From patchwork Fri Feb 18 18:38:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Odintsov X-Patchwork-Id: 1594856 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=lqmMCuYM; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K0gSN2nTFz9sFh for ; Sat, 19 Feb 2022 05:38:26 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 7328284C36; Fri, 18 Feb 2022 18:38:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LF23fuQ_kZ8x; Fri, 18 Feb 2022 18:38:22 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 94D5684C0A; Fri, 18 Feb 2022 18:38:21 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 486D5C0021; Fri, 18 Feb 2022 18:38:21 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id D1AA3C000B for ; Fri, 18 Feb 2022 18:38:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id B2E6960B33 for ; Fri, 18 Feb 2022 18:38:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id esYTVgkRzxo3 for ; Fri, 18 Feb 2022 18:38:20 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by smtp3.osuosl.org (Postfix) with ESMTPS id D8CDE60774 for ; Fri, 18 Feb 2022 18:38:19 +0000 (UTC) Received: by mail-lf1-x130.google.com with SMTP id p22so7096705lfu.5 for ; Fri, 18 Feb 2022 10:38:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3krq0WLj8okjAuktG7NNJcvzUOkcdV1IpJg8na3t1yg=; b=lqmMCuYMaTofv3DNLspbMAliMkLrogr0zvga40vlNTNCxZ+YYwX+RsDAyClbx6F5A9 jRU/O8X01RrQHkdA1zld7vLFnIL39vDA2p6SJkn35s7B3HJzMrQo7WBs9mG2+nQEt0jn 2TQswgSYUI8bWfy5/V7fYJHu4gyUgoThAB4ByupiPJUYkrPEkxpAbRVM1Zww4AWiESqu 5wBui5r+QvElFEReFCKC1iBb6JzpJlmgEHNvLJbnnc0tFy1MgbraiAwYOg1czP9gJX5E wvwzASOGm5oMZdM1CjeiZX04Vd9nV++5iObr8vKDwTkZ8gq2BOYsdwuZaN4Sju8EJXeT 8zLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3krq0WLj8okjAuktG7NNJcvzUOkcdV1IpJg8na3t1yg=; b=k89GroXe6Ag3lRouK56VFDyZLeB2pU4Nd7hkziWb+u3j40Xw57DM6igYx0M+PSni+d IDPpTlH77PDbMX7UZ/0M76dPvqQmKClSz0u2l3MyF2AQPpvX9J6fa4q0IsuEnUj33jNf goOrU1pl2JtGLXo0iugFb0RrzEHFvDnAH7CMjk6VvjHPXyYVQM+bD5Swm2YsMAKhPCXP LloHGoEZ2VmwTmmp62qtb0dsTK0T66wJDGY3Bjj2ntYSnfm3aqk7IviqlIYehSLtcgK8 XudCIc4L8ak3dUGKn1/fLCMe2LGE32IJwlcggICL+Igld6Epe8S/eD3bl1npTBaFPa3T oJTw== X-Gm-Message-State: AOAM5303ze0ey577/OZrW/kuD6+q7rowI+MD5nxThcp3AQO90iko5cwn qyJ7VADz+X8WkuYQnJFTG/+M5SJt+UY= X-Google-Smtp-Source: ABdhPJy70c/xOurPqxeVwqG1ECEiDS/o43cSfTLpL4X5d6zo63kr3yQeG3Q3WUQkffe2DbxOkKTSqw== X-Received: by 2002:ac2:5e2f:0:b0:443:671b:cead with SMTP id o15-20020ac25e2f000000b00443671bceadmr6109546lfg.306.1645209497304; Fri, 18 Feb 2022 10:38:17 -0800 (PST) Received: from ip-10-70-112-12.vpc-1e810be1.internal (c2-217-73-63-80.elastic.cloud.croc.ru. [217.73.63.80]) by smtp.gmail.com with ESMTPSA id f35sm230253lfv.53.2022.02.18.10.38.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Feb 2022 10:38:16 -0800 (PST) From: Vladislav Odintsov To: dev@openvswitch.org Date: Fri, 18 Feb 2022 21:38:14 +0300 Message-Id: <20220218183814.2976667-1-odivlad@gmail.com> X-Mailer: git-send-email 2.26.3 MIME-Version: 1.0 Cc: Vladislav Odintsov Subject: [ovs-dev] [PATCH ovn v3] controller: add ovn-set-local-ip option X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When transport node has multiple interfaces (vlans) and ovn-encap-ip on different hosts need to be configured from different VLANs source IP for encapsulated packet can be not the same, which is expected by remote system. Explicitely setting local_ip resolves such problem. Signed-off-by: Vladislav Odintsov Acked-by: Han Zhou --- controller/encaps.c | 43 +++++++++++++++++++++------------ controller/ovn-controller.8.xml | 7 ++++++ tests/ovn-controller.at | 9 +++++++ 3 files changed, 44 insertions(+), 15 deletions(-) diff --git a/controller/encaps.c b/controller/encaps.c index 66e0cd8cd..8e6d290c1 100644 --- a/controller/encaps.c +++ b/controller/encaps.c @@ -23,6 +23,7 @@ #include "openvswitch/vlog.h" #include "lib/ovn-sb-idl.h" #include "ovn-controller.h" +#include "smap.h" VLOG_DEFINE_THIS_MODULE(encaps); @@ -176,8 +177,31 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg, smap_add(&options, "dst_port", dst_port); } + const struct ovsrec_open_vswitch *cfg = + ovsrec_open_vswitch_table_first(ovs_table); + + bool set_local_ip = false; + if (cfg) { + /* If the tos option is configured, get it */ + const char *encap_tos = smap_get_def(&cfg->external_ids, + "ovn-encap-tos", "none"); + + if (encap_tos && strcmp(encap_tos, "none")) { + smap_add(&options, "tos", encap_tos); + } + + /* If ovn-set-local-ip option is configured, get it */ + set_local_ip = smap_get_bool(&cfg->external_ids, "ovn-set-local-ip", + false); + } + /* Add auth info if ipsec is enabled. */ if (sbg->ipsec) { + set_local_ip = true; + smap_add(&options, "remote_name", new_chassis_id); + } + + if (set_local_ip) { const struct sbrec_chassis *this_chassis = tc->this_chassis; const char *local_ip = NULL; @@ -187,8 +211,10 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg, */ for (int i = 0; i < this_chassis->n_encaps; i++) { if (local_ip && strcmp(local_ip, this_chassis->encaps[i]->ip)) { - VLOG_ERR("ovn-encap-ip has been configured as a list. This " - "is unsupported for IPsec."); + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); + VLOG_ERR_RL(&rl, "ovn-encap-ip has been configured as a list. " + "This is unsupported for IPsec and explicit " + "local_ip configuration."); /* No need to loop further as we know this condition has been * hit */ break; @@ -200,19 +226,6 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg, if (local_ip) { smap_add(&options, "local_ip", local_ip); } - smap_add(&options, "remote_name", new_chassis_id); - } - - const struct ovsrec_open_vswitch *cfg = - ovsrec_open_vswitch_table_first(ovs_table); - /* If the tos option is configured, get it */ - if (cfg) { - const char *encap_tos = smap_get_def(&cfg->external_ids, - "ovn-encap-tos", "none"); - - if (encap_tos && strcmp(encap_tos, "none")) { - smap_add(&options, "tos", encap_tos); - } } /* If there's an existing chassis record that does not need any change, diff --git a/controller/ovn-controller.8.xml b/controller/ovn-controller.8.xml index e9708fe64..cc9a7d1c2 100644 --- a/controller/ovn-controller.8.xml +++ b/controller/ovn-controller.8.xml @@ -304,6 +304,13 @@ of how many entries there are in the cache. By default this is set to 30000 (30 seconds). +
external_ids:ovn-set-local-ip
+
+ The boolean flag indicates if ovn-controller when create + tunnel ports should set local_ip parameter. Can be + heplful to pin source outer IP for the tunnel when multiple interfaces + are used on the host for overlay traffic. +

diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index e99eec1d6..89ae2c9e1 100644 --- a/tests/ovn-controller.at +++ b/tests/ovn-controller.at @@ -298,6 +298,15 @@ OVS_WAIT_UNTIL([check_tunnel_property type geneve]) ovs-vsctl del-port ovn-fakech-0 OVS_WAIT_UNTIL([check_tunnel_property type geneve]) +# set `ovn-set-local-ip` option to true and check if tunnel parameters +OVS_WAIT_WHILE([check_tunnel_property options:local_ip "\"192.168.0.1\""]) +ovs-vsctl set open . external_ids:ovn-set-local-ip=true +OVS_WAIT_UNTIL([check_tunnel_property options:local_ip "\"192.168.0.1\""]) + +# Change the local_ip on the OVS side and check than OVN fixes it +ovs-vsctl set interface ovn-fakech-0 options:local_ip="1.1.1.1" +OVS_WAIT_UNTIL([check_tunnel_property options:local_ip "\"192.168.0.1\""]) + # Gracefully terminate daemons OVN_CLEANUP_SBOX([hv]) OVN_CLEANUP_VSWITCH([main])