From patchwork Sat Nov 13 09:43:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Odintsov X-Patchwork-Id: 1554666 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=HBrbFEQa; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HrrBn3llrz9sR4 for ; Sat, 13 Nov 2021 20:44:17 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 825EA60888; Sat, 13 Nov 2021 09:44:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VM4R-wJnRGli; Sat, 13 Nov 2021 09:44:08 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTPS id 6029760769; Sat, 13 Nov 2021 09:44:07 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 45090C002E; Sat, 13 Nov 2021 09:44:07 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id EBB3BC002E for ; Sat, 13 Nov 2021 09:44:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id C628340212 for ; Sat, 13 Nov 2021 09:44:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xX-dOLMlysFg for ; Sat, 13 Nov 2021 09:44:03 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) by smtp2.osuosl.org (Postfix) with ESMTPS id 1A9164013B for ; Sat, 13 Nov 2021 09:44:03 +0000 (UTC) Received: by mail-lj1-x235.google.com with SMTP id e11so23380878ljo.13 for ; Sat, 13 Nov 2021 01:44:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JZmGTb9DB9rEl62bS2E1nGXi1VkXNzOAdDCm69FbILs=; b=HBrbFEQaYKTGSrRiljodpySfD2913jvFliX3XtZTW6HhrWm8YbWZe1jVR75FMR87fF JHhQyqQu/SbwEN1Z3WkcfJYCUZALx5QyINPtqMm4lvUu0dCPvV7z9vPTQDbTDqhzsGMU wMLWf2+DxJmgVTUVkwgQ2YZZuSYgrluQ8dIDP26dqsSQWbmkyOciIryqo8xJhvYUJ1mw nhUmMXqfigUD0NcVvv0lJsVx37dzJ/IuhCfrpZESOOVaWv1hEQaxd/VSl/ysnt7P94gA arTkpqL7V+jq700nOFCuE/FZDW/qXHNNiZVXC7Bbey1K1P0SfdUVioRN//S7/3TYnvtR x21g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JZmGTb9DB9rEl62bS2E1nGXi1VkXNzOAdDCm69FbILs=; b=UyFrqwJycrYWqF9DTINNHVti/GLwZcuzmqYeQlgf8Q/98vNYZQwPUayYYvPnAD1lH5 nF0PU4R06gi7LvQORfcM+zK4eI7DmbRDRnkgiu6WTo/H5qVsbzRPNTjozRKQTFP/dUwk gjxY3KIXyBnWH4AlE0T4s6/EGk7zrVWvchC4ysQhkyk85pb1b5gJeOORAl0ypZG3xzKD ZIUlT3e1o3oFRzRCQrDLzGxXZjRJoYyJisWuRIYgQ+FqUR2XwpKIpk3zXI+kr7LmSLot kkvpsHPStXApUf3AKhXUmzuz4f2511ljSZ5Yy00zscTrxL88Cqfd80nEonW86XHWZAm9 7Wvw== X-Gm-Message-State: AOAM530JSFX20kcG3CpVA5XKjWPwuGOgpAtQd2+J9ZoxJZMZmBuULrhX Lm7VlkWqZ9vOAMIXqlvSPbEd3/U5ZkjXRQ== X-Google-Smtp-Source: ABdhPJwPnIm4bSLnjalcdRSuu4VAOZz+6BEZYoTNXnFvMio/v/Z+KHqexblXf0DXwCgsjeyBgGz3GQ== X-Received: by 2002:a05:651c:106a:: with SMTP id y10mr21954951ljm.455.1636796640590; Sat, 13 Nov 2021 01:44:00 -0800 (PST) Received: from localhost.localdomain (109-252-131-59.dynamic.spd-mgts.ru. [109.252.131.59]) by smtp.gmail.com with ESMTPSA id h1sm818725lfu.277.2021.11.13.01.44.00 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 13 Nov 2021 01:44:00 -0800 (PST) From: Vladislav Odintsov To: dev@openvswitch.org Date: Sat, 13 Nov 2021 12:43:50 +0300 Message-Id: <20211113094353.17690-3-odivlad@gmail.com> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20211113094353.17690-1-odivlad@gmail.com> References: <20211113094353.17690-1-odivlad@gmail.com> MIME-Version: 1.0 Cc: Vladislav Odintsov Subject: [ovs-dev] [PATCH ovn v8 2/5] northd: make connected routes have higher priority than static X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" With this patch routes to connected networks have higher priority than static routes with same ip_prefix. This brings commonly-used behaviour for routes lookup order: 1: longest prefix match 2: metric The metric has next lookup order: 1: connected routes 2: static routes Earlier static and connected routes with same ip_prefix had the same priority, so it was impossible to predict which one is used for routing decision. Each route's prefix length has its own 'slot' in lflow prios. Now prefix length space is calculated using next information: to calculate route's priority prefixlen multiplied by 3 + route origin offset (0 - source-based route; 1 - directly- connected route; 2 - static route). Also, enlarge prio for generic records in lr_in_ip_routing stage by 10000. Signed-off-by: Vladislav Odintsov Signed-off-by: Vladislav Odintsov > --- northd/northd.c | 50 ++++++++++++++++++++++++++++------------- northd/ovn-northd.8.xml | 12 +++++----- tests/ovn-northd.at | 8 +++---- 3 files changed, 45 insertions(+), 25 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 1e8a3457c..0d513f039 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -305,6 +305,15 @@ enum ovn_stage { * */ +/* + * Route offsets implement logic to prioritize traffic for routes with + * same ip_prefix values: + * - connected route overrides static one; + * - static route overrides connected route. */ +#define ROUTE_PRIO_OFFSET_MULTIPLIER 3 +#define ROUTE_PRIO_OFFSET_STATIC 1 +#define ROUTE_PRIO_OFFSET_CONNECTED 2 + /* Returns an "enum ovn_stage" built from the arguments. */ static enum ovn_stage ovn_stage_build(enum ovn_datapath_type dp_type, enum ovn_pipeline pipeline, @@ -8782,6 +8791,7 @@ struct ecmp_groups_node { struct in6_addr prefix; unsigned int plen; bool is_src_route; + const char *origin; uint16_t route_count; struct ovs_list route_list; /* Contains ecmp_route_list_node */ }; @@ -8819,6 +8829,7 @@ ecmp_groups_add(struct hmap *ecmp_groups, eg->prefix = route->prefix; eg->plen = route->plen; eg->is_src_route = route->is_src_route; + eg->origin = smap_get_def(&route->route->options, "origin", ""); ovs_list_init(&eg->route_list); ecmp_groups_add_route(eg, route); @@ -8919,19 +8930,20 @@ build_route_prefix_s(const struct in6_addr *prefix, unsigned int plen) static void build_route_match(const struct ovn_port *op_inport, const char *network_s, int plen, bool is_src_route, bool is_ipv4, struct ds *match, - uint16_t *priority) + uint16_t *priority, int ofs) { const char *dir; /* The priority here is calculated to implement longest-prefix-match * routing. */ if (is_src_route) { dir = "src"; - *priority = plen * 2; + ofs = 0; } else { dir = "dst"; - *priority = (plen * 2) + 1; } + *priority = (plen * ROUTE_PRIO_OFFSET_MULTIPLIER) + ofs; + if (op_inport) { ds_put_format(match, "inport == %s && ", op_inport->json_key); } @@ -9073,7 +9085,7 @@ add_ecmp_symmetric_reply_flows(struct hmap *lflows, out_port->lrp_networks.ea_s, IN6_IS_ADDR_V4MAPPED(&route->prefix) ? "" : "xx", port_ip, out_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING, 300, + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING, 10300, ds_cstr(&match), ds_cstr(&actions), &st_route->header_); @@ -9103,8 +9115,10 @@ build_ecmp_route_flow(struct hmap *lflows, struct ovn_datapath *od, struct ds route_match = DS_EMPTY_INITIALIZER; char *prefix_s = build_route_prefix_s(&eg->prefix, eg->plen); + int ofs = !strcmp(eg->origin, ROUTE_ORIGIN_CONNECTED) ? + ROUTE_PRIO_OFFSET_CONNECTED: ROUTE_PRIO_OFFSET_STATIC; build_route_match(NULL, prefix_s, eg->plen, eg->is_src_route, is_ipv4, - &route_match, &priority); + &route_match, &priority, ofs); free(prefix_s); struct ds actions = DS_EMPTY_INITIALIZER; @@ -9180,7 +9194,7 @@ add_route(struct hmap *lflows, struct ovn_datapath *od, const struct ovn_port *op, const char *lrp_addr_s, const char *network_s, int plen, const char *gateway, bool is_src_route, const struct ovsdb_idl_row *stage_hint, - bool is_discard_route) + bool is_discard_route, int ofs) { bool is_ipv4 = strchr(network_s, '.') ? true : false; struct ds match = DS_EMPTY_INITIALIZER; @@ -9196,7 +9210,7 @@ add_route(struct hmap *lflows, struct ovn_datapath *od, } } build_route_match(op_inport, network_s, plen, is_src_route, is_ipv4, - &match, &priority); + &match, &priority, ofs); struct ds common_actions = DS_EMPTY_INITIALIZER; struct ds actions = DS_EMPTY_INITIALIZER; @@ -9256,10 +9270,15 @@ build_static_route_flow(struct hmap *lflows, struct ovn_datapath *od, } } + int ofs = !strcmp(smap_get_def(&route->options, "origin", ""), + ROUTE_ORIGIN_CONNECTED) ? ROUTE_PRIO_OFFSET_CONNECTED + : ROUTE_PRIO_OFFSET_STATIC; + char *prefix_s = build_route_prefix_s(&route_->prefix, route_->plen); add_route(lflows, route_->is_discard_route ? od : out_port->od, out_port, lrp_addr_s, prefix_s, route_->plen, route->nexthop, - route_->is_src_route, &route->header_, route_->is_discard_route); + route_->is_src_route, &route->header_, route_->is_discard_route, + ofs); free(prefix_s); } @@ -10672,14 +10691,14 @@ build_ip_routing_flows_for_lrouter_port( add_route(lflows, op->od, op, op->lrp_networks.ipv4_addrs[i].addr_s, op->lrp_networks.ipv4_addrs[i].network_s, op->lrp_networks.ipv4_addrs[i].plen, NULL, false, - &op->nbrp->header_, false); + &op->nbrp->header_, false, ROUTE_PRIO_OFFSET_CONNECTED); } for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { add_route(lflows, op->od, op, op->lrp_networks.ipv6_addrs[i].addr_s, op->lrp_networks.ipv6_addrs[i].network_s, op->lrp_networks.ipv6_addrs[i].plen, NULL, false, - &op->nbrp->header_, false); + &op->nbrp->header_, false, ROUTE_PRIO_OFFSET_CONNECTED); } } else if (lsp_is_router(op->nbsp)) { struct ovn_port *peer = ovn_port_get_peer(ports, op); @@ -10702,7 +10721,8 @@ build_ip_routing_flows_for_lrouter_port( peer->lrp_networks.ipv4_addrs[0].addr_s, laddrs->ipv4_addrs[k].network_s, laddrs->ipv4_addrs[k].plen, NULL, false, - &peer->nbrp->header_, false); + &peer->nbrp->header_, false, + ROUTE_PRIO_OFFSET_CONNECTED); } } } @@ -10773,7 +10793,7 @@ build_mcast_lookup_flows_for_lrouter( /* Drop IPv6 multicast traffic that shouldn't be forwarded, * i.e., router solicitation and router advertisement. */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 550, + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10550, "nd_rs || nd_ra", "drop;"); if (!od->mcast_info.rtr.relay) { return; @@ -10801,7 +10821,7 @@ build_mcast_lookup_flows_for_lrouter( } ds_put_format(actions, "outport = \"%s\"; ip.ttl--; next;", igmp_group->mcgroup.name); - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 500, + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10500, ds_cstr(match), ds_cstr(actions)); } @@ -10809,7 +10829,7 @@ build_mcast_lookup_flows_for_lrouter( * ports. Otherwise drop any multicast traffic. */ if (od->mcast_info.rtr.flood_static) { - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10450, "ip4.mcast || ip6.mcast", "clone { " "outport = \""MC_STATIC"\"; " @@ -10817,7 +10837,7 @@ build_mcast_lookup_flows_for_lrouter( "next; " "};"); } else { - ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 450, + ovn_lflow_add(lflows, od, S_ROUTER_IN_IP_ROUTING, 10450, "ip4.mcast || ip6.mcast", "drop;"); } } diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index fb67395e3..4f3a9d5e3 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -2945,12 +2945,12 @@ icmp6 {

If ECMP routes with symmetric reply are configured in the - OVN_Northbound database for a gateway router, a priority-300 - flow is added for each router port on which symmetric replies are - configured. The matching logic for these ports essentially reverses the - configured logic of the ECMP route. So for instance, a route with a - destination routing policy will instead match if the source IP address - matches the static route's prefix. The flow uses the action + OVN_Northbound database for a gateway router, a + priority-10300 flow is added for each router port on which symmetric + replies are configured. The matching logic for these ports essentially + reverses the configured logic of the ECMP route. So for instance, a route + with a destination routing policy will instead match if the source IP + address matches the static route's prefix. The flow uses the action ct_next to send IP packets to the connection tracker for packet de-fragmentation and tracking before sending it to the next table.

diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 85b47a18f..3c1a97f73 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -5430,7 +5430,7 @@ check ovn-nbctl --wait=sb --ecmp-symmetric-reply lr-route-add lr0 1.0.0.1 192.16 ovn-sbctl dump-flows lr0 > lr0flows AT_CHECK([grep -e "lr_in_ip_routing.*select" lr0flows | sed 's/table=../table=??/' | sort], [0], [dnl - table=??(lr_in_ip_routing ), priority=65 , match=(ip4.dst == 1.0.0.1/32), action=(ip.ttl--; flags.loopback = 1; reg8[[0..15]] = 1; reg8[[16..31]] = select(1, 2);) + table=??(lr_in_ip_routing ), priority=97 , match=(ip4.dst == 1.0.0.1/32), action=(ip.ttl--; flags.loopback = 1; reg8[[0..15]] = 1; reg8[[16..31]] = select(1, 2);) ]) AT_CHECK([grep -e "lr_in_ip_routing_ecmp" lr0flows | sed 's/192\.168\.0\..0/192.168.0.??/' | sed 's/table=../table=??/' | sort], [0], [dnl table=??(lr_in_ip_routing_ecmp), priority=100 , match=(reg8[[0..15]] == 1 && reg8[[16..31]] == 1), action=(reg0 = 192.168.0.??; reg1 = 192.168.0.1; eth.src = 00:00:20:20:12:13; outport = "lr0-public"; next;) @@ -5443,7 +5443,7 @@ check ovn-nbctl --wait=sb --ecmp-symmetric-reply lr-route-add lr0 1.0.0.1 192.16 ovn-sbctl dump-flows lr0 > lr0flows AT_CHECK([grep -e "lr_in_ip_routing.*select" lr0flows | sed 's/table=../table=??/' | sort], [0], [dnl - table=??(lr_in_ip_routing ), priority=65 , match=(ip4.dst == 1.0.0.1/32), action=(ip.ttl--; flags.loopback = 1; reg8[[0..15]] = 1; reg8[[16..31]] = select(1, 2);) + table=??(lr_in_ip_routing ), priority=97 , match=(ip4.dst == 1.0.0.1/32), action=(ip.ttl--; flags.loopback = 1; reg8[[0..15]] = 1; reg8[[16..31]] = select(1, 2);) ]) AT_CHECK([grep -e "lr_in_ip_routing_ecmp" lr0flows | sed 's/192\.168\.0\..0/192.168.0.??/' | sed 's/table=../table=??/' | sort], [0], [dnl table=??(lr_in_ip_routing_ecmp), priority=100 , match=(reg8[[0..15]] == 1 && reg8[[16..31]] == 1), action=(reg0 = 192.168.0.??; reg1 = 192.168.0.1; eth.src = 00:00:20:20:12:13; outport = "lr0-public"; next;) @@ -5458,14 +5458,14 @@ check ovn-nbctl --wait=sb lr-route-add lr0 1.0.0.0/24 192.168.0.10 ovn-sbctl dump-flows lr0 > lr0flows AT_CHECK([grep -e "lr_in_ip_routing.*192.168.0.10" lr0flows | sed 's/table=../table=??/' | sort], [0], [dnl - table=??(lr_in_ip_routing ), priority=49 , match=(ip4.dst == 1.0.0.0/24), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 192.168.0.10; reg1 = 192.168.0.1; eth.src = 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1; next;) + table=??(lr_in_ip_routing ), priority=73 , match=(ip4.dst == 1.0.0.0/24), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 192.168.0.10; reg1 = 192.168.0.1; eth.src = 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1; next;) ]) check ovn-nbctl --wait=sb lr-route-add lr0 2.0.0.0/24 lr0-public ovn-sbctl dump-flows lr0 > lr0flows AT_CHECK([grep -e "lr_in_ip_routing.*2.0.0.0" lr0flows | sed 's/table=../table=??/' | sort], [0], [dnl - table=??(lr_in_ip_routing ), priority=49 , match=(ip4.dst == 2.0.0.0/24), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = ip4.dst; reg1 = 192.168.0.1; eth.src = 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1; next;) + table=??(lr_in_ip_routing ), priority=73 , match=(ip4.dst == 2.0.0.0/24), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = ip4.dst; reg1 = 192.168.0.1; eth.src = 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1; next;) ]) AT_CLEANUP