer IPv4 + VIP A. +

+

IPv6: For a configured DNAT IP address or a load balancer IPv6 VIP A, solicited node address S, @@ -1704,6 +1711,13 @@ nd_na { } +

+ If the router port P is a distributed gateway router + port, then the is_chassis_resident(P) + is also added in the match condition for the load balancer IPv6 + VIP A. +

+

For the gateway port on a distributed logical router with NAT (where one of the logical router ports specifies a diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index d91a008b7..925f25079 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -7511,6 +7511,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "inport == %s && arp.tpa == %s && arp.op == 1", op->json_key, ip_address); + if (op == op->od->l3dgw_port) { + ds_put_format(&match, " && is_chassis_resident(%s)", + op->od->l3redirect_port->json_key); + } ds_clear(&actions); ds_put_format(&actions, "eth.dst = eth.src; "