From patchwork Tue Jun 29 16:20:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1498461 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=O8AkUewV; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GDqTl36PRz9sWD for ; Wed, 30 Jun 2021 02:20:59 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id A472C838E0; Tue, 29 Jun 2021 16:20:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CiaRub0waeCM; Tue, 29 Jun 2021 16:20:55 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id D6C6F83372; Tue, 29 Jun 2021 16:20:54 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id ABA5EC0010; Tue, 29 Jun 2021 16:20:54 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5C8BFC000E for ; Tue, 29 Jun 2021 16:20:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 4A3094025C for ; Tue, 29 Jun 2021 16:20:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id viE2tQ8-VA1E for ; Tue, 29 Jun 2021 16:20:52 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 0084A40208 for ; Tue, 29 Jun 2021 16:20:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1624983650; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fxPumZMJTDWlza/24h+ol1PtQhaVhq919ANKgctLyKA=; b=O8AkUewVLbuBMgcxZj71sQ3m4vp4cVKm4Nzi+ZLcsiaEUNLceMCrn5g/WnqSjwDu30h7s4 mWY5Ny6e9K64wXurcUnqL8JnRR9KZOIZNZf8wKTeZxSk05A9epIwOi1BgZRz77Kt9OJejY Pdh4h5LKUkfOJ1sYi+UOFLW/w4HwYWQ= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-16-dJnwoAF-MQKVfPQtIjTHoA-1; Tue, 29 Jun 2021 12:20:49 -0400 X-MC-Unique: dJnwoAF-MQKVfPQtIjTHoA-1 Received: by mail-qk1-f200.google.com with SMTP id 4-20020a05620a0784b02903b2faed5869so20041845qka.0 for ; Tue, 29 Jun 2021 09:20:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=fxPumZMJTDWlza/24h+ol1PtQhaVhq919ANKgctLyKA=; b=RuT1u6+73HRKr8GNC0KF1yVMYKkw4Qc5hqX6nyYVG5m3iU/uWExK4Yf4jaCGTFtvGa 0gBsdjzV3J+HUcLqR25fOEloWaBX42QQh05fKliHeFbO1Do9TyG+Eo7usAs28QY0k9rn i5pgxlOmLkJXu+RT0JMb4380ippJo8gjNWdLx+RdLlXDkCUhatH48ywHTstAL+jrEx4X a4o7KoqoB/9a4mptnIsd2BxRrsvsBqDgfA+KaXCnBHTX7g4C8i1jSkUHWg+zloAM60mj e1akxi5ECw7eK/6xqea+oUkEydeJ9EPvU5FItxDwP7tpOe8rIpETGWr9avJmjNYm07ne qtOg== X-Gm-Message-State: AOAM531e1K+up9johTNUCs0tgPrnLY+TPBlw3UT+klNX2aRLe3EXKtLr XI30z5KxCkDn8V51RnoovnlTVdgCHVRP3NHspayXuPzxYHd1FUcSpbfIdBOrKZlXnPf48YEb09p SlAC2LpUKj+BlL5nHxq0ZKvaRqTeg82tvjGP4zpOQfvAZcs3ZboOOPO4XIbI4Bc9G X-Received: by 2002:a05:620a:11a6:: with SMTP id c6mr12476132qkk.232.1624983648268; Tue, 29 Jun 2021 09:20:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzoSqlzYgcAdPXRmJaMCrlGgYm93pvNSbEUYtwaQyQ+kaslMru8llbEPSQ6CYcLo4dXOC0YSQ== X-Received: by 2002:a05:620a:11a6:: with SMTP id c6mr12476101qkk.232.1624983647903; Tue, 29 Jun 2021 09:20:47 -0700 (PDT) Received: from localhost.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.googlemail.com with ESMTPSA id h5sm113056qtm.22.2021.06.29.09.20.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Jun 2021 09:20:47 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Tue, 29 Jun 2021 12:20:34 -0400 Message-Id: <20210629162034.497992-1-ihrachys@redhat.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ihrachys@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn branch-21.06] Disable ARP/NA responders for vlan-passthru switches X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When vlan-passthru is on, VIFs may attach different VLAN tags. In this case, VIFs are not guaranteed to belong to the same L2 broadcast domain. Because of that, we don't know if a peer port on the switch has the same tag used and should not allow the local responder to generate neighbour traffic. Instead, pass ARP and ND requests to the peer port owner and allow it to reply, if needed. Signed-off-by: Ihar Hrachyshka Signed-off-by: Numan Siddique (cherry picked from commit ea57f666f6eef1eb1d578f0e975baa14c5d23ec9) --- northd/ovn-northd.8.xml | 6 ++- northd/ovn-northd.c | 4 ++ northd/ovn_northd.dl | 6 ++- tests/ovn.at | 112 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 124 insertions(+), 4 deletions(-) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 407464602..21ae0ca60 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1072,8 +1072,10 @@ output; localport ports) that are down (unless ignore_lsp_down is configured as true in options column of NB_Global table of the Northbound - database), for logical ports of type virtual and for - logical ports with 'unknown' address set. + database), for logical ports of type virtual, for + logical ports with 'unknown' address set and for logical ports of + a logical switch configured with + other_config:vlan-passthru=true.

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 3dae7bb1c..17bcede5a 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -7007,6 +7007,10 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, return; } + if (is_vlan_transparent(op->od)) { + return; + } + for (size_t i = 0; i < op->n_lsp_addrs; i++) { for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) { ds_clear(match); diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index 3afa80a3b..a09aea6ee 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -3309,7 +3309,8 @@ for (CheckLspIsUp[check_lsp_is_up]) { ((lsp_is_up(lsp) or not check_lsp_is_up) or lsp.__type == "router" or lsp.__type == "localport") and lsp.__type != "external" and lsp.__type != "virtual" and - not lsp.addresses.contains("unknown")) + not lsp.addresses.contains("unknown") and + not sw.is_vlan_transparent) { var __match = "arp.tpa == ${addr.addr} && arp.op == 1" in { @@ -3359,7 +3360,8 @@ for (SwitchPortIPv6Address(.port = &SwitchPort{.lsp = lsp, .json_name = json_nam .ea = ea, .addr = addr) if lsp.is_enabled() and (lsp_is_up(lsp) or lsp.__type == "router" or lsp.__type == "localport") and - lsp.__type != "external" and lsp.__type != "virtual") + lsp.__type != "external" and lsp.__type != "virtual" and + not sw.is_vlan_transparent) { var __match = "nd_ns && ip6.dst == {${addr.addr}, ${addr.solicited_node()}} && nd.target == ${addr.addr}" in var actions = "${if (lsp.__type == \"router\") \"nd_na_router\" else \"nd_na\"} { " diff --git a/tests/ovn.at b/tests/ovn.at index b6523c328..811a05c5a 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -3169,6 +3169,118 @@ OVN_CLEANUP([hv-1],[hv-2]) AT_CLEANUP ]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- VLAN transparency, passthru=true, ARP responder disabled]) +ovn_start + +net_add net +check ovs-vsctl add-br br-phys +ovn_attach net br-phys 192.168.0.1 + +check ovn-nbctl ls-add ls +check ovn-nbctl --wait=sb add Logical-Switch ls other_config vlan-passthru=true + +for i in 1 2; do + check ovn-nbctl lsp-add ls lsp$i + check ovn-nbctl lsp-set-addresses lsp$i "f0:00:00:00:00:0$i 10.0.0.$i" +done + +for i in 1 2; do + check ovs-vsctl add-port br-int vif$i -- set Interface vif$i external-ids:iface-id=lsp$i \ + options:tx_pcap=vif$i-tx.pcap \ + options:rxq_pcap=vif$i-rx.pcap \ + ofport-request=$i +done + +wait_for_ports_up + +ovn-sbctl dump-flows ls > lsflows +AT_CAPTURE_FILE([lsflows]) + +AT_CHECK([grep -w "ls_in_arp_rsp" lsflows | sort], [0], [dnl + table=16(ls_in_arp_rsp ), priority=0 , match=(1), action=(next;) +]) + +test_arp() { + local inport=$1 outport=$2 sha=$3 spa=$4 tpa=$5 reply_ha=$6 + tag=8100fefe + local request=ffffffffffff${sha}${tag}08060001080006040001${sha}${spa}ffffffffffff${tpa} + ovs-appctl netdev-dummy/receive vif$inport $request + echo $request >> $outport.expected + + local reply=${sha}${reply_ha}${tag}08060001080006040002${reply_ha}${tpa}${sha}${spa} + ovs-appctl netdev-dummy/receive vif$outport $reply + echo $reply >> $inport.expected +} + +test_arp 1 2 f00000000001 0a000001 0a000002 f00000000002 +test_arp 2 1 f00000000002 0a000002 0a000001 f00000000001 + +for i in 1 2; do + OVN_CHECK_PACKETS([vif$i-tx.pcap], [$i.expected]) +done + +AT_CLEANUP +]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- VLAN transparency, passthru=true, ND/NA responder disabled]) +ovn_start + +net_add net +check ovs-vsctl add-br br-phys +ovn_attach net br-phys 192.168.0.1 + +check ovn-nbctl ls-add ls +check ovn-nbctl --wait=sb add Logical-Switch ls other_config vlan-passthru=true + +for i in 1 2; do + check ovn-nbctl lsp-add ls lsp$i + check ovn-nbctl lsp-set-addresses lsp$i "f0:00:00:00:00:0$i fe00::$i" +done + +for i in 1 2; do + check ovs-vsctl add-port br-int vif$i -- set Interface vif$i external-ids:iface-id=lsp$i \ + options:tx_pcap=vif$i-tx.pcap \ + options:rxq_pcap=vif$i-rx.pcap \ + ofport-request=$i +done + +wait_for_ports_up + +ovn-sbctl dump-flows ls > lsflows +AT_CAPTURE_FILE([lsflows]) + +AT_CHECK([grep -w "ls_in_arp_rsp" lsflows | sort], [0], [dnl + table=16(ls_in_arp_rsp ), priority=0 , match=(1), action=(next;) +]) + +test_nd_na() { + local inport=$1 outport=$2 sha=$3 spa=$4 tpa=$5 reply_ha=$6 + tag=8100fefe + icmp_type=87 + local request=ffffffffffff${sha}${tag}86dd6000000000183aff${spa}ff0200000000000000000001ff${tpa: -6}${icmp_type}007ea100000000${tpa} + ovs-appctl netdev-dummy/receive vif$inport $request + echo $request >> $outport.expected + echo $request + + icmp_type=88 + local reply=${sha}${reply_ha}${tag}86dd6000000000183aff${tpa}${spa}${icmp_type}003da540000000${tpa} + ovs-appctl netdev-dummy/receive vif$outport $reply + echo $reply >> $inport.expected + echo $reply +} + +test_nd_na 1 2 f00000000001 fe000000000000000000000000000001 fe000000000000000000000000000002 f00000000002 +test_nd_na 2 1 f00000000002 fe000000000000000000000000000002 fe000000000000000000000000000001 f00000000001 + +for i in 1 2; do + OVN_CHECK_PACKETS([vif$i-tx.pcap], [$i.expected]) +done + +AT_CLEANUP +]) + OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn -- VLAN transparency, passthru=true, multiple hosts]) ovn_start