From patchwork Wed Aug 28 01:55:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1154133 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.b="Z2HsVppl"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46J82s1shPz9sDB for ; Wed, 28 Aug 2019 11:55:32 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id E6BF72209; Wed, 28 Aug 2019 01:55:30 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 802CB21E8 for ; Wed, 28 Aug 2019 01:55:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0a-002c1b01.pphosted.com (mx0a-002c1b01.pphosted.com [148.163.151.68]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D9D961FB for ; Wed, 28 Aug 2019 01:55:28 +0000 (UTC) Received: from pps.filterd (m0127838.ppops.net [127.0.0.1]) by mx0a-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x7S1tS7Y006014 for ; Tue, 27 Aug 2019 18:55:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=proofpoint20171006; bh=M+Zge4PUU9XCxZhOQC3I8CaeaI5phpRZbP5vwmRJIpU=; b=Z2HsVpplCmA083skENijpcWxjLibk0aOXqYmkRI64jWK5uGy4jjrGp2ILk7lUx6Z/HIU juUaM/NyCHnT3x5BmF/YEHdel3/Hnn3I5qQO8SARNx0iGNIdUCucE5gDLRBuRClhH/Qx oUp706EmP6WEEyWh0TEr4XHRNVq4KCx0M6g0DaX1CNlf0GPJvLJGkQnaaInyZZ2+WL/W D6ad3cB8aq4TmHY8gBJvWH0C1GtglqwOB+FbKrTeFZOXMsiqXooB9osbAW8CsHtJN80n GEH1HodtCJVTAX1tHHfTAp32M5W3w4T+APU0yVoKT8YS05LV/1lIi4FqyoqRhaeQ91uC uQ== Received: from nam01-sn1-obe.outbound.protection.outlook.com (mail-sn1nam01lp2051.outbound.protection.outlook.com [104.47.32.51]) by mx0a-002c1b01.pphosted.com with ESMTP id 2uk4sxppj6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 27 Aug 2019 18:55:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mrV0aQRs+RF8R2KgIV8Xzx2hL34Fu6TZlZX+ohAR1EhGOP9Npxqek69uos5kt/weMU8HTi7FfoV/Gf57wx7P5SjDQu7Rkr6mA9GrUIejSO81bFm137j3Z9DPSon6bp3oASpT7JR4shN0tH9ESRn4N3y4lRy8XGYrLbWnISWFX6zjNR2R4eNwZUR9JP8N72ds/EtAuFClP3hUpwiAKT2+rgrWnFjFKP0HHrzJQlcd68Yf0M1gAZ59mwwCLsh1Hr+4t8ynIzjBbYQNj9D2FKzwGcRiqSYCOO4KHgN2BZ2b1dcEhjmEzeOVpdk6aL+KRthNRU2yh7wDSRAiRugKfTOy2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M+Zge4PUU9XCxZhOQC3I8CaeaI5phpRZbP5vwmRJIpU=; b=ldXPQCjKcl+VPu2B9Xv/QM+wPTRegX1xizxPu68tEKgH1GEKdMkF6nluC4WFUVe3Gyvf1o2vGRX5hgMGiQQtzm9YW7n5hcbWWAk2ksvMmQIl9pWSSxjkrN6hV0nab6xqQ0aPfLOf+Lu2RbeUFQI/xXyk+jRdL1k5qacUv6WSy85A35uwJu451b0BmitB780MGk2XLrnCDdQNQH7UHusYZOb24U6kotIK7mFGHoXqLUBMZCdtJALjecBxyfbh5mA8p3R2YxnQO3T5BZBSINhxK6k6EnHat165Wa6bqrPw4DS73UfXaGYXIQdIV/zzoqAfHbX/ThZS/tqg/NPSiGI6SQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by MW2PR02MB3865.namprd02.prod.outlook.com (52.132.178.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.21; Wed, 28 Aug 2019 01:55:26 +0000 Received: from MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149]) by MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2199.021; Wed, 28 Aug 2019 01:55:26 +0000 From: Ankur Sharma To: "ovs-dev@openvswitch.org" Thread-Topic: [PATCH v8 0/3 ovn] OVN: Vlan backed DVR, enable N-S packet flow Thread-Index: AQHVXUOpNLxlleXezEuafR+l5icAhw== Date: Wed, 28 Aug 2019 01:55:25 +0000 Message-ID: <1566957337-56025-1-git-send-email-ankur.sharma@nutanix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BYAPR06CA0036.namprd06.prod.outlook.com (2603:10b6:a03:d4::49) To MW2PR02MB3899.namprd02.prod.outlook.com (2603:10b6:907:4::28) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 1.8.3.1 x-originating-ip: [192.146.154.98] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 79a7ef77-789f-4d3a-6bf5-08d72b5acb87 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MW2PR02MB3865; x-ms-traffictypediagnostic: MW2PR02MB3865: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-proofpoint-crosstenant: true x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 014304E855 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(136003)(346002)(366004)(376002)(189003)(199004)(14444005)(5024004)(4720700003)(4326008)(386003)(256004)(86362001)(6512007)(99286004)(2616005)(26005)(53936002)(71200400001)(71190400001)(81166006)(52116002)(25786009)(6506007)(6436002)(5660300002)(476003)(6916009)(66476007)(486006)(66446008)(316002)(6486002)(44832011)(66946007)(2351001)(64756008)(66556008)(102836004)(50226002)(186003)(6306002)(5640700003)(2501003)(3846002)(6116002)(66574012)(14454004)(8936002)(305945005)(966005)(7736002)(66066001)(478600001)(8676002)(81156014)(36756003)(2906002)(107886003)(64030200001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3865; H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nutanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: oXUxxjUhfoMGKT0xMrLkrcdXG7WTazQoHs5U9aSP/D1/D462LyngLPaCq9/UX05cpUu5PX9yf4GtqiPQ8Od3kfQDxmzj1YMji9/paTKvVnyoJ+hdDO4ZAOWrjtDko6lW4JgNEyStmPsk3ZyiS5rorYKu4YSGkTwjZh7f/7ADvqZSSZWyU/2mlopfnP5xdettG9fXz5uur+yk5wm7eQRrN9ZUh77G58dYiGhxzYrj6xCTd+HHKpazmxZaJtVgLB4M66QiymTYRT2FbIhd2OtZ1sx6ildQaDC7OYsRx4U488Rzj+h8tmOu+MWmQ9nR7FIPlHPh8Q3WHgRsPqeTMJalfMa/KtvBRicghGCi6PDQOfvXK7ZHIE2tK39HfkVVUvmcjgG/pu+KLEshtew8LkUHCmdtJv5O37t4/Zd1xwpNxYg= MIME-Version: 1.0 X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 79a7ef77-789f-4d3a-6bf5-08d72b5acb87 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2019 01:55:26.2872 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9oAYbuYAC9KhkpKf7VmhSxdGT5J5cPxAylJ/WFRN9N6G8Pfbz0q1C7m1SF+zyoEdjVtTpKzjWZxhMySawxgEbELRbStCHhWIo/wHcvC+pmI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3865 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-27_05:2019-08-27,2019-08-27 signatures=0 X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v8 0/3 ovn] OVN: Vlan backed DVR, enable N-S packet flow X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Problem Description: Redirection to chassisredirect ports happens only via tunnel encapsulation. As a result, same cannot be leveraged upon for vlan backed environments. This series addresses the issue by allowing redirection to happen without encapsulation. Design: ======= a. High level design is that CMS/user will provision "redirect-type" on a gateway chassis attached logical router port. b. If the redirect-type is set as "vlan", then redirected packet from compute chassis to gateway chassis will go via the localnet port. c. This redirected vlan packet will have following attributes: i. Source Mac ==> Chassis mac of compute chassis. ii. Destination Mac ==> Mac address of chassisredirect router port. i.e cr-lrp-* iii. Vlan id ==> Vlan id of peer logical switch of gateway chassis attached logical router port. d. To attain c. above a logical flow added in table=33 will send the packet to table=65, where it will hit regular flow which will send the packet out of localnet port. This Series: ============ Patch 1 ------- ovn-nbctl and ovn-northd changes to accept a "redirect-type" option associated with a logical router port. This configuration is added so that we have a parameter to decide if want to send a redirected packet via tunnel port or localnet port. Patch 2 ------- Adding a logical flow in lrp_in_arp_resolve to make sure that ARP requests from logical router are generated on gateway chassis only. This flow will make sure that we DO NOT call get_arp on compute chassis. Patch 3 ------- Changes in ovn-controller, to add the redirect related OVS flow based on configuration parameter added in Patch 2. i.e if redirect-type is 'overlay', then flow in table=32 will be added (to send the packet out via tunnel port), if redirect-type is 'vlan', then flow in table=33 will be added, to send the packet out via localnet port. Existing Efforts: ================= There has been an effort done in solving same problem. https://patchwork.ozlabs.org/patch/920447/ by vkommadi@redhat.com This patch differs from above changes in following areas: a. Existing patch adds an additional flow in lr_in_ip_routing to mark the packet as NAT_REDIRECT in compute chassis. This approach looks reasonable, especially since through this we can avoid Patch 3 in this series. However, using something similar based on our approach lead to following: i. For each route pointing to gateway router port, we will need 2 flows in lr_in_ip_routing, one which executes ONLY on compute chassis and marks the packet for NAT_REDIRECT and one which executes ONLY on gateway chassis and does not mark the packet. Since, we cannot change the priority of a route flow (prefix length decides the priority), hence we will end up with 2 logical flows with same match (with is_chassis_resident being the only differentiating factor). OVN controller considered both such flows as duplicate and ends up considering only one of them, i.e either either only the compute chassis got is relevant flow or only gateway chassis. b. Existing patch considers a tenant as VLAN backed. Whereas this patch considers overlay/vlan as the property of gateway logical switch. And from a router's perspective, configuration is done on the peer router port. c. Existing patch sends the packet to gateway router port mac, but uses source logical switch (tenant logical switch's) vlan id. This will always cause flooding in physical network, because gateway router port mac will be learnt on the peer logical switch. Using a different vlan id will always cause flooding of redirected packets from compute chassis to gateway chassis. d. Because of c. above, existing patch needs changes on receiving side as well. This is because since packet's vlan id is not of the correct logical switch, hence on receiving node (gateway chassis), packet has to be forced forwaded to the logical router pipeline. v7 -> v8 ------ * Removed the not needed ovs side changes. v6 -> v7 ------ * Replace vlan with bridged in the redirect-type implementation * Added documentation for new ARP resolution logical flow. * Converted to a 3 patch series, as first patch has been applied. v5 -> v6 ------ * Removed sleep from unit tests v4 -> v5 ------ * Fixed a compilation warning in lport.h v3 -> v4 ------ * Handle review comments. * Rebased to TOT. v2 -> v3 ------ * Fix merge conflicts. v1 -> v2 ------ * Added ovn in the comment description prefix. Ankur Sharma (3): OVN: Vlan backed DVR N-S, redirect-type option OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis. OVN: Vlan backed DVR N-S, redirect packet via localnet port controller/physical.c | 255 +++++++++++++++++++++++++++------------- lib/ovn-util.c | 33 ++++++ lib/ovn-util.h | 5 + northd/ovn-northd.8.xml | 12 ++ northd/ovn-northd.c | 38 ++++++ ovn-architecture.7.xml | 64 ++++++++++ ovn-nb.xml | 43 +++++++ tests/ovn-nbctl.at | 25 ++++ tests/ovn-northd.at | 31 +++++ tests/ovn.at | 304 ++++++++++++++++++++++++++++++++++++++++++++++++ utilities/ovn-nbctl.c | 65 +++++++++++ 11 files changed, 792 insertions(+), 83 deletions(-)