From patchwork Fri May 19 18:18:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Odintsov X-Patchwork-Id: 1783951 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=RX07faIC; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QNFVL58Ctz20PV for ; Sat, 20 May 2023 04:19:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 4996D42CB6; Fri, 19 May 2023 18:19:19 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 4996D42CB6 Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=RX07faIC X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zDjjoAir8a4S; Fri, 19 May 2023 18:19:18 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id 27B7840608; Fri, 19 May 2023 18:19:17 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 27B7840608 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0C30AC008E; Fri, 19 May 2023 18:19:15 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id C0A40C002A for ; Fri, 19 May 2023 18:19:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 8BF746116B for ; Fri, 19 May 2023 18:19:13 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 8BF746116B Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=RX07faIC X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5hV74JvUjKav for ; Fri, 19 May 2023 18:19:12 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1FD0061179 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by smtp3.osuosl.org (Postfix) with ESMTPS id 1FD0061179 for ; Fri, 19 May 2023 18:19:12 +0000 (UTC) Received: by mail-lj1-x22b.google.com with SMTP id 38308e7fff4ca-2ac7462d9f1so41117001fa.2 for ; Fri, 19 May 2023 11:19:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684520350; x=1687112350; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tDX/quu3XVSKuN0/liuYdpTjBEvXDlSTcpZ4hGhjqZc=; b=RX07faIC0qkVPt4YSgC3JUaVi6RngYiCdH+C+0CHD2zB/BXcY9E7zCipxxwUmLY7UK J9lfELKEa5gSzyOfHYVemVKmfWugB3VUNj8T62RjPsyFTJa0xCxm7/jgCBxX8Wd7GIdg DswNKyXiYQM8zweEtBks+uwubgjBaSCH0UKjbHdrNptxFSioTSU16QrBrTAaw+T4hzeg k7X+aVU00n2H+PhSU6M+mBeZ8M1ErkadjmmQRTG7PjvxLnleKX2yllw2RDsKYqMdzR5d CVxGVkisA0BezpXwWVFGQN9shHjMX4D4t4FK8jiG0k7SyserlmMVkMSGDQJqxk0fXuyx zFaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684520350; x=1687112350; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tDX/quu3XVSKuN0/liuYdpTjBEvXDlSTcpZ4hGhjqZc=; b=NjQPsy81gZeHePMnCxRaouFmjtmPJy45Llw/WmnBu0u7A4fsICQEVeYBc8a8aG1sAv tK3uVp352MdR2P1kEPeZamFsF9DK0e3h061h/Whyc/P1w2fPb/BWTdfhkQJrhp4uI3LV 1fz33rVkwNGig+ZiqRurXsNDlt/NxzylOcFPqgVhnPRnlqqhnL9R6nAwisxZEFB80igB kRtgjZqWnWdqjHlmpwO56T5oMk4fme5fYuTCSxFTkoOAhbdnS9yhdeEVOfajJziRGM1C 5XzHuAIsFg7+pycSJx0seX6We4FS7QE/o3hILZJmccRYP4n5X+Hl7NPljHddvn2TwE3h kf3A== X-Gm-Message-State: AC+VfDzLYLu+nl9Vz1imSN3UYITFP+sZz148KhwqbcQwKBenPFbnTQgo BdTEwPE1e3JAlkqq85ALxOBUVECQ3cg= X-Google-Smtp-Source: ACHHUZ7TvQfbTyiaomrhXuA4COgvPaZYyXbhZeiVmHVW8rGcnIMERZGhJI6kaEAX5JoZ4aRCTsMXOg== X-Received: by 2002:a2e:3809:0:b0:2af:1c0a:20e1 with SMTP id f9-20020a2e3809000000b002af1c0a20e1mr1106059lja.52.1684520349539; Fri, 19 May 2023 11:19:09 -0700 (PDT) Received: from ip-10-70-112-12.vpc-1e810be1.internal (c2-178-216-98-9.elastic.cloud.croc.ru. [178.216.98.9]) by smtp.gmail.com with ESMTPSA id o11-20020a2e90cb000000b002aa458a7a46sm919962ljg.123.2023.05.19.11.19.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 May 2023 11:19:09 -0700 (PDT) From: Vladislav Odintsov To: dev@openvswitch.org Date: Fri, 19 May 2023 21:18:55 +0300 Message-Id: <20230519181859.1195040-2-odivlad@gmail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20230519181859.1195040-1-odivlad@gmail.com> References: <20230519181859.1195040-1-odivlad@gmail.com> MIME-Version: 1.0 Cc: Vladislav Odintsov Subject: [ovs-dev] [PATCH ovn 1/5] northd: fix ls_in_hairpin l3dgw flow generation X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This patch fixes a situation, where logical flow with incorrect syntax could be generated. If a logical switch has two attached logical router ports and one of them has configured gateway chassis, then incorrect flow can have the match like: `reg0[14] == 1 && (is_chassis_resident("cr-lrp2") || ` or `is_chassis_resident("cr-lrp1"))` The flow's match was reworked to have at maximum one 'is_chassis_resident()' part. For each cr-lport a new lflow is created. There should not be many cr-lports within one datapath (normally there is just one), so the lflows count shouldn't increase dramatically. Now the match looks like: `reg0[14] == 1 && is_chassis_resident("cr-lrp2")` As an additional enhancement, the code became easier and tests were also simplified. Documentation and relevant testcases were updated. Fixes: 4e90bcf55c2e ("controller, northd, vtep: support routed networks with HW VTEP") Signed-off-by: Vladislav Odintsov --- northd/northd.c | 35 ++++++++++++++--------------------- northd/ovn-northd.8.xml | 13 +++++++------ tests/ovn.at | 17 +++-------------- 3 files changed, 24 insertions(+), 41 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 07b127cdf..d6c26735d 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -7819,37 +7819,30 @@ static void build_vtep_hairpin(struct ovn_datapath *od, struct hmap *lflows) { /* Ingress Pre-ARP flows for VTEP hairpining traffic. Priority 1000: - * Packets that received from non-VTEP ports should continue processing. */ - + * Packets that received from VTEP ports must go directly to L2LKP table. + */ char *action = xasprintf("next(pipeline=ingress, table=%d);", ovn_stage_get_table(S_SWITCH_IN_L2_LKUP)); - /* send all traffic from VTEP directly to L2LKP table. */ ovn_lflow_add(lflows, od, S_SWITCH_IN_HAIRPIN, 1000, REGBIT_FROM_RAMP" == 1", action); free(action); - struct ds match = DS_EMPTY_INITIALIZER; - size_t n_ports = od->n_router_ports; - bool dp_has_l3dgw_ports = false; - for (int i = 0; i < n_ports; i++) { - if (is_l3dgw_port(od->router_ports[i]->peer)) { - ds_put_format(&match, "%sis_chassis_resident(%s)%s", - i == 0 ? REGBIT_FROM_RAMP" == 1 && (" : "", - od->router_ports[i]->peer->cr_port->json_key, - i < n_ports - 1 ? " || " : ")"); - dp_has_l3dgw_ports = true; - } - } - /* Ingress pre-arp flow for traffic from VTEP (ramp) switch. * Priority 2000: Packets, that were received from VTEP (ramp) switch and * router ports of current datapath are l3dgw ports and they reside on * current chassis, should be passed to next table for ARP/ND hairpin - * processing. - */ - if (dp_has_l3dgw_ports) { - ovn_lflow_add(lflows, od, S_SWITCH_IN_HAIRPIN, 2000, ds_cstr(&match), - "next;"); + * processing. */ + struct ds match = DS_EMPTY_INITIALIZER; + for (int i = 0; i < od->n_router_ports; i++) { + struct ovn_port *op = od->router_ports[i]->peer; + if (is_l3dgw_port(op)) { + ds_clear(&match); + ds_put_format(&match, + REGBIT_FROM_RAMP" == 1 && is_chassis_resident(%s)", + op->cr_port->json_key); + ovn_lflow_add(lflows, od, S_SWITCH_IN_HAIRPIN, 2000, + ds_cstr(&match), "next;"); + } } ds_destroy(&match); } diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 540fe03bd..a8ef00a28 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1144,16 +1144,17 @@

  • For each distributed gateway router port RP attached to - the logical switch, a priority-2000 flow is added with the match - reg0[14] == 1 && is_chassis_resident(RP) - and action next; to pass the traffic to the - next table to respond to the ARP requests for the router port IPs. + the logical switch and has chassis redirect port cr-RP, a + priority-2000 flow is added with the match + 

    +reg0[14] == 1 && is_chassis_resident(cr-RP)
+
    + and action next;.

    reg0[14] register bit is set in the ingress L2 port - security check table for traffic received from HW VTEP (ramp) - ports. + security check table for traffic received from HW VTEP (ramp) ports.

    • diff --git a/tests/ovn.at b/tests/ovn.at index 9e6e8a14a..53349530b 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -4432,24 +4432,13 @@ response=${sha}${lrpmac}08060001080006040002${lrpmac}${tpa}${sha}${spa} echo $response >> 3.expected # First ensure basic flow contents are as we expect. -AT_CHECK([ovn-sbctl lflow-list lsw0 | grep 'reg0[\[14\]]' | sort | sed 's/table=../table=??/g' | sed 's/is_chassis_resident([[^)]]*)/is_chassis_resident("??")/g'], [0], [dnl +AT_CHECK([ovn-sbctl lflow-list lsw0 | grep 'reg0[\[14\]]' | sort | sed 's/table=../table=??/g'], [0], [dnl table=??(ls_in_check_port_sec), priority=70 , match=(inport == "lp-vtep"), action=(reg0[[14]] = 1; next(pipeline=ingress, table=??);) table=??(ls_in_hairpin ), priority=1000 , match=(reg0[[14]] == 1), action=(next(pipeline=ingress, table=??);) - table=??(ls_in_hairpin ), priority=2000 , match=(reg0[[14]] == 1 && (is_chassis_resident("??") || is_chassis_resident("??"))), action=(next;) + table=??(ls_in_hairpin ), priority=2000 , match=(reg0[[14]] == 1 && is_chassis_resident("cr-lrp1")), action=(next;) + table=??(ls_in_hairpin ), priority=2000 , match=(reg0[[14]] == 1 && is_chassis_resident("cr-lrp2")), action=(next;) ]) -# We've ensured that the expected hairpin flows are present -# and that the expected number of "is_chassis_resident" fields are in -# the flow. Now we need to ensure the contents are correct. -# Unfortunately, the order of the "is_chassis_resident" fields is -# unpredictable. Therefore we sort them so the order is predictable. -actual_chassis=$(ovn-sbctl lflow-list lsw0 | grep 'ls_in_hairpin' | grep 'priority=2000' | grep -o 'is_chassis_resident([[^)]]*)' | sort) - -expected_chassis='is_chassis_resident("cr-lrp1") -is_chassis_resident("cr-lrp2")' - -check test "$expected_chassis" = "$actual_chassis" - # dump information with counters echo "------ OVN dump ------" ovn-nbctl show