From patchwork Thu Nov 11 19:13:06 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladislav Odintsov <odivlad@gmail.com>
X-Patchwork-Id: 1554071
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20210112 header.b=mRLCiUJH;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.138; helo=smtp1.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HqrwS4hbVz9s1l
	for <incoming@patchwork.ozlabs.org>; Fri, 12 Nov 2021 06:13:28 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id 9103B81C38;
	Thu, 11 Nov 2021 19:13:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
	by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id qMGcCdV9HbLh; Thu, 11 Nov 2021 19:13:23 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp1.osuosl.org (Postfix) with ESMTPS id A0C8081CAD;
	Thu, 11 Nov 2021 19:13:22 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 71D69C0019;
	Thu, 11 Nov 2021 19:13:22 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 3449AC000E
 for <dev@openvswitch.org>; Thu, 11 Nov 2021 19:13:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id F1D6B4046D
 for <dev@openvswitch.org>; Thu, 11 Nov 2021 19:13:20 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Authentication-Results: smtp2.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dvkmEi-n7c81 for <dev@openvswitch.org>;
 Thu, 11 Nov 2021 19:13:18 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com
 [IPv6:2a00:1450:4864:20::135])
 by smtp2.osuosl.org (Postfix) with ESMTPS id B14F340472
 for <dev@openvswitch.org>; Thu, 11 Nov 2021 19:13:17 +0000 (UTC)
Received: by mail-lf1-x135.google.com with SMTP id b40so16452140lfv.10
 for <dev@openvswitch.org>; Thu, 11 Nov 2021 11:13:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=cJbZqFLaZMmzrFduHtkVFI2V8YXTQ66GTeGA3jZYlVo=;
 b=mRLCiUJHKVfezkKtNxzbMKB7nP5tTAegeBiY8Fdg2udbZKQ/qyya1kwLGha+n7mWkS
 nW6LiSpa4DjRMQ+cLQoxiRK3+CMy7UMmUGj0Asbnrjw1B7znygebbEi2qRfFwg4ShCgx
 ovuo2WUw9/G38a6idFGoczygzpAqOz5EanM+PJdmt6r8ur2Q0c+EYZ9NIdEKQ2ZyacZP
 YljoQ58CsgkYWqiASe9sIJlUr9HRS4vrbW8bgDIS9YUov827fn43x95UoEjw67OpkRLx
 J1HBKBy/gWJmQYx5jeVrCTu3V5HR6g9BYdCCAA2V+5B93G09kQyIaEmkHrKZbWgdvkjq
 FxlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=cJbZqFLaZMmzrFduHtkVFI2V8YXTQ66GTeGA3jZYlVo=;
 b=wqcAV+gh5/NrXvgP7FQmFT4RxryKpEb7AQmO73f8lMY2I3G58AExATDSYrvrSgA3YP
 AchfdW4HFY9glNPd0J+AlS1PjnLN2NILuFs7w2E8KdwxYbdl/dUpRkUx4UAHa4HuUpdc
 XeMb9k12afPr/AH7WgObUi/HAS2PAJ6g0fn0LrSuXV83Tw8qkkDTcjBihu+pGbnDAW/z
 kq28VdkH/Tg1wfR7PDt8aSabAzVVmPDVbeX2311xiCZVA45Z/1J+Xg340y7KITcNubfN
 ensOPFqFpDq55AY4htYYfY+c+fsVALIIVj+Xo/inyjBbPvAOBwf/qihL69IBB/Qanotb
 uyzA==
X-Gm-Message-State: AOAM5321t+DGqz/5nOuANpdoJFqD/gXHmpgFgU7jdmhuDNSonSX2Uh3z
 umNbFP3NgSxJzjRfA/Du7C79L73si0+PlA==
X-Google-Smtp-Source: 
 ABdhPJxRPsqPgZGtJQzWfstMcaloF2b0r7QOJiNEEBYqB8Oy2lFpv5RjGAqqKvJEZturpXp4igqNWw==
X-Received: by 2002:a05:6512:108a:: with SMTP id
 j10mr8378038lfg.557.1636657995444;
 Thu, 11 Nov 2021 11:13:15 -0800 (PST)
Received: from localhost.localdomain (109-252-131-59.dynamic.spd-mgts.ru.
 [109.252.131.59])
 by smtp.gmail.com with ESMTPSA id p26sm106915ljj.70.2021.11.11.11.13.15
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 11 Nov 2021 11:13:15 -0800 (PST)
From: Vladislav Odintsov <odivlad@gmail.com>
To: dev@openvswitch.org
Date: Thu, 11 Nov 2021 22:13:06 +0300
Message-Id: <20211111191306.6369-6-odivlad@gmail.com>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20211111191306.6369-1-odivlad@gmail.com>
References: <20211111191306.6369-1-odivlad@gmail.com>
MIME-Version: 1.0
Cc: Vladislav Odintsov <odivlad@gmail.com>
Subject: [ovs-dev] [PATCH ovn v7 5/5] ic: don't learn routes which have
	local GW
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

In case we have ovn-ic-interconnected Logical_Routers
and install same ip_prefix route with GW in local AZ
in each LR in each AZ, this route would be learned in
other AZs and L3 loop is possible.
There could be next routes output:

[az1 ~]$ ovn-nbctl lr-route-list lr0
IPv4 Routes
Route Table global:
              128.0.0.0/1               169.254.1.1 dst-ip ecmp
              128.0.0.0/1             169.254.100.2 dst-ip (learned) ecmp

[az2 ~]$ ovn-nbctl lr-route-list lr0
IPv4 Routes
Route Table global:
              128.0.0.0/1               169.254.2.1 dst-ip ecmp
              128.0.0.0/1             169.254.100.1 dst-ip (learned) ecmp

So, there is a possible routing loop. Packets going
to 128.0.0.0/1 could go from AZ1 to AZ2 and on AZ2
they can be routed back.

This commit adds check for installed local (non-learned)
routes. If OVN IC route's ip_prefix, route_table are
the same with already installed non-learned NB route, such
route wouldn't be learned.

Signed-off-by: Vladislav Odintsov <odivlad@gmail.com>
---
 ic/ovn-ic.c           | 30 ++++++++++++++++++++++++--
 tests/ovn-ic.at       | 49 +++++++++++++++++++++++++++++++++++++++++++
 utilities/ovn-nbctl.c |  4 +++-
 3 files changed, 80 insertions(+), 3 deletions(-)

diff --git a/ic/ovn-ic.c b/ic/ovn-ic.c
index f40468e92..a9b797af2 100644
--- a/ic/ovn-ic.c
+++ b/ic/ovn-ic.c
@@ -1209,7 +1209,25 @@ add_network_to_routes_ad(struct hmap *routes_ad, const char *network,
 }
 
 static bool
-route_need_learn(struct in6_addr *prefix, unsigned int plen,
+route_has_local_gw(const struct nbrec_logical_router *lr,
+                   const char *route_table, const char *ip_prefix) {
+
+    const struct nbrec_logical_router_static_route *route;
+    for (int i = 0; i < lr->n_static_routes; i++) {
+        route = lr->static_routes[i];
+        if (!smap_get(&route->external_ids, "ic-learned-route") &&
+            !strcmp(route->route_table, route_table) &&
+            !strcmp(route->ip_prefix, ip_prefix)) {
+            return true;
+        }
+    }
+    return false;
+}
+
+static bool
+route_need_learn(const struct nbrec_logical_router *lr,
+                 const struct icsbrec_route *isb_route,
+                 struct in6_addr *prefix, unsigned int plen,
                  const struct smap *nb_options)
 {
     if (!smap_get_bool(nb_options, "ic-route-learn", false)) {
@@ -1229,6 +1247,12 @@ route_need_learn(struct in6_addr *prefix, unsigned int plen,
         return false;
     }
 
+    if (route_has_local_gw(lr, isb_route->route_table, isb_route->ip_prefix)) {
+        VLOG_DBG("Skip learning %s (rtb:%s) route, as we've got one with "
+                 "local GW", isb_route->ip_prefix, isb_route->route_table);
+        return false;
+    }
+
     return true;
 }
 
@@ -1333,9 +1357,11 @@ sync_learned_routes(struct ic_context *ctx,
                              isb_route->nexthop);
                 continue;
             }
-            if (!route_need_learn(&prefix, plen, &nb_global->options)) {
+            if (!route_need_learn(ic_lr->lr, isb_route, &prefix, plen,
+                                  &nb_global->options)) {
                 continue;
             }
+
             struct ic_route_info *route_learned
                 = ic_route_find(&ic_lr->routes_learned, &prefix, plen,
                                 &nexthop, isb_route->origin,
diff --git a/tests/ovn-ic.at b/tests/ovn-ic.at
index 1340874d5..a189a8fed 100644
--- a/tests/ovn-ic.at
+++ b/tests/ovn-ic.at
@@ -928,3 +928,52 @@ OVN_CLEANUP_IC([az1], [az2])
 
 AT_CLEANUP
 ])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn-ic -- same routes destination])
+
+ovn_init_ic_db
+ovn-ic-nbctl ts-add ts1
+
+for i in 1 2; do
+    ovn_start az$i
+    ovn_as az$i
+
+    # Enable route learning at AZ level
+    ovn-nbctl set nb_global . options:ic-route-learn=true
+    ovn-nbctl set nb_global . options:ic-route-learn-default=true
+    # Enable route advertising at AZ level
+    ovn-nbctl set nb_global . options:ic-route-adv=true
+    ovn-nbctl set nb_global . options:ic-route-adv-default=true
+
+    lr=lr1$i
+    ovn-nbctl lr-add $lr
+
+    lrp=lrp-$lr-ts1
+    lsp=lsp-ts1-$lr
+    # Create LRP and connect to TS
+    ovn-nbctl lrp-add $lr $lrp aa:aa:aa:aa:aa:0$i 169.254.100.$i/24
+    ovn-nbctl lsp-add ts1 $lsp \
+        -- lsp-set-addresses $lsp router \
+        -- lsp-set-type $lsp router \
+        -- lsp-set-options $lsp router-port=$lrp
+    ovn-nbctl lrp-add $lr lrp-local-subnet 00:00:00:00:00:0$i 192.168.$i.1/24
+    ovn-nbctl list logical-router-static-route
+    check ovn-nbctl lr-route-add $lr 10.0.0.0/24 192.168.$i.10
+    check ovn-nbctl lr-route-add $lr 0.0.0.0/0 192.168.$i.11
+done
+
+AT_CHECK([ovn_as az1 ovn-nbctl lr-route-list lr11 | grep dst-ip | sort], [0], [dnl
+                0.0.0.0/0              192.168.1.11 dst-ip
+              10.0.0.0/24              192.168.1.10 dst-ip
+           192.168.2.0/24             169.254.100.2 dst-ip (learned)
+])
+
+AT_CHECK([ovn_as az2 ovn-nbctl lr-route-list lr12 | grep dst-ip | sort], [0], [dnl
+                0.0.0.0/0              192.168.2.11 dst-ip
+              10.0.0.0/24              192.168.2.10 dst-ip
+           192.168.1.0/24             169.254.100.1 dst-ip (learned)
+])
+
+AT_CLEANUP
+])
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index 8bdcb19a3..17bb5d41d 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -4104,6 +4104,8 @@ nbctl_pre_lr_route_add(struct ctl_context *ctx)
                          &nbrec_logical_router_static_route_col_options);
     ovsdb_idl_add_column(ctx->idl,
                          &nbrec_logical_router_static_route_col_route_table);
+    ovsdb_idl_add_column(ctx->idl,
+                         &nbrec_logical_router_static_route_col_external_ids);
 }
 
 static char * OVS_WARN_UNUSED_RESULT
@@ -4233,7 +4235,7 @@ nbctl_lr_route_add(struct ctl_context *ctx)
     }
 
     if (!ecmp) {
-        if (route) {
+        if (route && !smap_get(&route->external_ids, "ic-learned-route")) {
             if (!may_exist) {
                 ctl_error(ctx, "duplicate prefix: %s (policy: %s). Use option"
                           " --ecmp to allow this for ECMP routing.",