From patchwork Fri Feb 21 17:40:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1242271 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=I2cdKuKg; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48PJfW37cyz9sPk for ; Sat, 22 Feb 2020 04:41:23 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id A2314221F8; Fri, 21 Feb 2020 17:41:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jXA8S3fig7q3; Fri, 21 Feb 2020 17:41:19 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 9767222005; Fri, 21 Feb 2020 17:41:19 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 80625C1D81; Fri, 21 Feb 2020 17:41:19 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 57F89C013E for ; Fri, 21 Feb 2020 17:41:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 53EB48762A for ; Fri, 21 Feb 2020 17:41:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8GrdLPiO17w for ; Fri, 21 Feb 2020 17:41:17 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by whitealder.osuosl.org (Postfix) with ESMTPS id E83F487605 for ; Fri, 21 Feb 2020 17:41:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582306875; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H5TVGIu2T1yKYgdl+8UvrAzgma7g1ByBm5iV62coXDA=; b=I2cdKuKguf6+AZmQtrXHOWcipMbqeyj3nCIivyGZqaIj4PYXGOFBPWj8URZ2FYxlHb9z+H ejIslzo7kH01U8s9VBvdyVARnZpN9vJdDgrkm7H2uBQfKvnueb/NPA7Fs88g9A3pASkwVm LBeJ7juaBYNdl8/bLRcejz7V9FqKaJ0= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-345-NqiJlHY1Ow-tNpPH92Zg1g-1; Fri, 21 Feb 2020 12:41:13 -0500 X-MC-Unique: NqiJlHY1Ow-tNpPH92Zg1g-1 Received: by mail-wr1-f70.google.com with SMTP id m15so1307853wrs.22 for ; Fri, 21 Feb 2020 09:41:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=zDU2gpQZRt3WCREMCBseUx5l1rJ/ot5v3pGNXCUt+RY=; b=JbD2aP3C9kq9Nsj3C3HBR2UI8MU8odyQqfF9rWa5B6qwf6ZRBSI/j3DUT9cUBritHM rQW9GvGoNrHR66RkyUzpSJotwGMAV4al1KQlCKig8Yqws9Ev//KreaeFlgJfuEjvjraK 2rFEH3VB17aATXrfiPUeEoBUsNYi1tHP3p26X43bQRxJTpgWmvbraXUMmx/KMIR4G3gv GNciCXyX1N5upGzWJwiyUzCY0RxI/rl1rZdOIayR0fg++y0whMyu3KpOBLKAy9RGH5/F JuMpqY2d2nLkcjCXeVwFpL0WuvjjK8Myx4JjC0XsXKlgyojqeDq2u7DwbhTaK/X5ri4u a+lg== X-Gm-Message-State: APjAAAWrNAzGYJG9HcOxmLDzk3uIKd+SpTDBpNTFWsVeuoDCDqQuXC3G WioGnGzicsO+FI1lVHalJ9KIA8if7h7tQz8PcNniMERuvjsZgHrgzuHvVmZAy/Nmulc9EhW0o8A bUQei3OLznQt2 X-Received: by 2002:adf:ed8c:: with SMTP id c12mr48031886wro.231.1582306872366; Fri, 21 Feb 2020 09:41:12 -0800 (PST) X-Google-Smtp-Source: APXvYqyRiAKITLQ5v6O332QdWDLhPBOatmRjHDKhrDXn9efWrFFVg4oWOlCVVS3bECZxHIy38JqRrg== X-Received: by 2002:adf:ed8c:: with SMTP id c12mr48031865wro.231.1582306872052; Fri, 21 Feb 2020 09:41:12 -0800 (PST) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id 4sm4484055wmg.22.2020.02.21.09.41.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Feb 2020 09:41:11 -0800 (PST) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 21 Feb 2020 18:40:58 +0100 Message-Id: X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn] manage ARP process locally in a DVR scenario X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" OVN currently performs L2 address resolution and IP buffering on the gw node. If the system relies on FIPs, OVN will re-inject the buffered IP packets on the gw node, while following packets will go though the localnet port on the compute node resulting in a ToR switch misconfiguration. This patch addresses the issue managing ARP and IP buffering locally if FIPs are configured on the node Signed-off-by: Lorenzo Bianconi --- northd/ovn-northd.8.xml | 31 ++++++++++++++++++++++++++ northd/ovn-northd.c | 48 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 78 insertions(+), 1 deletion(-) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index a27dfa951..23b385377 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -2405,6 +2405,37 @@ output;

+
  • +

    + For distributed logical routers where one of the logical router ports + specifies a redirect-chassis, a priority-400 logical + flow for each dnat_and_snat NAT rules configured. + These flows will allow to properly forward traffic to the external + connections if available and avoid sending it through the tunnel. + Assuming the following NAT rule has been configured: +

    + + 
    +external_ip = A;
+external_mac = B;
+logical_ip = C;
+
    + +

    + the following action will be applied: +

    + + 
    +ip.ttl--;
+reg0 = ip.dst;
+reg1 = A;
+eth.src = B;
+outport = router-port;
+next;
+
    + +
    • +

  • IPv4 routing table. For each route to IPv4 network N with diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 721cb05ce..8cecc98ca 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -7338,6 +7338,42 @@ build_ecmp_route_flow(struct hmap *lflows, struct ovn_datapath *od, ds_destroy(&actions); } +#define DROUTE_PRIO 400 +static void +add_distributed_routes(struct hmap *lflows, struct ovn_datapath *od) +{ + struct ds actions = DS_EMPTY_INITIALIZER; + struct ds match = DS_EMPTY_INITIALIZER; + + if (!od->l3dgw_port || !od->nbr) { + return; + } + + for (size_t i = 0; i < od->nbr->n_nat; i++) { + const struct nbrec_nat *nat = od->nbr->nat[i]; + + if (strcmp(nat->type, "dnat_and_snat") || + !nat->external_mac || !nat->external_ip) { + continue; + } + + bool is_ipv4 = strchr(nat->logical_ip, '.') ? true : false; + ds_put_format(&match, "ip%s.src == %s && is_chassis_resident(\"%s\")", + is_ipv4 ? "4" : "6", nat->logical_ip, + nat->logical_port); + char *prefix = is_ipv4 ? "" : "xx"; + ds_put_format(&actions, "outport = %s; eth.src = %s; " + "%sreg0 = ip%s.dst; %sreg1 = %s; next;", + od->l3dgw_port->json_key, nat->external_mac, + prefix, is_ipv4 ? "4" : "6", + prefix, nat->external_ip); + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, DROUTE_PRIO, + ds_cstr(&match), ds_cstr(&actions)); + ds_clear(&match); + ds_clear(&actions); + } +} + static void add_route(struct hmap *lflows, const struct ovn_port *op, const char *lrp_addr_s, const char *network_s, int plen, @@ -7359,6 +7395,9 @@ add_route(struct hmap *lflows, const struct ovn_port *op, } build_route_match(op_inport, network_s, plen, is_src_route, is_ipv4, &match, &priority); + if (op->nbrp && !op->nbrp->n_gateway_chassis) { + priority += DROUTE_PRIO; + } struct ds actions = DS_EMPTY_INITIALIZER; ds_put_format(&actions, "ip.ttl--; "REG_ECMP_GROUP_ID" = 0; %sreg0 = ", @@ -8927,7 +8966,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, nat->logical_ip, od->l3dgw_port->json_key); ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT, - 100, ds_cstr(&match), "next;", + 200, ds_cstr(&match), "next;", &nat->header_); } @@ -9208,6 +9247,13 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_RESPONSE, 0, "1", "next;"); } + /* Logical router ingress table IP_ROUTING - IP routing for distributed + * logical router + */ + HMAP_FOR_EACH (od, key_node, datapaths) { + add_distributed_routes(lflows, od); + } + /* Logical router ingress table IP_ROUTING & IP_ROUTING_ECMP: IP Routing. * * A packet that arrives at this table is an IP packet that should be