From patchwork Wed Aug 28 01:03:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1154125 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.b="XqIfsd/m"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46J6w10Qcyz9sBF for ; Wed, 28 Aug 2019 11:04:33 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 82C0B1EE8; Wed, 28 Aug 2019 01:03:29 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id C84691E6D for ; Wed, 28 Aug 2019 01:03:27 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0EB88EC for ; Wed, 28 Aug 2019 01:03:26 +0000 (UTC) Received: from pps.filterd (m0127842.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x7S0xixg024681 for ; Tue, 27 Aug 2019 18:03:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=proofpoint20171006; bh=hW010GE1lX2SdA+U2HaZHGz/4Gagz+v0cGli6qReYJk=; b=XqIfsd/mb2o9yBMxAA5dPDfsjAn8j4A6udvOZEEQwOkZju0nGy5nn86M5I/XSYZG4V3t 3/bKiSZMLKZ5G+Axk6j+Q4JLDCuEv9FdAoAIEz62kDIMJ/LuHAOeo51dowqi4KOZm1zI 2ejBHyXvrbr3QitdAZ2X9S7QMC3LruzW6C1VxMYIl+HrI31KR6RkytODX+v1rh64NmZv kCzgklVcEEAubAWvE8QTZAZBTVaAucfT2C5MVwOQMMCSEMDvEcNZbdGgr8XngUIFh27B 6HbUJHUnvjEOZZb0CFGUf2ufpDG+CSOXzj1qWtcrXW1FYAinUlmleiCwSYAdgDDH0wr2 pQ== Received: from nam05-co1-obe.outbound.protection.outlook.com (mail-co1nam05lp2051.outbound.protection.outlook.com [104.47.48.51]) by mx0b-002c1b01.pphosted.com with ESMTP id 2uk4jeeg7h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 27 Aug 2019 18:03:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e67+ODeXzwc5pap146nF1DQW4joPeYSVYXY0xxWrqwGd5KIvmt79ebXG3fEM+uBd+edQuACV9W+ACD8etbdzisSFoM/Ci+SYYKnJBSMIQIuePvu5JT4crxu13LrPU2JuCl8WKWOFtdBCCa+Ww9sqFGyKQAeUQcVUkCO7qEqNYHc+d1K67A34J66H7B7rlNgh2SCk9q2yq3Kq8MR2Bpj4yVkO0SY/VCF6NNE1t+AZfcRwe3ZibKO2+OWjECfgw4rtTwuXO99E6Yuvp9uMKvOe0VabIBlpaW9a4w6jdU+53wDDChMuRVbA2m15EGaUYzQrILFHZqYTx3CJ+Nb0re0JGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hW010GE1lX2SdA+U2HaZHGz/4Gagz+v0cGli6qReYJk=; b=l9bGjKFSafrwHESwP2XzTL/jTrTLsez13nFhcwYruiLb1zQiXuK6urfWas0Px4sQr+JNKwmcTNxl9QNwYZG7WFjaiCBPJOzxBWMX+slnRwWnOlnGJWKlF7LRRJ8bNDOQh0LeQApJ4KrvjtZBEPye84uVvw2THrpnGiEZtj7MkHLKvujeeYt2qhovzzYCQ4NfGcrNcvJ1+DM7FHn3OTLucEBLbXsTDEEXvuYe7E3rdOZJduJHm6251LOGOKgFbJ/rYx3ZyB8FDrLJq5rw6KhG2l5dT+blIvC9U0Q4/qYHHm2a9HS4F4mnfbpnVumVBE67lCBMBaocPCpasvcYS8R6ww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by MW2PR02MB3673.namprd02.prod.outlook.com (52.132.177.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.19; Wed, 28 Aug 2019 01:03:24 +0000 Received: from MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149]) by MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2199.021; Wed, 28 Aug 2019 01:03:23 +0000 From: Ankur Sharma To: "ovs-dev@openvswitch.org" Thread-Topic: [PATCH v7 2/3 ovn] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis. Thread-Index: AQHVXTxkiq3unIGJBEyBYvvbiWeWLA== Date: Wed, 28 Aug 2019 01:03:23 +0000 Message-ID: <1566954211-55973-3-git-send-email-ankur.sharma@nutanix.com> References: <1566954211-55973-1-git-send-email-ankur.sharma@nutanix.com> In-Reply-To: <1566954211-55973-1-git-send-email-ankur.sharma@nutanix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BY5PR04CA0023.namprd04.prod.outlook.com (2603:10b6:a03:1d0::33) To MW2PR02MB3899.namprd02.prod.outlook.com (2603:10b6:907:4::28) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 1.8.3.1 x-originating-ip: [192.146.154.98] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 959e0af9-2e89-43f4-6055-08d72b538685 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MW2PR02MB3673; x-ms-traffictypediagnostic: MW2PR02MB3673: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-proofpoint-crosstenant: true x-ms-oob-tlc-oobclassifiers: OLM:3044; x-forefront-prvs: 014304E855 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(136003)(39860400002)(396003)(376002)(346002)(199004)(189003)(25786009)(107886003)(186003)(26005)(6506007)(386003)(102836004)(53936002)(86362001)(4326008)(50226002)(8936002)(6116002)(3846002)(486006)(11346002)(446003)(316002)(66946007)(36756003)(8676002)(66476007)(64756008)(66556008)(66446008)(66066001)(305945005)(44832011)(4720700003)(2501003)(6916009)(2906002)(14454004)(478600001)(5660300002)(2616005)(6486002)(99286004)(476003)(76176011)(6436002)(5640700003)(81166006)(81156014)(6512007)(52116002)(7736002)(66574012)(71200400001)(71190400001)(2351001)(5024004)(256004)(14444005)(64030200001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3673; H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nutanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Kph7i6SgF5bylBLfOMz55zMRPizltXWC5Qa5jPQqxPz3vLqDBThmCUHxE4K69HAOnVSoqyrruuaK+Lmu/B9Kp2S1dv2rjrtfZPZjTbcZR9/x8VEQWTBK48fN6d78x+xWvH5coLeSVNgZqMFMDVsNl4n4ubsubn6NRcaWUf7euVeSBY2BQekdrzS7DhMDo1H99k4ltB5o1PaN8lzB8qh/Poa0XKliDDxvxyh18c8PsZ9qiBNd9/4+idwQ5OLN4Yj/gaPsI1gNpYKHf9lAC67x1xtFsfWWwBW+8DuseEk+gFPihdJ8d3Ffmmg0nZbaAHn8KhwcdZz471KlbfB7+xtmRi+th+4fjw2ozRL+k6kjb0lc3FNh/D8EhroegT1jerMqIsqEgnGr0F6J46DmoqEp2O2MKayj26H71gMUwIBQ3Pc= MIME-Version: 1.0 X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 959e0af9-2e89-43f4-6055-08d72b538685 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2019 01:03:23.7161 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kct37V6FRhu8ldRZhwi/wKVONyH36kgxqFQQnHICwDp5TGSHnvz0IpJAudNFxjwt2InhkPQlaUYZwtUmZkSOIWVpDQwrvH/CRyzrbSXoRW8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3673 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-27_05:2019-08-27,2019-08-27 signatures=0 X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v7 2/3 ovn] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Background: With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added support for E-W workflow for vlan backed DVRs. This series enables N-S workflow for vlan backed DVRs. Key difference between E-W and N-S traffic flow is that N-S flow requires a gateway chassis. A gateway chassis will be respondible for following: a. Doing Network Address Translation (NAT). b. Becoming entry and exit point for North->South and South->North traffic respectively. OVN by default always uses overlay encapsulation to redirect the packet to gateway chassis. This series will enable the redirection to gateway chassis in the absence of encapsulation. This patch: a. Make sure that ARP request for endpoint behind the gateway router port is sent from gateway chassis only and not from host(compute) chassis. b. This is achieved by adding a new logical flow in lr_in_arp_resolve at priority=50. c. This flow run on non gateway chassis and sets the destination mac to router port mac, if outport is a gateway chassis attached router port and redirect-type is set as "vlan". Example logical flow: table=9 (lr_in_arp_resolve ), priority=50 , match=(outport == "router-to-underlay" && !is_chassis_resident("cr-router-to-underlay")), action=(eth.dst = 00:00:01:01:02:04; next;) d. This change is needed because other wise for non resolved ARPs, we will end up doing get_arp in host chassis. Doing so will have following issues: i. We want all the interation with North bound endpoints via gateway chassis only, doing so on host chassis will violate that. ii. With get_arp, ovn-controller will generate the ARP using router port's mac as source mac, which will lead us to the same issue, where router port mac will be going through continous mac moves in physical network. Worst, it would affect the redirection, since it uses router port mac as destination mac. Signed-off-by: Ankur Sharma --- northd/ovn-northd.8.xml | 12 ++++++++++++ northd/ovn-northd.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index d45bb15..442e899 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -2239,6 +2239,18 @@ next; get_nd(outport, xxreg0); next;.

+ +
  • +

    + For logical router port with redirect-chassis and redirect-type + being set as bridged, a priority-50 flow will match + outport == "ROUTER_PORT" and !is_chassis_resident + ("cr-ROUTER_PORT") has actions eth.dst = E; + next;, where E is the ethernet address of the + logical router port. +

    +
    • +

    Ingress Table 9: Check packet length

    diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 0a7f181..0daf327 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -3636,6 +3636,16 @@ lsp_is_external(const struct nbrec_logical_switch_port *nbsp) return !strcmp(nbsp->type, "external"); } +/* Returns true if lrp has either gateway chassis or ha chassis group + * attached to it. */ +static bool +lrp_has_gateway(const struct nbrec_logical_router_port *nbrp) +{ + return (nbrp->n_gateway_chassis || + (nbrp->ha_chassis_group && nbrp->ha_chassis_group->n_ha_chassis)) + ? true : false; +} + static bool build_dhcpv4_action(struct ovn_port *op, ovs_be32 offer_ip, struct ds *options_action, struct ds *response_action, @@ -7743,6 +7753,28 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, 100, ds_cstr(&match), ds_cstr(&actions)); } } + + if (!op->derived && lrp_has_gateway(op->nbrp)) { + const char *redirect_type = smap_get(&op->nbrp->options, + "redirect-type"); + if (redirect_type && !strcasecmp(redirect_type, "bridged")) { + /* Packet is on a non gateway chassis and + * has an unresolved ARP on a network behind gateway + * chassis attached router port. Since, redirect type + * is set to vlan, hence instead of calling "get_arp" + * on this node, we will redirect the packet to gateway + * chassis, by setting destination mac router port mac.*/ + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + "!is_chassis_resident(%s)", op->json_key, + op->od->l3redirect_port->json_key); + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ARP_RESOLVE, + 50, ds_cstr(&match), ds_cstr(&actions)); + } + } } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") && strcmp(op->nbsp->type, "virtual")) { /* This is a logical switch port that backs a VM or a container.