| Message ID | 20170418114911.7832-1-ligs@dtdream.com |
|---|---|
| State | Deferred |
| Headers | show |
On Tue, Apr 18, 2017 at 4:49 AM, Guoshuai Li <ligs@dtdream.com> wrote: > Signed-off-by: Guoshuai Li <ligs@dtdream.com> > --- > tests/system-ovn.at | 101 ++++++++++++++++++++++++++++++ > ++++++++++++++++++ > tests/system-traffic.at | 20 ++++++++++ > 2 files changed, 121 insertions(+) > > diff --git a/tests/system-ovn.at b/tests/system-ovn.at > index dd62bd1..68da38a 100644 > --- a/tests/system-ovn.at > +++ b/tests/system-ovn.at <snip> ... I have not looked at the system-ovn test yet. > > > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index c042773..295e606 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -3678,3 +3678,23 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 1 -w 3 > 10.4.2.2], [1], [ignore]) > > OVS_TRAFFIC_VSWITCHD_STOP(["/dropping VLAN \(0\|300\) packet received on > dot1q-tunnel port/d"]) > AT_CLEANUP > + > +AT_SETUP([datapath - SNAT and UNSNAT]) > +OVS_TRAFFIC_VSWITCHD_START() > + > +AT_CHECK([ovs-ofctl add-flow br0 "table=0, priority=100,in_port=1,ip,nw_dst=20.0.0.2 > actions=dec_ttl(),mod_dl_src:00:00:02:01:02:01,mod_dl_dst: > 00:00:02:01:02:02,resubmit(,1)"]) > +AT_CHECK([ovs-ofctl add-flow br0 "table=1, priority=100,ip,nw_src=192.168.1.2 > actions=ct(commit,table=2,zone=6,nat(src=20.0.0.1))"]) > There should be another table added here with a flow that does the clone with nested ct_clear actions. The use of ct_clear changes how the unsnat in table 3 is processed. Mickey > +AT_CHECK([ovs-ofctl add-flow br0 "table=2, priority=100,icmp,nw_dst=20.0.0.2,icmp_type=8,icmp_code=0 > actions=push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_ > OF_IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[], > load:0->NXM_OF_ICMP_TYPE[],dec_ttl(),mod_dl_src:00:00:02: > 01:02:02,mod_dl_dst:00:00:02:01:02:01,resubmit(,3)"]) > +AT_CHECK([ovs-ofctl add-flow br0 "table=3, priority=100,ip,nw_dst=20.0.0.1 > actions=ct(table=4,zone=6,nat)"]) > +AT_CHECK([ovs-ofctl add-flow br0 "table=4, priority=100,ip,nw_dst=192.168.1.2 > actions=dec_ttl(),mod_dl_src:00:00:01:01:02:01,mod_dl_dst: > f0:00:00:01:02:01,load:0->NXM_OF_IN_PORT[],output:1"]) > + > +ADD_NAMESPACES(foo1) > +ADD_VETH(foo1, foo1, br0, "192.168.1.2/24", "f0:00:00:01:02:01", > "192.168.1.1") > +NS_CHECK_EXEC([foo1], [arp -s 192.168.1.1 00:00:01:01:02:01]) > + > +NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.2 | FORMAT_PING], > [0], [dnl > +3 packets transmitted, 3 received, 0% packet loss, time 0ms > +]) > + > +OVS_TRAFFIC_VSWITCHD_STOP > +AT_CLEANUP > -- > 2.10.1.windows.1 > > This patch is used to analyze "ovn: unsnat handling error for Distributed > Gateway" problems: > > https://mail.openvswitch.org/pipermail/ovs-dev/2017-April/331033.html > >
I forgot one other comment. On Thu, Apr 20, 2017 at 11:05 AM, Mickey Spiegel <mickeys.dev@gmail.com> wrote: > > On Tue, Apr 18, 2017 at 4:49 AM, Guoshuai Li <ligs@dtdream.com> wrote: > >> Signed-off-by: Guoshuai Li <ligs@dtdream.com> >> --- >> tests/system-ovn.at | 101 ++++++++++++++++++++++++++++++ >> ++++++++++++++++++ >> tests/system-traffic.at | 20 ++++++++++ >> 2 files changed, 121 insertions(+) >> >> diff --git a/tests/system-ovn.at b/tests/system-ovn.at >> index dd62bd1..68da38a 100644 >> --- a/tests/system-ovn.at >> +++ b/tests/system-ovn.at > > > <snip> ... I have not looked at the system-ovn test yet. > >> >> >> diff --git a/tests/system-traffic.at b/tests/system-traffic.at >> index c042773..295e606 100644 >> --- a/tests/system-traffic.at >> +++ b/tests/system-traffic.at >> @@ -3678,3 +3678,23 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 1 -w 3 >> 10.4.2.2], [1], [ignore]) >> >> OVS_TRAFFIC_VSWITCHD_STOP(["/dropping VLAN \(0\|300\) packet received >> on dot1q-tunnel port/d"]) >> AT_CLEANUP >> + >> +AT_SETUP([datapath - SNAT and UNSNAT]) >> > The name should be more specific. This does not just test SNAT and UNSNAT in the datapath, it includes an action in between that forces processing to userspace. Something like "datapath - SNAT, userspace action, UNSNAT"? Mickey > +OVS_TRAFFIC_VSWITCHD_START() >> + >> +AT_CHECK([ovs-ofctl add-flow br0 "table=0, priority=100,in_port=1,ip,nw_dst=20.0.0.2 >> actions=dec_ttl(),mod_dl_src:00:00:02:01:02:01,mod_dl_dst:00 >> :00:02:01:02:02,resubmit(,1)"]) >> +AT_CHECK([ovs-ofctl add-flow br0 "table=1, priority=100,ip,nw_src=192.168.1.2 >> actions=ct(commit,table=2,zone=6,nat(src=20.0.0.1))"]) >> > > There should be another table added here with a flow that does the clone > with nested ct_clear actions. The use of ct_clear changes how the unsnat in > table 3 is processed. > > Mickey > > >> +AT_CHECK([ovs-ofctl add-flow br0 "table=2, priority=100,icmp,nw_dst=20.0.0.2,icmp_type=8,icmp_code=0 >> actions=push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_OF >> _IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[],loa >> d:0->NXM_OF_ICMP_TYPE[],dec_ttl(),mod_dl_src:00:00:02:01: >> 02:02,mod_dl_dst:00:00:02:01:02:01,resubmit(,3)"]) >> +AT_CHECK([ovs-ofctl add-flow br0 "table=3, priority=100,ip,nw_dst=20.0.0.1 >> actions=ct(table=4,zone=6,nat)"]) >> +AT_CHECK([ovs-ofctl add-flow br0 "table=4, priority=100,ip,nw_dst=192.168.1.2 >> actions=dec_ttl(),mod_dl_src:00:00:01:01:02:01,mod_dl_dst:f0 >> :00:00:01:02:01,load:0->NXM_OF_IN_PORT[],output:1"]) >> + >> +ADD_NAMESPACES(foo1) >> +ADD_VETH(foo1, foo1, br0, "192.168.1.2/24", "f0:00:00:01:02:01", >> "192.168.1.1") >> +NS_CHECK_EXEC([foo1], [arp -s 192.168.1.1 00:00:01:01:02:01]) >> + >> +NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.2 | FORMAT_PING], >> [0], [dnl >> +3 packets transmitted, 3 received, 0% packet loss, time 0ms >> +]) >> + >> +OVS_TRAFFIC_VSWITCHD_STOP >> +AT_CLEANUP >> -- >> 2.10.1.windows.1 >> >> This patch is used to analyze "ovn: unsnat handling error for Distributed >> Gateway" problems: >> >> https://mail.openvswitch.org/pipermail/ovs-dev/2017-April/331033.html >> >> >
diff --git a/tests/system-ovn.at b/tests/system-ovn.at index dd62bd1..68da38a 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -1396,3 +1396,104 @@ as OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d /connection dropped.*/d"]) AT_CLEANUP + +AT_SETUP([ovn -- ping other router port on distributed router]) +AT_KEYWORDS([ovnnat]) + +CHECK_CONNTRACK() +CHECK_CONNTRACK_NAT() +ovn_start +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-int]) + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Logical network: +# Two LRs - R1 and R2 that are connected to LS "join" (20.0.0.0/24). +# R1 has switchess foo (192.168.1.0/24). +# The port between R1/R2 and "join" is the router gateway port where +# the NAT rules are applied. +# +# foo -- R1 -- join -- R2 +# + +ovn-nbctl lr-add R1 +ovn-nbctl lr-add R2 + +ovn-nbctl ls-add foo +ovn-nbctl ls-add join + +ovn-nbctl lrp-add R1 foo 00:00:01:01:02:01 192.168.1.1/24 +ovn-nbctl lrp-add R1 join1 00:00:02:01:02:01 20.0.0.1/24 \ + -- set Logical_Router_Port join1 options:redirect-chassis=hv1 +ovn-nbctl lrp-add R2 join2 00:00:02:01:02:02 20.0.0.2/24 \ + -- set Logical_Router_Port join2 options:redirect-chassis=hv1 + +# Connect foo to R1 +ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \ + type=router options:router-port=foo \ + -- lsp-set-addresses rp-foo router + +# Connect join to R1 +ovn-nbctl lsp-add join rp-join1 -- set Logical_Switch_Port rp-join1 \ + type=router options:router-port=join1 \ + -- lsp-set-addresses rp-join1 router + +# Connect join to R2 +ovn-nbctl lsp-add join rp-join2 -- set Logical_Switch_Port rp-join2 \ + type=router options:router-port=join2 \ + -- lsp-set-addresses rp-join2 router + +# Logical port 'foo1' in switch 'foo'. +ADD_NAMESPACES(foo1) +ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:01", \ + "192.168.1.1") +ovn-nbctl lsp-add foo foo1 \ +-- lsp-set-addresses foo1 "f0:00:00:01:02:01 192.168.1.2" + +# Add SNAT rule +ovn-nbctl lr-nat-add R1 snat 20.0.0.1 192.168.1.0/24 + +ovn-nbctl --wait=hv sync + +echo "------ hv dump ------" +ovs-ofctl show br-int +ovs-ofctl dump-flows br-int +echo "---------------------" + +# East-West No NAT: 'foo1' pings 'R2' using 20.0.0.2 +NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.2 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +# We verify that SNAT indeed happened via 'dump-conntrack' command. +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(192.168.1.2) | \ +sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl +icmp,orig=(src=192.168.1.2,dst=20.0.0.2,id=<cleared>,type=8,code=0),reply=(src=20.0.0.2,dst=20.0.0.1,id=<cleared>,type=0,code=0),zone=<cleared> +]) + +OVS_APP_EXIT_AND_WAIT([ovn-controller]) + +as ovn-sb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as ovn-nb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as northd +OVS_APP_EXIT_AND_WAIT([ovn-northd]) + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d +/connection dropped.*/d"]) +AT_CLEANUP diff --git a/tests/system-traffic.at b/tests/system-traffic.at index c042773..295e606 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -3678,3 +3678,23 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 1 -w 3 10.4.2.2], [1], [ignore]) OVS_TRAFFIC_VSWITCHD_STOP(["/dropping VLAN \(0\|300\) packet received on dot1q-tunnel port/d"]) AT_CLEANUP + +AT_SETUP([datapath - SNAT and UNSNAT]) +OVS_TRAFFIC_VSWITCHD_START() + +AT_CHECK([ovs-ofctl add-flow br0 "table=0, priority=100,in_port=1,ip,nw_dst=20.0.0.2 actions=dec_ttl(),mod_dl_src:00:00:02:01:02:01,mod_dl_dst:00:00:02:01:02:02,resubmit(,1)"]) +AT_CHECK([ovs-ofctl add-flow br0 "table=1, priority=100,ip,nw_src=192.168.1.2 actions=ct(commit,table=2,zone=6,nat(src=20.0.0.1))"]) +AT_CHECK([ovs-ofctl add-flow br0 "table=2, priority=100,icmp,nw_dst=20.0.0.2,icmp_type=8,icmp_code=0 actions=push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_OF_IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[],load:0->NXM_OF_ICMP_TYPE[],dec_ttl(),mod_dl_src:00:00:02:01:02:02,mod_dl_dst:00:00:02:01:02:01,resubmit(,3)"]) +AT_CHECK([ovs-ofctl add-flow br0 "table=3, priority=100,ip,nw_dst=20.0.0.1 actions=ct(table=4,zone=6,nat)"]) +AT_CHECK([ovs-ofctl add-flow br0 "table=4, priority=100,ip,nw_dst=192.168.1.2 actions=dec_ttl(),mod_dl_src:00:00:01:01:02:01,mod_dl_dst:f0:00:00:01:02:01,load:0->NXM_OF_IN_PORT[],output:1"]) + +ADD_NAMESPACES(foo1) +ADD_VETH(foo1, foo1, br0, "192.168.1.2/24", "f0:00:00:01:02:01", "192.168.1.1") +NS_CHECK_EXEC([foo1], [arp -s 192.168.1.1 00:00:01:01:02:01]) + +NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.2 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP
Signed-off-by: Guoshuai Li <ligs@dtdream.com> --- tests/system-ovn.at | 101 ++++++++++++++++++++++++++++++++++++++++++++++++ tests/system-traffic.at | 20 ++++++++++ 2 files changed, 121 insertions(+)