From patchwork Fri Feb 21 17:40:58 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi
X-Patchwork-Id: 1242271
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136;
helo=silver.osuosl.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: ozlabs.org;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=redhat.com header.i=@redhat.com
header.a=rsa-sha256 header.s=mimecast20190719
header.b=I2cdKuKg; dkim-atps=neutral
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 48PJfW37cyz9sPk
for ;
Sat, 22 Feb 2020 04:41:23 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
by silver.osuosl.org (Postfix) with ESMTP id A2314221F8;
Fri, 21 Feb 2020 17:41:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id jXA8S3fig7q3; Fri, 21 Feb 2020 17:41:19 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
by silver.osuosl.org (Postfix) with ESMTP id 9767222005;
Fri, 21 Feb 2020 17:41:19 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
by lists.linuxfoundation.org (Postfix) with ESMTP id 80625C1D81;
Fri, 21 Feb 2020 17:41:19 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 57F89C013E
for ; Fri, 21 Feb 2020 17:41:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id 53EB48762A
for ; Fri, 21 Feb 2020 17:41:18 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id N8GrdLPiO17w for ;
Fri, 21 Feb 2020 17:41:17 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
[207.211.31.81])
by whitealder.osuosl.org (Postfix) with ESMTPS id E83F487605
for ; Fri, 21 Feb 2020 17:41:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1582306875;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=H5TVGIu2T1yKYgdl+8UvrAzgma7g1ByBm5iV62coXDA=;
b=I2cdKuKguf6+AZmQtrXHOWcipMbqeyj3nCIivyGZqaIj4PYXGOFBPWj8URZ2FYxlHb9z+H
ejIslzo7kH01U8s9VBvdyVARnZpN9vJdDgrkm7H2uBQfKvnueb/NPA7Fs88g9A3pASkwVm
LBeJ7juaBYNdl8/bLRcejz7V9FqKaJ0=
Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com
[209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-345-NqiJlHY1Ow-tNpPH92Zg1g-1; Fri, 21 Feb 2020 12:41:13 -0500
X-MC-Unique: NqiJlHY1Ow-tNpPH92Zg1g-1
Received: by mail-wr1-f70.google.com with SMTP id m15so1307853wrs.22
for ; Fri, 21 Feb 2020 09:41:13 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=zDU2gpQZRt3WCREMCBseUx5l1rJ/ot5v3pGNXCUt+RY=;
b=JbD2aP3C9kq9Nsj3C3HBR2UI8MU8odyQqfF9rWa5B6qwf6ZRBSI/j3DUT9cUBritHM
rQW9GvGoNrHR66RkyUzpSJotwGMAV4al1KQlCKig8Yqws9Ev//KreaeFlgJfuEjvjraK
2rFEH3VB17aATXrfiPUeEoBUsNYi1tHP3p26X43bQRxJTpgWmvbraXUMmx/KMIR4G3gv
GNciCXyX1N5upGzWJwiyUzCY0RxI/rl1rZdOIayR0fg++y0whMyu3KpOBLKAy9RGH5/F
JuMpqY2d2nLkcjCXeVwFpL0WuvjjK8Myx4JjC0XsXKlgyojqeDq2u7DwbhTaK/X5ri4u
a+lg==
X-Gm-Message-State: APjAAAWrNAzGYJG9HcOxmLDzk3uIKd+SpTDBpNTFWsVeuoDCDqQuXC3G
WioGnGzicsO+FI1lVHalJ9KIA8if7h7tQz8PcNniMERuvjsZgHrgzuHvVmZAy/Nmulc9EhW0o8A
bUQei3OLznQt2
X-Received: by 2002:adf:ed8c:: with SMTP id
c12mr48031886wro.231.1582306872366;
Fri, 21 Feb 2020 09:41:12 -0800 (PST)
X-Google-Smtp-Source:
APXvYqyRiAKITLQ5v6O332QdWDLhPBOatmRjHDKhrDXn9efWrFFVg4oWOlCVVS3bECZxHIy38JqRrg==
X-Received: by 2002:adf:ed8c:: with SMTP id
c12mr48031865wro.231.1582306872052;
Fri, 21 Feb 2020 09:41:12 -0800 (PST)
Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com.
[149.6.153.186]) by smtp.gmail.com with ESMTPSA id
4sm4484055wmg.22.2020.02.21.09.41.11
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 21 Feb 2020 09:41:11 -0800 (PST)
From: Lorenzo Bianconi
To: dev@openvswitch.org
Date: Fri, 21 Feb 2020 18:40:58 +0100
Message-Id:
X-Mailer: git-send-email 2.24.1
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH ovn] manage ARP process locally in a DVR scenario
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev"
OVN currently performs L2 address resolution and IP buffering on the
gw node. If the system relies on FIPs, OVN will re-inject the buffered
IP packets on the gw node, while following packets will go though
the localnet port on the compute node resulting in a ToR switch
misconfiguration. This patch addresses the issue managing ARP
and IP buffering locally if FIPs are configured on the node
Signed-off-by: Lorenzo Bianconi
---
northd/ovn-northd.8.xml | 31 ++++++++++++++++++++++++++
northd/ovn-northd.c | 48 ++++++++++++++++++++++++++++++++++++++++-
2 files changed, 78 insertions(+), 1 deletion(-)
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index a27dfa951..23b385377 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -2405,6 +2405,37 @@ output;
+
+
+ For distributed logical routers where one of the logical router ports
+ specifies a redirect-chassis
, a priority-400 logical
+ flow for each dnat_and_snat
NAT rules configured.
+ These flows will allow to properly forward traffic to the external
+ connections if available and avoid sending it through the tunnel.
+ Assuming the following NAT rule has been configured:
+
+
+
+external_ip = A;
+external_mac = B;
+logical_ip = C;
+
+
+
+ the following action will be applied:
+
+
+
+ip.ttl--;
+reg0 = ip.dst;
+reg1 = A;
+eth.src = B;
+outport = router-port;
+next;
+
+
+
+
IPv4 routing table. For each route to IPv4 network N with
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 721cb05ce..8cecc98ca 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -7338,6 +7338,42 @@ build_ecmp_route_flow(struct hmap *lflows, struct ovn_datapath *od,
ds_destroy(&actions);
}
+#define DROUTE_PRIO 400
+static void
+add_distributed_routes(struct hmap *lflows, struct ovn_datapath *od)
+{
+ struct ds actions = DS_EMPTY_INITIALIZER;
+ struct ds match = DS_EMPTY_INITIALIZER;
+
+ if (!od->l3dgw_port || !od->nbr) {
+ return;
+ }
+
+ for (size_t i = 0; i < od->nbr->n_nat; i++) {
+ const struct nbrec_nat *nat = od->nbr->nat[i];
+
+ if (strcmp(nat->type, "dnat_and_snat") ||
+ !nat->external_mac || !nat->external_ip) {
+ continue;
+ }
+
+ bool is_ipv4 = strchr(nat->logical_ip, '.') ? true : false;
+ ds_put_format(&match, "ip%s.src == %s && is_chassis_resident(\"%s\")",
+ is_ipv4 ? "4" : "6", nat->logical_ip,
+ nat->logical_port);
+ char *prefix = is_ipv4 ? "" : "xx";
+ ds_put_format(&actions, "outport = %s; eth.src = %s; "
+ "%sreg0 = ip%s.dst; %sreg1 = %s; next;",
+ od->l3dgw_port->json_key, nat->external_mac,
+ prefix, is_ipv4 ? "4" : "6",
+ prefix, nat->external_ip);
+ ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, DROUTE_PRIO,
+ ds_cstr(&match), ds_cstr(&actions));
+ ds_clear(&match);
+ ds_clear(&actions);
+ }
+}
+
static void
add_route(struct hmap *lflows, const struct ovn_port *op,
const char *lrp_addr_s, const char *network_s, int plen,
@@ -7359,6 +7395,9 @@ add_route(struct hmap *lflows, const struct ovn_port *op,
}
build_route_match(op_inport, network_s, plen, is_src_route, is_ipv4,
&match, &priority);
+ if (op->nbrp && !op->nbrp->n_gateway_chassis) {
+ priority += DROUTE_PRIO;
+ }
struct ds actions = DS_EMPTY_INITIALIZER;
ds_put_format(&actions, "ip.ttl--; "REG_ECMP_GROUP_ID" = 0; %sreg0 = ",
@@ -8927,7 +8966,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
nat->logical_ip,
od->l3dgw_port->json_key);
ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
- 100, ds_cstr(&match), "next;",
+ 200, ds_cstr(&match), "next;",
&nat->header_);
}
@@ -9208,6 +9247,13 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
ovn_lflow_add(lflows, od, S_ROUTER_IN_ND_RA_RESPONSE, 0, "1", "next;");
}
+ /* Logical router ingress table IP_ROUTING - IP routing for distributed
+ * logical router
+ */
+ HMAP_FOR_EACH (od, key_node, datapaths) {
+ add_distributed_routes(lflows, od);
+ }
+
/* Logical router ingress table IP_ROUTING & IP_ROUTING_ECMP: IP Routing.
*
* A packet that arrives at this table is an IP packet that should be