From patchwork Wed Aug 1 12:16:34 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Venkata Anil
X-Patchwork-Id: 952121
X-Patchwork-Delegate: jpettit@nicira.com
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 41gXQR6wXqz9s3Z
for ;
Wed, 1 Aug 2018 22:18:23 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id DAB14DF2;
Wed, 1 Aug 2018 12:16:57 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 1A019DDD
for ; Wed, 1 Aug 2018 12:16:57 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6D099701
for ; Wed, 1 Aug 2018 12:16:56 +0000 (UTC)
Received: from smtp.corp.redhat.com
(int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 9512940201BE
for ; Wed, 1 Aug 2018 12:16:55 +0000 (UTC)
Received: from vkommadi.lab.eng.blr.redhat.com
(dhcp35-207.lab.eng.blr.redhat.com [10.70.35.207])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 718391C5BB;
Wed, 1 Aug 2018 12:16:54 +0000 (UTC)
From: vkommadi@redhat.com
To: dev@openvswitch.org
Date: Wed, 1 Aug 2018 17:46:34 +0530
Message-Id: <20180801121635.14509-4-vkommadi@redhat.com>
In-Reply-To: <20180801121635.14509-1-vkommadi@redhat.com>
References: <20180801121635.14509-1-vkommadi@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
(mx1.redhat.com [10.11.55.6]);
Wed, 01 Aug 2018 12:16:55 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.11.55.6]);
Wed, 01 Aug 2018 12:16:55 +0000 (UTC) for IP:'10.11.54.5'
DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com'
HELO:'smtp.corp.redhat.com' FROM:'vkommadi@redhat.com' RCPT:''
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v7 3/4] Document the flows for redirecting VLAN
packets
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
From: venkata anil
We have added new flows for using vlans instead of tunnels for
redirecting VLAN packets to a gateway chassis. This patch documents
these flows in ovn-northd.8.xml and ovn-architecture.7.xml.
Signed-off-by: Venkata Anil
---
v6->v7:
* Rebased
v5->v6:
* Rebased
v4->v5:
* This patch is added to document the logical and physical flows
ovn/northd/ovn-northd.8.xml | 46 +++++++++++++++++++++++++++++++++++++++++++++
ovn/ovn-architecture.7.xml | 26 ++++++++++++++++++++++++-
2 files changed, 71 insertions(+), 1 deletion(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index f1771c6..8fa5272 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -995,6 +995,23 @@ output;
+ For each enabled router port P which is connected to
+ a VLAN network, a priority-100 flow that matches inport ==
+ P && flags.rcv_from_vlan == 1
,
+ with action next;
.
+
+
+
+ For the gateway port on a distributed logical router (where
+ one of the logical router ports specifies a
+ redirect-chassis
), the above flow is only
+ programmed on the gateway port instance on the
+ redirect-chassis
.
+
+
+
+
+
For each enabled router port P with Ethernet address
E, a priority-50 flow that matches inport ==
P && (eth.mcast || eth.dst ==
@@ -1146,6 +1163,18 @@ output;
For the gateway port on a distributed logical router (where
one of the logical router ports specifies a
+ redirect-chassis
), when the ARP request is
+ from router internal ports connected to vlan network (i.e
+ flags.rcv_from_vlan == 1), a priority-90 flow matches
+ flags.rcv_from_vlan == 1 && arp.op == 1
+ && arp.tpa == A
will have the
+ above action but outport set to all router internal ports
+ which are connected to vlan network.
+
+
+
+ For the gateway port on a distributed logical router (where
+ one of the logical router ports specifies a
redirect-chassis
), the above flows are only
programmed on the gateway port instance on the
redirect-chassis
. This behavior avoids generation
@@ -1839,6 +1868,23 @@ next;
If the address A is in the link-local scope, the
route will be limited to sending on the ingress port.
+
+
+ If the route's outport
is a gateway port on a
+ distributed logical router (where one of the logical router ports
+ specifies a redirect-chassis
), for the packets matching
+ MLF_RCV_FROM_VLAN flag along with ip4.dst ==
+ N/M
, or ip6.dst ==
+ N/M
, add a flow with priority we get
+ by adding 1 to number of 1-bits in M, with an action
+ REGBIT_NAT_REDIRECT = 1; next;.
+ By setting the REGBIT_NAT_REDIRECT
flag, in the ingress
+ table Gateway Redirect
this will trigger a redirect to
+ the instance of the gateway port on the redict-chassis
.
+ This flow is programmed on the gateway port instance other than the
+ redirect-chassis
. This flow is also added if the route
+ is from a configured static route.
+
diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml
index ae5ca8e..ad2101c 100644
--- a/ovn/ovn-architecture.7.xml
+++ b/ovn/ovn-architecture.7.xml
@@ -874,6 +874,19 @@
Encapsulations for encoding details). Then the actions resubmit
to table 33 to enter the logical egress pipeline.
+
+
+ For VLAN packets coming through localnet port from remote chassis,
+ table 0 sets logical datapath and logical ingress port based on
+ localnet port. If these VLAN packets have distributed gateway port MAC
+ (gateway port on a distributed logical router where one of the logical
+ router ports specifies a redirect-chassis) as destination MAC address,
+ a new flow with priority 200 is added which sets logical datapath to
+ router metadata and logical ingress port to the patch port connecting
+ router and vlan network, resubmit into the logical router ingress
+ pipeline i.e table 8. This flow is only programmed on the gateway
+ port instance on the redirect-chassis.
+
@@ -1020,6 +1033,16 @@
determine the output port.
+ A higher-priority rule to match packets received from router ports
+ which are connected to vlan networks, based on flag
+ MLF_RCV_FROM_VLAN, where logical output port is a gateway port, on
+ a distributed logical router (where one of the logical router ports
+ specifies a redirect-chassis), but on remote hypervisor, the actions
+ tag the packet with input network VLAN id and output the packet
+ through input VLAN switch's localnet port. This flow is programmed
+ on chassis other than redirect-chassis.
+
+
A higher-priority rule to match packets received from ports of type
localport
, based on the logical input port, and resubmit
these packets to table 33 for local delivery. Ports of type
@@ -1153,7 +1176,8 @@
directly to the first OpenFlow flow table in the ingress pipeline,
setting the logical ingress port to the peer logical patch port, and
using the peer logical patch port's logical datapath (that
- represents the logical router).
+ represents the logical router). If the logical datapath is a VLAN
+ network, set the MLF_RCV_FROM_VLAN flag.