From patchwork Thu Feb 23 06:35:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1746648 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PMjvr2PfXz245y for ; Thu, 23 Feb 2023 17:35:52 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 7BC1F613B9; Thu, 23 Feb 2023 06:35:49 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 7BC1F613B9 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8E7L-fzQ071Z; Thu, 23 Feb 2023 06:35:48 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 508A7610F4; Thu, 23 Feb 2023 06:35:47 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 508A7610F4 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5DEC4C007D; Thu, 23 Feb 2023 06:35:45 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id A0BCFC002B for ; Thu, 23 Feb 2023 06:35:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 6FEAC4040D for ; Thu, 23 Feb 2023 06:35:43 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 6FEAC4040D X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0yGPQoTbksLM for ; Thu, 23 Feb 2023 06:35:42 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 971CC402EB Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [IPv6:2001:4b98:dc4:8::229]) by smtp2.osuosl.org (Postfix) with ESMTPS id 971CC402EB for ; Thu, 23 Feb 2023 06:35:42 +0000 (UTC) Received: (Authenticated sender: hzhou@ovn.org) by mail.gandi.net (Postfix) with ESMTPSA id 20EEAFF807; Thu, 23 Feb 2023 06:35:39 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Wed, 22 Feb 2023 22:35:24 -0800 Message-Id: <20230223063526.2363478-2-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230223063526.2363478-1-hzhou@ovn.org> References: <20230223063526.2363478-1-hzhou@ovn.org> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn 1/3] ovn.at: Fix virtual port tests. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The check_virtual_offlows_not_present() function in the case "virtual ports" has the wrong table id 45, which should be 44. However, correcting the table id makes the case failing, because the two ACLs added by the case were in fact overlapping: check ovn-nbctl acl-add sw0 to-lport 1000 'is_chassis_resident("sw0-vir") && ip' allow check ovn-nbctl acl-add sw0 to-lport 1000 'is_chassis_resident("sw0-vir6") && ip' allow Because ip4 v.s. ip6 is not specified, both ACLs would generate OVS flows for both ip4 and ip6 when the virtual ports are resisdent on the chassis, and the OVS flows would remain on the chassis if one of the ports are released but the other is remaining. This is why the check_virtual_offlows_not_present() would always fail. This patch corrects the table id and fixes the ACLs with proper IP protocol, and updates the check_virtual_offlows_xxx() functions so that only ipv4 flows are dumpped and checked which is what those functions are used for. Signed-off-by: Han Zhou Reviewed-by: Simon Horman Tested-by: Simon Horman --- tests/ovn.at | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/ovn.at b/tests/ovn.at index dc5c5df3f747..e7542db42503 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -20921,8 +20921,8 @@ check ovn-nbctl lsp-set-addresses sw1-lr0 00:00:00:00:ff:02 check ovn-nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1 # Add an ACL that matches on sw0-vir/sw0-vir6 being bound locally. -check ovn-nbctl acl-add sw0 to-lport 1000 'is_chassis_resident("sw0-vir") && ip' allow -check ovn-nbctl acl-add sw0 to-lport 1000 'is_chassis_resident("sw0-vir6") && ip' allow +check ovn-nbctl acl-add sw0 to-lport 1000 'is_chassis_resident("sw0-vir") && ip4' allow +check ovn-nbctl acl-add sw0 to-lport 1000 'is_chassis_resident("sw0-vir6") && ip6' allow check ovn-nbctl ls-add public check ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.100/24 2001:db8::1/64 @@ -21007,9 +21007,8 @@ check_virtual_offlows_present() { lr0_dp_key=$(printf "%x" $(fetch_column Datapath_Binding tunnel_key external_ids:name=lr0)) lr0_public_dp_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key logical_port=lr0-public)) - AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | grep "priority=2000"], [0], [dnl + AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=44,ip | ofctl_strip_all | grep "priority=2000"], [0], [dnl table=44, priority=2000,ip,metadata=0x$sw0_dp_key actions=resubmit(,45) - table=44, priority=2000,ipv6,metadata=0x$sw0_dp_key actions=resubmit(,45) ]) AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \ @@ -21020,7 +21019,7 @@ check_virtual_offlows_present() { check_virtual_offlows_not_present() { hv=$1 - AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=45 | ofctl_strip_all | grep "priority=2000"], [1], [dnl + AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=44,ip | ofctl_strip_all | grep "priority=2000"], [1], [dnl ]) AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \ From patchwork Thu Feb 23 06:35:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1746649 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PMjvs0jlYz245y for ; Thu, 23 Feb 2023 17:35:52 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 12821820E4; Thu, 23 Feb 2023 06:35:51 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 12821820E4 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yyhiIspiwXVu; Thu, 23 Feb 2023 06:35:49 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id DE922820AB; Thu, 23 Feb 2023 06:35:48 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org DE922820AB Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 31A0EC0088; Thu, 23 Feb 2023 06:35:47 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8B686C0081 for ; Thu, 23 Feb 2023 06:35:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 55FF861385 for ; Thu, 23 Feb 2023 06:35:45 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 55FF861385 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DAjnFsCIt-xQ for ; Thu, 23 Feb 2023 06:35:44 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1589960E2F Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [IPv6:2001:4b98:dc4:8::229]) by smtp3.osuosl.org (Postfix) with ESMTPS id 1589960E2F for ; Thu, 23 Feb 2023 06:35:43 +0000 (UTC) Received: (Authenticated sender: hzhou@ovn.org) by mail.gandi.net (Postfix) with ESMTPSA id A703CFF804; Thu, 23 Feb 2023 06:35:41 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Wed, 22 Feb 2023 22:35:25 -0800 Message-Id: <20230223063526.2363478-3-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230223063526.2363478-1-hzhou@ovn.org> References: <20230223063526.2363478-1-hzhou@ovn.org> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn 2/3] system-ovn.at: Add system test for virtual port with floating IP. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Han Zhou --- tests/atlocal.in | 3 + tests/system-ovn.at | 146 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 149 insertions(+) diff --git a/tests/atlocal.in b/tests/atlocal.in index 0b9a312761c9..5526adac5241 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -187,6 +187,9 @@ find_command dhcpd # Set HAVE_BFDD_BEACON find_command bfdd-beacon +# Set HAVE_ARPING +find_command arping + # Turn off proxies. unset http_proxy unset https_proxy diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 563858e70384..cccb8ec4aa95 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -10660,3 +10660,149 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d /connection dropped.*/d"]) AT_CLEANUP ]) + +#################################################################### +# ls1p1 (virtual parent of VIP) +# \ +# ls1 -- lr1 (floating-ip) -- public1 (localnet) -- ext1 +# / +# ls1p2 (virtual parent of VIP) +#################################################################### +OVN_FOR_EACH_NORTHD([ +AT_SETUP([virtual port with floating IP]) +AT_SKIP_IF([test "$HAVE_ARPING" = no]) + +CHECK_CONNTRACK() +CHECK_CONNTRACK_NAT() +ovn_start +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-int]) +ADD_BR([br-ex], [set Bridge br-ex fail-mode=standalone]) + +check ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=provider:br-ex + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Add routers +check ovn-nbctl lr-add lr1 +check ovn-nbctl set logical_router lr1 options:always_learn_from_arp_request=false + +# Add switches +check ovn-nbctl ls-add public1 +check ovn-nbctl ls-add ls1 + +# Add ls1 ports +check ovn-nbctl lsp-add ls1 ls1p1 \ + -- lsp-set-addresses ls1p1 "00:00:00:00:01:11 10.0.0.11" + +check ovn-nbctl lsp-add ls1 ls1p2 \ + -- lsp-set-addresses ls1p2 "00:00:00:00:01:12 10.0.0.12" + +check ovn-nbctl lsp-add ls1 ls1-to-lr1 \ + -- lsp-set-type ls1-to-lr1 router \ + -- lsp-set-options ls1-to-lr1 router-port=lr1-to-ls1 \ + -- lsp-set-addresses ls1-to-lr1 router + +# Add ls1 virtual port +check ovn-nbctl lsp-add ls1 vip \ + -- lsp-set-addresses vip "00:00:00:00:01:88 10.0.0.88" \ + -- lsp-set-type vip virtual \ + -- set logical_switch_port vip options:virtual-ip=10.0.0.88 \ + -- set logical_switch_port vip options:virtual-parents=ls1p1,ls1p2 + +# Add lr1 ports +check ovn-nbctl lrp-add lr1 lr1-to-ls1 "00:00:00:0f:01:01" 10.0.0.1/24 \ + -- lrp-add lr1 lr1-to-public1 "00:00:00:0f:02:01" 172.0.0.1/24 \ + -- lrp-set-gateway-chassis lr1-to-public1 hv1 10 + +# Add floating-ip +check ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.0.0.88 10.0.0.88 vip 10:54:00:00:00:88 + +# Add public1 ports +check ovn-nbctl lsp-add public1 public1-to-lr1 \ + -- lsp-set-type public1-to-lr1 router \ + -- lsp-set-options public1-to-lr1 router-port=lr1-to-public1 \ + -- lsp-set-addresses public1-to-lr1 router \ + -- lsp-add public1 ln1 \ + -- lsp-set-type ln1 localnet \ + -- lsp-set-options ln1 network_name=provider \ + -- lsp-set-addresses ln1 unknown + +check ovn-nbctl --wait=hv sync + +ADD_NAMESPACES(ns_ls1p1) +ADD_VETH(ls1p1, ns_ls1p1, br-int, "10.0.0.11/24", "00:00:00:00:01:11", "10.0.0.1") + +ADD_NAMESPACES(ns_ls1p2) +ADD_VETH(ls1p2, ns_ls1p2, br-int, "10.0.0.12/24", "00:00:00:00:01:12", "10.0.0.1") + +ADD_NAMESPACES(ns_ext1) +ADD_VETH(ln1, ns_ext1, br-ex, "172.0.0.99/24", "0a:0a:b6:fc:03:01", "172.0.0.1") + +# Claim vip at ls1p1: configure the virtual IP and send GARP. +NS_CHECK_EXEC([ns_ls1p1], [ip addr del 10.0.0.11/24 dev ls1p1; + ip addr add 10.0.0.88/24 dev ls1p1; + ip route add default via 10.0.0.1]) +NS_EXEC([ns_ls1p1], [arping -U -c 1 -w 2 -I ls1p1 -s 10.0.0.88 10.0.0.88]) +wait_for_ports_up vip +check ovn-nbctl --wait=hv sync + +# ping virtual IP from ext1 +NS_CHECK_EXEC([ns_ext1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.88 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +# ping floating virtual IP from ext1 +NS_CHECK_EXEC([ns_ext1], [ping -q -c 3 -i 0.3 -w 2 172.0.0.88 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +# Move virtual IP to ls1p2 +NS_CHECK_EXEC([ns_ls1p1], [ip addr del 10.0.0.88/24 dev ls1p1]) +NS_CHECK_EXEC([ns_ls1p2], [ip addr del 10.0.0.12/24 dev ls1p2; + ip addr add 10.0.0.88/24 dev ls1p2; + ip route add default via 10.0.0.1]) +NS_EXEC([ns_ls1p2], [arping -U -c 1 -w 2 -I ls1p2 -s 10.0.0.88 10.0.0.88]) + +wait_column "ls1p2" Port_Binding virtual_parent logical_port=vip +check ovn-nbctl --wait=hv sync + +# ping virtual IP from ext1 +NS_CHECK_EXEC([ns_ext1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.88 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +# ping floating virtual IP from ext1 +NS_CHECK_EXEC([ns_ext1], [ping -q -c 3 -i 0.3 -w 2 172.0.0.88 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +OVS_APP_EXIT_AND_WAIT([ovn-controller]) + +as ovn-sb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as ovn-nb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as northd +OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE]) + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d +/connection dropped.*/d"]) +AT_CLEANUP +]) From patchwork Thu Feb 23 06:35:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1746650 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PMjvx1GB4z245y for ; Thu, 23 Feb 2023 17:35:57 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 6ECC3408F1; Thu, 23 Feb 2023 06:35:54 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 6ECC3408F1 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J5j4zCBfiYwf; Thu, 23 Feb 2023 06:35:52 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTPS id 8B37040600; Thu, 23 Feb 2023 06:35:50 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 8B37040600 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E1684C0033; Thu, 23 Feb 2023 06:35:48 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 23CE6C0078 for ; Thu, 23 Feb 2023 06:35:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id EFD7B419EC for ; Thu, 23 Feb 2023 06:35:47 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org EFD7B419EC X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4XEf248Zky7 for ; Thu, 23 Feb 2023 06:35:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org F0ADC4181B Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by smtp4.osuosl.org (Postfix) with ESMTPS id F0ADC4181B for ; Thu, 23 Feb 2023 06:35:45 +0000 (UTC) Received: (Authenticated sender: hzhou@ovn.org) by mail.gandi.net (Postfix) with ESMTPSA id 33D0CFF803; Thu, 23 Feb 2023 06:35:42 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Wed, 22 Feb 2023 22:35:26 -0800 Message-Id: <20230223063526.2363478-4-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230223063526.2363478-1-hzhou@ovn.org> References: <20230223063526.2363478-1-hzhou@ovn.org> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn 3/3] northd: Use dynamic mac-binding for virtual port IPs. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Today ARP resolve flows (static mac-bindings) are programmed for virtual ports once their virtual parent is claimed. As a result, during virtual parent failover, the traffic won't switch to the new parent until the ARP resolve flow is updated by ovn-northd, triggered by the port-binding update. When the scale is big, the ovn-northd compute may take a long time, e.g. 10s or even more, which is too long data plane break during virtual parent failover. This patch removes the dependency of ovn-northd from the failover scenario by removing the ARP resolve flows, so that it relies on dynamic mac-bindings to resolve virtual parent's MAC for the virtual IP. This avoids the logical flow recompute during failover thus make it much faster. Functionally there is no difference. Signed-off-by: Han Zhou --- northd/northd.c | 103 ---------------------------------------- northd/ovn-northd.8.xml | 37 +++------------ tests/ovn.at | 55 ++------------------- tests/system-ovn.at | 1 - 4 files changed, 11 insertions(+), 185 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 770a5b50e2c0..65cfb7975d1b 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -12455,109 +12455,6 @@ build_arp_resolve_flows_for_lrouter_port( } } } - } else if (op->od->n_router_ports && !lsp_is_router(op->nbsp) - && !strcmp(op->nbsp->type, "virtual")) { - /* This is a virtual port. Add ARP replies for the virtual ip with - * the mac of the present active virtual parent. - * If the logical port doesn't have virtual parent set in - * Port_Binding table, then add the flow to set eth.dst to - * 00:00:00:00:00:00 and advance to next table so that ARP is - * resolved by router pipeline using the arp{} action. - * The MAC_Binding entry for the virtual ip might be invalid. */ - - const char *vip = smap_get(&op->nbsp->options, - "virtual-ip"); - const char *virtual_parents = smap_get(&op->nbsp->options, - "virtual-parents"); - - if (!vip || !virtual_parents || !op->sb) { - return; - } - - bool is_ipv4 = strchr(vip, '.') ? true : false; - if (is_ipv4) { - ovs_be32 ipv4; - if (!ip_parse(vip, &ipv4)) { - return; - } - } else { - struct in6_addr ipv6; - if (!ipv6_parse(vip, &ipv6)) { - return; - } - } - - if (!op->sb->virtual_parent || !op->sb->virtual_parent[0] || - !op->sb->chassis) { - /* The virtual port is not claimed yet. */ - for (size_t i = 0; i < op->od->n_router_ports; i++) { - struct ovn_port *peer = ovn_port_get_peer( - ports, op->od->router_ports[i]); - if (!peer || !peer->nbrp) { - continue; - } - - if (find_lrp_member_ip(peer, vip)) { - ds_clear(match); - ds_put_format( - match, "outport == %s && " "%s == %s", peer->json_key, - is_ipv4 ? REG_NEXT_HOP_IPV4 : REG_NEXT_HOP_IPV6, vip); - - const char *arp_actions = - "eth.dst = 00:00:00:00:00:00; next;"; - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(match), - arp_actions, - &op->nbsp->header_); - break; - } - } - } else { - struct ovn_port *vp = - ovn_port_find(ports, op->sb->virtual_parent); - if (!vp || !vp->nbsp) { - return; - } - - for (size_t i = 0; i < vp->n_lsp_addrs; i++) { - bool found_vip_network = false; - const char *ea_s = vp->lsp_addrs[i].ea_s; - for (size_t j = 0; j < vp->od->n_router_ports; j++) { - /* Get the Logical_Router_Port that the - * Logical_Switch_Port is connected to, as - * 'peer'. */ - struct ovn_port *peer = - ovn_port_get_peer(ports, vp->od->router_ports[j]); - if (!peer || !peer->nbrp) { - continue; - } - - if (!find_lrp_member_ip(peer, vip)) { - continue; - } - - ds_clear(match); - ds_put_format( - match, "outport == %s && " "%s == %s", peer->json_key, - is_ipv4 ? REG_NEXT_HOP_IPV4 : REG_NEXT_HOP_IPV6, vip); - - ds_clear(actions); - ds_put_format(actions, "eth.dst = %s; next;", ea_s); - ovn_lflow_add_with_hint(lflows, peer->od, - S_ROUTER_IN_ARP_RESOLVE, 100, - ds_cstr(match), - ds_cstr(actions), - &op->nbsp->header_); - found_vip_network = true; - break; - } - - if (found_vip_network) { - break; - } - } - } } else if (lsp_is_router(op->nbsp)) { /* This is a logical switch port that connects to a router. */ diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 2eab2c4ae094..574d358c570c 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -4206,9 +4206,13 @@ outport = P data in the OVN_Northbound database. For router ports connected to logical switches, MAC bindings can be known statically from the addresses column in the - Logical_Switch_Port table. For router ports - connected to other logical routers, MAC bindings can be known - statically from the mac and networks + Logical_Switch_Port table. (Note: the flow is not + installed for IPs of logical switch ports of type + virtual, and dynamic MAC binding is used for those IPs + instead, so that virtual parent failover does not depend on + ovn-northd, to achieve better failover performance.) For + router ports connected to other logical routers, MAC bindings can be + known statically from the mac and networks column in the Logical_Router_Port table. (Note: the flow is NOT installed for the IP addresses that belong to a neighbor logical router port if the current router has the @@ -4223,33 +4227,6 @@ outport = P eth.dst = E; next;.

-

- For each virtual ip A configured on a logical port - of type virtual and its virtual parent set in - its corresponding - record and the virtual parent with the Ethernet address E - and the virtual ip is reachable via the router port P, a - priority-100 flow with match outport === P - && xxreg0/reg0 == A has actions - eth.dst = E; next;. -

- -

- For each virtual ip A configured on a logical port - of type virtual and its virtual parent not - set in its corresponding - - record and the virtual ip A is reachable via the - router port P, a - priority-100 flow with match outport === P - && xxreg0/reg0 == A has actions - eth.dst = 00:00:00:00:00:00; next;. - This flow is added so that the ARP is always resolved for the - virtual ip A by generating ARP request and - not consulting the MAC_Binding table as it can have - incorrect value for the virtual ip A. -

-

For each IPv6 address A whose host is known to have Ethernet address E on router port P, a diff --git a/tests/ovn.at b/tests/ovn.at index e7542db42503..fc0428a84adb 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -20966,16 +20966,6 @@ AT_CHECK([grep ls_in_arp_rsp sw0-flows | grep bind_vport | sed 's/table=../table ovn-sbctl dump-flows lr0 > lr0-flows AT_CAPTURE_FILE([lr0-flows]) -# Since the sw0-vir is not claimed by any chassis, eth.dst should be set to -# zero if the ip4.dst is the virtual ip in the router pipeline. -AT_CHECK([grep lr_in_arp_resolve lr0-flows | grep "reg0 == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.10), action=(eth.dst = 00:00:00:00:00:00; next;) -]) - -AT_CHECK([grep lr_in_arp_resolve lr0-flows | grep "xxreg0 == 1000::61d1" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && xxreg0 == 1000::61d1), action=(eth.dst = 00:00:00:00:00:00; next;) -]) - hv1_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="hv1"` hv2_ch_uuid=`ovn-sbctl --bare --columns _uuid find chassis name="hv2"` @@ -21053,17 +21043,8 @@ check_row_count Port_Binding 1 logical_port=sw0-vir6 virtual_parent=sw0-p1 wait_for_ports_up sw0-vir6 check ovn-nbctl --wait=hv sync -# There should be an arp resolve flow to resolve the virtual_ip with the -# sw0-p1's MAC. ovn-sbctl dump-flows lr0 > lr0-flows2 AT_CAPTURE_FILE([lr0-flows2]) -AT_CHECK([grep lr_in_arp_resolve lr0-flows2 | grep "reg0 == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.10), action=(eth.dst = 50:54:00:00:00:03; next;) -]) - -AT_CHECK([grep lr_in_arp_resolve lr0-flows2 | grep "xxreg0 == 1000::61d1" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && xxreg0 == 1000::61d1), action=(eth.dst = 50:54:00:00:00:03; next;) -]) # hv1 should add the flow for the ACL with is_chassis_redirect check for sw0-vir and # arp responder flow in lr0 pipeline. @@ -21185,15 +21166,10 @@ logical_port=sw0-vir) = xsw0-p3]) wait_for_ports_up sw0-vir -# There should be an arp resolve flow to resolve the virtual_ip with the -# sw0-p3's MAC. check ovn-nbctl --wait=hv sync ovn-sbctl dump-flows lr0 > lr0-flows3 AT_CAPTURE_FILE([lr0-flows3]) cp ovn-sb/ovn-sb.db lr0-flows3.db -AT_CHECK([grep lr_in_arp_resolve lr0-flows3 | grep "reg0 == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.10), action=(eth.dst = 50:54:00:00:00:05; next;) -]) # hv1 should add the flow for the ACL with is_chassis_redirect check for sw0-vir and # arp responder flow in lr0 pipeline. @@ -21218,14 +21194,9 @@ logical_port=sw0-vir) = xsw0-p2]) wait_for_ports_up sw0-vir -# There should be an arp resolve flow to resolve the virtual_ip with the -# sw0-p2's MAC. check ovn-nbctl --wait=hv sync ovn-sbctl dump-flows lr0 > lr0-flows4 AT_CAPTURE_FILE([lr0-flows4]) -AT_CHECK([grep lr_in_arp_resolve lr0-flows4 | grep "reg0 == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.10), action=(eth.dst = 50:54:00:00:00:04; next;) -]) # hv2 should add the flow for the ACL with is_chassis_redirect check for sw0-vir and # arp responder flow in lr0 pipeline. @@ -21251,13 +21222,10 @@ logical_port=sw0-vir) = xsw0-p1]) wait_for_ports_up sw0-vir +check ovn-nbctl --wait=hv sync ovn-sbctl dump-flows lr0 > lr0-flows5 AT_CAPTURE_FILE([lr0-flows5]) -AT_CHECK([grep lr_in_arp_resolve lr0-flows5 | grep "reg0 == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.10), action=(eth.dst = 50:54:00:00:00:03; next;) -]) -check ovn-nbctl --wait=hv sync # hv1 should add the flow for the ACL with is_chassis_redirect check for sw0-vir and # arp responder flow in lr0 pipeline. check_virtual_offlows_present hv1 @@ -21277,15 +21245,10 @@ logical_port=sw0-vir) = x]) wait_row_count nb:Logical_Switch_Port 1 up=false name=sw0-vir -# Since the sw0-vir is not claimed by any chassis, eth.dst should be set to -# zero if the ip4.dst is the virtual ip. +check ovn-nbctl --wait=hv sync ovn-sbctl dump-flows lr0 > lr0-flows6 AT_CAPTURE_FILE([lr0-flows6]) -AT_CHECK([grep lr_in_arp_resolve lr0-flows6 | grep "reg0 == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.10), action=(eth.dst = 00:00:00:00:00:00; next;) -]) -check ovn-nbctl --wait=hv sync # hv1 should remove the flow for the ACL with is_chassis_redirect check for sw0-vir and # arp responder flow in lr0 pipeline. check_virtual_offlows_not_present hv1 @@ -21311,13 +21274,10 @@ logical_port=sw0-vir) = xsw0-p2]) wait_for_ports_up sw0-vir +check ovn-nbctl --wait=hv sync ovn-sbctl dump-flows lr0 > lr0-flows7 AT_CAPTURE_FILE([lr0-flows7]) -AT_CHECK([grep lr_in_arp_resolve lr0-flows7 | grep "reg0 == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.10), action=(eth.dst = 50:54:00:00:00:04; next;) -]) -check ovn-nbctl --wait=hv sync # hv2 should add the flow for the ACL with is_chassis_redirect check for sw0-vir and # arp responder flow in lr0 pipeline. check_virtual_offlows_present hv2 @@ -21346,6 +21306,7 @@ AT_CHECK([grep ls_in_arp_rsp sw0-flows2 | grep bind_vport], [1]) # Add back virtual_ip and clear virtual_parents. ovn-nbctl --wait=hv set logical_switch_port sw0-vir options:virtual-ip=10.0.0.10 +check ovn-nbctl --wait=hv sync ovn-sbctl dump-flows sw0 > sw0-flows3 AT_CAPTURE_FILE([sw0-flows3]) AT_CHECK([grep ls_in_arp_rsp sw0-flows3 | grep bind_vport | sed 's/table=../table=??/'], [0], [dnl @@ -21353,7 +21314,6 @@ AT_CHECK([grep ls_in_arp_rsp sw0-flows3 | grep bind_vport | sed 's/table=../tabl table=??(ls_in_arp_rsp ), priority=100 , match=(inport == "sw0-p3" && ((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) || (arp.op == 2 && arp.spa == 10.0.0.10))), action=(bind_vport("sw0-vir", inport); next;) ]) -check ovn-nbctl --wait=hv sync # hv2 should remove the flow for the ACL with is_chassis_redirect check for sw0-vir and # arp responder flow in lr0 pipeline. check_virtual_offlows_not_present hv2 @@ -21368,7 +21328,6 @@ AT_CHECK([grep ls_in_arp_rsp sw0-flows4 | grep bind_vport], [1]) ovn-sbctl dump-flows lr0 > lr0-flows8 AT_CAPTURE_FILE([lr0-flows8]) -AT_CHECK([grep lr_in_arp_resolve lr0-flows8 | grep "reg0 == 10.0.0.10"], [1]) # Delete sw0-vir and add again. ovn-nbctl lsp-del sw0-vir @@ -21396,12 +21355,6 @@ AT_CHECK([grep ls_in_arp_rsp sw0-flows | grep bind_vport | sed 's/table=../table ovn-sbctl dump-flows lr0 > lr0-flows AT_CAPTURE_FILE([lr0-flows]) -# Since the sw0-vir is not claimed by any chassis, eth.dst should be set to -# zero if the ip4.dst is the virtual ip in the router pipeline. -AT_CHECK([grep lr_in_arp_resolve lr0-flows | grep "reg0 == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl - table=??(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.10), action=(eth.dst = 00:00:00:00:00:00; next;) -]) - OVN_CLEANUP([hv1], [hv2]) AT_CLEANUP ]) diff --git a/tests/system-ovn.at b/tests/system-ovn.at index cccb8ec4aa95..0880c8d94b34 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -10694,7 +10694,6 @@ start_daemon ovn-controller # Add routers check ovn-nbctl lr-add lr1 -check ovn-nbctl set logical_router lr1 options:always_learn_from_arp_request=false # Add switches check ovn-nbctl ls-add public1