From patchwork Thu Nov  2 20:47:03 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Michelson <mmichels@redhat.com>
X-Patchwork-Id: 833542
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3ySch54Zbvz9sNc
	for <incoming@patchwork.ozlabs.org>;
	Fri,  3 Nov 2017 07:51:33 +1100 (AEDT)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id D037BDBB;
	Thu,  2 Nov 2017 20:47:08 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id B9BCBD89
	for <dev@openvswitch.org>; Thu,  2 Nov 2017 20:47:06 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 676A5E1
	for <dev@openvswitch.org>; Thu,  2 Nov 2017 20:47:06 +0000 (UTC)
Received: from smtp.corp.redhat.com
	(int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E489A21A2
	for <dev@openvswitch.org>; Thu,  2 Nov 2017 20:47:05 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E489A21A2
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com;
	dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com;
	spf=fail smtp.mailfrom=mmichels@redhat.com
Received: from monae.redhat.com (ovpn-123-202.rdu2.redhat.com
	[10.10.123.202])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A05E660618
	for <dev@openvswitch.org>; Thu,  2 Nov 2017 20:47:05 +0000 (UTC)
From: Mark Michelson <mmichels@redhat.com>
To: dev@openvswitch.org
Date: Thu,  2 Nov 2017 15:47:03 -0500
Message-Id: <20171102204704.12384-2-mmichels@redhat.com>
In-Reply-To: <20171102204704.12384-1-mmichels@redhat.com>
References: <20171102204704.12384-1-mmichels@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.25]);
	Thu, 02 Nov 2017 20:47:06 +0000 (UTC)
X-Spam-Status: No, score=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v2 1/2] OVN: Add multicast keep-local flag.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

When this flag is set, then a multicast packet that would normally be
delivered to ports on multiple hypervisors is only delivered to ports
on the local hypervisor.

The primary known use case for this is when multicast packets originate
from ovn-controller. Multiple ovn-controllers will be attempting to send
out those multicast packets, and so each should only be responsible for
delivering those packets to their local ports.

Signed-off-by: Mark Michelson <mmichels@redhat.com>
---
 ovn/controller/physical.c  | 15 +++++++++++++++
 ovn/lib/logical-fields.h   |  6 ++++++
 ovn/ovn-architecture.7.xml | 10 ++++++++++
 3 files changed, 31 insertions(+)

diff --git a/ovn/controller/physical.c b/ovn/controller/physical.c
index df71979f9..b2216457f 100644
--- a/ovn/controller/physical.c
+++ b/ovn/controller/physical.c
@@ -995,6 +995,21 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id mff_ovn_geneve,
     struct ofpbuf remote_ofpacts;
     ofpbuf_init(&remote_ofpacts, 0);
     SBREC_MULTICAST_GROUP_FOR_EACH (mc, ctx->ovnsb_idl) {
+        /* Table 32, priority 150.
+         * =======================
+         *
+         * Multicast packets that should not be sent to other hypervisors.
+         */
+        struct match match = MATCH_CATCHALL_INITIALIZER;
+        match_set_metadata(&match, htonll(mc->datapath->tunnel_key));
+        match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, mc->tunnel_key);
+        match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0,
+                             MLF_KEEP_LOCAL, MLF_KEEP_LOCAL);
+        ofpbuf_clear(&ofpacts);
+        put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
+        ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0, &match,
+                        &ofpacts);
+
         consider_mc_group(mff_ovn_geneve, ct_zones, local_datapaths, chassis,
                           mc, &ofpacts, &remote_ofpacts, flow_table);
     }
diff --git a/ovn/lib/logical-fields.h b/ovn/lib/logical-fields.h
index 696c529be..eb0b8f422 100644
--- a/ovn/lib/logical-fields.h
+++ b/ovn/lib/logical-fields.h
@@ -49,6 +49,7 @@ enum mff_log_flags_bits {
     MLF_RCV_FROM_VXLAN_BIT = 1,
     MLF_FORCE_SNAT_FOR_DNAT_BIT = 2,
     MLF_FORCE_SNAT_FOR_LB_BIT = 3,
+    MLF_KEEP_LOCAL_BIT = 4,
 };
 
 /* MFF_LOG_FLAGS_REG flag assignments */
@@ -69,6 +70,11 @@ enum mff_log_flags {
     /* Indicate that a packet needs a force SNAT in the gateway router when
      * load-balancing has taken place. */
     MLF_FORCE_SNAT_FOR_LB = (1 << MLF_FORCE_SNAT_FOR_LB_BIT),
+
+    /* Indicate that a packet that should be distributed across multiple
+     * hypervisors should instead only be output to local targets
+     */
+    MLF_KEEP_LOCAL = (1 << MLF_KEEP_LOCAL_BIT),
 };
 
 #endif /* ovn/lib/logical-fields.h */
diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml
index b13b41177..9c7663e93 100644
--- a/ovn/ovn-architecture.7.xml
+++ b/ovn/ovn-architecture.7.xml
@@ -1027,6 +1027,16 @@
           their traffic should never go out through a tunnel.
         </li>
         <li>
+          A higher-priority rule to match packets that have the MLF_KEEP_LOCAL
+          logical flow flag set, and whose destination is a multicast address.
+          This flag indicates that the packet should not be delivered to remote
+          hypervisors, even if the multicast destination includes ports on
+          remote hypervisors. This flag is used when ovn-controller is the
+          originator of the multicast packet. Since each ovn-controller
+          instance is originating these packets, the packets only need to be
+          delivered to local ports.
+        </li>
+        <li>
           A fallback flow that resubmits to table 33 if there is no other
           match.
         </li>