From patchwork Fri Mar 15 10:56:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mohammad Heib X-Patchwork-Id: 1912445 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HujK34qG; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Tx1Qj4Nyxz1yWy for ; Fri, 15 Mar 2024 21:56:45 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 8E2CB60E71; Fri, 15 Mar 2024 10:56:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6wJovrjqUO2Q; Fri, 15 Mar 2024 10:56:42 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 4F542608AD Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HujK34qG Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 4F542608AD; Fri, 15 Mar 2024 10:56:42 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 05098C0072; Fri, 15 Mar 2024 10:56:42 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id ED69FC0037 for ; Fri, 15 Mar 2024 10:56:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id C4F74608AD for ; Fri, 15 Mar 2024 10:56:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u6gfbLMH2unI for ; Fri, 15 Mar 2024 10:56:40 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=mheib@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org D6798606A8 Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D6798606A8 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id D6798606A8 for ; Fri, 15 Mar 2024 10:56:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710500198; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BmGbeBaJoMtcdtbhW1BVyfq/gMeCVdJUD4AsBznAJ3M=; b=HujK34qGPAgPRKplcS7NoGSu0oGU00tt/6Z3L4/+40SVGLhbOyMh86gemEOyFkEk7hqAI0 OMNWezhnzkq303S7xmL0ZGlqwmv7Je+6ojxJdUiRByt4aVR/6wVLvHIjZ6w4Pre1f7q6lR gDI7VJ8RvNAkQ8JcuNEadEPkQguxTj4= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-652-9wSwG0UPOj2vVv8CEPNyDQ-1; Fri, 15 Mar 2024 06:56:37 -0400 X-MC-Unique: 9wSwG0UPOj2vVv8CEPNyDQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1D7FE800271 for ; Fri, 15 Mar 2024 10:56:37 +0000 (UTC) Received: from mheiblap.localdomain.com (unknown [10.47.238.170]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5D1C8111E3F3; Fri, 15 Mar 2024 10:56:36 +0000 (UTC) From: Mohammad Heib To: dev@openvswitch.org Date: Fri, 15 Mar 2024 12:56:05 +0200 Message-Id: <20240315105606.107757-1-mheib@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 1/2] northd: Don't skip transit switch LSP when creating mcast groups. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Currently when we enable IGMP on OVN-IC cluster with two or more AZs and one vm from AZ1 send IGMP report, northd will create the following multicast_group on each AZ: AZ1: 1. multicast_group that forward the mcast traffic from LS1 to the VM. 2. multicast_group that forward the mcast traffic from LR1 to the LS1. AZ2: 1. multicast_group that forward the mcast traffic from TS to LR1 in AZ1. This design works fine if we have one logical network only on each AZ, but if we have two or more logical network on the same AZ that separated from each other and only connected via transit switch and both join the same mcast network, the traffic will be delivered between those two networks because ovn floods it to all routers that connected to the transit switch (see logical flow table 27). The above design is not the right way to handle such mcast traffic because future changes for ovn that make it match explicitly on the igmp group address and not forward traffic to routers can break the mcast traffic in ovn-ic. This patch updates the above design by adding the router port that connects to the transit switch to the multicast_group even if the peer port have mcast_flood enabled. Signed-off-by: Mohammad Heib --- northd/northd.c | 8 +++++--- northd/northd.h | 6 ++++++ tests/ovn.at | 10 ++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 1839b7d8b..98c837a20 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -5377,11 +5377,13 @@ ovn_igmp_group_get_ports(const struct sbrec_igmp_group *sb_igmp_group, continue; } - /* If this is already a port of a router on which relay is enabled, - * skip it for the group. Traffic is flooded there anyway. + /* If this is already a port of a router on which relay is enabled + * and it's not a transit switch to router port,skip it for the group. + * Traffic is flooded there anyway. */ if (port->peer && port->peer->od && - port->peer->od->mcast_info.rtr.relay) { + port->peer->od->mcast_info.rtr.relay && + !ovn_datapath_is_transit_switch(port->od)) { continue; } diff --git a/northd/northd.h b/northd/northd.h index 3f1cd8341..5e9fa4745 100644 --- a/northd/northd.h +++ b/northd/northd.h @@ -362,6 +362,12 @@ ovn_datapath_is_stale(const struct ovn_datapath *od) return !od->nbr && !od->nbs; }; +static inline bool +ovn_datapath_is_transit_switch(const struct ovn_datapath *od) +{ + return od->tunnel_key >= OVN_MIN_DP_KEY_GLOBAL; +} + /* Pipeline stages. */ /* The two purposes for which ovn-northd uses OVN logical datapaths. */ diff --git a/tests/ovn.at b/tests/ovn.at index 438c7690a..4a9e433b2 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -26903,10 +26903,20 @@ wait_row_count IGMP_Group 2 address=239.0.1.68 wait_row_count IGMP_Group 2 address='"ff0a:dead:beef::1"' check ovn-nbctl --wait=hv sync +#Validate that Multicast Group contains all registered ports for +# specific igmp group. +ts_dp=$(fetch_column datapath_binding _uuid external_ids:name=ts) +ports=$(fetch_column multicast_group ports name="239.0.1.68" datapath=$ts_dp) +check test X2 = X$(echo $ports | wc -w) + + ovn_as az2 wait_row_count IGMP_Group 2 address=239.0.1.68 wait_row_count IGMP_Group 2 address='"ff0a:dead:beef::1"' check ovn-nbctl --wait=hv sync +ts_dp=$(fetch_column datapath_binding _uuid external_ids:name=ts) +ports=$(fetch_column multicast_group ports name="239.0.1.68" datapath=$ts_dp) +check test X2 = X$(echo $ports | wc -w) # Send an IP multicast packet from LSP2, it should be forwarded # to lsp1 and lsp3. From patchwork Fri Mar 15 10:56:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mohammad Heib X-Patchwork-Id: 1912446 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ypg7d6bx; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Tx1Qm4bnqz1yWy for ; Fri, 15 Mar 2024 21:56:48 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 7BC4D606A8; Fri, 15 Mar 2024 10:56:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uwW9o9LdbhrJ; Fri, 15 Mar 2024 10:56:44 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 26EC560E5D Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ypg7d6bx Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 26EC560E5D; Fri, 15 Mar 2024 10:56:44 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id F1C10C008E; Fri, 15 Mar 2024 10:56:43 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9D356C0072 for ; Fri, 15 Mar 2024 10:56:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 69BE760AE3 for ; Fri, 15 Mar 2024 10:56:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C4ZY9LP4xOMm for ; Fri, 15 Mar 2024 10:56:41 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=mheib@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 58EBB606A8 Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 58EBB606A8 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 58EBB606A8 for ; Fri, 15 Mar 2024 10:56:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710500200; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3mhfDA/yPFI/KbECxrr080DJJoanrMW6EEqATi8pdKU=; b=Ypg7d6bxj0cMgYh3K9j4ClV6clcaG2zg48AS5qJFHNXhipVFD6GM0Z59fUXal5yMQYAwjk gHjMp7llWkhLdcGlUEHVSG2RncNpLzl6OFBdfw5AItahIEgyqXvSNLvWbHen5gUI06eCcI +CCUy1VPu3FmVm4z0HZ6VxYTQIudz8I= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-680-qL1MVWfXO4y1kFyydqp1GA-1; Fri, 15 Mar 2024 06:56:38 -0400 X-MC-Unique: qL1MVWfXO4y1kFyydqp1GA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 504ED8007A3 for ; Fri, 15 Mar 2024 10:56:38 +0000 (UTC) Received: from mheiblap.localdomain.com (unknown [10.47.238.170]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6CCC1111E3F3; Fri, 15 Mar 2024 10:56:37 +0000 (UTC) From: Mohammad Heib To: dev@openvswitch.org Date: Fri, 15 Mar 2024 12:56:06 +0200 Message-Id: <20240315105606.107757-2-mheib@redhat.com> In-Reply-To: <20240315105606.107757-1-mheib@redhat.com> References: <20240315105606.107757-1-mheib@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 2/2] IC: Tansit switch don't flood mcast traffic to router ports if matches igmp group. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Crrently ovn transit switch forward mcast traffic that match an igmp group to all ports participating in this group and to all router ports that are connected to this TS switch and have mcast_flood enabled. The above behavior can lead to packet duplicate if we have a VM in a specific AZ that participates in igmp group because the gateway router in this AZ will forward igmp membership report from the VM to the TS which will be learned as an IGMP_group on the Tansit switch in different AZs and every mcast traffic to that igmp group address from the different AZs will be handled by the Tansit switch twice: - First time TS will send the traffic according to the igmp group which will reach the VM. - Second time TS will send the traffic to all router ports including the router that exists on the VM AZ which will forward the traffic to the VM again. To avoid this issue this patch adds flows that forward mcast traffic that match igmp group to the igmp group ports only, this flows only apply to Transit switches. Rreported-at: https://issues.redhat.com/browse/FDP-101 Signed-off-by: Mohammad Heib --- northd/northd.c | 18 ++++++++++++++---- northd/ovn-northd.8.xml | 7 +++++++ 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 98c837a20..0c5122d27 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -9362,8 +9362,14 @@ build_lswitch_destination_lookup_bmcast(struct ovn_datapath *od, } -/* Ingress table 25: Add IP multicast flows learnt from IGMP/MLD - * (priority 90). */ +/* Ingress table 27: Add IP multicast flows learnt from IGMP/MLD + * (priority 90). + * + * Ingress table 27: Transit switch add IP multicast flows learnt + * from IGMP/MLD to forward traffic explicitly to the ports that are + * part of the IGMP/MLD group, and ignore MROUTERAS Ports. + * (priority 95). + */ static void build_lswitch_ip_mcast_igmp_mld(struct ovn_igmp_group *igmp_group, struct lflow_table *lflows, @@ -9377,6 +9383,9 @@ build_lswitch_ip_mcast_igmp_mld(struct ovn_igmp_group *igmp_group, ds_clear(match); ds_clear(actions); + bool transit_switch = + ovn_datapath_is_transit_switch(igmp_group->datapath); + struct mcast_switch_info *mcast_sw_info = &igmp_group->datapath->mcast_info.sw; uint64_t table_size = mcast_sw_info->table_size; @@ -9422,7 +9431,7 @@ build_lswitch_ip_mcast_igmp_mld(struct ovn_igmp_group *igmp_group, } /* Also flood traffic to all multicast routers with relay enabled. */ - if (mcast_sw_info->flood_relay) { + if (mcast_sw_info->flood_relay && !transit_switch) { ds_put_cstr(actions, "clone { " "outport = \""MC_MROUTER_FLOOD "\"; " @@ -9440,7 +9449,8 @@ build_lswitch_ip_mcast_igmp_mld(struct ovn_igmp_group *igmp_group, igmp_group->mcgroup.name); ovn_lflow_add(lflows, igmp_group->datapath, S_SWITCH_IN_L2_LKUP, - 90, ds_cstr(match), ds_cstr(actions), NULL); + transit_switch? 95 : 90, ds_cstr(match), + ds_cstr(actions), NULL); } } diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 17b414144..e25285d67 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1933,6 +1933,13 @@ output; logical switch. +
  • + Priority-95 flows for transit switches only that forward registered + IP multicast traffic to their corresponding multicast group , which + ovn-northd creates based on learnt + entries. +
    • +
  • Priority-90 flows that forward registered IP multicast traffic to their corresponding multicast group, which ovn-northd