@@ -995,6 +995,21 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id mff_ovn_geneve,
struct ofpbuf remote_ofpacts;
ofpbuf_init(&remote_ofpacts, 0);
SBREC_MULTICAST_GROUP_FOR_EACH (mc, ctx->ovnsb_idl) {
+ /* Table 32, priority 150.
+ * =======================
+ *
+ * Multicast packets that should not be sent to other hypervisors.
+ */
+ struct match match = MATCH_CATCHALL_INITIALIZER;
+ match_set_metadata(&match, htonll(mc->datapath->tunnel_key));
+ match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, mc->tunnel_key);
+ match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0,
+ MLF_KEEP_LOCAL, MLF_KEEP_LOCAL);
+ ofpbuf_clear(&ofpacts);
+ put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
+ ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0, &match,
+ &ofpacts);
+
consider_mc_group(mff_ovn_geneve, ct_zones, local_datapaths, chassis,
mc, &ofpacts, &remote_ofpacts, flow_table);
}
@@ -49,6 +49,7 @@ enum mff_log_flags_bits {
MLF_RCV_FROM_VXLAN_BIT = 1,
MLF_FORCE_SNAT_FOR_DNAT_BIT = 2,
MLF_FORCE_SNAT_FOR_LB_BIT = 3,
+ MLF_KEEP_LOCAL_BIT = 4,
};
/* MFF_LOG_FLAGS_REG flag assignments */
@@ -69,6 +70,11 @@ enum mff_log_flags {
/* Indicate that a packet needs a force SNAT in the gateway router when
* load-balancing has taken place. */
MLF_FORCE_SNAT_FOR_LB = (1 << MLF_FORCE_SNAT_FOR_LB_BIT),
+
+ /* Indicate that a packet that should be distributed across multiple
+ * hypervisors should instead only be output to local targets
+ */
+ MLF_KEEP_LOCAL = (1 << MLF_KEEP_LOCAL_BIT),
};
#endif /* ovn/lib/logical-fields.h */
@@ -1027,6 +1027,16 @@
their traffic should never go out through a tunnel.
</li>
<li>
+ A higher-priority rule to match packets that have the MLF_KEEP_LOCAL
+ logical flow flag set, and whose destination is a multicast address.
+ This flag indicates that the packet should not be delivered to remote
+ hypervisors, even if the multicast destination includes ports on
+ remote hypervisors. This flag is used when ovn-controller is the
+ originator of the multicast packet. Since each ovn-controller
+ instance is originating these packets, the packets only need to be
+ delivered to local ports.
+ </li>
+ <li>
A fallback flow that resubmits to table 33 if there is no other
match.
</li>
When this flag is set, then a multicast packet that would normally be delivered to ports on multiple hypervisors is only delivered to ports on the local hypervisor. The primary known use case for this is when multicast packets originate from ovn-controller. Multiple ovn-controllers will be attempting to send out those multicast packets, and so each should only be responsible for delivering those packets to their local ports. Signed-off-by: Mark Michelson <mmichels@redhat.com> --- ovn/controller/physical.c | 15 +++++++++++++++ ovn/lib/logical-fields.h | 6 ++++++ ovn/ovn-architecture.7.xml | 10 ++++++++++ 3 files changed, 31 insertions(+)