[ovs-dev,v7,3/4] Document the flows for redirecting VLAN packets

Message ID 20180801121635.14509-4-vkommadi@redhat.com
State New
Delegated to: Justin Pettit
Headers show
Series
  • Use VLANs for VLAN packets redirected to a gateway chassis
Related show

Commit Message

Venkata Anil Aug. 1, 2018, 12:16 p.m.
From: venkata anil <vkommadi@redhat.com>

We have added new flows for using vlans instead of tunnels for
redirecting VLAN packets to a gateway chassis. This patch documents
these flows in ovn-northd.8.xml and ovn-architecture.7.xml.

Signed-off-by: Venkata Anil <vkommadi@redhat.com>
---

v6->v7:
* Rebased

v5->v6:
* Rebased

v4->v5:
* This patch is added to document the logical and physical flows

 ovn/northd/ovn-northd.8.xml | 46 +++++++++++++++++++++++++++++++++++++++++++++
 ovn/ovn-architecture.7.xml  | 26 ++++++++++++++++++++++++-
 2 files changed, 71 insertions(+), 1 deletion(-)

Patch

diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index f1771c6..8fa5272 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -995,6 +995,23 @@  output;
 
       <li>
         <p>
+          For each enabled router port <var>P</var> which is connected to
+          a VLAN network, a priority-100 flow that matches <code>inport ==
+          <var>P</var> &amp;&amp; flags.rcv_from_vlan == 1</code>,
+          with action <code>next;</code>.
+        </p>
+
+        <p>
+          For the gateway port on a distributed logical router (where
+          one of the logical router ports specifies a
+          <code>redirect-chassis</code>), the above flow is only
+          programmed on the gateway port instance on the
+          <code>redirect-chassis</code>.
+        </p>
+      </li>
+
+      <li>
+        <p>
           For each enabled router port <var>P</var> with Ethernet address
           <var>E</var>, a priority-50 flow that matches <code>inport ==
           <var>P</var> &amp;&amp; (eth.mcast || eth.dst ==
@@ -1146,6 +1163,18 @@  output;
         <p>
           For the gateway port on a distributed logical router (where
           one of the logical router ports specifies a
+          <code>redirect-chassis</code>), when the ARP request is
+          from router internal ports connected to vlan network (i.e
+          flags.rcv_from_vlan == 1), a priority-90 flow matches
+          <code> flags.rcv_from_vlan == 1 &amp;&amp; arp.op == 1
+          &amp;&amp; arp.tpa == <var>A</var></code> will have the
+          above action but outport set to all router internal ports
+          which are connected to vlan network.
+        </p>
+
+        <p>
+          For the gateway port on a distributed logical router (where
+          one of the logical router ports specifies a
           <code>redirect-chassis</code>), the above flows are only
           programmed on the gateway port instance on the
           <code>redirect-chassis</code>.  This behavior avoids generation
@@ -1839,6 +1868,23 @@  next;
           If the address <var>A</var> is in the link-local scope, the
           route will be limited to sending on the ingress port.
         </p>
+
+        <p>
+          If the route's <code>outport</code> is a gateway port on a
+          distributed logical router (where one of the logical router ports
+          specifies a <code>redirect-chassis</code>), for the packets matching
+          MLF_RCV_FROM_VLAN flag along with <code>ip4.dst ==
+          <var>N</var>/<var>M</var></code>, or <code>ip6.dst ==
+          <var>N</var>/<var>M</var></code>, add a flow with priority we get
+          by adding 1 to number of 1-bits in M, with an action
+          REGBIT_NAT_REDIRECT  =  1;  next;.
+          By setting the <code>REGBIT_NAT_REDIRECT</code> flag, in the ingress
+          table <code>Gateway Redirect</code> this will trigger a redirect to
+          the instance of the gateway port on the <code>redict-chassis</code>.
+          This flow is programmed on the gateway port instance other than the
+          <code>redirect-chassis</code>. This flow is also added if the route
+          is from a configured static route.
+        </p>
       </li>
     </ul>
 
diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml
index ae5ca8e..ad2101c 100644
--- a/ovn/ovn-architecture.7.xml
+++ b/ovn/ovn-architecture.7.xml
@@ -874,6 +874,19 @@ 
         Encapsulations</code> for encoding details).  Then the actions resubmit
         to table 33 to enter the logical egress pipeline.
       </p>
+
+      <p>
+        For VLAN packets coming through localnet port from remote chassis,
+        table 0 sets logical datapath and logical ingress port based on
+        localnet port. If these VLAN packets have distributed gateway port MAC
+        (gateway port on a distributed logical router where one of the logical
+        router ports specifies a redirect-chassis) as destination MAC address,
+        a new flow with priority 200 is added which sets logical datapath to
+        router metadata and logical ingress port to the patch port connecting
+        router and vlan network, resubmit into the logical router ingress
+        pipeline i.e table 8. This flow is only programmed  on the gateway
+        port instance on the redirect-chassis.
+      </p>
     </li>
 
     <li>
@@ -1020,6 +1033,16 @@ 
           determine the output port.
         </li>
         <li>
+          A higher-priority rule to match packets received from router ports
+          which are connected to vlan networks, based on flag
+          MLF_RCV_FROM_VLAN, where logical output port is a gateway port, on
+          a distributed logical router (where one of the logical router ports
+          specifies a redirect-chassis), but on remote hypervisor, the actions
+          tag the packet with input network VLAN id and output the packet
+          through input VLAN switch's localnet port. This flow is programmed
+          on chassis other than redirect-chassis.
+        </li>
+        <li>
           A higher-priority rule to match packets received from ports of type
           <code>localport</code>, based on the logical input port, and resubmit
           these packets to table 33 for local delivery.  Ports of type
@@ -1153,7 +1176,8 @@ 
       directly to the first OpenFlow flow table in the ingress pipeline,
       setting the logical ingress port to the peer logical patch port, and
       using the peer logical patch port's logical datapath (that
-      represents the logical router).
+      represents the logical router). If the logical datapath is a VLAN
+      network, set the MLF_RCV_FROM_VLAN flag.
     </li>
   </ul>