From patchwork Wed Aug  1 12:16:34 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Venkata Anil <vkommadi@redhat.com>
X-Patchwork-Id: 952121
X-Patchwork-Delegate: jpettit@nicira.com
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=redhat.com
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41gXQR6wXqz9s3Z
	for <incoming@patchwork.ozlabs.org>;
	Wed,  1 Aug 2018 22:18:23 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id DAB14DF2;
	Wed,  1 Aug 2018 12:16:57 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 1A019DDD
	for <dev@openvswitch.org>; Wed,  1 Aug 2018 12:16:57 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6D099701
	for <dev@openvswitch.org>; Wed,  1 Aug 2018 12:16:56 +0000 (UTC)
Received: from smtp.corp.redhat.com
	(int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 9512940201BE
	for <dev@openvswitch.org>; Wed,  1 Aug 2018 12:16:55 +0000 (UTC)
Received: from vkommadi.lab.eng.blr.redhat.com
	(dhcp35-207.lab.eng.blr.redhat.com [10.70.35.207])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 718391C5BB;
	Wed,  1 Aug 2018 12:16:54 +0000 (UTC)
From: vkommadi@redhat.com
To: dev@openvswitch.org
Date: Wed,  1 Aug 2018 17:46:34 +0530
Message-Id: <20180801121635.14509-4-vkommadi@redhat.com>
In-Reply-To: <20180801121635.14509-1-vkommadi@redhat.com>
References: <20180801121635.14509-1-vkommadi@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.11.55.6]);
	Wed, 01 Aug 2018 12:16:55 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
	[10.11.55.6]);
	Wed, 01 Aug 2018 12:16:55 +0000 (UTC) for IP:'10.11.54.5'
	DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com'
	HELO:'smtp.corp.redhat.com' FROM:'vkommadi@redhat.com' RCPT:''
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v7 3/4] Document the flows for redirecting VLAN
	packets
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

From: venkata anil <vkommadi@redhat.com>

We have added new flows for using vlans instead of tunnels for
redirecting VLAN packets to a gateway chassis. This patch documents
these flows in ovn-northd.8.xml and ovn-architecture.7.xml.

Signed-off-by: Venkata Anil <vkommadi@redhat.com>
---

v6->v7:
* Rebased

v5->v6:
* Rebased

v4->v5:
* This patch is added to document the logical and physical flows

 ovn/northd/ovn-northd.8.xml | 46 +++++++++++++++++++++++++++++++++++++++++++++
 ovn/ovn-architecture.7.xml  | 26 ++++++++++++++++++++++++-
 2 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index f1771c6..8fa5272 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -995,6 +995,23 @@ output;
 
       <li>
         <p>
+          For each enabled router port <var>P</var> which is connected to
+          a VLAN network, a priority-100 flow that matches <code>inport ==
+          <var>P</var> &amp;&amp; flags.rcv_from_vlan == 1</code>,
+          with action <code>next;</code>.
+        </p>
+
+        <p>
+          For the gateway port on a distributed logical router (where
+          one of the logical router ports specifies a
+          <code>redirect-chassis</code>), the above flow is only
+          programmed on the gateway port instance on the
+          <code>redirect-chassis</code>.
+        </p>
+      </li>
+
+      <li>
+        <p>
           For each enabled router port <var>P</var> with Ethernet address
           <var>E</var>, a priority-50 flow that matches <code>inport ==
           <var>P</var> &amp;&amp; (eth.mcast || eth.dst ==
@@ -1146,6 +1163,18 @@ output;
         <p>
           For the gateway port on a distributed logical router (where
           one of the logical router ports specifies a
+          <code>redirect-chassis</code>), when the ARP request is
+          from router internal ports connected to vlan network (i.e
+          flags.rcv_from_vlan == 1), a priority-90 flow matches
+          <code> flags.rcv_from_vlan == 1 &amp;&amp; arp.op == 1
+          &amp;&amp; arp.tpa == <var>A</var></code> will have the
+          above action but outport set to all router internal ports
+          which are connected to vlan network.
+        </p>
+
+        <p>
+          For the gateway port on a distributed logical router (where
+          one of the logical router ports specifies a
           <code>redirect-chassis</code>), the above flows are only
           programmed on the gateway port instance on the
           <code>redirect-chassis</code>.  This behavior avoids generation
@@ -1839,6 +1868,23 @@ next;
           If the address <var>A</var> is in the link-local scope, the
           route will be limited to sending on the ingress port.
         </p>
+
+        <p>
+          If the route's <code>outport</code> is a gateway port on a
+          distributed logical router (where one of the logical router ports
+          specifies a <code>redirect-chassis</code>), for the packets matching
+          MLF_RCV_FROM_VLAN flag along with <code>ip4.dst ==
+          <var>N</var>/<var>M</var></code>, or <code>ip6.dst ==
+          <var>N</var>/<var>M</var></code>, add a flow with priority we get
+          by adding 1 to number of 1-bits in M, with an action
+          REGBIT_NAT_REDIRECT  =  1;  next;.
+          By setting the <code>REGBIT_NAT_REDIRECT</code> flag, in the ingress
+          table <code>Gateway Redirect</code> this will trigger a redirect to
+          the instance of the gateway port on the <code>redict-chassis</code>.
+          This flow is programmed on the gateway port instance other than the
+          <code>redirect-chassis</code>. This flow is also added if the route
+          is from a configured static route.
+        </p>
       </li>
     </ul>
 
diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml
index ae5ca8e..ad2101c 100644
--- a/ovn/ovn-architecture.7.xml
+++ b/ovn/ovn-architecture.7.xml
@@ -874,6 +874,19 @@
         Encapsulations</code> for encoding details).  Then the actions resubmit
         to table 33 to enter the logical egress pipeline.
       </p>
+
+      <p>
+        For VLAN packets coming through localnet port from remote chassis,
+        table 0 sets logical datapath and logical ingress port based on
+        localnet port. If these VLAN packets have distributed gateway port MAC
+        (gateway port on a distributed logical router where one of the logical
+        router ports specifies a redirect-chassis) as destination MAC address,
+        a new flow with priority 200 is added which sets logical datapath to
+        router metadata and logical ingress port to the patch port connecting
+        router and vlan network, resubmit into the logical router ingress
+        pipeline i.e table 8. This flow is only programmed  on the gateway
+        port instance on the redirect-chassis.
+      </p>
     </li>
 
     <li>
@@ -1020,6 +1033,16 @@
           determine the output port.
         </li>
         <li>
+          A higher-priority rule to match packets received from router ports
+          which are connected to vlan networks, based on flag
+          MLF_RCV_FROM_VLAN, where logical output port is a gateway port, on
+          a distributed logical router (where one of the logical router ports
+          specifies a redirect-chassis), but on remote hypervisor, the actions
+          tag the packet with input network VLAN id and output the packet
+          through input VLAN switch's localnet port. This flow is programmed
+          on chassis other than redirect-chassis.
+        </li>
+        <li>
           A higher-priority rule to match packets received from ports of type
           <code>localport</code>, based on the logical input port, and resubmit
           these packets to table 33 for local delivery.  Ports of type
@@ -1153,7 +1176,8 @@
       directly to the first OpenFlow flow table in the ingress pipeline,
       setting the logical ingress port to the peer logical patch port, and
       using the peer logical patch port's logical datapath (that
-      represents the logical router).
+      represents the logical router). If the logical datapath is a VLAN
+      network, set the MLF_RCV_FROM_VLAN flag.
     </li>
   </ul>