From patchwork Tue Jul 5 08:17:19 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gurucharan Shetty X-Patchwork-Id: 644959 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (archives.nicira.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 3rkXB92J79z9rxm for ; Wed, 6 Jul 2016 04:15:43 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 7912C1099C; Tue, 5 Jul 2016 11:15:41 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx3v3.cudamail.com (mx3.cudamail.com [64.34.241.5]) by archives.nicira.com (Postfix) with ESMTPS id DB86310988 for ; Tue, 5 Jul 2016 11:15:40 -0700 (PDT) Received: from bar6.cudamail.com (localhost [127.0.0.1]) by mx3v3.cudamail.com (Postfix) with ESMTPS id 4A1D4162238 for ; Tue, 5 Jul 2016 12:15:40 -0600 (MDT) X-ASG-Debug-ID: 1467742539-0b323706690d250001-byXFYA Received: from mx3-pf1.cudamail.com ([192.168.14.2]) by bar6.cudamail.com with ESMTP id IoQM8dGw9BOeKDAg (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 05 Jul 2016 12:15:39 -0600 (MDT) X-Barracuda-Envelope-From: guru.ovn@gmail.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.2 Received: from unknown (HELO mail-pf0-f195.google.com) (209.85.192.195) by mx3-pf1.cudamail.com with ESMTPS (AES128-SHA encrypted); 5 Jul 2016 18:15:39 -0000 Received-SPF: pass (mx3-pf1.cudamail.com: SPF record at _netblocks.google.com designates 209.85.192.195 as permitted sender) X-Barracuda-Apparent-Source-IP: 209.85.192.195 X-Barracuda-RBL-IP: 209.85.192.195 Received: by mail-pf0-f195.google.com with SMTP id c74so19694689pfb.0 for ; Tue, 05 Jul 2016 11:15:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id; bh=DxhkEi7ISsoRiQ5S+C55dc/lpeZGhtJoUGaEwcyPMKw=; b=Wn8W5QjIBfkzpz8fBHGaBvkRCkr7Cwq/uznqetHZ6bLH5rJTbomwoubCX5NhtX7Ydh vQIxOLSww2odv0zdlZZOt8dxTBqVcmRRlcmapHEeICXxAVXrVQ4Y+DctGj21Yl/BHir1 zyipxoTfNPHDrDZUVPX67p/H0B0tp6fhOgk3+yfhESIogGs0fE96SssEtkkppD+lsFCx xYD0qmWDASz1RINWgYaRNOv5Tnf+dy4613xLQUFg7nBIRUGLO51dv0WuHom448g6RjnH wytbz+HAtdhgXyTenXyCL8DvrHVkEQ5lab/H8c74OWiA09BVqGUeO1I0tO9Y7T9ySVq5 +1LA== X-Gm-Message-State: ALyK8tIYiwc+MaII8ruJvF3JQRXhVoSrerheILjjd333Ahfbp6sSbsGyZ0s3a18Cn8/HrQ== X-Received: by 10.98.14.72 with SMTP id w69mr34390241pfi.140.1467742538675; Tue, 05 Jul 2016 11:15:38 -0700 (PDT) Received: from ubuntu.eng.vmware.com ([208.91.1.34]) by smtp.gmail.com with ESMTPSA id qc6sm7009997pac.6.2016.07.05.11.15.36 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 05 Jul 2016 11:15:37 -0700 (PDT) X-CudaMail-Envelope-Sender: guru.ovn@gmail.com From: Gurucharan Shetty To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-V1-704037565 X-CudaMail-DTE: 070516 X-CudaMail-Originating-IP: 209.85.192.195 Date: Tue, 5 Jul 2016 01:17:19 -0700 X-ASG-Orig-Subj: [##CM-V1-704037565##][PATCH 1/2] ovn-northd: Ability to loop-back in a router. Message-Id: <1467706640-10314-1-git-send-email-guru@ovn.org> X-Mailer: git-send-email 1.9.1 X-Barracuda-Connect: UNKNOWN[192.168.14.2] X-Barracuda-Start-Time: 1467742539 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH 1/2] ovn-northd: Ability to loop-back in a router. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Currently, when a client looks at a load balancer VIP, it notices that it is in a different subnet than itself and sends the packet to its connected router port's MAC address. The load balancer intercepts it. If the load balancer VIP translates to an endpoint IP in a different subnet (than the one client has), than the load balancing works fine because the router will send the packet to the correct destination. But if one of the endpoints that VIP translated into was in the same subnet as the client, the OVN router fails to send the packet back via the same interface. This commit changes that behavior and lets an OVN router loop-back the packet via the same interface. Signed-off-by: Gurucharan Shetty --- ovn/northd/ovn-northd.8.xml | 10 ++++++++++ ovn/northd/ovn-northd.c | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index 6bc83ea..08e9d4e 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -743,6 +743,16 @@ output; port's own IP address is used to SNAT packets passing through that router. + +
  • + Allow router to send back the packet to the same router port from + which it was received (for cases where the destination IP address + is in the same subnet as the router port). For router ports with an + IP address of A and mask of M, a priority-20 flow + is added with a match for ip4.dst == + A/M and an action of + inport = "". +

    • diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index f4b4435..158f10d 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -2367,6 +2367,16 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "drop;"); free(match); } + + /* When destination IP address is in the same subnet as the + * router port, the packet may need to be eventually sent + * back the same port. For cases like that, allow sending + * out the inport. */ + match = xasprintf("ip4.dst == "IP_FMT"/"IP_FMT, + IP_ARGS(op->network), IP_ARGS(op->mask)); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 20, + match, "inport = \"\"; next;"); + free(match); } /* NAT in Gateway routers. */