From patchwork Mon May 11 14:08:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1287821 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DbXEZVLQ; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49LNBf29Y3z9sSF for ; Tue, 12 May 2020 00:10:50 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id BE3DF25E27; Mon, 11 May 2020 14:10:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9wblF6BmHRE; Mon, 11 May 2020 14:10:39 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 9E83425DFC; Mon, 11 May 2020 14:10:27 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8E3ABC088B; Mon, 11 May 2020 14:10:27 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id A1F7EC016F for ; Mon, 11 May 2020 14:10:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9C1FE86B23 for ; Mon, 11 May 2020 14:10:24 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4UJvsnct_4uR for ; Mon, 11 May 2020 14:10:16 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 61E0386B7C for ; Mon, 11 May 2020 14:09:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589206182; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=a1kBR5zJhAL8Kz2USIif8GvFyaDyiL8t9T4gyc/eDDY=; b=DbXEZVLQxo0BZoMWHghe1oaqR0XMe8ltTkgCHQAj2NiHX5SzjV53TKjVPqrkLWa7adoIg0 9mftA8Mnb5nTu1gMWqqnVYZ3vIrm3zfumiGh94YRwwaNHAItg1hvuszd0NlFbwhtcgGQIx Dok3KYQSW3VyEaidgf8YH2U/nZOkD/0= Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-412-M4dX7PZFOY6pIjir8DhjrA-1; Mon, 11 May 2020 10:09:40 -0400 X-MC-Unique: M4dX7PZFOY6pIjir8DhjrA-1 Received: by mail-qt1-f198.google.com with SMTP id g14so10598697qts.7 for ; Mon, 11 May 2020 07:09:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=a1kBR5zJhAL8Kz2USIif8GvFyaDyiL8t9T4gyc/eDDY=; b=blT76MeL+8tVaB8Ph0PgKKAzP52MJxLbSeNjFRIfdlYet9LnSUsrZ10sSd752JOw/O dSPZJ6L8DW/ieHlP5O4hf6dIjS1F7oIg1JSRo8SSTkActNLuwDGAp8pSZzHHDJgZoYQb /R4IwQ7oEs4MnySoJC88Nn/xs+2Zcsc/DmYeo3Y9YyzWYHoeP1DKN0Be+5SXb1Yb4NGJ 5uE1J0gbEl8Y9PWEqcRf03apHdXayBGthghGLL3bJyraH4rjzHFfsEcu+U9Yp2K/cwQ2 dfwhNVFGkRz5ya8wJNTpKKZii/yD0YE/XpuWSBNnyB3YiR/Jygc9zf9oduRss5RKwfqI QYFw== X-Gm-Message-State: AGi0PuZoIxkSTUOgEfsPkXx3e8Xeoesdjhd1q8xZ3CmgR/qN9kekWLR5 xsmPc4RB8YTJQMtSE6uYC6YO6DiVOsMypfVjiQvgVatvEp7I+6owfESI3UvPCNfDU91TrrLdJ90 HRSyFr7HKKzXk X-Received: by 2002:a05:620a:7ed:: with SMTP id k13mr15301707qkk.156.1589206179737; Mon, 11 May 2020 07:09:39 -0700 (PDT) X-Google-Smtp-Source: APiQypIsQcCChWcv9ZKWUm56SbYiLyZL6pJCI+6QjVITRiGLJhr8Rtc7YvIT+a7939PgCOTJCKLtYA== X-Received: by 2002:a05:620a:7ed:: with SMTP id k13mr15301680qkk.156.1589206179400; Mon, 11 May 2020 07:09:39 -0700 (PDT) Received: from localhost.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.googlemail.com with ESMTPSA id i23sm8474661qke.65.2020.05.11.07.09.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2020 07:09:37 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Mon, 11 May 2020 10:08:59 -0400 Message-Id: <20200511140904.209409-2-ihrachys@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200511140904.209409-1-ihrachys@redhat.com> References: <20200511140904.209409-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 1/6 v4] Spin out flow generation into build_dhcpv4_options_flows X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Ihar Hrachyshka --- northd/ovn-northd.c | 184 +++++++++++++++++++++++--------------------- 1 file changed, 98 insertions(+), 86 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 742aad85e..6dfa21987 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6075,6 +6075,97 @@ build_lswitch_rport_arp_req_flows(struct ovn_port *op, sset_destroy(&all_ips_v6); } + +static void +build_dhcpv4_options_flows(struct ovn_port *op, struct hmap *lflows, + struct lport_addresses *lsp_addrs, + const char *json_key, bool is_external) +{ + struct ds match = DS_EMPTY_INITIALIZER; + + struct ovsdb_idl_row *stage_hint; + if (op->nbsp->dhcpv4_options) { + stage_hint = &op->nbsp->dhcpv4_options->header_; + } else { + stage_hint = NULL; + } + + for (size_t j = 0; j < lsp_addrs->n_ipv4_addrs; j++) { + struct ds options_action = DS_EMPTY_INITIALIZER; + struct ds response_action = DS_EMPTY_INITIALIZER; + struct ds ipv4_addr_match = DS_EMPTY_INITIALIZER; + if (build_dhcpv4_action( + op, lsp_addrs->ipv4_addrs[j].addr, + &options_action, &response_action, &ipv4_addr_match)) { + ds_clear(&match); + ds_put_format( + &match, "inport == %s && eth.src == %s && " + "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " + "udp.src == 68 && udp.dst == 67", + json_key, lsp_addrs->ea_s); + + if (is_external) { + ds_put_format(&match, " && is_chassis_resident(%s)", + op->json_key); + } + + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_DHCP_OPTIONS, 100, + ds_cstr(&match), + ds_cstr(&options_action), + stage_hint); + ds_clear(&match); + /* Allow ip4.src = OFFER_IP and + * ip4.dst = {SERVER_IP, 255.255.255.255} for the below + * cases + * - When the client wants to renew the IP by sending + * the DHCPREQUEST to the server ip. + * - When the client wants to renew the IP by + * broadcasting the DHCPREQUEST. + */ + ds_put_format( + &match, "inport == %s && eth.src == %s && " + "%s && udp.src == 68 && udp.dst == 67", + json_key, lsp_addrs->ea_s, ds_cstr(&ipv4_addr_match)); + + if (is_external) { + ds_put_format(&match, " && is_chassis_resident(%s)", + op->json_key); + } + + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_DHCP_OPTIONS, 100, + ds_cstr(&match), + ds_cstr(&options_action), + stage_hint); + ds_clear(&match); + + /* If REGBIT_DHCP_OPTS_RESULT is set, it means the + * put_dhcp_opts action is successful. */ + ds_put_format( + &match, "inport == %s && eth.src == %s && " + "ip4 && udp.src == 68 && udp.dst == 67" + " && "REGBIT_DHCP_OPTS_RESULT, + json_key, lsp_addrs->ea_s); + + if (is_external) { + ds_put_format(&match, " && is_chassis_resident(%s)", + op->json_key); + } + + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_DHCP_RESPONSE, 100, + ds_cstr(&match), + ds_cstr(&response_action), + stage_hint); + ds_destroy(&options_action); + ds_destroy(&response_action); + ds_destroy(&ipv4_addr_match); + break; + } + } +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -6396,95 +6487,16 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } for (size_t i = 0; i < op->n_lsp_addrs; i++) { - struct ovsdb_idl_row *stage_hint; - - if (op->nbsp->dhcpv4_options) { - stage_hint = &op->nbsp->dhcpv4_options->header_; + const char *json_key; + if (is_external) { + json_key = op->od->localnet_port->json_key; } else { - stage_hint = NULL; - } - - for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { - struct ds options_action = DS_EMPTY_INITIALIZER; - struct ds response_action = DS_EMPTY_INITIALIZER; - struct ds ipv4_addr_match = DS_EMPTY_INITIALIZER; - if (build_dhcpv4_action( - op, op->lsp_addrs[i].ipv4_addrs[j].addr, - &options_action, &response_action, &ipv4_addr_match)) { - ds_clear(&match); - ds_put_format( - &match, "inport == %s && eth.src == %s && " - "ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && " - "udp.src == 68 && udp.dst == 67", - is_external ? op->od->localnet_port->json_key : - op->json_key, - op->lsp_addrs[i].ea_s); - - if (is_external) { - ds_put_format(&match, " && is_chassis_resident(%s)", - op->json_key); - } - - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_OPTIONS, 100, - ds_cstr(&match), - ds_cstr(&options_action), - stage_hint); - ds_clear(&match); - /* Allow ip4.src = OFFER_IP and - * ip4.dst = {SERVER_IP, 255.255.255.255} for the below - * cases - * - When the client wants to renew the IP by sending - * the DHCPREQUEST to the server ip. - * - When the client wants to renew the IP by - * broadcasting the DHCPREQUEST. - */ - ds_put_format( - &match, "inport == %s && eth.src == %s && " - "%s && udp.src == 68 && udp.dst == 67", - is_external ? op->od->localnet_port->json_key : - op->json_key, - op->lsp_addrs[i].ea_s, ds_cstr(&ipv4_addr_match)); - - if (is_external) { - ds_put_format(&match, " && is_chassis_resident(%s)", - op->json_key); - } - - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_OPTIONS, 100, - ds_cstr(&match), - ds_cstr(&options_action), - stage_hint); - ds_clear(&match); - - /* If REGBIT_DHCP_OPTS_RESULT is set, it means the - * put_dhcp_opts action is successful. */ - ds_put_format( - &match, "inport == %s && eth.src == %s && " - "ip4 && udp.src == 68 && udp.dst == 67" - " && "REGBIT_DHCP_OPTS_RESULT, - is_external ? op->od->localnet_port->json_key : - op->json_key, - op->lsp_addrs[i].ea_s); - - if (is_external) { - ds_put_format(&match, " && is_chassis_resident(%s)", - op->json_key); - } - - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_RESPONSE, 100, - ds_cstr(&match), - ds_cstr(&response_action), - stage_hint); - ds_destroy(&options_action); - ds_destroy(&response_action); - ds_destroy(&ipv4_addr_match); - break; - } + json_key = op->json_key; } + build_dhcpv4_options_flows(op, lflows, &op->lsp_addrs[i], json_key, + is_external); + struct ovsdb_idl_row *stage_hint; if (op->nbsp->dhcpv6_options) { stage_hint = &op->nbsp->dhcpv6_options->header_; } else { From patchwork Mon May 11 14:09:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1287817 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=JagyivAt; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49LN9k1SCkz9sRf for ; Tue, 12 May 2020 00:10:02 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 9E43C25C66; Mon, 11 May 2020 14:10:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81JOmd-hiJRX; Mon, 11 May 2020 14:09:59 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 3112625379; Mon, 11 May 2020 14:09:59 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 233D4C0890; Mon, 11 May 2020 14:09:59 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 10243C0890 for ; Mon, 11 May 2020 14:09:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id F12CC85BBD for ; Mon, 11 May 2020 14:09:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cyPdaw5ePiQe for ; Mon, 11 May 2020 14:09:57 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by whitealder.osuosl.org (Postfix) with ESMTPS id 1EA4A87ED1 for ; Mon, 11 May 2020 14:09:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589206195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0WPG5O18jvkBWzWQkhfVNVqJaKO8/IjbwHickVgcNXw=; b=JagyivAteD1DNNNWCNMcUtWCfjebqP2F2RXYOAejzlWQ4vNXO4Xh5tcewARsE9AUcRwl1D cmyoyU1JFnOhPLuG9JMVSTEZj40nWlQuyg1r98dE9bgq2ZyY+TePrcFTiheGUcOLbFbgcB rq55l+jN9DFcMpNoJjRRpH0fPleqxmY= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-478-o0Fdonq1Pi-guxqOq8k1aQ-1; Mon, 11 May 2020 10:09:54 -0400 X-MC-Unique: o0Fdonq1Pi-guxqOq8k1aQ-1 Received: by mail-qk1-f198.google.com with SMTP id p17so10143288qkp.10 for ; Mon, 11 May 2020 07:09:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0WPG5O18jvkBWzWQkhfVNVqJaKO8/IjbwHickVgcNXw=; b=IH3SCH+l4QiLHt5vsV1oKvAqk2sVcaY1DCGpzvB2nxd9NFbs9V+kJMPX+BLhnLfXXu 9Z/DDEitJ9jxQbLYI4qhJkZANi4SDdXF+i5TStwzdnP6wKCTdjyMHH10qhbysTQjPfC3 PgdVabOvBIwy5eIkWAab+8sajriv3QLez/cUCsVXC40NSe1cost6hGSxzGEsfOfQ34S9 LQ/hwNuVegyVmP3QUUaj1KLTHyDagRwBUFCDDQuzOSYO7SnuB5lm67zwKVfANXgVa8df jmRPBnPWKe0CxiQ/HO3zXVKwh1/VKTLqoPlBPLiZwHCCioGYDcAr8f/ScvoniMeuGjN8 OaVA== X-Gm-Message-State: AGi0PubniMMLvFPK4uE/g/Hgq2vWOTJW3WFcbUjuy93N+KUvGJX41vVi mFDzgV2026rOYo7FkbA7l4swIz0CkoZzgawkMAf+AVht3SBmh04iQwWFcphgMNA2D4xd+TNuxJM PtnlBVcjsENvf X-Received: by 2002:a05:6214:cf:: with SMTP id f15mr14866154qvs.59.1589206192635; Mon, 11 May 2020 07:09:52 -0700 (PDT) X-Google-Smtp-Source: APiQypKRl57cXZjeH6/v9m//Hixq5eda0cUgK82o+VdZmumo1rqMN4pcwlH9XF/bGZJLgDYOnkTufw== X-Received: by 2002:a05:6214:cf:: with SMTP id f15mr14866122qvs.59.1589206192371; Mon, 11 May 2020 07:09:52 -0700 (PDT) Received: from localhost.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.googlemail.com with ESMTPSA id i23sm8474661qke.65.2020.05.11.07.09.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2020 07:09:40 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Mon, 11 May 2020 10:09:00 -0400 Message-Id: <20200511140904.209409-3-ihrachys@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200511140904.209409-1-ihrachys@redhat.com> References: <20200511140904.209409-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 2/6 v4] Spin out flow generation into build_dhcpv6_options_flows X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Ihar Hrachyshka --- northd/ovn-northd.c | 102 ++++++++++++++++++++++++-------------------- 1 file changed, 56 insertions(+), 46 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 6dfa21987..6715d38a3 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6166,6 +6166,60 @@ build_dhcpv4_options_flows(struct ovn_port *op, struct hmap *lflows, } } + +static void +build_dhcpv6_options_flows(struct ovn_port *op, struct hmap *lflows, + struct lport_addresses *lsp_addrs, + const char *json_key, bool is_external) +{ + struct ds match = DS_EMPTY_INITIALIZER; + + struct ovsdb_idl_row *stage_hint; + if (op->nbsp->dhcpv6_options) { + stage_hint = &op->nbsp->dhcpv6_options->header_; + } else { + stage_hint = NULL; + } + + for (size_t j = 0; j < lsp_addrs->n_ipv6_addrs; j++) { + struct ds options_action = DS_EMPTY_INITIALIZER; + struct ds response_action = DS_EMPTY_INITIALIZER; + if (build_dhcpv6_action( + op, &lsp_addrs->ipv6_addrs[j].addr, + &options_action, &response_action)) { + ds_clear(&match); + ds_put_format( + &match, "inport == %s && eth.src == %s" + " && ip6.dst == ff02::1:2 && udp.src == 546 &&" + " udp.dst == 547", + json_key, lsp_addrs->ea_s); + + if (is_external) { + ds_put_format(&match, " && is_chassis_resident(%s)", + op->json_key); + } + + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_DHCP_OPTIONS, 100, + ds_cstr(&match), + ds_cstr(&options_action), + stage_hint); + + /* If REGBIT_DHCP_OPTS_RESULT is set to 1, it means the + * put_dhcpv6_opts action is successful */ + ds_put_cstr(&match, " && "REGBIT_DHCP_OPTS_RESULT); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_DHCP_RESPONSE, 100, + ds_cstr(&match), + ds_cstr(&response_action), + stage_hint); + ds_destroy(&options_action); + ds_destroy(&response_action); + break; + } + } +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -6496,52 +6550,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, build_dhcpv4_options_flows(op, lflows, &op->lsp_addrs[i], json_key, is_external); - struct ovsdb_idl_row *stage_hint; - if (op->nbsp->dhcpv6_options) { - stage_hint = &op->nbsp->dhcpv6_options->header_; - } else { - stage_hint = NULL; - } - - for (size_t j = 0; j < op->lsp_addrs[i].n_ipv6_addrs; j++) { - struct ds options_action = DS_EMPTY_INITIALIZER; - struct ds response_action = DS_EMPTY_INITIALIZER; - if (build_dhcpv6_action( - op, &op->lsp_addrs[i].ipv6_addrs[j].addr, - &options_action, &response_action)) { - ds_clear(&match); - ds_put_format( - &match, "inport == %s && eth.src == %s" - " && ip6.dst == ff02::1:2 && udp.src == 546 &&" - " udp.dst == 547", - is_external ? op->od->localnet_port->json_key : - op->json_key, - op->lsp_addrs[i].ea_s); - - if (is_external) { - ds_put_format(&match, " && is_chassis_resident(%s)", - op->json_key); - } - - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_OPTIONS, 100, - ds_cstr(&match), - ds_cstr(&options_action), - stage_hint); - - /* If REGBIT_DHCP_OPTS_RESULT is set to 1, it means the - * put_dhcpv6_opts action is successful */ - ds_put_cstr(&match, " && "REGBIT_DHCP_OPTS_RESULT); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_DHCP_RESPONSE, 100, - ds_cstr(&match), - ds_cstr(&response_action), - stage_hint); - ds_destroy(&options_action); - ds_destroy(&response_action); - break; - } - } + build_dhcpv6_options_flows(op, lflows, &op->lsp_addrs[i], json_key, + is_external); } } From patchwork Mon May 11 14:09:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1287818 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=TMJelvIb; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49LN9r6L7Bz9sRf for ; Tue, 12 May 2020 00:10:08 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 19E87259AB; Mon, 11 May 2020 14:10:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrq6TnwjlTNC; Mon, 11 May 2020 14:10:02 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id 01B3B25784; Mon, 11 May 2020 14:10:01 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D10CAC0892; Mon, 11 May 2020 14:10:01 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id ECB6CC0892 for ; Mon, 11 May 2020 14:09:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id D9B3B888C7 for ; Mon, 11 May 2020 14:09:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CpDn-xgJJ6RB for ; Mon, 11 May 2020 14:09:59 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by hemlock.osuosl.org (Postfix) with ESMTPS id E90C1886FE for ; Mon, 11 May 2020 14:09:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589206197; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ka4vbOByAmxjY82FeeEnCZWyVfnUKJmbRCXYh6jCX6o=; b=TMJelvIbLzqNwjl9PYKeS8C908ET1BOibH5mlwEjLJYu39kUiA4POz5pudBCOtBBuYQL+h MpraLOBZ3x3crLJpWDTpMSKeF7ynFyiSK2d2RBSIbo6HAZg9a9oaWojpBqFnvcb6Gt+1YQ lSmlzS4RznhDwef8rdvH18nWKHsQhQs= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-2-4_FNROb6MKqE94wYepplqA-1; Mon, 11 May 2020 10:09:56 -0400 X-MC-Unique: 4_FNROb6MKqE94wYepplqA-1 Received: by mail-qk1-f198.google.com with SMTP id p126so10147861qke.8 for ; Mon, 11 May 2020 07:09:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ka4vbOByAmxjY82FeeEnCZWyVfnUKJmbRCXYh6jCX6o=; b=iT3O/OKHHEfdV/Vfp2yT4Il8KIGTSxm5wagweri6tXJC5Y3rtt0EoHTSDw+MyO4sme DYNChw4Eh9NBFFf5mTyxFg5z9H2w4oDN13Hra5IT9UYLN1lz8/82LXCqW546PAbFITgV 5cShl9JIKpQL1GL0G2/qLLaq9qEm2Lw43aJj68X/ZSAtUDJEtvVyjKywAuvVFI5UqeGR OH3HM6lKJZV98clZNuIBryNXWtrhoe03EWgSlDkM+svDAWfwDDm6W0nO6H6vmqWoxwjk dO6S22zN5y1TYxubL+qxsBuIbV254bgf5G80gAtOfto88/wDC2lTixwUUM6DUClwPAaL SVMw== X-Gm-Message-State: AGi0PuZQJqdlZAVEJiA/Ot1xD3sXBhL6r6SPzQrnD69yz3WzVoEdxGVR 71mSl4Lj3eidLniy2ZnmYJXzil0vqClmBn2/wwwTBqeCrOZMsHmJZx4cifKvbXpyOvnDGC0DjOw 2lyd+DduJ8HuD X-Received: by 2002:a37:b3c1:: with SMTP id c184mr15682748qkf.194.1589206195146; Mon, 11 May 2020 07:09:55 -0700 (PDT) X-Google-Smtp-Source: APiQypINQ6ikbyNR/u+2HfmIXQWL+rbg+Bye9IIHiEdL7mlTYr5JRPkDHsaBKo1zqm1t/nsZE7x2Sw== X-Received: by 2002:a37:b3c1:: with SMTP id c184mr15682714qkf.194.1589206194831; Mon, 11 May 2020 07:09:54 -0700 (PDT) Received: from localhost.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.googlemail.com with ESMTPSA id i23sm8474661qke.65.2020.05.11.07.09.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2020 07:09:52 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Mon, 11 May 2020 10:09:01 -0400 Message-Id: <20200511140904.209409-4-ihrachys@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200511140904.209409-1-ihrachys@redhat.com> References: <20200511140904.209409-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 3/6 v4] Spin out flow generation into build_pre_acl_flows_for_nbsp X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Ihar Hrachyshka --- northd/ovn-northd.c | 75 ++++++++++++++++++++------------------------- 1 file changed, 33 insertions(+), 42 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 6715d38a3..4ad558c08 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -4647,6 +4647,36 @@ build_lswitch_output_port_sec(struct hmap *ports, struct hmap *datapaths, ds_destroy(&actions); } +static void +build_pre_acl_flows_for_nbsp(struct ovn_datapath *od, struct hmap *lflows, + const struct nbrec_logical_switch_port *nbsp, + const char *json_key) +{ + /* Can't use ct() for router ports. Consider the following configuration: + * lp1(10.0.0.2) on hostA--ls1--lr0--ls2--lp2(10.0.1.2) on hostB, For a + * ping from lp1 to lp2, First, the response will go through ct() with a + * zone for lp2 in the ls2 ingress pipeline on hostB. That ct zone knows + * about this connection. Next, it goes through ct() with the zone for the + * router port in the egress pipeline of ls2 on hostB. This zone does not + * know about the connection, as the icmp request went through the logical + * router on hostA, not hostB. This would only work with distributed + * conntrack state across all chassis. */ + struct ds match_in = DS_EMPTY_INITIALIZER; + struct ds match_out = DS_EMPTY_INITIALIZER; + + ds_put_format(&match_in, "ip && inport == %s", json_key); + ds_put_format(&match_out, "ip && outport == %s", json_key); + ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_PRE_ACL, 110, + ds_cstr(&match_in), "next;", +  ->header_); + ovn_lflow_add_with_hint(lflows, od, S_SWITCH_OUT_PRE_ACL, 110, + ds_cstr(&match_out), "next;", +  ->header_); + + ds_destroy(&match_in); + ds_destroy(&match_out); +} + static void build_pre_acls(struct ovn_datapath *od, struct hmap *lflows) { @@ -4673,50 +4703,11 @@ build_pre_acls(struct ovn_datapath *od, struct hmap *lflows) if (has_stateful) { for (size_t i = 0; i < od->n_router_ports; i++) { struct ovn_port *op = od->router_ports[i]; - /* Can't use ct() for router ports. Consider the - * following configuration: lp1(10.0.0.2) on - * hostA--ls1--lr0--ls2--lp2(10.0.1.2) on hostB, For a - * ping from lp1 to lp2, First, the response will go - * through ct() with a zone for lp2 in the ls2 ingress - * pipeline on hostB. That ct zone knows about this - * connection. Next, it goes through ct() with the zone - * for the router port in the egress pipeline of ls2 on - * hostB. This zone does not know about the connection, - * as the icmp request went through the logical router - * on hostA, not hostB. This would only work with - * distributed conntrack state across all chassis. */ - struct ds match_in = DS_EMPTY_INITIALIZER; - struct ds match_out = DS_EMPTY_INITIALIZER; - - ds_put_format(&match_in, "ip && inport == %s", op->json_key); - ds_put_format(&match_out, "ip && outport == %s", op->json_key); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_PRE_ACL, 110, - ds_cstr(&match_in), "next;", - &op->nbsp->header_); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_OUT_PRE_ACL, 110, - ds_cstr(&match_out), "next;", - &op->nbsp->header_); - - ds_destroy(&match_in); - ds_destroy(&match_out); + build_pre_acl_flows_for_nbsp(od, lflows, op->nbsp, op->json_key); } if (od->localnet_port) { - struct ds match_in = DS_EMPTY_INITIALIZER; - struct ds match_out = DS_EMPTY_INITIALIZER; - - ds_put_format(&match_in, "ip && inport == %s", - od->localnet_port->json_key); - ds_put_format(&match_out, "ip && outport == %s", - od->localnet_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_PRE_ACL, 110, - ds_cstr(&match_in), "next;", - &od->localnet_port->nbsp->header_); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_OUT_PRE_ACL, 110, - ds_cstr(&match_out), "next;", - &od->localnet_port->nbsp->header_); - - ds_destroy(&match_in); - ds_destroy(&match_out); + build_pre_acl_flows_for_nbsp(od, lflows, od->localnet_port->nbsp, + od->localnet_port->json_key); } /* Ingress and Egress Pre-ACL Table (Priority 110). From patchwork Mon May 11 14:09:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1287819 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=fcF+5Kcj; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49LNBC4cThz9sRf for ; Tue, 12 May 2020 00:10:27 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 684EC889EE; Mon, 11 May 2020 14:10:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jBJLXC-DJNXo; Mon, 11 May 2020 14:10:24 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 2E5F28887F; Mon, 11 May 2020 14:10:24 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0A95EC0890; Mon, 11 May 2020 14:10:24 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4F6FEC016F for ; Mon, 11 May 2020 14:10:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 0A81B2549C for ; Mon, 11 May 2020 14:10:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z+rQh1pzPFvy for ; Mon, 11 May 2020 14:10:16 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by silver.osuosl.org (Postfix) with ESMTPS id 1C64225389 for ; Mon, 11 May 2020 14:10:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589206215; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fW1hUvO4qVYUef3lWkCzQ72Khhz0xGZ7DaLPdyXsJBQ=; b=fcF+5KcjLhh87czrJNXbTF8zIqJJdW+HB8gpi9LvC5hKEcgPljvnJ2vxAfwv3cirKc5oDp FnzBmT8jEUeANe55HntH/w10GHMrJuKvIXywRVlQzr2oVLS/0+RPWa/8SFe7DSN1BZpfX5 9qRKCWCheAXdRtv1HtI9PrFtSo995qk= Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-463-lnV4zgcxMhWsMnxBGHFIkQ-1; Mon, 11 May 2020 10:10:11 -0400 X-MC-Unique: lnV4zgcxMhWsMnxBGHFIkQ-1 Received: by mail-qk1-f199.google.com with SMTP id m15so3109440qka.20 for ; Mon, 11 May 2020 07:10:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fW1hUvO4qVYUef3lWkCzQ72Khhz0xGZ7DaLPdyXsJBQ=; b=tcHq6crr27Wiujp1jBizX8+1q1KmHJVjqU6KeDMTK/TKTsEQykwnyAKrOIv7k8RP0Y Tya7IWKZReFDSgUxJW//voziPRfCiATFytd3gJfNhSF66QhF2lKLs/j4VusGxyU2e+8s Cby+cHLUtUemYdHynJf+kytGohPOqLFfYH7HHs6R8GWBfPGglv1h1V4FFeEQQgbn6nXu 3NFA37vYplX4/3nEfPIZEii3X3fSNNcD6ZIjA0tiFofe2Qd6eRsUcPe1/RrtO7oa1tYW hCXoWESttXVVm2go/c0++bkx0eSMeXGvDXnPim/BnJsczsX15RueAljKHhz3Wmfq+NhK Mexg== X-Gm-Message-State: AOAM533IB2/PWbOLCJnBVZTNASLUC3GanyzDxBl4+lBPKT3afOaEnEX4 uG2fLkxKECdlcGx+/iaWp0smlFfQPmo9cPo9q77ywRx5YcFbpUz1H8g8aUNe4HsK2B4IWmFhA9B Oq5XgvabUfofg X-Received: by 2002:a0c:ec49:: with SMTP id n9mr2199974qvq.143.1589206210615; Mon, 11 May 2020 07:10:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwNfubq8XamcHaELsOUm54PnIkKxGZCt4trJe3Mpvd5l9d8ChqSsDbFHsvFdKGe/WkkAT1s3Q== X-Received: by 2002:a0c:ec49:: with SMTP id n9mr2199888qvq.143.1589206209432; Mon, 11 May 2020 07:10:09 -0700 (PDT) Received: from localhost.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.googlemail.com with ESMTPSA id i23sm8474661qke.65.2020.05.11.07.09.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2020 07:09:55 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Mon, 11 May 2020 10:09:02 -0400 Message-Id: <20200511140904.209409-5-ihrachys@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200511140904.209409-1-ihrachys@redhat.com> References: <20200511140904.209409-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 4/6 v4] Spin out flow generation into build_drop_arp_nd_flows_for_unbound_router_ports X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Ihar Hrachyshka --- northd/ovn-northd.c | 89 ++++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 41 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 4ad558c08..048c28ca6 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6211,6 +6211,52 @@ build_dhcpv6_options_flows(struct ovn_port *op, struct hmap *lflows, } } +static void +build_drop_arp_nd_flows_for_unbound_router_ports(struct hmap *lflows, + struct ovn_port *op, + const struct ovn_port *port) +{ + struct ds match = DS_EMPTY_INITIALIZER; + + for (size_t i = 0; i < op->n_lsp_addrs; i++) { + for (size_t j = 0; j < op->od->n_router_ports; j++) { + struct ovn_port *rp = op->od->router_ports[j]; + for (size_t k = 0; k < rp->n_lsp_addrs; k++) { + for (size_t l = 0; l < rp->lsp_addrs[k].n_ipv4_addrs; l++) { + ds_clear(&match); + ds_put_format( + &match, "inport == %s && eth.src == %s" + " && !is_chassis_resident(%s)" + " && arp.tpa == %s && arp.op == 1", + port->json_key, + op->lsp_addrs[i].ea_s, op->json_key, + rp->lsp_addrs[k].ipv4_addrs[l].addr_s); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_EXTERNAL_PORT, + 100, ds_cstr(&match), "drop;", + &op->nbsp->header_); + } + for (size_t l = 0; l < rp->lsp_addrs[k].n_ipv6_addrs; l++) { + ds_clear(&match); + ds_put_format( + &match, "inport == %s && eth.src == %s" + " && !is_chassis_resident(%s)" + " && nd_ns && ip6.dst == {%s, %s} && nd.target == %s", + port->json_key, + op->lsp_addrs[i].ea_s, op->json_key, + rp->lsp_addrs[k].ipv6_addrs[l].addr_s, + rp->lsp_addrs[k].ipv6_addrs[l].sn_addr_s, + rp->lsp_addrs[k].ipv6_addrs[l].addr_s); + ovn_lflow_add_with_hint(lflows, op->od, + S_SWITCH_IN_EXTERNAL_PORT, 100, + ds_cstr(&match), "drop;", + &op->nbsp->header_); + } + } + } + } +} + static void build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *lflows, @@ -6607,47 +6653,8 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, * external ports on chassis not binding those ports. * This makes the router pipeline to be run only on the chassis * binding the external ports. */ - - for (size_t i = 0; i < op->n_lsp_addrs; i++) { - for (size_t j = 0; j < op->od->n_router_ports; j++) { - struct ovn_port *rp = op->od->router_ports[j]; - for (size_t k = 0; k < rp->n_lsp_addrs; k++) { - for (size_t l = 0; l < rp->lsp_addrs[k].n_ipv4_addrs; - l++) { - ds_clear(&match); - ds_put_format( - &match, "inport == %s && eth.src == %s" - " && !is_chassis_resident(%s)" - " && arp.tpa == %s && arp.op == 1", - op->od->localnet_port->json_key, - op->lsp_addrs[i].ea_s, op->json_key, - rp->lsp_addrs[k].ipv4_addrs[l].addr_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_EXTERNAL_PORT, - 100, ds_cstr(&match), "drop;", - &op->nbsp->header_); - } - for (size_t l = 0; l < rp->lsp_addrs[k].n_ipv6_addrs; - l++) { - ds_clear(&match); - ds_put_format( - &match, "inport == %s && eth.src == %s" - " && !is_chassis_resident(%s)" - " && nd_ns && ip6.dst == {%s, %s} && " - "nd.target == %s", - op->od->localnet_port->json_key, - op->lsp_addrs[i].ea_s, op->json_key, - rp->lsp_addrs[k].ipv6_addrs[l].addr_s, - rp->lsp_addrs[k].ipv6_addrs[l].sn_addr_s, - rp->lsp_addrs[k].ipv6_addrs[l].addr_s); - ovn_lflow_add_with_hint(lflows, op->od, - S_SWITCH_IN_EXTERNAL_PORT, 100, - ds_cstr(&match), "drop;", - &op->nbsp->header_); - } - } - } - } + build_drop_arp_nd_flows_for_unbound_router_ports( + lflows, op, op->od->localnet_port); } char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); From patchwork Mon May 11 14:09:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1287823 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=X/Z9+bkC; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49LNCT15x2z9sSr for ; Tue, 12 May 2020 00:11:32 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id EBF9C25D1F; Mon, 11 May 2020 14:11:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hcsJY5UsT+Av; Mon, 11 May 2020 14:11:06 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id B476525E42; Mon, 11 May 2020 14:10:49 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 904A4C088B; Mon, 11 May 2020 14:10:49 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 003EDC016F for ; Mon, 11 May 2020 14:10:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id DF4F12614D for ; Mon, 11 May 2020 14:10:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jpt27TWRuAFY for ; Mon, 11 May 2020 14:10:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by silver.osuosl.org (Postfix) with ESMTPS id A8865204CD for ; Mon, 11 May 2020 14:10:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589206220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nN2bhcuoDUbVumPrIAhS1Fxzk2vvWaJub0WP6hdTOg4=; b=X/Z9+bkCMdopD2dGMLUVLa8w+xJRfZUK4yOgd9qbSR7+FurtYLmu5MgpAqyZH0zgdvubjf 4us5Z9c1rKbJ1PIhwhclcH+hIe0G+h33I0rmPefOFtFLYAfTEJ5tbElVOpw8PxH80/+stg Y7wGdFYht6RDUZYDKfDYgjyDl4ebYPw= Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-53-vq0elVGmOWaeCuWyjDEcTA-1; Mon, 11 May 2020 10:10:14 -0400 X-MC-Unique: vq0elVGmOWaeCuWyjDEcTA-1 Received: by mail-qk1-f197.google.com with SMTP id z8so10162568qki.13 for ; Mon, 11 May 2020 07:10:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nN2bhcuoDUbVumPrIAhS1Fxzk2vvWaJub0WP6hdTOg4=; b=IL32J1M29rSf9Gyrc9pvRTB8r/kKkRF+GfczjEFbnzcOMCk5YSjirTRvGzJ0ut+B0u LnydtkQHHE6M8Mz2za3WsAgQo36iEYTHLZnFuOsx0MKp2P7Cz0hpC8hp1XyL4O68f4qo K1Po3uWOEb7oMOvZeYojWtXT2v/35SnyZn0goU9/erH3L1cAJHyMtg41Fk+s1B43lLly KFDc1UEwKB4l9vNuC+FNgPwwbM02drU7px+sqSgFyoThDXFfcSnkwkJtGQu/xuAj8MVF tjT/YsY/UOa2XWeMjRQqjRfFQtozL5J8nzVReNRWPVv9yxiXFKw23SLkg9nMbhmLtoWh BqMA== X-Gm-Message-State: AGi0PuYDfhpWU2gJwrE9F+PXSDjF2OJe3kHX+sTjuXn4zRQhe5jP3L/M T7+IEDieQiPCMp2DIcpVGzi1329oV1FV1z5IhxZHCzUiJ+wSvQb9CT2ZcWqYGniWjyJjSoRTugi A14Kt71AzfAPK X-Received: by 2002:ac8:550c:: with SMTP id j12mr16687998qtq.22.1589206212223; Mon, 11 May 2020 07:10:12 -0700 (PDT) X-Google-Smtp-Source: APiQypLO3z/l8/Jg5whuM6J33nklYP3RPeSFJJYUglfEyb421e2fkEdl99toT3uV8P7AXPgbvOOnyQ== X-Received: by 2002:ac8:550c:: with SMTP id j12mr16687881qtq.22.1589206210834; Mon, 11 May 2020 07:10:10 -0700 (PDT) Received: from localhost.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.googlemail.com with ESMTPSA id i23sm8474661qke.65.2020.05.11.07.10.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2020 07:10:10 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Mon, 11 May 2020 10:09:03 -0400 Message-Id: <20200511140904.209409-6-ihrachys@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200511140904.209409-1-ihrachys@redhat.com> References: <20200511140904.209409-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 5/6 v4] Support logical switches with multiple localnet ports X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Assuming only a single localnet port is actually plugged mapped on each chassis, this allows to maintain disjoint networks plugged to the same switch. This is useful to simplify resource management for OpenStack "routed provider networks" feature [1] where a single "network" (which traditionally maps to logical switches in OVN) is comprised of multiple L2 segments and assumes external L3 routing implemented between the segments. [1]: https://docs.openstack.org/ocata/networking-guide/config-routed-networks.html Signed-off-by: Ihar Hrachyshka --- v2: rebase on top of series that refactors code dealing with localnet ports. v2: tests: send packets both ways, more test scenarios covered. v2: use x2nrealloc to allocate ->localnet_ports. v2: use n_localnet_ports counter instead of localnet_ports pointer to detect switches with localnet ports. v3: adjusted documentation to be more explicit about how multiple localnet ports scenario should be used in practice. v3: more tests (broadcast, multiple co-hosted switches with multiple localnet ports) v4: sent as a series, fixed test description to reflect we test broadcast only. --- controller/binding.c | 16 ++ controller/patch.c | 24 +- northd/ovn-northd.c | 63 ++++-- ovn-architecture.7.xml | 50 +++-- ovn-nb.xml | 23 +- ovn-sb.xml | 21 +- tests/ovn.at | 500 +++++++++++++++++++++++++++++++++++++++++ 7 files changed, 640 insertions(+), 57 deletions(-) diff --git a/controller/binding.c b/controller/binding.c index 20a89d07d..c88c4ece8 100644 --- a/controller/binding.c +++ b/controller/binding.c @@ -692,12 +692,28 @@ add_localnet_egress_interface_mappings( } } +static bool +is_network_plugged(const struct sbrec_port_binding *binding_rec, + struct shash *bridge_mappings) +{ + const char *network = smap_get(&binding_rec->options, "network_name"); + if (!network) { + return false; + } + return shash_find_data(bridge_mappings, network); +} + static void consider_localnet_port(const struct sbrec_port_binding *binding_rec, struct shash *bridge_mappings, struct sset *egress_ifaces, struct hmap *local_datapaths) { + /* Ignore localnet ports for unplugged networks. */ + if (!is_network_plugged(binding_rec, bridge_mappings)) { + return; + } + add_localnet_egress_interface_mappings(binding_rec, bridge_mappings, egress_ifaces); diff --git a/controller/patch.c b/controller/patch.c index 349faae17..52255cc3a 100644 --- a/controller/patch.c +++ b/controller/patch.c @@ -198,9 +198,9 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn, continue; } - const char *patch_port_id; + bool is_localnet = false; if (!strcmp(binding->type, "localnet")) { - patch_port_id = "ovn-localnet-port"; + is_localnet = true; } else if (!strcmp(binding->type, "l2gateway")) { if (!binding->chassis || strcmp(chassis->name, binding->chassis->name)) { @@ -208,7 +208,6 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn, * so we should not create any patch ports for it. */ continue; } - patch_port_id = "ovn-l2gateway-port"; } else { /* not a localnet or L2 gateway port. */ continue; @@ -224,12 +223,25 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn, struct ovsrec_bridge *br_ln = shash_find_data(&bridge_mappings, network); if (!br_ln) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); - VLOG_ERR_RL(&rl, "bridge not found for %s port '%s' " - "with network name '%s'", - binding->type, binding->logical_port, network); + if (!is_localnet) { + VLOG_ERR_RL(&rl, "bridge not found for %s port '%s' " + "with network name '%s'", + binding->type, binding->logical_port, network); + } else { + VLOG_INFO_RL(&rl, "bridge not found for localnet port '%s' " + "with network name '%s'; skipping", + binding->logical_port, network); + } continue; } + const char *patch_port_id; + if (is_localnet) { + patch_port_id = "ovn-localnet-port"; + } else { + patch_port_id = "ovn-l2gateway-port"; + } + char *name1 = patch_port_name(br_int->name, binding->logical_port); char *name2 = patch_port_name(binding->logical_port, br_int->name); create_patch_port(ovs_idl_txn, patch_port_id, binding->logical_port, diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 048c28ca6..91ab4449e 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -543,7 +543,9 @@ struct ovn_datapath { /* The "derived" OVN port representing the instance of l3dgw_port on * the "redirect-chassis". */ struct ovn_port *l3redirect_port; - struct ovn_port *localnet_port; + + struct ovn_port **localnet_ports; + size_t n_localnet_ports; struct ovs_list lr_list; /* In list of logical router datapaths. */ /* The logical router group to which this datapath belongs. @@ -611,6 +613,7 @@ ovn_datapath_destroy(struct hmap *datapaths, struct ovn_datapath *od) ovn_destroy_tnlids(&od->port_tnlids); bitmap_free(od->ipam_info.allocated_ipv4s); free(od->router_ports); + free(od->localnet_ports); ovn_ls_port_group_destroy(&od->nb_pgs); destroy_mcast_info_for_datapath(od); @@ -2019,6 +2022,7 @@ join_logical_ports(struct northd_context *ctx, struct ovn_datapath *od; HMAP_FOR_EACH (od, key_node, datapaths) { if (od->nbs) { + size_t allocated_localnet_ports = 0; for (size_t i = 0; i < od->nbs->n_ports; i++) { const struct nbrec_logical_switch_port *nbsp = od->nbs->ports[i]; @@ -2053,7 +2057,12 @@ join_logical_ports(struct northd_context *ctx, } if (!strcmp(nbsp->type, "localnet")) { - od->localnet_port = op; + if (od->n_localnet_ports >= allocated_localnet_ports) { + od->localnet_ports = x2nrealloc( + od->localnet_ports, &allocated_localnet_ports, + sizeof *od->localnet_ports); + } + od->localnet_ports[od->n_localnet_ports++] = op; } op->lsp_addrs @@ -3012,7 +3021,7 @@ ovn_port_update_sbrec(struct northd_context *ctx, "reside-on-redirect-chassis", false) || op->peer == op->peer->od->l3dgw_port)) { add_router_port_garp = true; - } else if (chassis && op->od->localnet_port) { + } else if (chassis && op->od->n_localnet_ports) { add_router_port_garp = true; } @@ -4705,9 +4714,10 @@ build_pre_acls(struct ovn_datapath *od, struct hmap *lflows) struct ovn_port *op = od->router_ports[i]; build_pre_acl_flows_for_nbsp(od, lflows, op->nbsp, op->json_key); } - if (od->localnet_port) { - build_pre_acl_flows_for_nbsp(od, lflows, od->localnet_port->nbsp, - od->localnet_port->json_key); + for (size_t i = 0; i < od->n_localnet_ports; i++) { + build_pre_acl_flows_for_nbsp(od, lflows, + od->localnet_ports[i]->nbsp, + od->localnet_ports[i]->json_key); } /* Ingress and Egress Pre-ACL Table (Priority 110). @@ -5975,9 +5985,9 @@ build_lswitch_rport_arp_req_flow_for_ip(struct sset *ips, /* Send a the packet only to the router pipeline and skip flooding it * in the broadcast domain (except for the localnet port). */ - if (od->localnet_port) { + for (size_t i = 0; i < od->n_localnet_ports; i++) { ds_put_format(&actions, "clone { outport = %s; output; }; ", - od->localnet_port->json_key); + od->localnet_ports[i]->json_key); } ds_put_format(&actions, "outport = %s; output;", patch_op->json_key); ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_L2_LKUP, priority, @@ -6570,25 +6580,29 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } bool is_external = lsp_is_external(op->nbsp); - if (is_external && (!op->od->localnet_port || + if (is_external && (!op->od->n_localnet_ports || !op->nbsp->ha_chassis_group)) { - /* If it's an external port and there is no localnet port + /* If it's an external port and there are no localnet ports * and if it doesn't belong to an HA chassis group ignore it. */ continue; } for (size_t i = 0; i < op->n_lsp_addrs; i++) { - const char *json_key; if (is_external) { - json_key = op->od->localnet_port->json_key; + for (size_t j = 0; j < op->od->n_localnet_ports; j++) { + build_dhcpv4_options_flows( + op, lflows, &op->lsp_addrs[i], + op->od->localnet_ports[j]->json_key, is_external); + build_dhcpv6_options_flows( + op, lflows, &op->lsp_addrs[i], + op->od->localnet_ports[j]->json_key, is_external); + } } else { - json_key = op->json_key; + build_dhcpv4_options_flows(op, lflows, &op->lsp_addrs[i], + op->json_key, is_external); + build_dhcpv6_options_flows(op, lflows, &op->lsp_addrs[i], + op->json_key, is_external); } - build_dhcpv4_options_flows(op, lflows, &op->lsp_addrs[i], json_key, - is_external); - - build_dhcpv6_options_flows(op, lflows, &op->lsp_addrs[i], json_key, - is_external); } } @@ -6644,8 +6658,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, } HMAP_FOR_EACH (op, key_node, ports) { - if (!op->nbsp || !lsp_is_external(op->nbsp) || - !op->od->localnet_port) { + if (!op->nbsp || !lsp_is_external(op->nbsp)) { continue; } @@ -6653,8 +6666,10 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, * external ports on chassis not binding those ports. * This makes the router pipeline to be run only on the chassis * binding the external ports. */ - build_drop_arp_nd_flows_for_unbound_router_ports( - lflows, op, op->od->localnet_port); + for (size_t i = 0; i < op->od->n_localnet_ports; i++) { + build_drop_arp_nd_flows_for_unbound_router_ports( + lflows, op, op->od->localnet_ports[i]); + } } char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); @@ -6872,7 +6887,7 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, ETH_ADDR_ARGS(mac)); if (op->peer->od->l3dgw_port && op->peer->od->l3redirect_port - && op->od->localnet_port) { + && op->od->n_localnet_ports) { bool add_chassis_resident_check = false; if (op->peer == op->peer->od->l3dgw_port) { /* The peer of this port represents a distributed @@ -8178,7 +8193,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, op->lrp_networks.ipv4_addrs[i].addr_s); if (op->od->l3dgw_port && op->od->l3redirect_port && op->peer - && op->peer->od->localnet_port) { + && op->peer->od->n_localnet_ports) { bool add_chassis_resident_check = false; if (op == op->od->l3dgw_port) { /* Traffic with eth.src = l3dgw_port->lrp_networks.ea_s diff --git a/ovn-architecture.7.xml b/ovn-architecture.7.xml index 533ae716d..5b9ed1a1d 100644 --- a/ovn-architecture.7.xml +++ b/ovn-architecture.7.xml @@ -441,9 +441,8 @@

A localnet logical switch port bridges a logical switch to a - physical VLAN. Any given logical switch should have no more than one - localnet port. Such a logical switch is used in two - scenarios: + physical VLAN. A logical switch may have one or more localnet + ports. Such a logical switch is used in two scenarios:

    @@ -463,6 +462,31 @@
+

+ When a logical switch contains multiple localnet ports, the + following is assumed. +

+ +
    +
  • + Each chassis has a bridge mapping for one of the localnet + physical networks only. +
    • + +
  • + To facilitate interconnectivity between VIF ports of the switch that are + located on different chassis with different physical network + connectivity, the fabric implements L3 routing between these adjacent + physical network segments. +
    • +
+ +

+ Note: nothing said above implies that a chassis cannot be plugged to + multiple physical networks as long as they belong to different + switches. +

+

A localport logical switch port is a special kind of VIF logical switch port. These ports are present in every chassis, not bound @@ -1895,13 +1919,13 @@

  1. The packet first enters the ingress pipeline, and then egress pipeline of - the source localnet logical switch datapath and is sent out via the + the source localnet logical switch datapath and is sent out via a localnet port of the source localnet logical switch (instead of sending it to router pipeline).
  2. - The gateway chassis receives the packet via the localnet port of the + The gateway chassis receives the packet via a localnet port of the source localnet logical switch and sends it to the integration bridge. The packet then enters the ingress pipeline, and then egress pipeline of the source localnet logical switch datapath and enters the ingress @@ -1916,11 +1940,11 @@ From the router datapath, packet enters the ingress pipeline and then egress pipeline of the destination localnet logical switch datapath. It then goes out of the integration bridge to the provider bridge ( - belonging to the destination logical switch) via the localnet port. + belonging to the destination logical switch) via a localnet port.
  3. - The destination chassis receives the packet via the localnet port and + The destination chassis receives the packet via a localnet port and sends it to the integration bridge. The packet enters the ingress pipeline and then egress pipeline of the destination localnet logical switch and finally delivered to the destination VM port. @@ -1935,13 +1959,13 @@
    1. The packet first enters the ingress pipeline, and then egress pipeline of - the source localnet logical switch datapath and is sent out via the + the source localnet logical switch datapath and is sent out via a localnet port of the source localnet logical switch (instead of sending it to router pipeline).
    2. - The gateway chassis receives the packet via the localnet port of the + The gateway chassis receives the packet via a localnet port of the source localnet logical switch and sends it to the integration bridge. The packet then enters the ingress pipeline, and then egress pipeline of the source localnet logical switch datapath and enters the ingress @@ -1957,7 +1981,7 @@ egress pipeline of the localnet logical switch datapath which provides external connectivity. It then goes out of the integration bridge to the provider bridge (belonging to the logical switch which provides external - connectivity) via the localnet port. + connectivity) via a localnet port.
    @@ -1967,7 +1991,7 @@
    1. - The gateway chassis receives the packet from the localnet port of + The gateway chassis receives the packet from a localnet port of the logical switch which provides external connectivity. The packet then enters the ingress pipeline and then egress pipeline of the localnet logical switch (which provides external connectivity). The packet then @@ -1978,12 +2002,12 @@ The ingress pipeline of the logical router datapath applies the unNATting rules. The packet then enters the ingress pipeline and then egress pipeline of the source localnet logical switch. Since the source VM - doesn't reside in the gateway chassis, the packet is sent out via the + doesn't reside in the gateway chassis, the packet is sent out via a localnet port of the source logical switch.
    2. - The source chassis receives the packet via the localnet port and + The source chassis receives the packet via a localnet port and sends it to the integration bridge. The packet enters the ingress pipeline and then egress pipeline of the source localnet logical switch and finally gets delivered to the source VM port. diff --git a/ovn-nb.xml b/ovn-nb.xml index af15c550a..181939da1 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -244,14 +244,14 @@

      There are two kinds of logical switches, that is, ones that fully virtualize the network (overlay logical switches) and ones that provide - simple connectivity to a physical network (bridged logical switches). + simple connectivity to physical networks (bridged logical switches). They work in the same way when providing connectivity between logical - ports on same chasis, but differently when connecting remote logical + ports on same chassis, but differently when connecting remote logical ports. Overlay logical switches connect remote logical ports by tunnels, while bridged logical switches provide connectivity to remote ports by - bridging the packets to directly connected physical L2 segment with the + bridging the packets to directly connected physical L2 segments with the help of localnet ports. Each bridged logical switch has - one and only one localnet port, which has only one special + one or more localnet ports, which have only one special address unknown.

      @@ -527,10 +527,15 @@
      localnet
      - A connection to a locally accessible network from each - ovn-controller instance. A logical switch can only - have a single localnet port attached. This is used - to model direct connectivity to an existing network. + A connection to a locally accessible network from + ovn-controller instances that have a corresponding + bridge mapping. A logical switch can have multiple + localnet ports attached. This type is used to model + direct connectivity to existing networks.In this case, each chassis + should have a mapping for one of the physical networks only. Note: + nothing said above implies that a chassis cannot be plugged to + multiple physical networks as long as they belong to different + switches.
      localport
      @@ -721,7 +726,7 @@ Required. The name of the network to which the localnet port is connected. Each hypervisor, via ovn-controller, uses its local configuration to determine exactly how to connect to - this locally accessible network. + this locally accessible network, if at all. diff --git a/ovn-sb.xml b/ovn-sb.xml index 3aa7cd4da..42cbe11a7 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -2626,10 +2626,15 @@ tcp.flags = RST;
      localnet
      - A connection to a locally accessible network from each - ovn-controller instance. A logical switch can only - have a single localnet port attached. This is used - to model direct connectivity to an existing network. + A connection to a locally accessible network from + ovn-controller instances that have a corresponding + bridge mapping. A logical switch can have multiple + localnet ports attached. This type is used to model + direct connectivity to existing networks.In this case, each chassis + should have a mapping for one of the physical networks only. Note: + nothing said above implies that a chassis cannot be plugged to + multiple physical networks as long as they belong to different + switches.
      localport
      @@ -2777,7 +2782,13 @@ tcp.flags = RST; switch must have a bridge mapping configured to reach that localnet. Traffic that arrives on a localnet port is never forwarded over a tunnel to - another chassis. + another chassis. If there are multiple localnet + ports in a logical switch, each chassis should only have a single + bridge mapping for one of the physical networks. Note: In case of + multiple localnet ports, to provide interconnectivity + between all VIFs located on different chassis with different fabric + connectivity, the fabric should implement some form of routing + between the segments.

      diff --git a/tests/ovn.at b/tests/ovn.at index e6febd4c2..a41b2a688 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -2475,6 +2475,506 @@ OVN_CLEANUP([hv1],[hv2]) AT_CLEANUP +AT_SETUP([ovn -- 2 HVs, 2 LS, routing works for multiple colacated segments attached to different switches]) +ovn_start + +for tag in `seq 10 30`; do + net_add n-$tag +done + +for i in 1 2; do + sim_add hv-$i + as hv-$i + ovs-vsctl add-br br-phys11 + ovs-vsctl add-br br-phys21 + ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys-11:br-phys11,phys-21:br-phys21 + ovn_attach n-11 br-phys11 192.168.0.${i}1 + ovn_attach n-21 br-phys21 192.168.0.${i}2 +done + +for i in 1 2; do + lsname=ls-${i}0 + ovn-nbctl ls-add $lsname + for tag in `seq ${i}1 ${i}9`; do + ln_port_name=ln-$tag + ovn-nbctl lsp-add $lsname $ln_port_name "" $tag + ovn-nbctl lsp-set-addresses $ln_port_name unknown + ovn-nbctl lsp-set-type $ln_port_name localnet + ovn-nbctl lsp-set-options $ln_port_name network_name=phys-$tag + done +done + +for hv in 1 2; do + as hv-$hv + for ls in 1 2; do + lsp_name=lp-$hv-$ls + ovs-vsctl add-port br-int vif-$hv-$ls -- \ + set Interface vif-$hv-$ls external-ids:iface-id=$lsp_name \ + options:tx_pcap=hv-$hv/vif-$hv-$ls-tx.pcap \ + options:rxq_pcap=hv-$hv/vif-$hv-$ls-rx.pcap \ + ofport-request=$hv$ls + + ovn-nbctl lsp-add ls-${ls}0 $lsp_name + ovn-nbctl lsp-set-addresses $lsp_name f0:00:00:00:00:${hv}${ls} + ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:${hv}${ls} + + OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup]) + done +done + + +ovn-nbctl --wait=sb sync +ovn-nbctl show +ovn-sbctl dump-flows + +echo "------ OVN dump ------" +ovn-nbctl show +ovn-sbctl show + +for i in 1 2; do + hv=hv-$i + echo "------ $hv dump ------" + as $hv ovs-vsctl show + as $hv ovs-ofctl -O OpenFlow13 dump-flows br-int +done + +# vif ports +for i in 1-1 1-2 2-1 2-2; do + : > vif-$i.expected +done + +# localnet ports +for hv in 1 2; do + : > out-$hv.expected +done + +test_packet() { + local hv=$1 inport=$2 outport=$3 dst=$4 src=$5 eth=$6 lout=$7 + + : > expout + if test $lout = unknown; then + # Expect the packet cloned to all localnet ports + for tag in `seq ${hv}1 ${hv}9`; do + echo "output(\"ln-$tag\");" >> expout + done + else + echo "output(\"$lout\");" >> expout + fi + + # First try tracing the packet. + uflow="inport==\"lp-$inport\" && eth.dst==$dst && eth.src==$src && eth.type==0x$eth" + AT_CAPTURE_FILE([trace]) + AT_CHECK([ovn-trace --all ls-${hv}0 "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout]) + + # Then actually send a packet, for an end-to-end test. + local packet=$(echo $dst$src | sed 's/://g')${eth} + as hv-$hv ovs-appctl netdev-dummy/receive vif-$inport $packet + + if test $lout != unknown; then + # Expect the packet received by the peer VIF port + echo $packet >> vif-$outport.expected + fi + + # regardless, the packet is sent through the bridge + local packet=$(echo $dst$src | sed 's/://g')810000$(printf "%.2x\n" ${hv}1)${eth} + echo $packet >> out-$hv.expected +} + +test_packet 1 1-1 2-1 f0:00:00:00:00:21 f0:00:00:00:00:11 1001 lp-2-1 +test_packet 2 2-2 1-2 f0:00:00:00:00:12 f0:00:00:00:00:22 1001 lp-1-2 + +# unknown mac goes through localnet port +test_packet 1 1-1 2-1 f0:00:00:00:00:e0 f0:00:00:00:00:11 1001 unknown +test_packet 2 2-2 1-2 f0:00:00:00:00:e0 f0:00:00:00:00:22 1001 unknown + +# Now check the packets actually received against the ones expected. +for hv in 1 2; do + for ls in 1 2; do + port=$hv-$ls + # check that packets targeted to actual vifs arrived on the other end + OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv-$hv/vif-$port-tx.pcap], [vif-$port.expected]) + done + # check that all packets, whether to known or unknown mac addresses, were sent to fabric + OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv-$hv/br-phys${hv}1_n-${hv}1-tx.pcap], [out-$hv.expected]) +done + +OVN_CLEANUP([hv-1],[hv-2]) + +AT_CLEANUP + +AT_SETUP([ovn -- 2 HVs, 2 LS, broadcast traffic with multiple localnet ports per switch]) +ovn_start + +for tag in `seq 10 30`; do + net_add n-$tag +done + +for i in 1 2; do + sim_add hv-$i + as hv-$i + ovs-vsctl add-br br-phys11 + ovs-vsctl add-br br-phys21 + ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys-11:br-phys11,phys-21:br-phys21 + ovn_attach n-11 br-phys11 192.168.0.${i}1 + ovn_attach n-21 br-phys21 192.168.0.${i}2 +done + +for i in 1 2; do + lsname=ls-${i}0 + ovn-nbctl ls-add $lsname + for tag in `seq ${i}1 ${i}9`; do + ln_port_name=ln-$tag + ovn-nbctl lsp-add $lsname $ln_port_name "" $tag + ovn-nbctl lsp-set-addresses $ln_port_name unknown + ovn-nbctl lsp-set-type $ln_port_name localnet + ovn-nbctl lsp-set-options $ln_port_name network_name=phys-$tag + done +done + +for hv in 1 2; do + as hv-$hv + for ls in 1 2; do + for peer in 8 9; do + lsp_name=lp-$hv-$ls-$peer + ovs-vsctl add-port br-int vif-$hv-$ls-$peer -- \ + set Interface vif-$hv-$ls-$peer external-ids:iface-id=$lsp_name \ + options:tx_pcap=hv-$hv/vif-$hv-$ls-$peer-tx.pcap \ + options:rxq_pcap=hv-$hv/vif-$hv-$ls-$peer-rx.pcap \ + ofport-request=$hv$ls$peer + + ovn-nbctl lsp-add ls-${ls}0 $lsp_name + ovn-nbctl lsp-set-addresses $lsp_name f0:00:00:00:0${peer}:${hv}${ls} + ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:0${peer}:${hv}${ls} + + OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup]) + + : > vif-$hv-$ls-$peer.expected + done + done +done + + +ovn-nbctl --wait=sb sync +ovn-nbctl show +ovn-sbctl dump-flows + +echo "------ OVN dump ------" +ovn-nbctl show +ovn-sbctl show + +for i in 1 2; do + hv=hv-$i + echo "------ $hv dump ------" + as $hv ovs-vsctl show + as $hv ovs-ofctl -O OpenFlow13 dump-flows br-int +done + +# localnet ports +for hv in 1 2; do + : > out-$hv.expected +done + +test_packet() { + local hv=$1 inport=$2 dst=$3 src=$4 eth=$5 + shift; shift; shift; shift; shift + + : > expout + for lout in "$@"; do + if test $lout = unknown; then + # Expect the packet cloned to all localnet ports + for tag in `seq ${hv}1 ${hv}9`; do + echo "output(\"ln-$tag\");" >> expout + done + else + echo "output(\"$lout\");" >> expout + fi + done + + # First try tracing the packet. + uflow="inport==\"lp-$inport\" && eth.dst==$dst && eth.src==$src && eth.type==0x$eth" + AT_CAPTURE_FILE([trace]) + AT_CHECK([ovn-trace --all ls-${hv}0 "$uflow" | tee trace | sed '1,/Minimal trace/d' | sort], [0], [expout]) + + # Then actually send a packet, for an end-to-end test. + local packet=$(echo $dst$src | sed 's/://g')${eth} + as hv-$hv ovs-appctl netdev-dummy/receive vif-$inport $packet + + for lout in "$@"; do + if test $lout != unknown; then + # Expect the packet received by the peer VIF port + echo $packet >> vif-${lout#lp-}.expected + fi + done + + # regardless, the packet is sent through the bridge + local packet=$(echo $dst$src | sed 's/://g')810000$(printf "%.2x\n" ${hv}1)${eth} + echo $packet >> out-$hv.expected +} + +test_packet 1 1-1-8 f0:00:00:00:08:21 f0:00:00:00:08:11 1001 lp-2-1-8 +test_packet 2 2-2-8 f0:00:00:00:08:12 f0:00:00:00:08:22 1001 lp-1-2-8 + +# unknown mac goes through localnet port +test_packet 1 1-1-8 f0:00:00:00:08:e0 f0:00:00:00:08:11 1001 unknown +test_packet 2 2-2-8 f0:00:00:00:08:e0 f0:00:00:00:08:22 1001 unknown + +# broadcast traffic goes to all peers, foreign and local +test_packet 1 1-1-8 ff:ff:ff:ff:ff:ff f0:00:00:00:08:11 1001 $(for n in `seq 11 19`; do echo ln-$n; done) lp-1-1-9 lp-2-1-8 lp-2-1-9 + +# Now check the packets actually received against the ones expected. +for hv in 1 2; do + for ls in 1 2; do + for peer in 8 9; do + port=$hv-$ls-$peer + # check that packets targeted to actual vifs arrived on the other end + OVN_CHECK_PACKETS([hv-$hv/vif-$port-tx.pcap], [vif-$port.expected]) + done + done + # check that all packets, whether to known or unknown mac addresses, were sent to fabric + OVN_CHECK_PACKETS([hv-$hv/br-phys${hv}1_n-${hv}1-tx.pcap], [out-$hv.expected]) +done + +OVN_CLEANUP([hv-1],[hv-2]) + +AT_CLEANUP + +AT_SETUP([ovn -- 2 HVs, 2 LS, switching between multiple localnet ports with same tags]) +ovn_start + +# In this test case we create two switches with multiple localnet ports. Only a +# single localnet of the same tag is connected to fabric for each switch. Two +# hypervisors have VIFs that belong to these switches. The test validates that +# routing between these switches and hypervisors still works regardless of the +# number of (unplugged) localnet ports. + +# two switches, each connected to lots of networks +for i in 1 2; do + ovn-nbctl ls-add ls-$i + for tag in `seq 10 20`; do + ln_port_name=ln-$i-$tag + ovn-nbctl lsp-add ls-$i $ln_port_name "" $tag + ovn-nbctl lsp-set-addresses $ln_port_name unknown + ovn-nbctl lsp-set-type $ln_port_name localnet + ovn-nbctl lsp-set-options $ln_port_name network_name=phys-$tag + done +done + +# multiple networks +for tag in `seq 10 20`; do + net_add n-$tag +done + +# two hypervisors, each connected to the same network +for i in 1 2; do + sim_add hv-$i + as hv-$i + ovs-vsctl add-br br-phys + ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys-20:br-phys + ovn_attach n-10 br-phys 192.168.0.$i +done + +# two vif ports, one per switch +for i in 1 2; do + as hv-$i + ovs-vsctl add-port br-int vif-$i -- \ + set Interface vif-$i external-ids:iface-id=lp-$i \ + options:tx_pcap=hv-$i/vif-$i-tx.pcap \ + options:rxq_pcap=hv-$i/vif-$i-rx.pcap \ + ofport-request=$i + + lsp_name=lp-$i + ovn-nbctl lsp-add ls-$i $lsp_name + ovn-nbctl lsp-set-addresses $lsp_name f0:00:00:00:00:0$i + ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:0$i + + OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup]) +done + +ovn-nbctl --wait=sb sync +ovn-nbctl show +ovn-sbctl dump-flows + +# vif ports +for i in 1 2; do + : > vif-$i.expected +done + +# localnet ports +for i in 1 2; do + for tag in `seq 10 20`; do + : > $i-$tag.expected + done +done + +test_packet() { + local inport=$1 outport=$2 dst=$3 src=$4 eth=$5 eout=$6 lout=$7 + + # Expect the packet cloned to all localnet ports + : > expout + for tag in `seq 10 20`; do + echo "output(\"ln-$inport-$tag\");" >> expout + done + + # First try tracing the packet. + uflow="inport==\"lp-$inport\" && eth.dst==$dst && eth.src==$src && eth.type==0x$eth" + AT_CAPTURE_FILE([trace]) + AT_CHECK([ovn-trace --all ls-$inport "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout]) + + # Then actually send a packet, for an end-to-end test. + local packet=$(echo $dst$src | sed 's/://g')${eth} + as hv-$1 ovs-appctl netdev-dummy/receive vif-$inport $packet + + # Expect the packet received by the peer VIF port + echo $packet >> vif-$outport.expected + + # Expect the packet to transfer through the common fabric network + local packet=$(echo $dst$src | sed 's/://g')810000$(printf "%.2x" 20)${eth} + echo $packet >> $1-10.expected +} + +test_packet 1 2 f0:00:00:00:00:02 f0:00:00:00:00:01 1001 ln-1-10 ln-1-10 +test_packet 1 2 f0:00:00:00:00:02 f0:00:00:00:00:01 1002 ln-1-10 ln-1-10 + +test_packet 2 1 f0:00:00:00:00:01 f0:00:00:00:00:02 1003 ln-2-10 ln-2-10 +test_packet 2 1 f0:00:00:00:00:01 f0:00:00:00:00:02 1004 ln-2-10 ln-2-10 + +# Dump a bunch of info helpful for debugging if there's a failure. + +echo "------ OVN dump ------" +ovn-nbctl show +ovn-sbctl show + +for i in 1 2; do + hv=hv-$i + echo "------ $hv dump ------" + as $hv ovs-vsctl show + as $hv ovs-ofctl -O OpenFlow13 dump-flows br-int +done + +# Now check the packets actually received against the ones expected. +for i in 1 2; do + OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv-$i/vif-$i-tx.pcap], [vif-$i.expected]) + OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv-$i/br-phys_n-10-tx.pcap], [$i-10.expected]) +done + +OVN_CLEANUP([hv-1],[hv-2]) + +AT_CLEANUP + +AT_SETUP([ovn -- 2 HVs, 1 LS, no switching between multiple localnet ports with different tags]) +ovn_start + +# In this test case we create a single switch connected to two physical +# networks via two localnet ports. Then we create two hypervisors, with 2 +# ports on each. The test validates no interconnectivity between VIF ports +# located on chassis plugged to different physical networks. + +# create the single switch with two locanet ports +ovn-nbctl ls-add ls1 +for tag in 10 20; do + ln_port_name=ln-$tag + ovn-nbctl lsp-add ls1 $ln_port_name "" $tag + ovn-nbctl lsp-set-addresses $ln_port_name unknown + ovn-nbctl lsp-set-type $ln_port_name localnet + ovn-nbctl lsp-set-options $ln_port_name network_name=phys-$tag +done + +# create fabric networks +for tag in 10 20; do + net_add n-$tag +done + +# create four chassis, each connected to one network, each with a single VIF port +for tag in 10 20; do + for i in 1 2; do + sim_add hv-$tag-$i + as hv-$tag-$i + ovs-vsctl add-br br-phys + ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys-$tag:br-phys + ovn_attach n-$tag br-phys 192.168.$i.$tag + + ovs-vsctl add-port br-int vif-$tag-$i -- \ + set Interface vif-$tag-$i external-ids:iface-id=lp-$tag-$i \ + options:tx_pcap=hv-$tag-$i/vif-$tag-$i-tx.pcap \ + options:rxq_pcap=hv-$tag-$i/vif-$tag-$i-rx.pcap \ + ofport-request=$tag$i + + lsp_name=lp-$tag-$i + ovn-nbctl lsp-add ls1 $lsp_name + ovn-nbctl lsp-set-addresses $lsp_name f0:00:00:00:0$i:$tag + ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:0$i:$tag + + OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup]) + done +done +ovn-nbctl --wait=sb sync +ovn-sbctl dump-flows + +for tag in 10 20; do + for i in 1 2; do + : > $tag-$i.expected + done +done + +vif_to_hv() { + echo hv-$1 +} + +test_packet() { + local inport=$1 dst=$2 src=$3 eth=$4 eout=$5 lout=$6 + + # First try tracing the packet. + uflow="inport==\"lp-$inport\" && eth.dst==$dst && eth.src==$src && eth.type==0x$eth" + echo "output(\"$lout\");" > expout + AT_CAPTURE_FILE([trace]) + AT_CHECK([ovn-trace --all ls1 "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout]) + + # Then actually send a packet, for an end-to-end test. + local packet=$(echo $dst$src | sed 's/://g')${eth} + hv=`vif_to_hv $inport` + vif=vif-$inport + as $hv ovs-appctl netdev-dummy/receive $vif $packet + if test $eth = 1002 -o $eth = 2002; then + echo $packet >> ${eout#lp-}.expected + fi +} + +# different fabric networks -> should fail +test_packet 10-1 f0:00:00:00:01:20 f0:00:00:00:01:10 1001 lp-20-1 lp-20-1 +test_packet 20-1 f0:00:00:00:01:10 f0:00:00:00:01:20 2001 lp-10-1 lp-10-1 + +# same fabric networks -> should pass +test_packet 10-1 f0:00:00:00:02:10 f0:00:00:00:01:10 1002 lp-10-2 lp-10-2 +test_packet 20-1 f0:00:00:00:02:20 f0:00:00:00:01:20 2002 lp-20-2 lp-20-2 +test_packet 10-2 f0:00:00:00:01:10 f0:00:00:00:02:10 1002 lp-10-1 lp-10-1 +test_packet 20-2 f0:00:00:00:01:20 f0:00:00:00:02:20 2002 lp-20-1 lp-20-1 + +# Dump a bunch of info helpful for debugging if there's a failure. +echo "------ OVN dump ------" +ovn-nbctl show +ovn-sbctl show + +for tag in 10 20; do + for i in 1 2; do + hv=hv-$tag-$i + echo "------ $hv dump ------" + as $hv ovs-vsctl show + as $hv ovs-ofctl -O OpenFlow13 dump-flows br-int + done +done + +# Now check the packets actually received against the ones expected. +for tag in 10 20; do + for i in 1 2; do + echo "hv = $tag-$i" + OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv-$tag-$i/vif-$tag-$i-tx.pcap], [$tag-$i.expected]) + done +done + +OVN_CLEANUP([hv-10-1],[hv-10-2],[hv-20-1],[hv-20-2]) + +AT_CLEANUP + AT_SETUP([ovn -- vtep: 3 HVs, 1 VIFs/HV, 1 GW, 1 LS]) AT_KEYWORDS([vtep]) ovn_start From patchwork Mon May 11 14:09:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1287820 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=VEZxEmXU; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49LNBQ39qbz9sSF for ; Tue, 12 May 2020 00:10:38 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 69BAF26046; Mon, 11 May 2020 14:10:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TaHv66A4-Nqy; Mon, 11 May 2020 14:10:32 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id A8AD025D6D; Mon, 11 May 2020 14:10:25 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8DDA3C0892; Mon, 11 May 2020 14:10:25 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 17A00C0176 for ; Mon, 11 May 2020 14:10:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 062DE86B23 for ; Mon, 11 May 2020 14:10:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mb9xg3IC7w73 for ; Mon, 11 May 2020 14:10:20 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 4CAB486B5A for ; Mon, 11 May 2020 14:10:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589206215; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KuMGVlXjXUBo9APboj8V6Rka/V71vSD+4gtxOCskTpQ=; b=VEZxEmXUNxjMEB85N8XPVJeA+ntea37JhXT8ZONqpnYE2bb82vXSpjJaIX33jWg2Nv0Qu8 LkjlTIqgNhh6u9ar+2VXUACr8LPIE62bHP0v3uvUAYgYOAsgbPDmOwo8ENYznbU1Wa6olL VkdFYQXEhbVAc6pg1EiaGBbaA1Wsnoo= Received: from mail-qt1-f200.google.com (mail-qt1-f200.google.com [209.85.160.200]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-341-Bl-4TurOMQaAc0ZSSZMUyA-1; Mon, 11 May 2020 10:10:13 -0400 X-MC-Unique: Bl-4TurOMQaAc0ZSSZMUyA-1 Received: by mail-qt1-f200.google.com with SMTP id n22so10569396qtp.15 for ; Mon, 11 May 2020 07:10:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KuMGVlXjXUBo9APboj8V6Rka/V71vSD+4gtxOCskTpQ=; b=PxPL2n/wNcogdZlA2Q1kZXa2mFkSU/Mfw9UIsMNjQC6beCMHIZxPOqDcmnZAZLS7ta OUZE2Dp+XHOJIl7+IeXEmXKXeghRWiwJauaPsDyOvH6son4xa8n4Zn8la9ZLeLAbtPRM POJHbrryapTrNaACTfYTUMFZ0xUjrPbLuBA7Ps1W2H318RoQOslJTsAxk/qfLfl7fkJ+ w69K4AtzR8UaWkR/atz4TbMlVfhIM/pqy5GK6wbUf902BURJQY1g4A5HOZRQ6SPGITAL gT+t6yPpTS3fD0TFMLSdnBu0mB9nkavt1pMlHemq3mua+aqXcRWDVj8Ca7zIVo4C8U28 U0fg== X-Gm-Message-State: AGi0PuajzddKGEQ9L5cIs9kFuISa1CDK26wLHcn5ECrHJFa9ZElwz8bA wsI1iqim3DJZ44RkaWUX7QvoYECo/Chc8mE2xQTINes+zISEHlyxPNEYAIh1y7osDRH34qPwr/6 /uvXcMbWQCZW7 X-Received: by 2002:ae9:ebd2:: with SMTP id b201mr15874623qkg.80.1589206212724; Mon, 11 May 2020 07:10:12 -0700 (PDT) X-Google-Smtp-Source: APiQypKvDhiS1e2X58kYpMP5QHZi03aCuIu+ZKdNTpSpdMYvJJFvlgUscUESAAam0daFbeT1pUCkNA== X-Received: by 2002:ae9:ebd2:: with SMTP id b201mr15874595qkg.80.1589206212441; Mon, 11 May 2020 07:10:12 -0700 (PDT) Received: from localhost.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.googlemail.com with ESMTPSA id i23sm8474661qke.65.2020.05.11.07.10.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2020 07:10:11 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Mon, 11 May 2020 10:09:04 -0400 Message-Id: <20200511140904.209409-7-ihrachys@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200511140904.209409-1-ihrachys@redhat.com> References: <20200511140904.209409-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 6/6 v4] Log missing bridge per localnet port just once X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Having some localnet ports missing a bridge device on a particular chassis is a supported configuration (e.g. used to implement "routed provider networks" for OpenStack) and should not flood logs with duplicate messages. Signed-off-by: Ihar Hrachyshka --- controller/patch.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/controller/patch.c b/controller/patch.c index 52255cc3a..2a757bb00 100644 --- a/controller/patch.c +++ b/controller/patch.c @@ -24,6 +24,7 @@ #include "openvswitch/hmap.h" #include "openvswitch/vlog.h" #include "ovn-controller.h" +#include "sset.h" VLOG_DEFINE_THIS_MODULE(patch); @@ -184,6 +185,8 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn, const struct sbrec_chassis *chassis, const struct hmap *local_datapaths) { + static struct sset missed_bridges = SSET_INITIALIZER(&missed_bridges); + /* Get ovn-bridge-mappings. */ struct shash bridge_mappings = SHASH_INITIALIZER(&bridge_mappings); @@ -220,20 +223,25 @@ add_bridge_mappings(struct ovsdb_idl_txn *ovs_idl_txn, binding->type, binding->logical_port); continue; } + char *msg_key = xasprintf("%s;%s", binding->logical_port, network); struct ovsrec_bridge *br_ln = shash_find_data(&bridge_mappings, network); if (!br_ln) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); if (!is_localnet) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); VLOG_ERR_RL(&rl, "bridge not found for %s port '%s' " "with network name '%s'", binding->type, binding->logical_port, network); } else { - VLOG_INFO_RL(&rl, "bridge not found for localnet port '%s' " - "with network name '%s'; skipping", - binding->logical_port, network); + if (!sset_contains(&missed_bridges, msg_key)) { + VLOG_INFO("bridge not found for localnet port '%s' with " + "network name '%s'; skipping", + binding->logical_port, network); + sset_add(&missed_bridges, msg_key); + } } continue; } + sset_find_and_delete(&missed_bridges, msg_key); const char *patch_port_id; if (is_localnet) {