From patchwork Sat Aug 17 00:36:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1148549 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.b="M1YQB0i0"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 469Lrd4Qw8z9sDQ for ; Sat, 17 Aug 2019 10:38:08 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 3E72BC87; Sat, 17 Aug 2019 00:36:51 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B97FFC7D for ; Sat, 17 Aug 2019 00:36:47 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0a-002c1b01.pphosted.com (mx0a-002c1b01.pphosted.com [148.163.151.68]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3D82063D for ; Sat, 17 Aug 2019 00:36:47 +0000 (UTC) Received: from pps.filterd (m0127840.ppops.net [127.0.0.1]) by mx0a-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x7H0YLO5015982 for ; Fri, 16 Aug 2019 17:36:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=proofpoint20171006; bh=kN7GIcvHJ4hjBMfb8F3n904XYjiI8tUJdmANSBU7sEY=; b=M1YQB0i096Fxlr9eLr62kFNeZQ8qCzykSQ/JV0aEGF0W6Lh6CcxB1OTSgV7cxGvr130k kqyHZ7P3tItBI41zkGguC2gWYbC2WQQfJfiupLw1DAZGVMN/+IlhZOj4KHWhvTdKkM6p xy+XLYjClnIfSvr4BLEEMp/yk0WCmAvQeGa14YBLeycICg2a3yWN10OwSc6SDhe/44zy v4czojSMzmZdBieG9uw9tLESIbK7m1r5ZXOtlb9VvdT8/om7dLCSvAoZ740UOfVBkN7L +E6sW1sNoUvVOE96FDW8C+z2rSRNvuTa+acXq+Ycqn94e4b0XyOzKuQ19CeIZ4OXNjcU qg== Received: from nam04-co1-obe.outbound.protection.outlook.com (mail-co1nam04lp2059.outbound.protection.outlook.com [104.47.45.59]) by mx0a-002c1b01.pphosted.com with ESMTP id 2ubf9ugpwk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Fri, 16 Aug 2019 17:36:46 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gjv66J0Tmh5/ndDTpFd9oLGKA3FwL+7ar8AqC+UdTPeJ2+rovYs+l3JftpPpPA426lJa5aA5yLKPctJBuoCftvjJ08vn3MewNWIU0lxaY4xzhEQzIlDckR0KC7hLi73NrUYXqEHsRDaWcWiuxVZ/z7qSaSG2GiA4M0p8JbpPcqfZ1ZYngi9z+96FiFPTH55+tiOJlw+BQqmy7i0olYne6XyPWXJ12uaCv0ZKsCYKHTJSlVrFn2EkIy81zPlCpg+Tc/ybDy6trcmXwUaqynERTRj6+HJRjiWVi7YMxtn5u+EYl7bMYtcQdEHc/UiLcWYmGmgJ+9aCJJZ6Q6GGwOHMdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kN7GIcvHJ4hjBMfb8F3n904XYjiI8tUJdmANSBU7sEY=; b=WuTq3tNWJKFxasP6CGhWgsfQu0etGpRfm/46unpJLmVHKUmY/s3u8CvoVHvkwunUTmtQgIzRD6sSk3gFBuGUtzOvOUPoGw7uGWUYutqykdsT+vQwR+w+Y2moTvDjbRtQTRaztwdwQmhOsU4bmFX2uNiCLxbiUEweCS5zoj11sm4WHZSE2kx2+tq605c+PT33I4f+A7UHj06gPoGBVOemf8xjfFxCTM2Qfif1etAw19700qYxzwz0IF4aUeL6ZMqGutuPteClopuAI4oLl+RVYYnLAt7q6WZyRaYO9iLsUxQb845nbR0ZJJ9bTkc0kCbHvDcrmKm3vuVMMll9VeYYPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by MW2PR02MB3755.namprd02.prod.outlook.com (52.132.177.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Sat, 17 Aug 2019 00:36:45 +0000 Received: from MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149]) by MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2157.022; Sat, 17 Aug 2019 00:36:45 +0000 From: Ankur Sharma To: "ovs-dev@openvswitch.org" Thread-Topic: [PATCH v6 3/4 ovn] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis. Thread-Index: AQHVVJPZ5iho/jfJ+E6ckF10rQlezg== Date: Sat, 17 Aug 2019 00:36:45 +0000 Message-ID: <1566002197-29398-4-git-send-email-ankur.sharma@nutanix.com> References: <1566002197-29398-1-git-send-email-ankur.sharma@nutanix.com> In-Reply-To: <1566002197-29398-1-git-send-email-ankur.sharma@nutanix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BY5PR03CA0017.namprd03.prod.outlook.com (2603:10b6:a03:1e0::27) To MW2PR02MB3899.namprd02.prod.outlook.com (2603:10b6:907:4::28) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 1.8.3.1 x-originating-ip: [192.146.154.98] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: aaaa8241-740b-454e-f50f-08d722aafb65 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MW2PR02MB3755; x-ms-traffictypediagnostic: MW2PR02MB3755: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-proofpoint-crosstenant: true x-ms-oob-tlc-oobclassifiers: OLM:3044; x-forefront-prvs: 0132C558ED x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(376002)(396003)(39860400002)(366004)(346002)(199004)(189003)(256004)(6916009)(66476007)(66556008)(102836004)(2906002)(14444005)(71200400001)(5024004)(66574012)(64756008)(26005)(478600001)(53936002)(66446008)(99286004)(66946007)(5640700003)(81166006)(107886003)(81156014)(8676002)(386003)(6486002)(305945005)(71190400001)(76176011)(5660300002)(7736002)(4326008)(6512007)(25786009)(6506007)(2351001)(50226002)(44832011)(52116002)(316002)(8936002)(6436002)(3846002)(446003)(4720700003)(14454004)(86362001)(186003)(476003)(486006)(66066001)(2616005)(2501003)(11346002)(6116002)(36756003)(64030200001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3755; H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nutanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: VVBvnm6lBDwGe/9fO4VY7lD+00FmhI//P9cXxF81r/DA+4lltT9khtW0s/e3IjY3oL8TSG/ItagXy0eOnb/DSwaYvADFjkVOeGR3coBYVAqx+p3V7ftGwrCcjHbLfefiTzzCMiURcol5eGnVZtIafYC65jfPF+I5ct3D/h07lZR6EhvrISeloSx9qws0mtnoLUn2uMJoSTf/zXRxSEaXiVksuW9vYeMTojkGSF9pOKlndx0Jhd/V/34oxObEjpRjhl3XW6vK2mwfZl6M7dYXuLmIHbUh0JteHT1a+Lvd5sK4R1ibZSGzL8CdHZUMGxD/pYn9TirSD2i2a2zAYJfKcm1bD5Eudf7Wcp0OzOslM/0SNO8Ra7eOFTQNegyJx3Zkhhv1zVknHlMwsUp3H9XAFlZMiGemBKFWyZ0SLT/auMU= MIME-Version: 1.0 X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: aaaa8241-740b-454e-f50f-08d722aafb65 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Aug 2019 00:36:45.5241 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 1Q1HohDE/zW0ijGIKB4wB7NuS4GGdf4JwKzOjzLDMApMOHu4E7aRTNtl3Si4ePrQWntyECJ8n39d//xrg0QXJGKk4XgJX7/BXcG6rJ+4WXw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3755 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-16_10:2019-08-16,2019-08-16 signatures=0 X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v6 3/4 ovn] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Background: With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added support for E-W workflow for vlan backed DVRs. This series enables N-S workflow for vlan backed DVRs. Key difference between E-W and N-S traffic flow is that N-S flow requires a gateway chassis. A gateway chassis will be respondible for following: a. Doing Network Address Translation (NAT). b. Becoming entry and exit point for North->South and South->North traffic respectively. OVN by default always uses overlay encapsulation to redirect the packet to gateway chassis. This series will enable the redirection to gateway chassis in the absence of encapsulation. This patch: a. Make sure that ARP request for endpoint behind the gateway router port is sent from gateway chassis only and not from host(compute) chassis. b. This is achieved by adding a new logical flow in lr_in_arp_resolve at priority=50. c. This flow run on non gateway chassis and sets the destination mac to router port mac, if outport is a gateway chassis attached router port and redirect-type is set as "vlan". Example logical flow: table=9 (lr_in_arp_resolve ), priority=50 , match=(outport == "router-to-underlay" && !is_chassis_resident("cr-router-to-underlay")), action=(eth.dst = 00:00:01:01:02:04; next;) d. This change is needed because other wise for non resolved ARPs, we will end up doing get_arp in host chassis. Doing so will have following issues: i. We want all the interation with North bound endpoints via gateway chassis only, doing so on host chassis will violate that. ii. With get_arp, ovn-controller will generate the ARP using router port's mac as source mac, which will lead us to the same issue, where router port mac will be going through continous mac moves in physical network. Worst, it would affect the redirection, since it uses router port mac as destination mac. Signed-off-by: Ankur Sharma Signed-off-by: Ankur Sharma > --- northd/ovn-northd.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 89ca8df..e13a5af 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -3516,6 +3516,16 @@ lsp_is_external(const struct nbrec_logical_switch_port *nbsp) return !strcmp(nbsp->type, "external"); } +/* Returns true if lrp has either gateway chassis or ha chassis group + * attached to it. */ +static bool +lrp_has_gateway(const struct nbrec_logical_router_port *nbrp) +{ + return (nbrp->n_gateway_chassis || + (nbrp->ha_chassis_group && nbrp->ha_chassis_group->n_ha_chassis)) + ? true : false; +} + static bool build_dhcpv4_action(struct ovn_port *op, ovs_be32 offer_ip, struct ds *options_action, struct ds *response_action, @@ -7568,6 +7578,28 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, 100, ds_cstr(&match), ds_cstr(&actions)); } } + + if (!op->derived && lrp_has_gateway(op->nbrp)) { + const char *redirect_type = smap_get(&op->nbrp->options, + "redirect-type"); + if (redirect_type && !strcasecmp(redirect_type, "vlan")) { + /* Packet is on a non gateway chassis and + * has an unresolved ARP on a network behind gateway + * chassis attached router port. Since, redirect type + * is set to vlan, hence instead of calling "get_arp" + * on this node, we will redirect the packet to gateway + * chassis, by setting destination mac router port mac.*/ + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + "!is_chassis_resident(%s)", op->json_key, + op->od->l3redirect_port->json_key); + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ARP_RESOLVE, + 50, ds_cstr(&match), ds_cstr(&actions)); + } + } } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") && strcmp(op->nbsp->type, "virtual")) { /* This is a logical switch port that backs a VM or a container.