From patchwork Thu Aug 1 23:52:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1140843 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.b="OaQDh5tE"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4606Yc5kr0z9s7T for ; Fri, 2 Aug 2019 09:53:08 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 9470A14AD; Thu, 1 Aug 2019 23:52:23 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 4259D147F for ; Thu, 1 Aug 2019 23:52:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E84F55F4 for ; Thu, 1 Aug 2019 23:52:20 +0000 (UTC) Received: from pps.filterd (m0127841.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x71No1dl009082 for ; Thu, 1 Aug 2019 16:52:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=proofpoint20171006; bh=boRBg7PvKKdFxEKAz85xceIBFGiwYTiuz0NZm+PBg3A=; b=OaQDh5tElIUpcg24wlpNwZui/XMnEv2J2kfOQeaHTg6kaxvXYQC7nZL3sVrSf6JA4Uri pGTGd1794UQ8ap7yAeXILgNHxYkMw3rit7060b/F5tXjbmBmT5dFhHVJzq4lsWqYysAH DuE5RgFW0mXAfCVhAwNzGo0Tw4ssWyYx2u4bSSrbL6ML09EWptRqjOl0htgiIxs4IOjL KxcsP8/OFcALgPKxlC3qWPuEKjG++gkuzkszcHBjWjtSEUOgXV96GWFXF5psN7MN5X5P /xGL9UQvk/je2l3cNF6F7PTbXRWyyDuRO8VTed6eCLFxQbxPwqPiDfHwp70N7G8azgGn hg== Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2054.outbound.protection.outlook.com [104.47.37.54]) by mx0b-002c1b01.pphosted.com with ESMTP id 2u0m58jger-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 01 Aug 2019 16:52:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ALOOAMiT9G9xSQHzQqRdtY9sf8d8WWlCE8PN7Lh5MlunglpvFXyPoIMcbS6eddv3o/Qc96D6mbxqHARiQ6YIxhcHG6PdYaihFjp9Byv7v6E5WpTntPHZMdJGFW9jwTrAXXXbTDsOe+kI7ScapnwLVEZM/eSlMRFqIm+VZUUQamMsKuCGCzFDM69ExyvZLVHgI7CEbD9Rq65VeNp2BwDVTKuAqHNfMc+L+lAX0kO4itcSzk7mTvAF2rBm0AiU95a4y7FKSaTIcdyPBU7NF5Mltu4oYIoXDpJRRVIhnIX7IBScm6KiNl1kihv27rdnSGRPRR+H0CwcJjrvnAaOi7z4EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=boRBg7PvKKdFxEKAz85xceIBFGiwYTiuz0NZm+PBg3A=; b=k4nFnQT9qLfJBEtevQzwG5+hJ/vk2SmMhNnN1ao97+qVLPQcawTQ3tw2twTHntBUyMwf49S4v+jZ3KvXUH5pGatb5kuUEqvpVmkmD/89lz8d3vG1893USl9qs0I0Q1roGnC2QRADF38oAxmQQ6MyQ1VPbgcegdixGaS5shHgh66eVrbByQnrAunBXGdbBDOPdwj4aRdpRL6vje3Fi3t8cwbtNvG2TzmQChAMbOX9g8IwlVJMD5eEHJXpVaC200uhUpVOX96mY164bzO5B+c+CgKepqBhB4NYp6ezskriCr1eWvq66xvWVrZ3Z4YervqUVUYzjEB142PS2Y+VCkO1kA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=nutanix.com;dmarc=pass action=none header.from=nutanix.com;dkim=pass header.d=nutanix.com;arc=none Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by MW2PR02MB3657.namprd02.prod.outlook.com (52.132.177.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.13; Thu, 1 Aug 2019 23:52:18 +0000 Received: from MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149]) by MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2136.010; Thu, 1 Aug 2019 23:52:18 +0000 From: Ankur Sharma To: "ovs-dev@openvswitch.org" Thread-Topic: [PATCH v3 1/4 ovn] OVN: Do not replace router port mac on gateway chassis. Thread-Index: AQHVSMQmOGT/YR2M2E2hQC5T5WkDHQ== Date: Thu, 1 Aug 2019 23:52:18 +0000 Message-ID: <1564703707-21545-2-git-send-email-ankur.sharma@nutanix.com> References: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com> In-Reply-To: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BYAPR06CA0041.namprd06.prod.outlook.com (2603:10b6:a03:14b::18) To MW2PR02MB3899.namprd02.prod.outlook.com (2603:10b6:907:4::28) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 1.8.3.1 x-originating-ip: [192.146.154.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 37df30e1-9d6e-4ac6-39a2-08d716db493e x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MW2PR02MB3657; x-ms-traffictypediagnostic: MW2PR02MB3657: x-microsoft-antispam-prvs: x-proofpoint-crosstenant: true x-ms-oob-tlc-oobclassifiers: OLM:2399; x-forefront-prvs: 01165471DB x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(346002)(366004)(376002)(136003)(199004)(189003)(76176011)(2501003)(6512007)(2351001)(53946003)(25786009)(5640700003)(36756003)(8676002)(7736002)(316002)(6506007)(14444005)(6436002)(8936002)(53936002)(71200400001)(305945005)(102836004)(66946007)(2906002)(256004)(5024004)(81156014)(81166006)(6486002)(3846002)(386003)(26005)(86362001)(50226002)(68736007)(2616005)(6916009)(14454004)(30864003)(478600001)(66574012)(5660300002)(486006)(66476007)(66556008)(64756008)(66446008)(66066001)(52116002)(107886003)(4720700003)(186003)(446003)(4326008)(44832011)(6116002)(99286004)(11346002)(71190400001)(476003)(64030200001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3657; H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nutanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Top5lVl5mdGiPXve4UQsq0DvDbIaxmTVl77kAgVcdt1EVZLQDH5B494ZIpp9UW7GZughazI1RN8jE6CjKg8+19AN4eZqhVj9MIf2kFhEJB11I1TjDSMnNMOfoNMgOth6HqUrlo42ne0DEKSjM1cIG6JhWUBc+jwmXodPCFX5XDfNmSDXa2RWXZ/8jpnOf7OAurKOtIZkKlM7UXQb3Or3v5/QxcmmzwIFtrgZi42cw9MDvKNcUohcLK58/lzGRxerKK5URiQ5INRXr9UvWX1OYQkqRjKzcfTWF46/tCJrM+3XKZCgDhFd7/h0Hxq8EYWwfzBPqACT/+FJ00aRVTjht8KhXlWKTPn8BpHLTXX6vlGeREyNB9oIz6fY/jeA6bn5xLG6Mh4o1fNukq0fLzpTQm6/Wr0iVGcOCKmsugIeaPE= MIME-Version: 1.0 X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 37df30e1-9d6e-4ac6-39a2-08d716db493e X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2019 23:52:18.0766 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ankur.sharma@nutanix.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3657 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-01_10:2019-07-31,2019-08-01 signatures=0 X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v3 1/4 ovn] OVN: Do not replace router port mac on gateway chassis. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org With 795d7f24ce0e2ed5454e193a059451d237289542 we have added support for E-W routing on vlan backed networks by replacing router port macs with chassis macs. This replacement of router port mac need NOT be done on gateway chassis for following reasons: a. For N-S traffic, gateway chassis will respond to ARP for the router port (to which it is attached) and traffic will be using router port mac as destination mac. b. Chassis redirect port is a centralized version of distributed router port, hence we need not replace its mac with chassis mac on the resident chassis. This patch addresses the same. Signed-off-by: Ankur Sharma --- controller/physical.c | 19 ++- controller/pinctrl.c | 37 +++--- controller/pinctrl.h | 5 + tests/ovn.at | 313 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 354 insertions(+), 20 deletions(-) diff --git a/controller/physical.c b/controller/physical.c index 5c2f74e..aa06b3f 100644 --- a/controller/physical.c +++ b/controller/physical.c @@ -38,6 +38,7 @@ #include "lib/ovn-sb-idl.h" #include "lib/ovn-util.h" #include "physical.h" +#include "pinctrl.h" #include "openvswitch/shash.h" #include "simap.h" #include "smap.h" @@ -228,9 +229,12 @@ get_zone_ids(const struct sbrec_port_binding *binding, } static void -put_replace_router_port_mac_flows(const struct +put_replace_router_port_mac_flows(struct ovsdb_idl_index + *sbrec_port_binding_by_name, + const struct sbrec_port_binding *localnet_port, const struct sbrec_chassis *chassis, + const struct sset *active_tunnels, const struct hmap *local_datapaths, struct ofpbuf *ofpacts_p, ofp_port_t ofport, @@ -270,6 +274,16 @@ put_replace_router_port_mac_flows(const struct struct eth_addr router_port_mac; struct match match; struct ofpact_mac *replace_mac; + char *cr_peer_name = xasprintf("cr-%s", rport_binding->logical_port); + if (pinctrl_is_chassis_resident(sbrec_port_binding_by_name, + chassis, active_tunnels, + cr_peer_name)) { + /* If a router port's chassisredirect port is + * resident on this chassis, then we need not do mac replace. */ + free(cr_peer_name); + continue; + } + free(cr_peer_name); /* Table 65, priority 150. * ======================= @@ -787,7 +801,8 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, &match, ofpacts_p, &binding->header_.uuid); if (!strcmp(binding->type, "localnet")) { - put_replace_router_port_mac_flows(binding, chassis, + put_replace_router_port_mac_flows(sbrec_port_binding_by_name, + binding, chassis, active_tunnels, local_datapaths, ofpacts_p, ofport, flow_table); } diff --git a/controller/pinctrl.c b/controller/pinctrl.c index f05579f..d0b2e27 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -455,6 +455,25 @@ pinctrl_init(void) &pinctrl); } +bool +pinctrl_is_chassis_resident(struct ovsdb_idl_index *sbrec_port_binding_by_name, + const struct sbrec_chassis *chassis, + const struct sset *active_tunnels, + const char *port_name) +{ + const struct sbrec_port_binding *pb + = lport_lookup_by_name(sbrec_port_binding_by_name, port_name); + if (!pb || !pb->chassis) { + return false; + } + if (strcmp(pb->type, "chassisredirect")) { + return pb->chassis == chassis; + } else { + return ha_chassis_group_is_active(pb->ha_chassis_group, + active_tunnels, chassis); + } +} + static ovs_be32 queue_msg(struct rconn *swconn, struct ofpbuf *msg) { @@ -3755,24 +3774,6 @@ get_localnet_vifs_l3gwports( sbrec_port_binding_index_destroy_row(target); } -static bool -pinctrl_is_chassis_resident(struct ovsdb_idl_index *sbrec_port_binding_by_name, - const struct sbrec_chassis *chassis, - const struct sset *active_tunnels, - const char *port_name) -{ - const struct sbrec_port_binding *pb - = lport_lookup_by_name(sbrec_port_binding_by_name, port_name); - if (!pb || !pb->chassis) { - return false; - } - if (strcmp(pb->type, "chassisredirect")) { - return pb->chassis == chassis; - } else { - return ha_chassis_group_is_active(pb->ha_chassis_group, - active_tunnels, chassis); - } -} /* Extracts the mac, IPv4 and IPv6 addresses, and logical port from * 'addresses' which should be of the format 'MAC [IP1 IP2 ..] diff --git a/controller/pinctrl.h b/controller/pinctrl.h index 80da28d..0fa9ba3 100644 --- a/controller/pinctrl.h +++ b/controller/pinctrl.h @@ -47,5 +47,10 @@ void pinctrl_run(struct ovsdb_idl_txn *ovnsb_idl_txn, const struct sset *active_tunnels); void pinctrl_wait(struct ovsdb_idl_txn *ovnsb_idl_txn); void pinctrl_destroy(void); +bool +pinctrl_is_chassis_resident(struct ovsdb_idl_index *sbrec_port_binding_by_name, + const struct sbrec_chassis *chassis, + const struct sset *active_tunnels, + const char *port_name); #endif /* controller/pinctrl.h */ diff --git a/tests/ovn.at b/tests/ovn.at index e88cffa..dc5887f 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -29,6 +29,12 @@ m4_define([OVN_CHECK_PACKETS], [ovn_check_packets__ "$1" "$2" AT_CHECK([sort $rcv_text], [0], [expout])]) +m4_define([OVN_CHECK_PACKETS_REMOVE_BROADCAST], + [ovn_check_packets__ "$1" "$2" + echo "received_text=$rcv_text" + sed -i '/ffffffffffff/d' $rcv_text + AT_CHECK([sort $rcv_text], [0], [expout])]) + AT_BANNER([OVN components]) AT_SETUP([ovn -- lexer]) @@ -14990,3 +14996,310 @@ OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected]) OVN_CLEANUP([hv1], [hv2]) AT_CLEANUP + + +AT_SETUP([ovn -- 2 HVs, 2 lports/HV, localnet ports, DVR N-S ARP handling]) +ovn_start + +# In this test cases we create 3 switches, all connected to same +# physical network (through br-phys on each HV). LS1 and LS2 have +# 1 VIF each. Each HV has 1 VIF port. The first digit +# of VIF port name indicates the hypervisor it is bound to, e.g. +# lp23 means VIF 3 on hv2. +# +# All the switches are connected to a logical router "router". +# +# Each switch's VLAN tag and their logical switch ports are: +# - ls1: +# - tagged with VLAN 101 +# - ports: lp11 +# - ls2: +# - tagged with VLAN 201 +# - ports: lp22 +# - ls-underlay: +# - tagged with VLAN 1000 +# Note: a localnet port is created for each switch to connect to +# physical network. + +for i in 1 2; do + ls_name=ls$i + ovn-nbctl ls-add $ls_name + ln_port_name=ln$i + if test $i -eq 1; then + ovn-nbctl lsp-add $ls_name $ln_port_name "" 101 + elif test $i -eq 2; then + ovn-nbctl lsp-add $ls_name $ln_port_name "" 201 + fi + ovn-nbctl lsp-set-addresses $ln_port_name unknown + ovn-nbctl lsp-set-type $ln_port_name localnet + ovn-nbctl lsp-set-options $ln_port_name network_name=phys +done + +# lsp_to_ls LSP +# +# Prints the name of the logical switch that contains LSP. +lsp_to_ls () { + case $1 in dnl ( + lp?[[11]]) echo ls1 ;; dnl ( + lp?[[12]]) echo ls2 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_hv () { + case $1 in dnl ( + vif[[1]]?) echo hv1 ;; dnl ( + vif[[2]]?) echo hv2 ;; dnl ( + vif?[[north]]?) echo hv4 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +ip_to_hex() { + printf "%02x%02x%02x%02x" "$@" +} + +net_add n1 +for i in 1 2; do + sim_add hv$i + as hv$i + ovs-vsctl add-br br-phys + ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys + ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:$i$i" + ovn_attach n1 br-phys 192.168.0.$i + + ovs-vsctl add-port br-int vif$i$i -- \ + set Interface vif$i$i external-ids:iface-id=lp$i$i \ + options:tx_pcap=hv$i/vif$i$i-tx.pcap \ + options:rxq_pcap=hv$i/vif$i$i-rx.pcap \ + ofport-request=$i$i + + lsp_name=lp$i$i + ls_name=$(lsp_to_ls $lsp_name) + + ovn-nbctl lsp-add $ls_name $lsp_name + ovn-nbctl lsp-set-addresses $lsp_name "f0:00:00:00:00:$i$i 192.168.$i.$i" + ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:$i$i + + OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup]) + +done + +ovn-nbctl ls-add ls-underlay +ovn-nbctl lsp-add ls-underlay ln3 "" 1000 +ovn-nbctl lsp-set-addresses ln3 unknown +ovn-nbctl lsp-set-type ln3 localnet +ovn-nbctl lsp-set-options ln3 network_name=phys + +ovn-nbctl ls-add ls-north +ovn-nbctl lsp-add ls-north ln4 "" 1000 +ovn-nbctl lsp-set-addresses ln4 unknown +ovn-nbctl lsp-set-type ln4 localnet +ovn-nbctl lsp-set-options ln4 network_name=phys + +# Add a VM on ls-north +ovn-nbctl lsp-add ls-north lp-north +ovn-nbctl lsp-set-addresses lp-north "f0:f0:00:00:00:11 172.31.0.10" +ovn-nbctl lsp-set-port-security lp-north f0:f0:00:00:00:11 + +# Add 3rd hypervisor +sim_add hv3 +as hv3 ovs-vsctl add-br br-phys +as hv3 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys +as hv3 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:33" +as hv3 ovn_attach n1 br-phys 192.168.0.3 + +# Add 4th hypervisor +sim_add hv4 +as hv4 ovs-vsctl add-br br-phys +as hv4 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys +as hv4 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:44" +as hv4 ovn_attach n1 br-phys 192.168.0.4 + +as hv4 ovs-vsctl add-port br-int vif-north -- \ + set Interface vif-north external-ids:iface-id=lp-north \ + options:tx_pcap=hv4/vif-north-tx.pcap \ + options:rxq_pcap=hv4/vif-north-rx.pcap \ + ofport-request=44 + +ovn-nbctl lr-add router +ovn-nbctl lrp-add router router-to-ls1 00:00:01:01:02:03 192.168.1.3/24 +ovn-nbctl lrp-add router router-to-ls2 00:00:01:01:02:05 192.168.2.3/24 +ovn-nbctl lrp-add router router-to-underlay 00:00:01:01:02:07 172.31.0.1/24 + +ovn-nbctl lsp-add ls1 ls1-to-router -- set Logical_Switch_Port ls1-to-router type=router \ + options:router-port=router-to-ls1 -- lsp-set-addresses ls1-to-router router +ovn-nbctl lsp-add ls2 ls2-to-router -- set Logical_Switch_Port ls2-to-router type=router \ + options:router-port=router-to-ls2 -- lsp-set-addresses ls2-to-router router +ovn-nbctl lsp-add ls-underlay underlay-to-router -- set Logical_Switch_Port \ + underlay-to-router type=router \ + options:router-port=router-to-underlay \ + -- lsp-set-addresses underlay-to-router router + + +OVN_POPULATE_ARP + +# lsp_to_ls LSP +# +# Prints the name of the logical switch that contains LSP. +lsp_to_ls () { + case $1 in dnl ( + lp?[[11]]) echo ls1 ;; dnl ( + lp?[[12]]) echo ls2 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_ls () { + case $1 in dnl ( + vif?[[11]]) echo ls1 ;; dnl ( + vif?[[12]]) echo ls2 ;; dnl ( + vif-north) echo ls-north ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +hv_to_num () { + case $1 in dnl ( + hv1) echo 1 ;; dnl ( + hv2) echo 2 ;; dnl ( + hv3) echo 3 ;; dnl ( + hv4) echo 4 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_num () { + case $1 in dnl ( + vif22) echo 22 ;; dnl ( + vif21) echo 21 ;; dnl ( + vif11) echo 11 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_hv () { + case $1 in dnl ( + vif[[1]]?) echo hv1 ;; dnl ( + vif[[2]]?) echo hv2 ;; dnl ( + vif-north) echo hv4 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_lrp () { + echo router-to-`vif_to_ls $1` +} + +ip_to_hex() { + printf "%02x%02x%02x%02x" "$@" +} + +# Dump a bunch of info helpful for debugging if there's a failure. + +echo "------ OVN dump ------" +ovn-nbctl show +ovn-sbctl show +ovn-sbctl list port_binding +ovn-sbctl list mac_binding + +echo "------ hv1 dump ------" +as hv1 ovs-vsctl show +as hv1 ovs-vsctl list Open_Vswitch + +echo "------ hv2 dump ------" +as hv2 ovs-vsctl show +as hv2 ovs-vsctl list Open_Vswitch + +echo "------ hv3 dump ------" +as hv3 ovs-vsctl show +as hv3 ovs-vsctl list Open_Vswitch + +echo "------ hv4 dump ------" +as hv4 ovs-vsctl show +as hv4 ovs-vsctl list Open_Vswitch + +# test_arp INPORT SHA SPA TPA [REPLY_HA] +# +# Causes a packet to be received on INPORT. The packet is an ARP +# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then +# it should be the hardware address of the target to expect to receive in an +# ARP reply; otherwise no reply is expected. +# +# INPORT is an logical switch port number, e.g. 11 for vif11. +# SHA and REPLY_HA are each 12 hex digits. +# SPA and TPA are each 8 hex digits. +test_arp() { + local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5 + local request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa} + hv=`vif_to_hv $inport` + as $hv ovs-appctl netdev-dummy/receive $inport $request + + if test X$reply_ha = X; then + # Expect to receive the broadcast ARP on the other logical switch ports + # if no reply is expected. + local i j + for i in 1 2 3; do + for j in 1 2 3; do + if test $i$j != $inport; then + echo $request >> $i$j.expected + fi + done + done + else + # Expect to receive the reply, if any. + local reply=${sha}${reply_ha}08060001080006040002${reply_ha}${tpa}${sha}${spa} + local reply_vid=${sha}${reply_ha}810003e808060001080006040002${reply_ha}${tpa}${sha}${spa} + echo $reply_vid >> ${inport}_vid.expected + echo $reply >> $inport.expected + fi +} + +sip=`ip_to_hex 172 31 0 10` +tip=`ip_to_hex 172 31 0 1` + +# Set a hypervisor as gateway chassis, for router port 172.31.0.1 +ovn-nbctl lrp-set-gateway-chassis router-to-underlay hv3 +ovn-nbctl --wait=sb sync +sleep 2 + +test_arp vif-north f0f000000011 $sip $tip 000001010207 + +sleep 1 + +# Confirm that vif-north gets a single ARP reply +OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv4/vif-north-tx.pcap], [vif-north.expected]) + +# Confirm that only redirect chassis allowed arp resolution. +OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv3/br-phys_n1-tx.pcap], [vif-north_vid.expected]) +AT_CHECK([grep 000001010207 hv3/br-phys_n1-tx.packets | wc -l], [0], [[1 +]]) + +# Confirm that other OVN chassis did not generate ARP reply. +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys_n1-tx.pcap > hv1/br-phys_n1-tx.packets +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-phys_n1-tx.pcap > hv2/br-phys_n1-tx.packets + +AT_CHECK([grep 000001010207 hv1/br-phys_n1-tx.packets | wc -l], [0], [[0 +]]) +AT_CHECK([grep 000001010207 hv2/br-phys_n1-tx.packets | wc -l], [0], [[0 +]]) + +echo "----------- Post Traffic hv1 dump -----------" +as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int +as hv1 ovs-appctl fdb/show br-phys + +echo "----------- Post Traffic hv2 dump -----------" +as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int +as hv2 ovs-appctl fdb/show br-phys + +echo "----------- Post Traffic hv3 dump -----------" +as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-int +as hv3 ovs-appctl fdb/show br-phys + +echo "----------- Post Traffic hv4 dump -----------" +as hv4 ovs-ofctl -O OpenFlow13 dump-flows br-int +as hv4 ovs-appctl fdb/show br-phys + +OVN_CLEANUP([hv1],[hv2],[hv3],[hv4]) + +AT_CLEANUP From patchwork Thu Aug 1 23:52:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1140844 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.b="pDr0riiC"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4606ZN6pHtz9s7T for ; Fri, 2 Aug 2019 09:53:48 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 8571514A3; Thu, 1 Aug 2019 23:52:24 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6746C149F for ; Thu, 1 Aug 2019 23:52:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3BE6282B for ; Thu, 1 Aug 2019 23:52:21 +0000 (UTC) Received: from pps.filterd (m0127841.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x71No1dm009082 for ; Thu, 1 Aug 2019 16:52:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=proofpoint20171006; bh=FCbtyCruEQiqy6y6lADybDNn/r9zjuWBVJYJ8Vf8lgM=; b=pDr0riiCJc5mcI5KOTcPKDm3JpEZdESKs90tSEqfXBJFpijAY7yDrpByugGVXXU1tfh/ /Y4Wf/zp8x+xb/a98JnflmCRZ8uFMLVg3UVxgmqEjfwJ0YsIoi6ZBvduRJIKM10OCOc7 WLDqDcSyysxTnF24Jk7X/L8/j7esOO5nEXoh05bziquR891hDIq8DVeSQ4kOk4SeUZVb xoLyK1Erx4NgW4VGYHe/d/YMEB9aY8SvRhgBGbcvbYF073g5pmnWCNvPQ4S1vKyG5Ske JrnacHdADArJ8BnQGhIgyN3yXJERfqDnM2z/YPM/lXf2oWMLrp2IdWg9p0j52qbBaOLM Vg== Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2054.outbound.protection.outlook.com [104.47.37.54]) by mx0b-002c1b01.pphosted.com with ESMTP id 2u0m58jger-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 01 Aug 2019 16:52:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BqAd9cDb6nvpDwf1Y1HkcFtS2hvObpOdXcP+9AQSi4mb0q+i5BtTNu5WQLWdB6P+fDg/SCVyLVwEWTQo+65HChjlZWeyV7if9yjyiP2l65fT1mk84VZrH7o+kvK0scJeZKzNntHY2mfPXQdZ1aQbH7NJtPM8j14FWav5FxUwFxSbu49MBLYRZVx/dL4Ju9HQ/BCLO84708Led1KWsPgPl9bbbKrRyg483NGNxrqtOqY6rvVoxrw9Zfw5MJdGYAPTVBrokgxHIUpTa+jjWmpQWDu/k0F16yxFSQsWgSzr5i0ltjfS66cczB/uQj8wcCwrggjkFahNmefNZcPZOq5jCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FCbtyCruEQiqy6y6lADybDNn/r9zjuWBVJYJ8Vf8lgM=; b=B8GB/yWOfQ0LiU6kxWajEUJxfAgw3SM4uay/95Ytb2uaZr4Dg60idHgWBHDy0K/HqxXAYSL1hXh7V5APrvJDRoalscFAaTvIUtPVm74X7hV7sZ0GcmU9okaJyk6Pua826wcHOeOgwQZpzrsKVfQxQLCes18dg/Qq5pve3NRfFTWczIbTSqXGw3jSp+z1S1YiFZwIMrLsE3Hghu3M75bZHLAbyRmD6PRGDiWpa+eIPo/EgiGEO/y6K9SYzylHWaGDcjp6BhyW/hPI3YkHGp2GnJ7qA4du28ZKCCsq6RUOy4RLGWQLMvO++NkUBwKXYnra+2qtWmcO+ibov1LdrsTPRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=nutanix.com;dmarc=pass action=none header.from=nutanix.com;dkim=pass header.d=nutanix.com;arc=none Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by MW2PR02MB3657.namprd02.prod.outlook.com (52.132.177.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.13; Thu, 1 Aug 2019 23:52:19 +0000 Received: from MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149]) by MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2136.010; Thu, 1 Aug 2019 23:52:19 +0000 From: Ankur Sharma To: "ovs-dev@openvswitch.org" Thread-Topic: [PATCH v3 2/4 ovn] OVN: Vlan backed DVR N-S, redirect-type option Thread-Index: AQHVSMQnqu9EINNGLEiAaybIybs+4g== Date: Thu, 1 Aug 2019 23:52:19 +0000 Message-ID: <1564703707-21545-3-git-send-email-ankur.sharma@nutanix.com> References: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com> In-Reply-To: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BYAPR06CA0041.namprd06.prod.outlook.com (2603:10b6:a03:14b::18) To MW2PR02MB3899.namprd02.prod.outlook.com (2603:10b6:907:4::28) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 1.8.3.1 x-originating-ip: [192.146.154.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8ba7a864-7cbc-49ce-aa92-08d716db49f7 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MW2PR02MB3657; x-ms-traffictypediagnostic: MW2PR02MB3657: x-microsoft-antispam-prvs: x-proofpoint-crosstenant: true x-ms-oob-tlc-oobclassifiers: OLM:1002; x-forefront-prvs: 01165471DB x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(346002)(366004)(376002)(136003)(199004)(189003)(76176011)(2501003)(6512007)(2351001)(25786009)(5640700003)(36756003)(8676002)(7736002)(316002)(6506007)(14444005)(6436002)(8936002)(53936002)(71200400001)(305945005)(102836004)(66946007)(2906002)(256004)(5024004)(81156014)(81166006)(6486002)(3846002)(386003)(26005)(86362001)(50226002)(68736007)(2616005)(6916009)(14454004)(478600001)(66574012)(5660300002)(486006)(66476007)(66556008)(64756008)(66446008)(66066001)(52116002)(107886003)(4720700003)(186003)(446003)(4326008)(44832011)(6116002)(99286004)(11346002)(71190400001)(476003)(64030200001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3657; H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nutanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: PzkMjYwf0C/VkJGxtzIcA+LiaGHzDq4YelXf/mwcC1h+tV5h9vbYy6yTplQ6iGI683ajZ4sna3IJjmsbLRn57pYAP3yEQA3+gAtdygN6yPpwSX7Gwxpxv3S+9KKQPxxaNvOx29mS7QL6LGSS2Ev1z54lQWj+dhumKKm5yA6mt7sDMFliSsFyksIpqvssucU/gwb7H2640dijWByx9JKWcFj/Uc7lv0TfD2y+PW21fjcvjLmPoOoFxSoxnQN9KwJL4zMaHxEUEic3lBEEFubkte2ofhCXQ/rHumsYlZdoTJANw9ZFV0etHOyZhZFqlvkRzzH7GF+L6uoNzsD1P8fUvUI9eZH5lm9J5eElgISONdsSE+mays/andg7F3hL3OTi75NUwTOGUC5AQV8POFgrqfbCAzB7bJSa7W2d+vNysRM= MIME-Version: 1.0 X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8ba7a864-7cbc-49ce-aa92-08d716db49f7 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2019 23:52:19.2890 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ankur.sharma@nutanix.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3657 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-01_10:2019-07-31,2019-08-01 signatures=0 X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v3 2/4 ovn] OVN: Vlan backed DVR N-S, redirect-type option X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Background: With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added support for E-W workflow for vlan backed DVRs. This series enables N-S workflow for vlan backed DVRs. Key difference between E-W and N-S traffic flow is that N-S flow requires a gateway chassis. A gateway chassis will be respondible for following: a. Doing Network Address Translation (NAT). b. Becoming entry and exit point for North->South and South->North traffic respectively. OVN by default always uses overlay encapsulation to redirect the packet to gateway chassis. This series will enable the redirection to gateway chassis in the absence of encapsulation. This patch: a. Add a new key-value in options of a router port. b. This new config key will be used by ovn-controller to determine if a redirected packet will go out of tunnel port or localnet port. c. key is "redirect-type" and it takes "overlay" and "vlan" as values. d. Added ovn-nbctl command to set and get redirect-type option on a router port. e. This new configuration is added because vlan or overlay based forwarding is considered to be a logical switch property, hence for a router configuration has to be done at the router port level. Signed-off-by: Ankur Sharma --- northd/ovn-northd.c | 6 ++++++ ovn-nb.xml | 43 ++++++++++++++++++++++++++++++++++++++ tests/ovn-nbctl.at | 25 ++++++++++++++++++++++ tests/ovn-northd.at | 31 +++++++++++++++++++++++++++ utilities/ovn-nbctl.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 163 insertions(+) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index cd776fa..7c0fd6c 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -2445,6 +2445,9 @@ ovn_port_update_sbrec(struct northd_context *ctx, if (op->derived) { const char *redirect_chassis = smap_get(&op->nbrp->options, "redirect-chassis"); + const char *redirect_type = smap_get(&op->nbrp->options, + "redirect-type"); + int n_gw_options_set = 0; if (op->nbrp->ha_chassis_group) { n_gw_options_set++; @@ -2537,6 +2540,9 @@ ovn_port_update_sbrec(struct northd_context *ctx, sbrec_port_binding_set_gateway_chassis(op->sb, NULL, 0); } smap_add(&new, "distributed-port", op->nbrp->name); + if (redirect_type) { + smap_add(&new, "redirect-type", redirect_type); + } } else { if (op->peer) { smap_add(&new, "peer", op->peer->key); diff --git a/ovn-nb.xml b/ovn-nb.xml index f5f10a5..971017b 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -1947,6 +1947,49 @@ issues.

+ + +

+ This options dictates if a packet redirected to + gateway chassis will be overlay encapsulated + or go as a regular vlan packet. +

+ +

+ Option takes following values +

+ +
    +
  • + OVERLAY +
  • + +
  • + VLAN +
  • +
+ +

+ OVERLAY option will ensure that redirected packet goes out as + encapsulation via the tunnel port. +

+ +

+ VLAN option will ensure that redirected packet goes out as vlan + tagged via the localnet port. +

+ +

+ OVERLAY is the default redirection type. +

+ +

+ Option is applicable only to gateway chassis attached logical + router ports. +

+ +
+ diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at index a19e33f..11a3273 100644 --- a/tests/ovn-nbctl.at +++ b/tests/ovn-nbctl.at @@ -1220,6 +1220,31 @@ lrp0-chassis1 1 dnl --------------------------------------------------------------------- +OVN_NBCTL_TEST([ovn_nbctl_redirect_type], [logical router port redirect type], [ +AT_CHECK([ovn-nbctl lr-add lr0]) +AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24]) +AT_CHECK([ovn-nbctl lrp-get-redirect-type lrp0], [0], [dnl +overlay +]) +AT_CHECK([ovn-nbctl lrp-set-redirect-type lp0 vlan], [1], [], +[ovn-nbctl: lp0: port name not found +]) +AT_CHECK([ovn-nbctl lrp-set-redirect-type lrp0 vlan], [0], []) +AT_CHECK([ovn-nbctl lrp-get-redirect-type lrp0], [0], [dnl +vlan +]) +AT_CHECK([ovn-nbctl lrp-set-redirect-type lrp0 overlay], [0], []) +AT_CHECK([ovn-nbctl lrp-get-redirect-type lrp0], [0], [dnl +overlay +]) +AT_CHECK([ovn-nbctl lrp-set-redirect-type lrp0 abcd], [1], [], +[ovn-nbctl: Invalid redirect type: abcd +]) + +]) + +dnl --------------------------------------------------------------------- + OVN_NBCTL_TEST([ovn_nbctl_lrp_enable], [logical router port enable and disable], [ AT_CHECK([ovn-nbctl lr-add lr0]) AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24]) diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 0dea04e..8718130 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -936,3 +936,34 @@ OVS_WAIT_UNTIL([ test 0 = $?]) AT_CLEANUP + +AT_SETUP([ovn -- check Redirect Chassis propagation from NB to SB]) +AT_SKIP_IF([test $HAVE_PYTHON = no]) +ovn_start + +ovn-sbctl chassis-add gw1 geneve 127.0.0.1 + +ovn-nbctl lr-add R1 +ovn-nbctl lrp-add R1 R1-S1 02:ac:10:01:00:01 172.16.1.1/24 + +ovn-nbctl ls-add S1 +ovn-nbctl lsp-add S1 S1-R1 +ovn-nbctl lsp-set-type S1-R1 router +ovn-nbctl lsp-set-addresses S1-R1 router +ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1 + +ovn-nbctl lrp-set-gateway-chassis R1-S1 gw1 + +uuid=`ovn-sbctl --columns=_uuid --bare find Port_Binding logical_port=cr-R1-S1` +echo "CR-LRP UUID is: " $uuid + +ovn-nbctl lrp-set-redirect-type R1-S1 vlan +AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:redirect-type], [0], [vlan +]) + +ovn-nbctl lrp-set-redirect-type R1-S1 overlay +AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:redirect-type], [0], [overlay +]) + + +AT_CLEANUP diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c index ad999dd..991bee5 100644 --- a/utilities/ovn-nbctl.c +++ b/utilities/ovn-nbctl.c @@ -661,6 +661,14 @@ Logical router port commands:\n\ ('enabled' or 'disabled')\n\ lrp-get-enabled PORT get administrative state PORT\n\ ('enabled' or 'disabled')\n\ + lrp-set-redirect-type PORT TYPE\n\ + set whether redirected packet to gateway chassis\n\ + of PORT will be encapsulated or not\n\ + ('overlay' or 'vlan')\n\ + lrp-get-redirect-type PORT\n\ + get whether redirected packet to gateway chassis\n\ + of PORT will be encapsulated or not\n\ + ('overlay' or 'vlan')\n\ \n\ Route commands:\n\ [--policy=POLICY] lr-route-add ROUTER PREFIX NEXTHOP [PORT]\n\ @@ -4591,6 +4599,52 @@ nbctl_lrp_get_enabled(struct ctl_context *ctx) !lrp->enabled || *lrp->enabled ? "enabled" : "disabled"); } + +/* Set the logical router port redirect type. */ +static void +nbctl_lrp_set_redirect_type(struct ctl_context *ctx) +{ + const char *id = ctx->argv[1]; + const char *type = ctx->argv[2]; + const struct nbrec_logical_router_port *lrp = NULL; + struct smap lrp_options; + + char *error = lrp_by_name_or_uuid(ctx, id, true, &lrp); + if (error) { + ctx->error = error; + return; + } + + if (strcasecmp(type, "vlan") && strcasecmp(type, "overlay")) { + error = xasprintf("Invalid redirect type: %s", type); + ctx->error = error; + return; + } + + smap_init(&lrp_options); + smap_add(&lrp_options, "redirect-type", type); + + nbrec_logical_router_port_set_options(lrp, &lrp_options); + smap_destroy(&lrp_options); +} + +static void +nbctl_lrp_get_redirect_type(struct ctl_context *ctx) +{ + const char *id = ctx->argv[1]; + const struct nbrec_logical_router_port *lrp = NULL; + + char *error = lrp_by_name_or_uuid(ctx, id, true, &lrp); + if (error) { + ctx->error = error; + return; + } + + const char *redirect_type = smap_get(&lrp->options, "redirect-type"); + ds_put_format(&ctx->output, "%s\n", + !redirect_type ? "overlay": redirect_type); +} + struct ipv4_route { int priority; @@ -5598,6 +5652,10 @@ static const struct ctl_command_syntax nbctl_commands[] = { NULL, "", RW }, { "lrp-get-enabled", 1, 1, "PORT", NULL, nbctl_lrp_get_enabled, NULL, "", RO }, + { "lrp-set-redirect-type", 2, 2, "PORT TYPE", NULL, + nbctl_lrp_set_redirect_type, NULL, "", RW }, + { "lrp-get-redirect-type", 1, 1, "PORT", NULL, nbctl_lrp_get_redirect_type, + NULL, "", RO }, /* logical router route commands. */ { "lr-route-add", 3, 4, "ROUTER PREFIX NEXTHOP [PORT]", NULL, From patchwork Thu Aug 1 23:52:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1140845 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.b="NqFrqycL"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4606b76hRsz9sBF for ; Fri, 2 Aug 2019 09:54:27 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 4454C14D6; Thu, 1 Aug 2019 23:52:26 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E8C8D14B8 for ; Thu, 1 Aug 2019 23:52:24 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5D6A1E7 for ; Thu, 1 Aug 2019 23:52:24 +0000 (UTC) Received: from pps.filterd (m0127841.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x71No2f3009191 for ; Thu, 1 Aug 2019 16:52:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=proofpoint20171006; bh=dsKF0T11K4gaxa/wtd/1obzTi3d+oxqVL6IaAb9SRKw=; b=NqFrqycL0PPqZC8jNRQwa0vIdqUcdjx7yk3AB7VZchXtYnqZC+aqb0hjh2IHfHc7dcgD mXkL3pWqEAwOtq3zLnd3ejasC3B5ADxqGCr70Dc3HDxPnbW3njTQXY1Srbc4RSGq0P1s 99xwodn5inmtcDC8Vum88q+s4S9ygVkmEtMGXg2V+1Cqkt7IoHVnva89F6PkGNXwPouI K4c/vXobt2LT7YZjNx3UeI7NYqUFiYQuRaoyDMbmecv14M9EZ/voG+XXhvcjwkOfsniA MGcEYEafxw5ipct/SvmXtmedud8FwJ4sus12qh8PD6k2g96MAgWwxNMM2TTZlWkzECzu yQ== Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2057.outbound.protection.outlook.com [104.47.37.57]) by mx0b-002c1b01.pphosted.com with ESMTP id 2u0m58jget-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 01 Aug 2019 16:52:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=daN5yXevWuPxAxT+dpPmbCzEuNCYxvvReF9WRDNep08OQlEz33vWI+8GlpvNylF7YqYzpTuR2n3RUd0WAaMQ4scX+ml8o3Ff+U/k3D1emsqFdAAhn9GxJBzjm1mRI8NCPhVFTPbD1OmZzCuh1gXfPSM21oczdca1t3ORgqXYSXIdcyvY1dqV8XbKeSRrmVKXFVzuh5LyJnuNq+FD36twdvLxBQtLKGzJkTgPWj5oRGC47NtHSnVOh4wI8lQkXrLv7E/3mLS+4Yi2pseOS7LuUo7V4COO6MWkAsebPRaQ4GJTwxL4mSYrBinjbLXZ0GQ71KB36h6tfSwzDI6bFdJnhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dsKF0T11K4gaxa/wtd/1obzTi3d+oxqVL6IaAb9SRKw=; b=e6o0CQrLiYArND/YWyfbRiDI1GtJxpMBYszGIwm/oVWZ/L91Zy16yB3NZPQ4j/rFX+XTmIttoIgNNJO940+SG/7a8YqMwHxB/RR7iN1hoDCtYE+RssqYWbRs30RrQpcMfwiPxauBrkvKOD3kbK7wv6OePjl5/bW0ozXxPjf7uu+KjL7jkR595jB/t+5WF6myEyq5KoYpfMlcNFZkDtVjFUGSNVUhTNVZpTMloLcQTbb+TnpnQEFxIR5JoD+fr70BK2kkLTk1TjM8WMgb6rJ+Zyj1z1YRj2uPW82hbMDLWDpTpMeXurjhKJy9fsIKuVolY76xWPiNqlMYj4o+Fugfeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=nutanix.com;dmarc=pass action=none header.from=nutanix.com;dkim=pass header.d=nutanix.com;arc=none Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by MW2PR02MB3657.namprd02.prod.outlook.com (52.132.177.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.13; Thu, 1 Aug 2019 23:52:20 +0000 Received: from MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149]) by MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2136.010; Thu, 1 Aug 2019 23:52:20 +0000 From: Ankur Sharma To: "ovs-dev@openvswitch.org" Thread-Topic: [PATCH v3 3/4 ovn] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis. Thread-Index: AQHVSMQoAeYnt18sWU2pnpdpHLrtGg== Date: Thu, 1 Aug 2019 23:52:20 +0000 Message-ID: <1564703707-21545-4-git-send-email-ankur.sharma@nutanix.com> References: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com> In-Reply-To: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BYAPR06CA0041.namprd06.prod.outlook.com (2603:10b6:a03:14b::18) To MW2PR02MB3899.namprd02.prod.outlook.com (2603:10b6:907:4::28) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 1.8.3.1 x-originating-ip: [192.146.154.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 77e6d32c-83fa-4774-1cc0-08d716db4a9f x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MW2PR02MB3657; x-ms-traffictypediagnostic: MW2PR02MB3657: x-microsoft-antispam-prvs: x-proofpoint-crosstenant: true x-ms-oob-tlc-oobclassifiers: OLM:3044; x-forefront-prvs: 01165471DB x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(346002)(366004)(376002)(136003)(199004)(189003)(76176011)(2501003)(6512007)(2351001)(25786009)(5640700003)(36756003)(8676002)(7736002)(316002)(6506007)(14444005)(6436002)(8936002)(53936002)(71200400001)(305945005)(102836004)(66946007)(2906002)(256004)(5024004)(81156014)(81166006)(6486002)(3846002)(386003)(26005)(86362001)(50226002)(68736007)(2616005)(6916009)(14454004)(478600001)(66574012)(5660300002)(486006)(66476007)(66556008)(64756008)(66446008)(66066001)(52116002)(107886003)(4720700003)(186003)(446003)(4326008)(44832011)(6116002)(99286004)(11346002)(71190400001)(476003)(64030200001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3657; H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nutanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: w2FwsygeBCzk1i7pdBn+gQhS07YLuSesYBDXUTDXEDI6van6XBISh5063cJxej9tjNW2QUmx4ifOGVpCk6+4NRI0HvWsDsu2BvtEMZkNb0x1qdNJHAfaVBsJJ/vY/an4dttIgH42n5fOpX+qc7Tgn3g9gv616+BHheLKO4spdkNpQ6ghCErcrlItmR9YFugQtrgJuefj47CUmC0mtS136xRHd7PkKj3L60FmCGwN6A1ZFAEUL82rIk329cRR3lbpu8dnzVIffVeJIyvSszyMpT5LVcRDwqC0LgNTU5Kz7JsWlhtpxpF4h/vD2E712GtYWDPvXOsgt93OxA/Fx2LvJqjAgUctBMUm4PnYSn8uzLBTF2+cDpWHDNXPh7xUyfscslulpYVULVckbTXyumYlRBRuc3sTBHeCKAuJPFCxuVU= MIME-Version: 1.0 X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 77e6d32c-83fa-4774-1cc0-08d716db4a9f X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2019 23:52:20.3603 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ankur.sharma@nutanix.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3657 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-01_10:2019-07-31,2019-08-01 signatures=0 X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v3 3/4 ovn] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Background: With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added support for E-W workflow for vlan backed DVRs. This series enables N-S workflow for vlan backed DVRs. Key difference between E-W and N-S traffic flow is that N-S flow requires a gateway chassis. A gateway chassis will be respondible for following: a. Doing Network Address Translation (NAT). b. Becoming entry and exit point for North->South and South->North traffic respectively. OVN by default always uses overlay encapsulation to redirect the packet to gateway chassis. This series will enable the redirection to gateway chassis in the absence of encapsulation. This patch: a. Make sure that ARP request for endpoint behind the gateway router port is sent from gateway chassis only and not from host(compute) chassis. b. This is achieved by adding a new logical flow in lr_in_arp_resolve at priority=50. c. This flow run on non gateway chassis and sets the destination mac to router port mac, if outport is a gateway chassis attached router port and redirect-type is set as "vlan". Example logical flow: table=9 (lr_in_arp_resolve ), priority=50 , match=(outport == "router-to-underlay" && !is_chassis_resident("cr-router-to-underlay")), action=(eth.dst = 00:00:01:01:02:04; next;) d. This change is needed because other wise for non resolved ARPs, we will end up doing get_arp in host chassis. Doing so will have following issues: i. We want all the interation with North bound endpoints via gateway chassis only, doing so on host chassis will violate that. ii. With get_arp, ovn-controller will generate the ARP using router port's mac as source mac, which will lead us to the same issue, where router port mac will be going through continous mac moves in physical network. Worst, it would affect the redirection, since it uses router port mac as destination mac. Signed-off-by: Ankur Sharma Signed-off-by: Ankur Sharma > --- northd/ovn-northd.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 7c0fd6c..ba38ef6 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -7565,6 +7565,28 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, 100, ds_cstr(&match), ds_cstr(&actions)); } } + + if (op->nbrp->n_gateway_chassis && !op->derived) { + const char *redirect_type = smap_get(&op->nbrp->options, + "redirect-type"); + if (redirect_type && !strcasecmp(redirect_type, "vlan")) { + /* Packet is on a non gateway chassis and + * has an unresolved ARP on a network behind gateway + * chassis attached router port. Since, redirect type + * is set to vlan, hence instead of calling "get_arp" + * on this node, we will redirect the packet to gateway + * chassis, by setting destination mac router port mac.*/ + ds_clear(&match); + ds_put_format(&match, "outport == %s && " + "!is_chassis_resident(%s)", op->json_key, + op->od->l3redirect_port->json_key); + ds_clear(&actions); + ds_put_format(&actions, "eth.dst = %s; next;", + op->lrp_networks.ea_s); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ARP_RESOLVE, + 50, ds_cstr(&match), ds_cstr(&actions)); + } + } } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router") && strcmp(op->nbsp->type, "virtual")) { /* This is a logical switch port that backs a VM or a container. From patchwork Thu Aug 1 23:52:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Sharma X-Patchwork-Id: 1140846 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.b="ChthDjEb"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4606c612gNz9s7T for ; Fri, 2 Aug 2019 09:55:18 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 42F5814F5; Thu, 1 Aug 2019 23:52:29 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 7093814BA for ; Thu, 1 Aug 2019 23:52:27 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 88909E7 for ; Thu, 1 Aug 2019 23:52:25 +0000 (UTC) Received: from pps.filterd (m0127842.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x71No4iN024075 for ; Thu, 1 Aug 2019 16:52:24 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=proofpoint20171006; bh=jFzXM6p6czZNUf/PoYInGHD1vKosw3oPWRh966Wu1Gw=; b=ChthDjEbb5A6PMt4UxDXSh23OplS5YcsUuPMp+fPYUAmIKGtUFxHhe5BjRBFSUx4rGl5 sBTiHvKTM3EKcNKbvhlmKJjskV7WcxcV/Xhjvv7g1JPow16Xz+KC09sGLBkp1kDHKJdP 5fi8gUrVQ7bsLL8Pjz93BQEmVHnRvFU7ldB2Dfc9qIRICltrfU5Q//XA1Bp59A827E9p Cjt9vJ0fvgItq08IjlOnB8n0m/m8MlbnnKsNMZnNkngEVTqysHFl6W6Hr5VVJKlQ+3xJ DwE4kK5E8qhQfTj1HAhcyS64wMOI75qdUWbOwZdpbXEu4js9y01GJtc2maKHzxLHGlMp 1Q== Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2054.outbound.protection.outlook.com [104.47.37.54]) by mx0b-002c1b01.pphosted.com with ESMTP id 2u0nxf2dd2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 01 Aug 2019 16:52:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=He+gwsMyHiw9qDXLpPP01cxqG1BqQQLn4ZDyGLwsnQPBjOPc8XtslTVw7PW6pH1c0V4SUnbr7ugGM/tqTz/xna1YJXnY34GuVerMfz6KPeJd4Z1NYlZ2oDYoo2zmH4Jk0Wh03ujUJsIpT5Elf92ZPU09xLv+Z28jQqmDfSOBf9S8vvkoTQ/27akx7kOh+WQU1z9KWX5D3LMJkVRGuorbPrH4ZmKpZ8Wc3jwJj9QVa0NDtBVUDPUgEMThFRGNvNGuWHu3SazZlGGrLmyBHp/ysRpxB3UuTjg2j1fP36rTUQLHu3UjSX2Y8oI9uVqHUCpdfwA3+pRSBDuW7VzLICqd1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jFzXM6p6czZNUf/PoYInGHD1vKosw3oPWRh966Wu1Gw=; b=mijc6aBMZgJB4FxGaSQqN/0ggdRs/NbfNoEa4WmYCqQZw9rCBJErE7jn4XSoH8sIvMamp8eKL3+ivbacmmW4RyzAEpMqqG91I3euSlouB4dMoYhz/HTcbOCo2GUcMo/uhKwT576Jm1eP2lM66GRRwZQPaPPythfNreZOFvlqM6CYF9ZBmkBqrrMj7SQIJH2f4bJAhrk2YAWyQd+UU4gPkDrbm14oKpNpGuAZZaeVSfJaWYRQKl2gddQ6ZB4koADo3+oSozxKnRFxqSIWR0qFPPGuTMy6s75A3wKHhSp3oidNHMUe5hpgMArjhNU/2LCqT0pQSGh66r3AbaHmUEqLCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=nutanix.com;dmarc=pass action=none header.from=nutanix.com;dkim=pass header.d=nutanix.com;arc=none Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by MW2PR02MB3657.namprd02.prod.outlook.com (52.132.177.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.13; Thu, 1 Aug 2019 23:52:22 +0000 Received: from MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149]) by MW2PR02MB3899.namprd02.prod.outlook.com ([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2136.010; Thu, 1 Aug 2019 23:52:22 +0000 From: Ankur Sharma To: "ovs-dev@openvswitch.org" Thread-Topic: [PATCH v3 4/4 ovn] OVN: Vlan backed DVR N-S, redirect packet via localnet port Thread-Index: AQHVSMQptVSXtiueCkOhISBM59gY9Q== Date: Thu, 1 Aug 2019 23:52:21 +0000 Message-ID: <1564703707-21545-5-git-send-email-ankur.sharma@nutanix.com> References: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com> In-Reply-To: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BYAPR06CA0041.namprd06.prod.outlook.com (2603:10b6:a03:14b::18) To MW2PR02MB3899.namprd02.prod.outlook.com (2603:10b6:907:4::28) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 1.8.3.1 x-originating-ip: [192.146.154.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 55a5f9e9-69e2-45d2-6dbe-08d716db4b6f x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MW2PR02MB3657; x-ms-traffictypediagnostic: MW2PR02MB3657: x-microsoft-antispam-prvs: x-proofpoint-crosstenant: true x-ms-oob-tlc-oobclassifiers: OLM:400; x-forefront-prvs: 01165471DB x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(346002)(366004)(376002)(136003)(199004)(189003)(76176011)(2501003)(6512007)(2351001)(53946003)(25786009)(5640700003)(36756003)(8676002)(7736002)(316002)(6506007)(14444005)(6436002)(8936002)(53936002)(71200400001)(305945005)(102836004)(66946007)(2906002)(256004)(5024004)(81156014)(81166006)(6486002)(3846002)(386003)(26005)(86362001)(50226002)(68736007)(2616005)(6916009)(14454004)(30864003)(478600001)(66574012)(5660300002)(486006)(66476007)(66556008)(64756008)(66446008)(66066001)(52116002)(107886003)(4720700003)(186003)(446003)(4326008)(44832011)(6116002)(99286004)(11346002)(71190400001)(476003)(64030200001)(579004)(569006); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3657; H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nutanix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: aDbWQdPWeulNxWVsd2DvPxWPLDzsTzKieXyxtFEMCQXpvanTSeRLLLVe3T8ID7x+qUMlrzSFwbbptn3yTlncpLDNbChzjng2SS/glop/PEY2c4fWFfVg5Pr2QDkgjBnLZgMZEKKu8+3vVV2izbRfdxZtVGkkqG0wtx8HCo77rg09XBxYxUHTvlwrTNgHVG+Cc9hJHPF5Bcxx1t9oLXHoJ2J4gTck0Wy155w208XnjhjN+mIznK3pLBh9X4lJpWhPO+sweK2I2TV2KpgDqzE8TlpjgwLeLNjNyi+tis3+MU3fbVA2sGe3hPCFMh7L+d4FlZnaszCUYN4GR/x3aIMl9ZTmhQ/iUUNoPlL4zle5uAPreLfqjUovD69fz1Y53n0p0sdTKl4O4DnvF1H7//Xv3sqggAgMi0HvcQJ7eip5kqc= MIME-Version: 1.0 X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 55a5f9e9-69e2-45d2-6dbe-08d716db4b6f X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2019 23:52:21.7016 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ankur.sharma@nutanix.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3657 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-01_10:2019-07-31,2019-08-01 signatures=0 X-Proofpoint-Spam-Reason: safe X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v3 4/4 ovn] OVN: Vlan backed DVR N-S, redirect packet via localnet port X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Background: With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added support for E-W workflow for vlan backed DVRs. This series enables N-S workflow for vlan backed DVRs. Key difference between E-W and N-S traffic flow is that N-S flow requires a gateway chassis. A gateway chassis will be respondible for following: a. Doing Network Address Translation (NAT). b. Becoming entry and exit point for North->South and South->North traffic respectively. OVN by default always uses overlay encapsulation to redirect the packet to gateway chassis. This series will enable the redirection to gateway chassis in the absence of encapsulation. This patch: Achieves the vlan backed redirection by doing following: Sender Side: ------------ a. For a remote port of type "chassisredirect" and if it has redirect type as "vlan", then do not add tunnel based redirection flow in table=32. b. In table=33, add a flow with priority=100, that would do following: i. Change the metadata to that of gateway logical switch (i.e logical switch attached to gateway logical router port). ii. Change REG15 to point to localnet port of gateway logical switch. iii. send to packet to table=15. c. In Table=65, packet will hit the existing priority=150 flow to send the packet to physical bridge, while attaching vlan header and changing source mac to chassis mac. Receiver Side: -------------- a. No changes needed OVERALL PACKET FLOW: Sender Side: ----------- a. logical flow in lr_in_gw_redirect stage will ensure that outport of the packet is chassisredirect port. For example: table=12(lr_in_gw_redirect ), priority=50 , match=(outport == "router-to-underlay"), action=(outport = "cr-router-to-underlay"; next;) b. After ingress pipeline, packet will enter the table=32, followed by table=33 c. Table=33, will send the packet to table=65. d. Table=65, will send the packet to uplink bridge with destination mac of chassisredirect port and vlan id of peer logical switch. Receiver Side: ------------- a. Packet is received by the pipeline of peer logical switch. b. Since destination mac is that of router port, hence packet will enter the logical router pipeline. c. Now, packet will go through regular logical router pipeline (both ingress and egress). One caveat with the approach is that ttl will be decremented twice, since the packets are going through logical router ingress pipeline twice (once on sender chassis and again on gateway chassis). No changes needed for the reverse path. Signed-off-by: Ankur Sharma --- controller/physical.c | 255 +++++++++++++++++++++++++++------------- lib/ovn-util.c | 33 ++++++ lib/ovn-util.h | 5 + ovn-architecture.7.xml | 64 +++++++++++ tests/ovn.at | 307 +++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 581 insertions(+), 83 deletions(-) diff --git a/controller/physical.c b/controller/physical.c index aa06b3f..4697821 100644 --- a/controller/physical.c +++ b/controller/physical.c @@ -229,6 +229,165 @@ get_zone_ids(const struct sbrec_port_binding *binding, } static void +put_remote_port_redirect_vlan(const struct + sbrec_port_binding *binding, + const struct hmap *local_datapaths, + struct local_datapath *ld, + struct match *match, + struct ofpbuf *ofpacts_p, + struct ovn_desired_flow_table *flow_table) +{ + struct eth_addr binding_mac; + uint32_t ls_dp_key = 0; + + if (strcmp(binding->type, "chassisredirect")) { + /* VLAN based redirect is only supported for chassisredirect + * type remote ports. */ + return; + } + + bool is_valid_mac = extract_sbrec_binding_first_mac(binding, + &binding_mac); + if (!is_valid_mac) { + return; + } + + for (int i = 0; i < ld->n_peer_ports; i++) { + const struct sbrec_port_binding *sport_binding = ld->peer_ports[i]; + const char *sport_peer_name = smap_get(&sport_binding->options, + "peer"); + const char *distributed_port = smap_get(&binding->options, + "distributed-port"); + + if (!strcmp(sport_peer_name, distributed_port)) { + ls_dp_key = sport_binding->datapath->tunnel_key; + break; + } + } + + if (!ls_dp_key) { + return; + } + + union mf_value value; + struct ofpact_mac *src_mac; + const struct sbrec_port_binding *ls_localnet_port; + + ls_localnet_port = get_localnet_port(local_datapaths, ls_dp_key); + + src_mac = ofpact_put_SET_ETH_SRC(ofpacts_p); + src_mac->mac = binding_mac; + + value.be64 = htonll(ls_dp_key); + + ofpact_put_set_field(ofpacts_p, mf_from_id(MFF_METADATA), + &value, NULL); + + value.be32 = htonl(ls_localnet_port->tunnel_key); + ofpact_put_set_field(ofpacts_p, mf_from_id(MFF_REG15), + &value, NULL); + + put_resubmit(OFTABLE_LOG_TO_PHY, ofpacts_p); + ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, 0, + match, ofpacts_p, &binding->header_.uuid); + +} + +static void +put_remote_port_redirect_overlay(const struct + sbrec_port_binding *binding, + bool is_ha_remote, + struct ha_chassis_ordered *ha_ch_ordered, + enum mf_field_id mff_ovn_geneve, + const struct chassis_tunnel *tun, + uint32_t port_key, + struct match *match, + struct ofpbuf *ofpacts_p, + struct ovn_desired_flow_table *flow_table) +{ + if (!is_ha_remote) { + /* Setup encapsulation */ + const struct chassis_tunnel *rem_tun = + get_port_binding_tun(binding); + if (!rem_tun) { + return; + } + put_encapsulation(mff_ovn_geneve, tun, binding->datapath, + port_key, ofpacts_p); + /* Output to tunnel. */ + ofpact_put_OUTPUT(ofpacts_p)->port = rem_tun->ofport; + } else { + /* Make sure all tunnel endpoints use the same encapsulation, + * and set it up */ + for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) { + const struct sbrec_chassis *ch = ha_ch_ordered->ha_ch[i].chassis; + if (!ch) { + continue; + } + if (!tun) { + tun = chassis_tunnel_find(ch->name, NULL); + } else { + struct chassis_tunnel *chassis_tunnel = + chassis_tunnel_find(ch->name, NULL); + if (chassis_tunnel && + tun->type != chassis_tunnel->type) { + static struct vlog_rate_limit rl = + VLOG_RATE_LIMIT_INIT(1, 1); + VLOG_ERR_RL(&rl, "Port %s has Gateway_Chassis " + "with mixed encapsulations, only " + "uniform encapsulations are " + "supported.", binding->logical_port); + return; + } + } + } + if (!tun) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); + VLOG_ERR_RL(&rl, "No tunnel endpoint found for HA chassis in " + "HA chassis group of port %s", + binding->logical_port); + return; + } + + put_encapsulation(mff_ovn_geneve, tun, binding->datapath, + port_key, ofpacts_p); + + /* Output to tunnels with active/backup */ + struct ofpact_bundle *bundle = ofpact_put_BUNDLE(ofpacts_p); + + for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) { + const struct sbrec_chassis *ch = + ha_ch_ordered->ha_ch[i].chassis; + if (!ch) { + continue; + } + tun = chassis_tunnel_find(ch->name, NULL); + if (!tun) { + continue; + } + if (bundle->n_slaves >= BUNDLE_MAX_SLAVES) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); + VLOG_WARN_RL(&rl, "Remote endpoints for port beyond " + "BUNDLE_MAX_SLAVES"); + break; + } + ofpbuf_put(ofpacts_p, &tun->ofport, sizeof tun->ofport); + bundle = ofpacts_p->header; + bundle->n_slaves++; + } + + bundle->algorithm = NX_BD_ALG_ACTIVE_BACKUP; + /* Although ACTIVE_BACKUP bundle algorithm seems to ignore + * the next two fields, those are always set */ + bundle->basis = 0; + bundle->fields = NX_HASH_FIELDS_ETH_SRC; + ofpact_finish_BUNDLE(ofpacts_p, &bundle); + } + ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 100, 0, + match, ofpacts_p, &binding->header_.uuid); +} + +static void put_replace_router_port_mac_flows(struct ovsdb_idl_index *sbrec_port_binding_by_name, const struct @@ -485,7 +644,8 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, { uint32_t dp_key = binding->datapath->tunnel_key; uint32_t port_key = binding->tunnel_key; - if (!get_local_datapath(local_datapaths, dp_key)) { + struct local_datapath *ld; + if (!(ld = get_local_datapath(local_datapaths, dp_key))) { return; } @@ -831,6 +991,10 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, 0, &match, ofpacts_p, &binding->header_.uuid); } else { + + const char *redirect_type = smap_get(&binding->options, + "redirect-type"); + /* Remote port connected by tunnel */ /* Table 32, priority 100. @@ -847,90 +1011,15 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, match_set_metadata(&match, htonll(dp_key)); match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key); - if (!is_ha_remote) { - /* Setup encapsulation */ - const struct chassis_tunnel *rem_tun = - get_port_binding_tun(binding); - if (!rem_tun) { - goto out; - } - put_encapsulation(mff_ovn_geneve, tun, binding->datapath, - port_key, ofpacts_p); - /* Output to tunnel. */ - ofpact_put_OUTPUT(ofpacts_p)->port = rem_tun->ofport; + if (redirect_type && !strcasecmp(redirect_type, "vlan")) { + put_remote_port_redirect_vlan(binding, local_datapaths, + ld, &match, ofpacts_p, flow_table); } else { - /* Make sure all tunnel endpoints use the same encapsulation, - * and set it up */ - for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) { - const struct sbrec_chassis *ch = - ha_ch_ordered->ha_ch[i].chassis; - if (!ch) { - continue; - } - if (!tun) { - tun = chassis_tunnel_find(ch->name, NULL); - } else { - struct chassis_tunnel *chassis_tunnel = - chassis_tunnel_find(ch->name, NULL); - if (chassis_tunnel && - tun->type != chassis_tunnel->type) { - static struct vlog_rate_limit rl = - VLOG_RATE_LIMIT_INIT(1, 1); - VLOG_ERR_RL(&rl, "Port %s has Gateway_Chassis " - "with mixed encapsulations, only " - "uniform encapsulations are " - "supported.", - binding->logical_port); - goto out; - } - } - } - if (!tun) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); - VLOG_ERR_RL(&rl, "No tunnel endpoint found for HA chassis in " - "HA chassis group of port %s", - binding->logical_port); - goto out; - } - - put_encapsulation(mff_ovn_geneve, tun, binding->datapath, - port_key, ofpacts_p); - - /* Output to tunnels with active/backup */ - struct ofpact_bundle *bundle = ofpact_put_BUNDLE(ofpacts_p); - - for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) { - const struct sbrec_chassis *ch = - ha_ch_ordered->ha_ch[i].chassis; - if (!ch) { - continue; - } - tun = chassis_tunnel_find(ch->name, NULL); - if (!tun) { - continue; - } - if (bundle->n_slaves >= BUNDLE_MAX_SLAVES) { - static struct vlog_rate_limit rl = - VLOG_RATE_LIMIT_INIT(1, 1); - VLOG_WARN_RL(&rl, "Remote endpoints for port beyond " - "BUNDLE_MAX_SLAVES"); - break; - } - ofpbuf_put(ofpacts_p, &tun->ofport, - sizeof tun->ofport); - bundle = ofpacts_p->header; - bundle->n_slaves++; - } - - bundle->algorithm = NX_BD_ALG_ACTIVE_BACKUP; - /* Although ACTIVE_BACKUP bundle algorithm seems to ignore - * the next two fields, those are always set */ - bundle->basis = 0; - bundle->fields = NX_HASH_FIELDS_ETH_SRC; - ofpact_finish_BUNDLE(ofpacts_p, &bundle); + put_remote_port_redirect_overlay(binding, is_ha_remote, + ha_ch_ordered, mff_ovn_geneve, + tun, port_key, &match, ofpacts_p, + flow_table); } - ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 100, 0, - &match, ofpacts_p, &binding->header_.uuid); } out: if (ha_ch_ordered) { diff --git a/lib/ovn-util.c b/lib/ovn-util.c index de745d7..91ec3d6 100644 --- a/lib/ovn-util.c +++ b/lib/ovn-util.c @@ -16,6 +16,7 @@ #include "ovn-util.h" #include "dirs.h" #include "openvswitch/vlog.h" +#include "openvswitch/ofp-parse.h" #include "ovn/lib/ovn-nb-idl.h" #include "ovn/lib/ovn-sb-idl.h" @@ -272,6 +273,38 @@ extract_lrp_networks(const struct nbrec_logical_router_port *lrp, return true; } +bool +extract_sbrec_binding_first_mac(const struct sbrec_port_binding *binding, + struct eth_addr *ea) +{ + char *save_ptr = NULL; + bool ret = false; + + if (!binding->n_mac) { + return ret; + } + + char *tokstr = xstrdup(binding->mac[0]); + + for (char *token = strtok_r(tokstr, " ", &save_ptr); + token != NULL; + token = strtok_r(NULL, " ", &save_ptr)) { + + /* Return the first chassis mac. */ + char *err_str = str_to_mac(token, ea); + if (err_str) { + free(err_str); + continue; + } + + ret = true; + break; + } + + free(tokstr); + return ret; +} + void destroy_lport_addresses(struct lport_addresses *laddrs) { diff --git a/lib/ovn-util.h b/lib/ovn-util.h index 6d5e1df..8461db5 100644 --- a/lib/ovn-util.h +++ b/lib/ovn-util.h @@ -21,6 +21,8 @@ struct nbrec_logical_router_port; struct sbrec_logical_flow; struct uuid; +struct eth_addr; +struct sbrec_port_binding; struct ipv4_netaddr { ovs_be32 addr; /* 192.168.10.123 */ @@ -61,6 +63,9 @@ bool extract_lsp_addresses(const char *address, struct lport_addresses *); bool extract_ip_addresses(const char *address, struct lport_addresses *); bool extract_lrp_networks(const struct nbrec_logical_router_port *, struct lport_addresses *); +bool extract_sbrec_binding_first_mac(const struct sbrec_port_binding *binding, + struct eth_addr *ea); + void destroy_lport_addresses(struct lport_addresses *); char *alloc_nat_zone_key(const struct uuid *key, const char *type); diff --git a/ovn-architecture.7.xml b/ovn-architecture.7.xml index c4099f2..366c201 100644 --- a/ovn-architecture.7.xml +++ b/ovn-architecture.7.xml @@ -1614,6 +1614,70 @@ + VLAN based redirection + + As an enhancement to reside-on-redirect-chassis we support + VLAN based redirection as well. By setting options:redirect-type + to vlan to a gateway chassis attached router port, user can + enforce that redirected packet should not use tunnel port but rather use + localnet port of peer logical switch to go out as vlan packet. + + Following happens for a VLAN based redirection: +
    +
  1. + On compute chassis, packet passes though logical router's + ingress pipeline. +
  2. + +
  3. + If logical outport is gateway chassis attached router port + then packet is "redirected" to gateway chassis using peer logical + switch's localnet port. +
  4. + +
  5. + This VLAN backed redirected packet has destination mac + as router port mac (the one to which gateway chassis is attached) and + vlan id is that of localnet port (peer logical switch of + the logical router port). +
  6. + +
  7. + On the gateway chassis packet will enter the logical router pipeline + again and this time it will passthrough egress pipeline as well. +
  8. + +
  9. + Reverse traffic packet flows stays the same. +
  10. +
+ + Some guidelines and expections with VLAN based redirection: +
    +
  1. + Since router port mac is destination mac, hence it has to be ensured + that physical network learns it on ONLY from the gateway chassis. + Which means that ovn-chassis-mac-mappings should be + configure on all the compute nodes, so that physical network + never learn router port mac from compute nodes. +
  2. + +
  3. + Since packet enters logical router ingress pipeline twice + (once on compute chassis and again on gateway chassis), + hence ttl will be decremented twice. +
  4. + +
  5. + Default redirection type continues to be overlay. + User can switch the redirect-type between vlan + and overlay by changing the value of + options:redirect-type +
  6. + +
+ +

Life Cycle of a VTEP gateway

diff --git a/tests/ovn.at b/tests/ovn.at index dc5887f..1e6625f 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -15303,3 +15303,310 @@ as hv4 ovs-appctl fdb/show br-phys OVN_CLEANUP([hv1],[hv2],[hv3],[hv4]) AT_CLEANUP + +AT_SETUP([ovn -- 2 HVs, 2 lports/HV, localnet ports, DVR N-S Ping]) +ovn_start + +# In this test cases we create 3 switches, all connected to same +# physical network (through br-phys on each HV). LS1 and LS2 have +# 1 VIF each. Each HV has 1 VIF port. The first digit +# of VIF port name indicates the hypervisor it is bound to, e.g. +# lp23 means VIF 3 on hv2. +# +# All the switches are connected to a logical router "router". +# +# Each switch's VLAN tag and their logical switch ports are: +# - ls1: +# - tagged with VLAN 101 +# - ports: lp11 +# - ls2: +# - tagged with VLAN 201 +# - ports: lp22 +# - ls-underlay: +# - tagged with VLAN 1000 +# Note: a localnet port is created for each switch to connect to +# physical network. + +for i in 1 2; do + ls_name=ls$i + ovn-nbctl ls-add $ls_name + ln_port_name=ln$i + if test $i -eq 1; then + ovn-nbctl lsp-add $ls_name $ln_port_name "" 101 + elif test $i -eq 2; then + ovn-nbctl lsp-add $ls_name $ln_port_name "" 201 + fi + ovn-nbctl lsp-set-addresses $ln_port_name unknown + ovn-nbctl lsp-set-type $ln_port_name localnet + ovn-nbctl lsp-set-options $ln_port_name network_name=phys +done + +# lsp_to_ls LSP +# +# Prints the name of the logical switch that contains LSP. +lsp_to_ls () { + case $1 in dnl ( + lp?[[11]]) echo ls1 ;; dnl ( + lp?[[12]]) echo ls2 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_hv () { + case $1 in dnl ( + vif[[1]]?) echo hv1 ;; dnl ( + vif[[2]]?) echo hv2 ;; dnl ( + vif?[[north]]?) echo hv4 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +ip_to_hex() { + printf "%02x%02x%02x%02x" "$@" +} + +net_add n1 +for i in 1 2; do + sim_add hv$i + as hv$i + ovs-vsctl add-br br-phys + ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys + ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:$i$i" + ovn_attach n1 br-phys 192.168.0.$i + + ovs-vsctl add-port br-int vif$i$i -- \ + set Interface vif$i$i external-ids:iface-id=lp$i$i \ + options:tx_pcap=hv$i/vif$i$i-tx.pcap \ + options:rxq_pcap=hv$i/vif$i$i-rx.pcap \ + ofport-request=$i$i + + lsp_name=lp$i$i + ls_name=$(lsp_to_ls $lsp_name) + + ovn-nbctl lsp-add $ls_name $lsp_name + ovn-nbctl lsp-set-addresses $lsp_name "f0:00:00:00:00:$i$i 192.168.$i.$i" + ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:$i$i + + OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup]) + +done + +ovn-nbctl ls-add ls-underlay +ovn-nbctl lsp-add ls-underlay ln3 "" 1000 +ovn-nbctl lsp-set-addresses ln3 unknown +ovn-nbctl lsp-set-type ln3 localnet +ovn-nbctl lsp-set-options ln3 network_name=phys + +ovn-nbctl ls-add ls-north +ovn-nbctl lsp-add ls-north ln4 "" 1000 +ovn-nbctl lsp-set-addresses ln4 unknown +ovn-nbctl lsp-set-type ln4 localnet +ovn-nbctl lsp-set-options ln4 network_name=phys + +# Add a VM on ls-north +ovn-nbctl lsp-add ls-north lp-north +ovn-nbctl lsp-set-addresses lp-north "f0:f0:00:00:00:11 172.31.0.10" +ovn-nbctl lsp-set-port-security lp-north f0:f0:00:00:00:11 + +# Add 3rd hypervisor +sim_add hv3 +as hv3 ovs-vsctl add-br br-phys +as hv3 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys +as hv3 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:33" +as hv3 ovn_attach n1 br-phys 192.168.0.3 + +# Add 4th hypervisor +sim_add hv4 +as hv4 ovs-vsctl add-br br-phys +as hv4 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys +as hv4 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:44" +as hv4 ovn_attach n1 br-phys 192.168.0.4 + +as hv4 ovs-vsctl add-port br-int vif-north -- \ + set Interface vif-north external-ids:iface-id=lp-north \ + options:tx_pcap=hv4/vif-north-tx.pcap \ + options:rxq_pcap=hv4/vif-north-rx.pcap \ + ofport-request=44 + +ovn-nbctl lr-add router +ovn-nbctl lrp-add router router-to-ls1 00:00:01:01:02:03 192.168.1.3/24 +ovn-nbctl lrp-add router router-to-ls2 00:00:01:01:02:05 192.168.2.3/24 +ovn-nbctl lrp-add router router-to-underlay 00:00:01:01:02:07 172.31.0.1/24 + +ovn-nbctl lsp-add ls1 ls1-to-router -- set Logical_Switch_Port ls1-to-router type=router \ + options:router-port=router-to-ls1 -- lsp-set-addresses ls1-to-router router +ovn-nbctl lsp-add ls2 ls2-to-router -- set Logical_Switch_Port ls2-to-router type=router \ + options:router-port=router-to-ls2 -- lsp-set-addresses ls2-to-router router +ovn-nbctl lsp-add ls-underlay underlay-to-router -- set Logical_Switch_Port \ + underlay-to-router type=router \ + options:router-port=router-to-underlay \ + -- lsp-set-addresses underlay-to-router router + +ovn-nbctl lrp-set-gateway-chassis router-to-underlay hv3 +ovn-nbctl lrp-set-redirect-type router-to-underlay vlan + +ovn-nbctl --wait=sb sync + +sleep 2 + +OVN_POPULATE_ARP + +# lsp_to_ls LSP +# +# Prints the name of the logical switch that contains LSP. +lsp_to_ls () { + case $1 in dnl ( + lp?[[11]]) echo ls1 ;; dnl ( + lp?[[12]]) echo ls2 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_ls () { + case $1 in dnl ( + vif?[[11]]) echo ls1 ;; dnl ( + vif?[[12]]) echo ls2 ;; dnl ( + vif-north) echo ls-north ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +hv_to_num () { + case $1 in dnl ( + hv1) echo 1 ;; dnl ( + hv2) echo 2 ;; dnl ( + hv3) echo 3 ;; dnl ( + hv4) echo 4 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_num () { + case $1 in dnl ( + vif22) echo 22 ;; dnl ( + vif21) echo 21 ;; dnl ( + vif11) echo 11 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_hv () { + case $1 in dnl ( + vif[[1]]?) echo hv1 ;; dnl ( + vif[[2]]?) echo hv2 ;; dnl ( + vif-north) echo hv4 ;; dnl ( + *) AT_FAIL_IF([:]) ;; + esac +} + +vif_to_lrp () { + echo router-to-`vif_to_ls $1` +} + +ip_to_hex() { + printf "%02x%02x%02x%02x" "$@" +} + + +test_ip() { + # This packet has bad checksums but logical L3 routing doesn't check. + local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 outport=$6 + local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000 + shift; shift; shift; shift; shift + hv=`vif_to_hv $inport` + as $hv ovs-appctl netdev-dummy/receive $inport $packet + in_ls=`vif_to_ls $inport` + for outport; do + out_ls=`vif_to_ls $outport` + if test $in_ls = $out_ls; then + # Ports on the same logical switch receive exactly the same packet. + echo $packet + else + # Routing decrements TTL and updates source and dest MAC + # (and checksum). + out_lrp=`vif_to_lrp $outport` + # For North-South, packet will come via gateway chassis, i.e hv3 + if test $inport = vif-north; then + echo f00000000011aabbccddee3308004500001c000000003f110100${src_ip}${dst_ip}0035111100080000 >> $outport.expected + fi + if test $outport = vif-north; then + echo f0f00000001100000101020708004500001c000000003e110200${src_ip}${dst_ip}0035111100080000 >> $outport.expected + fi + fi >> $outport.expected + done +} + +# Dump a bunch of info helpful for debugging if there's a failure. + +echo "------ OVN dump ------" +ovn-nbctl show +ovn-sbctl show +ovn-sbctl list port_binding +ovn-sbctl list mac_binding + +echo "------ hv1 dump ------" +as hv1 ovs-vsctl show +as hv1 ovs-vsctl list Open_Vswitch + +echo "------ hv2 dump ------" +as hv2 ovs-vsctl show +as hv2 ovs-vsctl list Open_Vswitch + +echo "------ hv3 dump ------" +as hv3 ovs-vsctl show +as hv3 ovs-vsctl list Open_Vswitch + +echo "------ hv4 dump ------" +as hv4 ovs-vsctl show +as hv4 ovs-vsctl list Open_Vswitch + +echo "Send traffic North to South" + +sip=`ip_to_hex 172 31 0 10` +dip=`ip_to_hex 192 168 1 1` +test_ip vif-north f0f000000011 000001010207 $sip $dip vif11 +sleep 1 + +# Confirm that North to south traffic works fine. +OVN_CHECK_PACKETS([hv1/vif11-tx.pcap], [vif11.expected]) + +echo "Send traffic South to Nouth" +sip=`ip_to_hex 192 168 1 1` +dip=`ip_to_hex 172 31 0 10` +test_ip vif11 f00000000011 000001010203 $sip $dip vif-north +sleep 5 + +# Confirm that South to North traffic works fine. +OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv4/vif-north-tx.pcap], [vif-north.expected]) + +# Confirm that packets did not go out via tunnel port. +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=32 | grep NXM_NX_TUN_METADATA0 | grep n_packets=0 | wc -l], [0], [[0 +]]) + +# Confirm that packet went out via localnet port +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=65 | grep priority=150 | grep src=00:00:01:01:02:07 | grep n_packets=1 | wc -l], [0], [[1 +]]) + +echo "----------- Post Traffic hv1 dump -----------" +as hv1 ovs-ofctl dump-flows br-int +as hv1 ovs-ofctl show br-phys +as hv1 ovs-appctl fdb/show br-phys + +echo "----------- Post Traffic hv2 dump -----------" +as hv2 ovs-ofctl dump-flows br-int +as hv2 ovs-ofctl show br-phys +as hv2 ovs-appctl fdb/show br-phys + +echo "----------- Post Traffic hv3 dump -----------" +as hv3 ovs-ofctl dump-flows br-int +as hv3 ovs-ofctl show br-phys +as hv3 ovs-appctl fdb/show br-phys + +echo "----------- Post Traffic hv4 dump -----------" +as hv4 ovs-ofctl dump-flows br-int +as hv4 ovs-ofctl show br-phys +as hv4 ovs-appctl fdb/show br-phys + +OVN_CLEANUP([hv1],[hv2],[hv3],[hv4]) + +AT_CLEANUP