From patchwork Mon Nov 8 17:10:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1552448 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HnyLY5qJXz9sCD for ; Tue, 9 Nov 2021 04:11:01 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 026D080E20; Mon, 8 Nov 2021 17:10:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WRIBQ4WU5DPc; Mon, 8 Nov 2021 17:10:58 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 2517480E2C; Mon, 8 Nov 2021 17:10:57 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 05CB5C0012; Mon, 8 Nov 2021 17:10:57 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id CACD1C000E for ; Mon, 8 Nov 2021 17:10:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 391766081F for ; Mon, 8 Nov 2021 17:10:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBYq71nwOLi3 for ; Mon, 8 Nov 2021 17:10:53 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by smtp3.osuosl.org (Postfix) with ESMTPS id F41856064C for ; Mon, 8 Nov 2021 17:10:52 +0000 (UTC) Received: (Authenticated sender: numans@ovn.org) by relay9-d.mail.gandi.net (Postfix) with ESMTPSA id 54625FF805; Mon, 8 Nov 2021 17:10:49 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Mon, 8 Nov 2021 12:10:36 -0500 Message-Id: <20211108171036.1005777-1-numans@ovn.org> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn 2/2] northd: Don't add ARP responder flows for unreachable VIPs. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Numan Siddique If a logical router is associated with load balancer VIPs which are unreachable from it, we don't need to add ARP responder flows in the L2_LKUP stage of ingress pipeline of the logical switches connected to the router. This patch removes these flows. Signed-off-by: Numan Siddique Acked-by: Dumitru Ceara --- northd/northd.c | 63 ----------------------------------------- northd/ovn-northd.8.xml | 8 ------ tests/ovn-northd.at | 6 ++-- 3 files changed, 3 insertions(+), 74 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 1011518a9..0638df6a2 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -7134,68 +7134,6 @@ build_lswitch_rport_arp_req_flows(struct ovn_port *op, } } -static void -build_lflows_for_unreachable_vips(struct ovn_northd_lb *lb, - struct ovn_lb_vip *lb_vip, - struct hmap *lflows, - struct ds *match) -{ - static const char *action = "outport = \"_MC_flood\"; output;"; - bool ipv4 = IN6_IS_ADDR_V4MAPPED(&lb_vip->vip); - ovs_be32 ipv4_addr; - - ds_clear(match); - if (ipv4) { - if (!ip_parse(lb_vip->vip_str, &ipv4_addr)) { - return; - } - ds_put_format(match, "%s && arp.op == 1 && arp.tpa == %s", - FLAGBIT_NOT_VXLAN, lb_vip->vip_str); - } else { - ds_put_format(match, "%s && nd_ns && nd.target == %s", - FLAGBIT_NOT_VXLAN, lb_vip->vip_str); - } - - struct ovn_lflow *lflow_ref = NULL; - uint32_t hash = ovn_logical_flow_hash( - ovn_stage_get_table(S_SWITCH_IN_L2_LKUP), - ovn_stage_get_pipeline(S_SWITCH_IN_L2_LKUP), 90, - ds_cstr(match), action); - - for (size_t i = 0; i < lb->n_nb_lr; i++) { - struct ovn_datapath *od = lb->nb_lr[i]; - - if (!od->is_gw_router && !od->n_l3dgw_ports) { - continue; - } - - struct ovn_port *op; - LIST_FOR_EACH (op, dp_node, &od->port_list) { - if (!od->is_gw_router && !is_l3dgw_port(op)) { - continue; - } - - struct ovn_port *peer = op->peer; - if (!peer || !peer->nbsp || lsp_is_external(peer->nbsp)) { - continue; - } - - if ((ipv4 && lrouter_port_ipv4_reachable(op, ipv4_addr)) || - (!ipv4 && lrouter_port_ipv6_reachable(op, &lb_vip->vip))) { - continue; - } - - if (ovn_dp_group_add_with_reference(lflow_ref, peer->od)) { - continue; - } - lflow_ref = ovn_lflow_add_at_with_hash( - lflows, peer->od, S_SWITCH_IN_L2_LKUP, 90, ds_cstr(match), - action, NULL, NULL, &peer->nbsp->header_, - OVS_SOURCE_LOCATOR, hash); - } - } -} - static void build_dhcpv4_options_flows(struct ovn_port *op, struct lport_addresses *lsp_addrs, @@ -9683,7 +9621,6 @@ build_lrouter_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, for (size_t i = 0; i < lb->n_vips; i++) { struct ovn_lb_vip *lb_vip = &lb->vips[i]; - build_lflows_for_unreachable_vips(lb, lb_vip, lflows, match); build_lrouter_nat_flows_for_lb(lb_vip, lb, &lb->vips_nb[i], lflows, match, action, meter_groups); diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 5c6b85d70..e42c70be1 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1582,14 +1582,6 @@ output; :mcast_relay='true'. -
  • - Priority-90 flows for each VIP address of a load balancer configured - outside its owning router port's subnet. These flows match ARP - requests and ND packets for the specific IP addresses. Matched packets - are forwarded to the MC_FLOOD multicast group which - contains all connected logical ports. -
    • -
  • A priority-85 flow that forwards all IP multicast traffic destined to 224.0.0.X to the MC_FLOOD multicast group, which diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 9499b2e45..4ccef9328 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -4718,11 +4718,11 @@ AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows | sed 's/table=../table=??/' | sort], table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 && arp.op == 1 && arp.tpa == 192.168.1.100), action=(clone {outport = "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;) table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 && arp.op == 1 && arp.tpa == 30.0.0.100), action=(clone {outport = "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;) table=??(ls_in_l2_lkup ), priority=80 , match=(flags[[1]] == 0 && nd_ns && nd.target == fe80::200:ff:fe00:101), action=(clone {outport = "ls1-ro1"; output; }; outport = "_MC_flood_l2"; output;) - table=??(ls_in_l2_lkup ), priority=90 , match=(flags[[1]] == 0 && arp.op == 1 && arp.tpa == 192.168.4.100), action=(outport = "_MC_flood"; output;) ]) -# Make sure that there is flow for VIP 192.168.4.100 to flood as it is unreachable. -AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows | grep "192.168.4.100" | grep -v clone | grep "_MC_flood" -c], [0], [1 + +# Make sure that there is no flow for VIP 192.168.4.100 as it is unreachable. +AT_CHECK([grep "ls_in_l2_lkup" ls1_lflows | grep "192.168.4.100" | grep -v clone | grep "_MC_flood" -c], [1], [0 ]) AT_CLEANUP