diff mbox series

[ovs-dev,1/2] Add missing documentation for router policy and ecmp sym reply stage.

Message ID 20201211142646.1462213-1-numans@ovn.org
State Superseded
Headers show
Series [ovs-dev,1/2] Add missing documentation for router policy and ecmp sym reply stage. | expand

Commit Message

Numan Siddique Dec. 11, 2020, 2:26 p.m. UTC 
From: Numan Siddique <numans@ovn.org>

Fixes: df4f37ea7f82("Policy-based routing (PBR) in OVN.)
Fixes: a123ef0fb8fd("Support packet metadata marking for logical router policies.")
Fixes: 4fdca656857d("Add ECMP symmetric replies.")

Signed-off-by: Numan Siddique <numans@ovn.org>
---
 northd/ovn-northd.8.xml | 86 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 77 insertions(+), 9 deletions(-)
diff mbox series

Patch

diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index 8bbe577b69..d86f36ea63 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -2714,7 +2714,25 @@  icmp6 {
       </li>
     </ul>
 
-    <h3>Ingress Table 7: IPv6 ND RA option processing</h3>
+    <h3>Ingress Table 7: ECMP symmetric reply processing</h3>
+    <ul>
+      <li>
+        If ECMP routes with symmetric reply are configured in the
+        <code>OVN_Northbound</code> database for a gateway router, a
+        priority-100 flow is added for each router port on which symmetric
+        replies are configured. The matching logic for these ports essentially
+        reverses the configured logic of the ECMP route. So for instance, a
+        route with a destination routing policy will instead match if the
+        source IP address matches the static route's prefix. The flow uses
+        the action <code>ct_commit { ct_label.ecmp_reply_eth = eth.src;"
+        " ct_label.ecmp_reply_port = <var>K</var>;}; next; </code> to commit
+        the connection and storing <code>eth.src</code> and the ECMP
+        reply port binding tunnel key <var>K</var> in the
+        <code>ct_label</code>.
+      </li>
+    </ul>
+
+    <h3>Ingress Table 8: IPv6 ND RA option processing</h3>
 
     <ul>
       <li>
@@ -2744,7 +2762,7 @@  reg0[5] = put_nd_ra_opts(<var>options</var>);next;
       </li>
     </ul>
 
-    <h3>Ingress Table 8: IPv6 ND RA responder</h3>
+    <h3>Ingress Table 9: IPv6 ND RA responder</h3>
 
     <p>
       This table implements IPv6 ND RA responder for the IPv6 ND RA replies
@@ -2789,7 +2807,7 @@  output;
       </li>
     </ul>
 
-    <h3>Ingress Table 9: IP Routing</h3>
+    <h3>Ingress Table 10: IP Routing</h3>
 
     <p>
       A packet that arrives at this table is an IP packet that should be
@@ -2952,7 +2970,7 @@  select(reg8[16..31], <var>MID1</var>, <var>MID2</var>, ...);
       </li>
     </ul>
 
-    <h3>Ingress Table 10: IP_ROUTING_ECMP</h3>
+    <h3>Ingress Table 11: IP_ROUTING_ECMP</h3>
 
     <p>
       This table implements the second part of IP routing for ECMP routes
@@ -3004,7 +3022,57 @@  outport = <var>P</var>;
       </li>
     </ul>
 
-    <h3>Ingress Table 12: ARP/ND Resolution</h3>
+    <h3>Ingress Table 12: Router policies</h3>
+    <p>
+      This table adds flows for the logical router policies configured
+      on the logical router. Please see the
+      <code>OVN_Northbound</code> database <code>Logical_Router_Policy</code>
+      table documentation in <code>ovn-nb</code> for supported actions.
+    </p>
+
+    <ul>
+      <li>
+        <p>
+          For each router policy configured on the logical router, a
+          logical flow is added with specified priority, match and
+          actions.
+        </p>
+      </li>
+
+      <li>
+        <p>
+          If the policy action is <code>reroute</code>, then the logical
+          flow is added with the following actions:
+        </p>
+
+         <pre>
+[xx]reg0 = <var>H</var>;
+eth.src = <var>E</var>;
+outport = <var>P</var>;
+flags.loopback = 1;
+next;
+        </pre>
+
+        <p>
+          where <var>H</var> is the <code>nexthop </code> defined in the
+          router policy, <var>E</var> is the ethernet address of the
+          logical router port from which the <code>nexthop</code> is
+          reachable and <var>P</var> is the logical router port from
+          which the <code>nexthop</code> is reachable.
+        </p>
+      </li>
+
+      <li>
+        <p>
+          If a router policy has the option <code>pkt_mark=<var>m</var></code>
+          set and if the action is <code>not</code> drop, then the action also
+          includes <code>pkt.mark = <var>m</var></code> to mark the packet
+          with the marker <var>m</var>.
+        </p>
+      </li>
+    </ul>
+
+    <h3>Ingress Table 13: ARP/ND Resolution</h3>
 
     <p>
       Any packet that reaches this table is an IP packet whose next-hop
@@ -3190,7 +3258,7 @@  outport = <var>P</var>;
 
     </ul>
 
-    <h3>Ingress Table 13: Check packet length</h3>
+    <h3>Ingress Table 14: Check packet length</h3>
 
     <p>
       For distributed logical routers with distributed gateway port configured
@@ -3220,7 +3288,7 @@  REGBIT_PKT_LARGER = check_pkt_larger(<var>L</var>); next;
       and advances to the next table.
     </p>
 
-    <h3>Ingress Table 14: Handle larger packets</h3>
+    <h3>Ingress Table 15: Handle larger packets</h3>
 
     <p>
       For distributed logical routers with distributed gateway port configured
@@ -3281,7 +3349,7 @@  icmp6 {
       and advances to the next table.
     </p>
 
-    <h3>Ingress Table 15: Gateway Redirect</h3>
+    <h3>Ingress Table 16: Gateway Redirect</h3>
 
     <p>
       For distributed logical routers where one of the logical router
@@ -3321,7 +3389,7 @@  icmp6 {
       </li>
     </ul>
 
-    <h3>Ingress Table 16: ARP Request</h3>
+    <h3>Ingress Table 17: ARP Request</h3>
 
     <p>
       In the common case where the Ethernet destination has been resolved, this