From patchwork Fri Dec 11 14:26:46 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Numan Siddique <numans@ovn.org>
X-Patchwork-Id: 1414918
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.136; helo=silver.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=ovn.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4CstQg3wH4z9sR4
	for <incoming@patchwork.ozlabs.org>; Sat, 12 Dec 2020 01:27:07 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 93BDE2E0ED;
	Fri, 11 Dec 2020 14:27:03 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id mD8PiAKSTnM6; Fri, 11 Dec 2020 14:27:01 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by silver.osuosl.org (Postfix) with ESMTP id 19D4F2E0DE;
	Fri, 11 Dec 2020 14:27:01 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 065F4C0FA7;
	Fri, 11 Dec 2020 14:27:01 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id E80EDC013B
 for <dev@openvswitch.org>; Fri, 11 Dec 2020 14:26:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by silver.osuosl.org (Postfix) with ESMTP id BC8C92E0E4
 for <dev@openvswitch.org>; Fri, 11 Dec 2020 14:26:59 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id rzwgh0bAjnlH for <dev@openvswitch.org>;
 Fri, 11 Dec 2020 14:26:57 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net
 [217.70.183.201])
 by silver.osuosl.org (Postfix) with ESMTPS id E4E172E0DE
 for <dev@openvswitch.org>; Fri, 11 Dec 2020 14:26:56 +0000 (UTC)
X-Originating-IP: 116.75.127.92
Received: from nusiddiq.home.org.com (unknown [116.75.127.92])
 (Authenticated sender: numans@ovn.org)
 by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id 78A391BF206;
 Fri, 11 Dec 2020 14:26:54 +0000 (UTC)
From: numans@ovn.org
To: dev@openvswitch.org
Date: Fri, 11 Dec 2020 19:56:46 +0530
Message-Id: <20201211142646.1462213-1-numans@ovn.org>
X-Mailer: git-send-email 2.28.0
MIME-Version: 1.0
Subject: [ovs-dev] [PATCH ovn 1/2] Add missing documentation for router
	policy and ecmp sym reply stage.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

From: Numan Siddique <numans@ovn.org>

Fixes: df4f37ea7f82("Policy-based routing (PBR) in OVN.)
Fixes: a123ef0fb8fd("Support packet metadata marking for logical router policies.")
Fixes: 4fdca656857d("Add ECMP symmetric replies.")

Signed-off-by: Numan Siddique <numans@ovn.org>
---
 northd/ovn-northd.8.xml | 86 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 77 insertions(+), 9 deletions(-)

diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index 8bbe577b69..d86f36ea63 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -2714,7 +2714,25 @@ icmp6 {
       </li>
     </ul>
 
-    <h3>Ingress Table 7: IPv6 ND RA option processing</h3>
+    <h3>Ingress Table 7: ECMP symmetric reply processing</h3>
+    <ul>
+      <li>
+        If ECMP routes with symmetric reply are configured in the
+        <code>OVN_Northbound</code> database for a gateway router, a
+        priority-100 flow is added for each router port on which symmetric
+        replies are configured. The matching logic for these ports essentially
+        reverses the configured logic of the ECMP route. So for instance, a
+        route with a destination routing policy will instead match if the
+        source IP address matches the static route's prefix. The flow uses
+        the action <code>ct_commit { ct_label.ecmp_reply_eth = eth.src;"
+        " ct_label.ecmp_reply_port = <var>K</var>;}; next; </code> to commit
+        the connection and storing <code>eth.src</code> and the ECMP
+        reply port binding tunnel key <var>K</var> in the
+        <code>ct_label</code>.
+      </li>
+    </ul>
+
+    <h3>Ingress Table 8: IPv6 ND RA option processing</h3>
 
     <ul>
       <li>
@@ -2744,7 +2762,7 @@ reg0[5] = put_nd_ra_opts(<var>options</var>);next;
       </li>
     </ul>
 
-    <h3>Ingress Table 8: IPv6 ND RA responder</h3>
+    <h3>Ingress Table 9: IPv6 ND RA responder</h3>
 
     <p>
       This table implements IPv6 ND RA responder for the IPv6 ND RA replies
@@ -2789,7 +2807,7 @@ output;
       </li>
     </ul>
 
-    <h3>Ingress Table 9: IP Routing</h3>
+    <h3>Ingress Table 10: IP Routing</h3>
 
     <p>
       A packet that arrives at this table is an IP packet that should be
@@ -2952,7 +2970,7 @@ select(reg8[16..31], <var>MID1</var>, <var>MID2</var>, ...);
       </li>
     </ul>
 
-    <h3>Ingress Table 10: IP_ROUTING_ECMP</h3>
+    <h3>Ingress Table 11: IP_ROUTING_ECMP</h3>
 
     <p>
       This table implements the second part of IP routing for ECMP routes
@@ -3004,7 +3022,57 @@ outport = <var>P</var>;
       </li>
     </ul>
 
-    <h3>Ingress Table 12: ARP/ND Resolution</h3>
+    <h3>Ingress Table 12: Router policies</h3>
+    <p>
+      This table adds flows for the logical router policies configured
+      on the logical router. Please see the
+      <code>OVN_Northbound</code> database <code>Logical_Router_Policy</code>
+      table documentation in <code>ovn-nb</code> for supported actions.
+    </p>
+
+    <ul>
+      <li>
+        <p>
+          For each router policy configured on the logical router, a
+          logical flow is added with specified priority, match and
+          actions.
+        </p>
+      </li>
+
+      <li>
+        <p>
+          If the policy action is <code>reroute</code>, then the logical
+          flow is added with the following actions:
+        </p>
+
+         <pre>
+[xx]reg0 = <var>H</var>;
+eth.src = <var>E</var>;
+outport = <var>P</var>;
+flags.loopback = 1;
+next;
+        </pre>
+
+        <p>
+          where <var>H</var> is the <code>nexthop </code> defined in the
+          router policy, <var>E</var> is the ethernet address of the
+          logical router port from which the <code>nexthop</code> is
+          reachable and <var>P</var> is the logical router port from
+          which the <code>nexthop</code> is reachable.
+        </p>
+      </li>
+
+      <li>
+        <p>
+          If a router policy has the option <code>pkt_mark=<var>m</var></code>
+          set and if the action is <code>not</code> drop, then the action also
+          includes <code>pkt.mark = <var>m</var></code> to mark the packet
+          with the marker <var>m</var>.
+        </p>
+      </li>
+    </ul>
+
+    <h3>Ingress Table 13: ARP/ND Resolution</h3>
 
     <p>
       Any packet that reaches this table is an IP packet whose next-hop
@@ -3190,7 +3258,7 @@ outport = <var>P</var>;
 
     </ul>
 
-    <h3>Ingress Table 13: Check packet length</h3>
+    <h3>Ingress Table 14: Check packet length</h3>
 
     <p>
       For distributed logical routers with distributed gateway port configured
@@ -3220,7 +3288,7 @@ REGBIT_PKT_LARGER = check_pkt_larger(<var>L</var>); next;
       and advances to the next table.
     </p>
 
-    <h3>Ingress Table 14: Handle larger packets</h3>
+    <h3>Ingress Table 15: Handle larger packets</h3>
 
     <p>
       For distributed logical routers with distributed gateway port configured
@@ -3281,7 +3349,7 @@ icmp6 {
       and advances to the next table.
     </p>
 
-    <h3>Ingress Table 15: Gateway Redirect</h3>
+    <h3>Ingress Table 16: Gateway Redirect</h3>
 
     <p>
       For distributed logical routers where one of the logical router
@@ -3321,7 +3389,7 @@ icmp6 {
       </li>
     </ul>
 
-    <h3>Ingress Table 16: ARP Request</h3>
+    <h3>Ingress Table 17: ARP Request</h3>
 
     <p>
       In the common case where the Ethernet destination has been resolved, this