From patchwork Wed Oct 16 13:06:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dumitru Ceara X-Patchwork-Id: 1177904 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46tXcq12N5z9sP7 for ; Thu, 17 Oct 2019 00:06:51 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id A42C9E77; Wed, 16 Oct 2019 13:06:48 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 143B3E26 for ; Wed, 16 Oct 2019 13:06:48 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EF10013A for ; Wed, 16 Oct 2019 13:06:46 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 76D15102BB36 for ; Wed, 16 Oct 2019 13:06:46 +0000 (UTC) Received: from dceara.remote.csb (ovpn-116-144.ams2.redhat.com [10.36.116.144]) by smtp.corp.redhat.com (Postfix) with ESMTP id E38C219C68 for ; Wed, 16 Oct 2019 13:06:45 +0000 (UTC) From: Dumitru Ceara To: dev@openvswitch.org Date: Wed, 16 Oct 2019 15:06:41 +0200 Message-Id: <1571231201-2974-1-git-send-email-dceara@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.64]); Wed, 16 Oct 2019 13:06:46 +0000 (UTC) X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH ovn v2] ovn-northd: Fix IP multicast flooding to mrouter. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org OVN logical flow "drop" actions can't be combined with other actions. Commit 79308138891a created such a scenario if a logical switch has mcast_snoop=true, mcast_flood_unregistered=false and is connected to a logical router with mcast_relay=enabled. To fix the issue we now explicitly add a drop flow for unregistered IP multicast traffic in a logical switch if mcast_snoop=true, mcast_flood_unregistered=false and the switch doesn't have any ports with mcast_flood=true and isn't connected to a router with mcast_relay=true. Fixes: 79308138891a ("ovn-northd: Add static IP multicast flood configuration") Signed-off-by: Dumitru Ceara --- v2: Address Numan's comments (update documentation). --- northd/ovn-northd.8.xml | 13 +++++++++++++ northd/ovn-northd.c | 8 +++++++- tests/ovn.at | 50 ++++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 67 insertions(+), 4 deletions(-) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 937702e..b5dfcd1 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -992,6 +992,19 @@ output;
  • + A priority-80 flow that drops all unregistered IP multicast traffic + if + :mcast_snoop='true' and + + :mcast_flood_unregistered='false' and the switch is + not connected to a logical router that has + + :mcast_relay='true' and the switch doesn't have any + logical port with + :mcast_flood='true'. +
    • + +
  • A priority-70 flow that outputs all packets with an Ethernet broadcast or multicast eth.dst to the MC_FLOOD multicast group. diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index e41c9d7..d0844dd 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -5661,7 +5661,13 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports, if (mcast_sw_info->flood_static) { ds_put_cstr(&actions, "outport =\""MC_STATIC"\"; output;"); - } else { + } + + /* Explicitly drop the traffic if relay or static flooding + * is not configured. + */ + if (!mcast_sw_info->flood_relay && + !mcast_sw_info->flood_static) { ds_put_cstr(&actions, "drop;"); } diff --git a/tests/ovn.at b/tests/ovn.at index df00517..d141367 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -16306,7 +16306,7 @@ sleep 1 OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [expected]) OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected]) -# Dissable IGMP querier on sw2. +# Disable IGMP querier on sw2. ovn-nbctl set Logical_Switch sw2 \ other_config:mcast_querier="false" @@ -16357,6 +16357,50 @@ send_igmp_v3_report hv2-vif3 hv2 \ 000000000001 $(ip_to_hex 10 0 0 1) f9f8 \ $(ip_to_hex 239 0 1 68) 04 e9b9 \ /dev/null + +# Check that the IGMP Group is learned by all switches. +OVS_WAIT_UNTIL([ + total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" | wc -l` + test "${total_entries}" = "2" +]) + +# Send traffic from sw3 and make sure it is relayed by rtr. +# to ports that joined. +truncate -s 0 expected_routed_sw1 +truncate -s 0 expected_routed_sw2 +truncate -s 0 expected_empty + +as hv1 reset_pcap_file hv1-vif1 hv1/vif1 +as hv1 reset_pcap_file hv1-vif2 hv1/vif2 +as hv1 reset_pcap_file hv1-vif3 hv1/vif3 +as hv1 reset_pcap_file hv1-vif4 hv1/vif4 +as hv2 reset_pcap_file hv2-vif1 hv2/vif1 +as hv2 reset_pcap_file hv2-vif2 hv2/vif2 +as hv2 reset_pcap_file hv2-vif3 hv2/vif3 +as hv2 reset_pcap_file hv2-vif4 hv2/vif4 + +send_ip_multicast_pkt hv2-vif4 hv2 \ + 000000000001 01005e000144 \ + $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e 20 ca70 11 \ + e518e518000a3b3a0000 +store_ip_multicast_pkt \ + 000000000100 01005e000144 \ + $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e 1f cb70 11 \ + e518e518000a3b3a0000 expected_routed_sw1 +store_ip_multicast_pkt \ + 000000000200 01005e000144 \ + $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e 1f cb70 11 \ + e518e518000a3b3a0000 expected_routed_sw2 + +OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected_routed_sw1]) +OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected_routed_sw2]) +OVN_CHECK_PACKETS([hv1/vif4-tx.pcap], [expected_empty]) +OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected_empty]) +OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [expected_empty]) +OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected_empty]) +OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [expected_empty]) +OVN_CHECK_PACKETS([hv2/vif4-tx.pcap], [expected_empty]) + # Inject IGMP Join for 239.0.1.68 on sw3-p1. send_igmp_v3_report hv1-vif4 hv1 \ 000000000001 $(ip_to_hex 10 0 0 1) f9f8 \ @@ -16369,8 +16413,8 @@ OVS_WAIT_UNTIL([ test "${total_entries}" = "3" ]) -# Send traffic from sw3 and make sure it is relayed by rtr. -# and ports that joined. +# Send traffic from sw3 and make sure it is relayed by rtr +# to ports that joined. truncate -s 0 expected_routed_sw1 truncate -s 0 expected_routed_sw2 truncate -s 0 expected_switched