From patchwork Thu Aug 1 23:52:18 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Sharma
X-Patchwork-Id: 1140843
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=nutanix.com
Authentication-Results: ozlabs.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=nutanix.com header.i=@nutanix.com
header.b="OaQDh5tE"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 4606Yc5kr0z9s7T
for ;
Fri, 2 Aug 2019 09:53:08 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 9470A14AD;
Thu, 1 Aug 2019 23:52:23 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 4259D147F
for ; Thu, 1 Aug 2019 23:52:22 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com
[148.163.155.12])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E84F55F4
for ; Thu, 1 Aug 2019 23:52:20 +0000 (UTC)
Received: from pps.filterd (m0127841.ppops.net [127.0.0.1])
by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
x71No1dl009082
for ; Thu, 1 Aug 2019 16:52:20 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com;
h=from : to : cc :
subject : date : message-id : references : in-reply-to : content-type
:
content-transfer-encoding : mime-version; s=proofpoint20171006;
bh=boRBg7PvKKdFxEKAz85xceIBFGiwYTiuz0NZm+PBg3A=;
b=OaQDh5tElIUpcg24wlpNwZui/XMnEv2J2kfOQeaHTg6kaxvXYQC7nZL3sVrSf6JA4Uri
pGTGd1794UQ8ap7yAeXILgNHxYkMw3rit7060b/F5tXjbmBmT5dFhHVJzq4lsWqYysAH
DuE5RgFW0mXAfCVhAwNzGo0Tw4ssWyYx2u4bSSrbL6ML09EWptRqjOl0htgiIxs4IOjL
KxcsP8/OFcALgPKxlC3qWPuEKjG++gkuzkszcHBjWjtSEUOgXV96GWFXF5psN7MN5X5P
/xGL9UQvk/je2l3cNF6F7PTbXRWyyDuRO8VTed6eCLFxQbxPwqPiDfHwp70N7G8azgGn
hg==
Received: from nam02-cy1-obe.outbound.protection.outlook.com
(mail-cys01nam02lp2054.outbound.protection.outlook.com
[104.47.37.54])
by mx0b-002c1b01.pphosted.com with ESMTP id 2u0m58jger-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 01 Aug 2019 16:52:20 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=ALOOAMiT9G9xSQHzQqRdtY9sf8d8WWlCE8PN7Lh5MlunglpvFXyPoIMcbS6eddv3o/Qc96D6mbxqHARiQ6YIxhcHG6PdYaihFjp9Byv7v6E5WpTntPHZMdJGFW9jwTrAXXXbTDsOe+kI7ScapnwLVEZM/eSlMRFqIm+VZUUQamMsKuCGCzFDM69ExyvZLVHgI7CEbD9Rq65VeNp2BwDVTKuAqHNfMc+L+lAX0kO4itcSzk7mTvAF2rBm0AiU95a4y7FKSaTIcdyPBU7NF5Mltu4oYIoXDpJRRVIhnIX7IBScm6KiNl1kihv27rdnSGRPRR+H0CwcJjrvnAaOi7z4EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=boRBg7PvKKdFxEKAz85xceIBFGiwYTiuz0NZm+PBg3A=;
b=k4nFnQT9qLfJBEtevQzwG5+hJ/vk2SmMhNnN1ao97+qVLPQcawTQ3tw2twTHntBUyMwf49S4v+jZ3KvXUH5pGatb5kuUEqvpVmkmD/89lz8d3vG1893USl9qs0I0Q1roGnC2QRADF38oAxmQQ6MyQ1VPbgcegdixGaS5shHgh66eVrbByQnrAunBXGdbBDOPdwj4aRdpRL6vje3Fi3t8cwbtNvG2TzmQChAMbOX9g8IwlVJMD5eEHJXpVaC200uhUpVOX96mY164bzO5B+c+CgKepqBhB4NYp6ezskriCr1eWvq66xvWVrZ3Z4YervqUVUYzjEB142PS2Y+VCkO1kA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass
smtp.mailfrom=nutanix.com;dmarc=pass action=none
header.from=nutanix.com;dkim=pass header.d=nutanix.com;arc=none
Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by
MW2PR02MB3657.namprd02.prod.outlook.com (52.132.177.14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2136.13; Thu, 1 Aug 2019 23:52:18 +0000
Received: from MW2PR02MB3899.namprd02.prod.outlook.com
([fe80::a4e3:ca62:dfc6:1149]) by
MW2PR02MB3899.namprd02.prod.outlook.com
([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2136.010;
Thu, 1 Aug 2019 23:52:18 +0000
From: Ankur Sharma
To: "ovs-dev@openvswitch.org"
Thread-Topic: [PATCH v3 1/4 ovn] OVN: Do not replace router port mac on
gateway chassis.
Thread-Index: AQHVSMQmOGT/YR2M2E2hQC5T5WkDHQ==
Date: Thu, 1 Aug 2019 23:52:18 +0000
Message-ID: <1564703707-21545-2-git-send-email-ankur.sharma@nutanix.com>
References: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com>
In-Reply-To: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: BYAPR06CA0041.namprd06.prod.outlook.com
(2603:10b6:a03:14b::18) To MW2PR02MB3899.namprd02.prod.outlook.com
(2603:10b6:907:4::28)
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: git-send-email 1.8.3.1
x-originating-ip: [192.146.154.1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 37df30e1-9d6e-4ac6-39a2-08d716db493e
x-microsoft-antispam: BCL:0; PCL:0;
RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);
SRVR:MW2PR02MB3657;
x-ms-traffictypediagnostic: MW2PR02MB3657:
x-microsoft-antispam-prvs:
x-proofpoint-crosstenant: true
x-ms-oob-tlc-oobclassifiers: OLM:2399;
x-forefront-prvs: 01165471DB
x-forefront-antispam-report: SFV:NSPM;
SFS:(10019020)(39860400002)(396003)(346002)(366004)(376002)(136003)(199004)(189003)(76176011)(2501003)(6512007)(2351001)(53946003)(25786009)(5640700003)(36756003)(8676002)(7736002)(316002)(6506007)(14444005)(6436002)(8936002)(53936002)(71200400001)(305945005)(102836004)(66946007)(2906002)(256004)(5024004)(81156014)(81166006)(6486002)(3846002)(386003)(26005)(86362001)(50226002)(68736007)(2616005)(6916009)(14454004)(30864003)(478600001)(66574012)(5660300002)(486006)(66476007)(66556008)(64756008)(66446008)(66066001)(52116002)(107886003)(4720700003)(186003)(446003)(4326008)(44832011)(6116002)(99286004)(11346002)(71190400001)(476003)(64030200001);
DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3657;
H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None;
LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nutanix.com does not designate
permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info:
Top5lVl5mdGiPXve4UQsq0DvDbIaxmTVl77kAgVcdt1EVZLQDH5B494ZIpp9UW7GZughazI1RN8jE6CjKg8+19AN4eZqhVj9MIf2kFhEJB11I1TjDSMnNMOfoNMgOth6HqUrlo42ne0DEKSjM1cIG6JhWUBc+jwmXodPCFX5XDfNmSDXa2RWXZ/8jpnOf7OAurKOtIZkKlM7UXQb3Or3v5/QxcmmzwIFtrgZi42cw9MDvKNcUohcLK58/lzGRxerKK5URiQ5INRXr9UvWX1OYQkqRjKzcfTWF46/tCJrM+3XKZCgDhFd7/h0Hxq8EYWwfzBPqACT/+FJ00aRVTjht8KhXlWKTPn8BpHLTXX6vlGeREyNB9oIz6fY/jeA6bn5xLG6Mh4o1fNukq0fLzpTQm6/Wr0iVGcOCKmsugIeaPE=
MIME-Version: 1.0
X-OriginatorOrg: nutanix.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
37df30e1-9d6e-4ac6-39a2-08d716db493e
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2019 23:52:18.0766
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ankur.sharma@nutanix.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3657
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8
definitions=2019-08-01_10:2019-07-31,2019-08-01 signatures=0
X-Proofpoint-Spam-Reason: safe
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v3 1/4 ovn] OVN: Do not replace router port mac on
gateway chassis.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
With 795d7f24ce0e2ed5454e193a059451d237289542 we have added
support for E-W routing on vlan backed networks by replacing
router port macs with chassis macs.
This replacement of router port mac need NOT be done on
gateway chassis for following reasons:
a. For N-S traffic, gateway chassis will respond to ARP
for the router port (to which it is attached) and
traffic will be using router port mac as destination mac.
b. Chassis redirect port is a centralized version of distributed
router port, hence we need not replace its mac with chassis mac
on the resident chassis.
This patch addresses the same.
Signed-off-by: Ankur Sharma
---
controller/physical.c | 19 ++-
controller/pinctrl.c | 37 +++---
controller/pinctrl.h | 5 +
tests/ovn.at | 313 ++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 354 insertions(+), 20 deletions(-)
diff --git a/controller/physical.c b/controller/physical.c
index 5c2f74e..aa06b3f 100644
--- a/controller/physical.c
+++ b/controller/physical.c
@@ -38,6 +38,7 @@
#include "lib/ovn-sb-idl.h"
#include "lib/ovn-util.h"
#include "physical.h"
+#include "pinctrl.h"
#include "openvswitch/shash.h"
#include "simap.h"
#include "smap.h"
@@ -228,9 +229,12 @@ get_zone_ids(const struct sbrec_port_binding *binding,
}
static void
-put_replace_router_port_mac_flows(const struct
+put_replace_router_port_mac_flows(struct ovsdb_idl_index
+ *sbrec_port_binding_by_name,
+ const struct
sbrec_port_binding *localnet_port,
const struct sbrec_chassis *chassis,
+ const struct sset *active_tunnels,
const struct hmap *local_datapaths,
struct ofpbuf *ofpacts_p,
ofp_port_t ofport,
@@ -270,6 +274,16 @@ put_replace_router_port_mac_flows(const struct
struct eth_addr router_port_mac;
struct match match;
struct ofpact_mac *replace_mac;
+ char *cr_peer_name = xasprintf("cr-%s", rport_binding->logical_port);
+ if (pinctrl_is_chassis_resident(sbrec_port_binding_by_name,
+ chassis, active_tunnels,
+ cr_peer_name)) {
+ /* If a router port's chassisredirect port is
+ * resident on this chassis, then we need not do mac replace. */
+ free(cr_peer_name);
+ continue;
+ }
+ free(cr_peer_name);
/* Table 65, priority 150.
* =======================
@@ -787,7 +801,8 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name,
&match, ofpacts_p, &binding->header_.uuid);
if (!strcmp(binding->type, "localnet")) {
- put_replace_router_port_mac_flows(binding, chassis,
+ put_replace_router_port_mac_flows(sbrec_port_binding_by_name,
+ binding, chassis, active_tunnels,
local_datapaths, ofpacts_p,
ofport, flow_table);
}
diff --git a/controller/pinctrl.c b/controller/pinctrl.c
index f05579f..d0b2e27 100644
--- a/controller/pinctrl.c
+++ b/controller/pinctrl.c
@@ -455,6 +455,25 @@ pinctrl_init(void)
&pinctrl);
}
+bool
+pinctrl_is_chassis_resident(struct ovsdb_idl_index *sbrec_port_binding_by_name,
+ const struct sbrec_chassis *chassis,
+ const struct sset *active_tunnels,
+ const char *port_name)
+{
+ const struct sbrec_port_binding *pb
+ = lport_lookup_by_name(sbrec_port_binding_by_name, port_name);
+ if (!pb || !pb->chassis) {
+ return false;
+ }
+ if (strcmp(pb->type, "chassisredirect")) {
+ return pb->chassis == chassis;
+ } else {
+ return ha_chassis_group_is_active(pb->ha_chassis_group,
+ active_tunnels, chassis);
+ }
+}
+
static ovs_be32
queue_msg(struct rconn *swconn, struct ofpbuf *msg)
{
@@ -3755,24 +3774,6 @@ get_localnet_vifs_l3gwports(
sbrec_port_binding_index_destroy_row(target);
}
-static bool
-pinctrl_is_chassis_resident(struct ovsdb_idl_index *sbrec_port_binding_by_name,
- const struct sbrec_chassis *chassis,
- const struct sset *active_tunnels,
- const char *port_name)
-{
- const struct sbrec_port_binding *pb
- = lport_lookup_by_name(sbrec_port_binding_by_name, port_name);
- if (!pb || !pb->chassis) {
- return false;
- }
- if (strcmp(pb->type, "chassisredirect")) {
- return pb->chassis == chassis;
- } else {
- return ha_chassis_group_is_active(pb->ha_chassis_group,
- active_tunnels, chassis);
- }
-}
/* Extracts the mac, IPv4 and IPv6 addresses, and logical port from
* 'addresses' which should be of the format 'MAC [IP1 IP2 ..]
diff --git a/controller/pinctrl.h b/controller/pinctrl.h
index 80da28d..0fa9ba3 100644
--- a/controller/pinctrl.h
+++ b/controller/pinctrl.h
@@ -47,5 +47,10 @@ void pinctrl_run(struct ovsdb_idl_txn *ovnsb_idl_txn,
const struct sset *active_tunnels);
void pinctrl_wait(struct ovsdb_idl_txn *ovnsb_idl_txn);
void pinctrl_destroy(void);
+bool
+pinctrl_is_chassis_resident(struct ovsdb_idl_index *sbrec_port_binding_by_name,
+ const struct sbrec_chassis *chassis,
+ const struct sset *active_tunnels,
+ const char *port_name);
#endif /* controller/pinctrl.h */
diff --git a/tests/ovn.at b/tests/ovn.at
index e88cffa..dc5887f 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -29,6 +29,12 @@ m4_define([OVN_CHECK_PACKETS],
[ovn_check_packets__ "$1" "$2"
AT_CHECK([sort $rcv_text], [0], [expout])])
+m4_define([OVN_CHECK_PACKETS_REMOVE_BROADCAST],
+ [ovn_check_packets__ "$1" "$2"
+ echo "received_text=$rcv_text"
+ sed -i '/ffffffffffff/d' $rcv_text
+ AT_CHECK([sort $rcv_text], [0], [expout])])
+
AT_BANNER([OVN components])
AT_SETUP([ovn -- lexer])
@@ -14990,3 +14996,310 @@ OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected])
OVN_CLEANUP([hv1], [hv2])
AT_CLEANUP
+
+
+AT_SETUP([ovn -- 2 HVs, 2 lports/HV, localnet ports, DVR N-S ARP handling])
+ovn_start
+
+# In this test cases we create 3 switches, all connected to same
+# physical network (through br-phys on each HV). LS1 and LS2 have
+# 1 VIF each. Each HV has 1 VIF port. The first digit
+# of VIF port name indicates the hypervisor it is bound to, e.g.
+# lp23 means VIF 3 on hv2.
+#
+# All the switches are connected to a logical router "router".
+#
+# Each switch's VLAN tag and their logical switch ports are:
+# - ls1:
+# - tagged with VLAN 101
+# - ports: lp11
+# - ls2:
+# - tagged with VLAN 201
+# - ports: lp22
+# - ls-underlay:
+# - tagged with VLAN 1000
+# Note: a localnet port is created for each switch to connect to
+# physical network.
+
+for i in 1 2; do
+ ls_name=ls$i
+ ovn-nbctl ls-add $ls_name
+ ln_port_name=ln$i
+ if test $i -eq 1; then
+ ovn-nbctl lsp-add $ls_name $ln_port_name "" 101
+ elif test $i -eq 2; then
+ ovn-nbctl lsp-add $ls_name $ln_port_name "" 201
+ fi
+ ovn-nbctl lsp-set-addresses $ln_port_name unknown
+ ovn-nbctl lsp-set-type $ln_port_name localnet
+ ovn-nbctl lsp-set-options $ln_port_name network_name=phys
+done
+
+# lsp_to_ls LSP
+#
+# Prints the name of the logical switch that contains LSP.
+lsp_to_ls () {
+ case $1 in dnl (
+ lp?[[11]]) echo ls1 ;; dnl (
+ lp?[[12]]) echo ls2 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_hv () {
+ case $1 in dnl (
+ vif[[1]]?) echo hv1 ;; dnl (
+ vif[[2]]?) echo hv2 ;; dnl (
+ vif?[[north]]?) echo hv4 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+ip_to_hex() {
+ printf "%02x%02x%02x%02x" "$@"
+}
+
+net_add n1
+for i in 1 2; do
+ sim_add hv$i
+ as hv$i
+ ovs-vsctl add-br br-phys
+ ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
+ ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:$i$i"
+ ovn_attach n1 br-phys 192.168.0.$i
+
+ ovs-vsctl add-port br-int vif$i$i -- \
+ set Interface vif$i$i external-ids:iface-id=lp$i$i \
+ options:tx_pcap=hv$i/vif$i$i-tx.pcap \
+ options:rxq_pcap=hv$i/vif$i$i-rx.pcap \
+ ofport-request=$i$i
+
+ lsp_name=lp$i$i
+ ls_name=$(lsp_to_ls $lsp_name)
+
+ ovn-nbctl lsp-add $ls_name $lsp_name
+ ovn-nbctl lsp-set-addresses $lsp_name "f0:00:00:00:00:$i$i 192.168.$i.$i"
+ ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:$i$i
+
+ OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup])
+
+done
+
+ovn-nbctl ls-add ls-underlay
+ovn-nbctl lsp-add ls-underlay ln3 "" 1000
+ovn-nbctl lsp-set-addresses ln3 unknown
+ovn-nbctl lsp-set-type ln3 localnet
+ovn-nbctl lsp-set-options ln3 network_name=phys
+
+ovn-nbctl ls-add ls-north
+ovn-nbctl lsp-add ls-north ln4 "" 1000
+ovn-nbctl lsp-set-addresses ln4 unknown
+ovn-nbctl lsp-set-type ln4 localnet
+ovn-nbctl lsp-set-options ln4 network_name=phys
+
+# Add a VM on ls-north
+ovn-nbctl lsp-add ls-north lp-north
+ovn-nbctl lsp-set-addresses lp-north "f0:f0:00:00:00:11 172.31.0.10"
+ovn-nbctl lsp-set-port-security lp-north f0:f0:00:00:00:11
+
+# Add 3rd hypervisor
+sim_add hv3
+as hv3 ovs-vsctl add-br br-phys
+as hv3 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
+as hv3 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:33"
+as hv3 ovn_attach n1 br-phys 192.168.0.3
+
+# Add 4th hypervisor
+sim_add hv4
+as hv4 ovs-vsctl add-br br-phys
+as hv4 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
+as hv4 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:44"
+as hv4 ovn_attach n1 br-phys 192.168.0.4
+
+as hv4 ovs-vsctl add-port br-int vif-north -- \
+ set Interface vif-north external-ids:iface-id=lp-north \
+ options:tx_pcap=hv4/vif-north-tx.pcap \
+ options:rxq_pcap=hv4/vif-north-rx.pcap \
+ ofport-request=44
+
+ovn-nbctl lr-add router
+ovn-nbctl lrp-add router router-to-ls1 00:00:01:01:02:03 192.168.1.3/24
+ovn-nbctl lrp-add router router-to-ls2 00:00:01:01:02:05 192.168.2.3/24
+ovn-nbctl lrp-add router router-to-underlay 00:00:01:01:02:07 172.31.0.1/24
+
+ovn-nbctl lsp-add ls1 ls1-to-router -- set Logical_Switch_Port ls1-to-router type=router \
+ options:router-port=router-to-ls1 -- lsp-set-addresses ls1-to-router router
+ovn-nbctl lsp-add ls2 ls2-to-router -- set Logical_Switch_Port ls2-to-router type=router \
+ options:router-port=router-to-ls2 -- lsp-set-addresses ls2-to-router router
+ovn-nbctl lsp-add ls-underlay underlay-to-router -- set Logical_Switch_Port \
+ underlay-to-router type=router \
+ options:router-port=router-to-underlay \
+ -- lsp-set-addresses underlay-to-router router
+
+
+OVN_POPULATE_ARP
+
+# lsp_to_ls LSP
+#
+# Prints the name of the logical switch that contains LSP.
+lsp_to_ls () {
+ case $1 in dnl (
+ lp?[[11]]) echo ls1 ;; dnl (
+ lp?[[12]]) echo ls2 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_ls () {
+ case $1 in dnl (
+ vif?[[11]]) echo ls1 ;; dnl (
+ vif?[[12]]) echo ls2 ;; dnl (
+ vif-north) echo ls-north ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+hv_to_num () {
+ case $1 in dnl (
+ hv1) echo 1 ;; dnl (
+ hv2) echo 2 ;; dnl (
+ hv3) echo 3 ;; dnl (
+ hv4) echo 4 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_num () {
+ case $1 in dnl (
+ vif22) echo 22 ;; dnl (
+ vif21) echo 21 ;; dnl (
+ vif11) echo 11 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_hv () {
+ case $1 in dnl (
+ vif[[1]]?) echo hv1 ;; dnl (
+ vif[[2]]?) echo hv2 ;; dnl (
+ vif-north) echo hv4 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_lrp () {
+ echo router-to-`vif_to_ls $1`
+}
+
+ip_to_hex() {
+ printf "%02x%02x%02x%02x" "$@"
+}
+
+# Dump a bunch of info helpful for debugging if there's a failure.
+
+echo "------ OVN dump ------"
+ovn-nbctl show
+ovn-sbctl show
+ovn-sbctl list port_binding
+ovn-sbctl list mac_binding
+
+echo "------ hv1 dump ------"
+as hv1 ovs-vsctl show
+as hv1 ovs-vsctl list Open_Vswitch
+
+echo "------ hv2 dump ------"
+as hv2 ovs-vsctl show
+as hv2 ovs-vsctl list Open_Vswitch
+
+echo "------ hv3 dump ------"
+as hv3 ovs-vsctl show
+as hv3 ovs-vsctl list Open_Vswitch
+
+echo "------ hv4 dump ------"
+as hv4 ovs-vsctl show
+as hv4 ovs-vsctl list Open_Vswitch
+
+# test_arp INPORT SHA SPA TPA [REPLY_HA]
+#
+# Causes a packet to be received on INPORT. The packet is an ARP
+# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
+# it should be the hardware address of the target to expect to receive in an
+# ARP reply; otherwise no reply is expected.
+#
+# INPORT is an logical switch port number, e.g. 11 for vif11.
+# SHA and REPLY_HA are each 12 hex digits.
+# SPA and TPA are each 8 hex digits.
+test_arp() {
+ local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
+ local request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
+ hv=`vif_to_hv $inport`
+ as $hv ovs-appctl netdev-dummy/receive $inport $request
+
+ if test X$reply_ha = X; then
+ # Expect to receive the broadcast ARP on the other logical switch ports
+ # if no reply is expected.
+ local i j
+ for i in 1 2 3; do
+ for j in 1 2 3; do
+ if test $i$j != $inport; then
+ echo $request >> $i$j.expected
+ fi
+ done
+ done
+ else
+ # Expect to receive the reply, if any.
+ local reply=${sha}${reply_ha}08060001080006040002${reply_ha}${tpa}${sha}${spa}
+ local reply_vid=${sha}${reply_ha}810003e808060001080006040002${reply_ha}${tpa}${sha}${spa}
+ echo $reply_vid >> ${inport}_vid.expected
+ echo $reply >> $inport.expected
+ fi
+}
+
+sip=`ip_to_hex 172 31 0 10`
+tip=`ip_to_hex 172 31 0 1`
+
+# Set a hypervisor as gateway chassis, for router port 172.31.0.1
+ovn-nbctl lrp-set-gateway-chassis router-to-underlay hv3
+ovn-nbctl --wait=sb sync
+sleep 2
+
+test_arp vif-north f0f000000011 $sip $tip 000001010207
+
+sleep 1
+
+# Confirm that vif-north gets a single ARP reply
+OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv4/vif-north-tx.pcap], [vif-north.expected])
+
+# Confirm that only redirect chassis allowed arp resolution.
+OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv3/br-phys_n1-tx.pcap], [vif-north_vid.expected])
+AT_CHECK([grep 000001010207 hv3/br-phys_n1-tx.packets | wc -l], [0], [[1
+]])
+
+# Confirm that other OVN chassis did not generate ARP reply.
+$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/br-phys_n1-tx.pcap > hv1/br-phys_n1-tx.packets
+$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv2/br-phys_n1-tx.pcap > hv2/br-phys_n1-tx.packets
+
+AT_CHECK([grep 000001010207 hv1/br-phys_n1-tx.packets | wc -l], [0], [[0
+]])
+AT_CHECK([grep 000001010207 hv2/br-phys_n1-tx.packets | wc -l], [0], [[0
+]])
+
+echo "----------- Post Traffic hv1 dump -----------"
+as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
+as hv1 ovs-appctl fdb/show br-phys
+
+echo "----------- Post Traffic hv2 dump -----------"
+as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
+as hv2 ovs-appctl fdb/show br-phys
+
+echo "----------- Post Traffic hv3 dump -----------"
+as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-int
+as hv3 ovs-appctl fdb/show br-phys
+
+echo "----------- Post Traffic hv4 dump -----------"
+as hv4 ovs-ofctl -O OpenFlow13 dump-flows br-int
+as hv4 ovs-appctl fdb/show br-phys
+
+OVN_CLEANUP([hv1],[hv2],[hv3],[hv4])
+
+AT_CLEANUP
From patchwork Thu Aug 1 23:52:19 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Sharma
X-Patchwork-Id: 1140844
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=nutanix.com
Authentication-Results: ozlabs.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=nutanix.com header.i=@nutanix.com
header.b="pDr0riiC"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 4606ZN6pHtz9s7T
for ;
Fri, 2 Aug 2019 09:53:48 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 8571514A3;
Thu, 1 Aug 2019 23:52:24 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 6746C149F
for ; Thu, 1 Aug 2019 23:52:22 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com
[148.163.155.12])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3BE6282B
for ; Thu, 1 Aug 2019 23:52:21 +0000 (UTC)
Received: from pps.filterd (m0127841.ppops.net [127.0.0.1])
by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
x71No1dm009082
for ; Thu, 1 Aug 2019 16:52:20 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com;
h=from : to : cc :
subject : date : message-id : references : in-reply-to : content-type
:
content-transfer-encoding : mime-version; s=proofpoint20171006;
bh=FCbtyCruEQiqy6y6lADybDNn/r9zjuWBVJYJ8Vf8lgM=;
b=pDr0riiCJc5mcI5KOTcPKDm3JpEZdESKs90tSEqfXBJFpijAY7yDrpByugGVXXU1tfh/
/Y4Wf/zp8x+xb/a98JnflmCRZ8uFMLVg3UVxgmqEjfwJ0YsIoi6ZBvduRJIKM10OCOc7
WLDqDcSyysxTnF24Jk7X/L8/j7esOO5nEXoh05bziquR891hDIq8DVeSQ4kOk4SeUZVb
xoLyK1Erx4NgW4VGYHe/d/YMEB9aY8SvRhgBGbcvbYF073g5pmnWCNvPQ4S1vKyG5Ske
JrnacHdADArJ8BnQGhIgyN3yXJERfqDnM2z/YPM/lXf2oWMLrp2IdWg9p0j52qbBaOLM
Vg==
Received: from nam02-cy1-obe.outbound.protection.outlook.com
(mail-cys01nam02lp2054.outbound.protection.outlook.com
[104.47.37.54])
by mx0b-002c1b01.pphosted.com with ESMTP id 2u0m58jger-2
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 01 Aug 2019 16:52:20 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=BqAd9cDb6nvpDwf1Y1HkcFtS2hvObpOdXcP+9AQSi4mb0q+i5BtTNu5WQLWdB6P+fDg/SCVyLVwEWTQo+65HChjlZWeyV7if9yjyiP2l65fT1mk84VZrH7o+kvK0scJeZKzNntHY2mfPXQdZ1aQbH7NJtPM8j14FWav5FxUwFxSbu49MBLYRZVx/dL4Ju9HQ/BCLO84708Led1KWsPgPl9bbbKrRyg483NGNxrqtOqY6rvVoxrw9Zfw5MJdGYAPTVBrokgxHIUpTa+jjWmpQWDu/k0F16yxFSQsWgSzr5i0ltjfS66cczB/uQj8wcCwrggjkFahNmefNZcPZOq5jCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=FCbtyCruEQiqy6y6lADybDNn/r9zjuWBVJYJ8Vf8lgM=;
b=B8GB/yWOfQ0LiU6kxWajEUJxfAgw3SM4uay/95Ytb2uaZr4Dg60idHgWBHDy0K/HqxXAYSL1hXh7V5APrvJDRoalscFAaTvIUtPVm74X7hV7sZ0GcmU9okaJyk6Pua826wcHOeOgwQZpzrsKVfQxQLCes18dg/Qq5pve3NRfFTWczIbTSqXGw3jSp+z1S1YiFZwIMrLsE3Hghu3M75bZHLAbyRmD6PRGDiWpa+eIPo/EgiGEO/y6K9SYzylHWaGDcjp6BhyW/hPI3YkHGp2GnJ7qA4du28ZKCCsq6RUOy4RLGWQLMvO++NkUBwKXYnra+2qtWmcO+ibov1LdrsTPRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass
smtp.mailfrom=nutanix.com;dmarc=pass action=none
header.from=nutanix.com;dkim=pass header.d=nutanix.com;arc=none
Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by
MW2PR02MB3657.namprd02.prod.outlook.com (52.132.177.14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2136.13; Thu, 1 Aug 2019 23:52:19 +0000
Received: from MW2PR02MB3899.namprd02.prod.outlook.com
([fe80::a4e3:ca62:dfc6:1149]) by
MW2PR02MB3899.namprd02.prod.outlook.com
([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2136.010;
Thu, 1 Aug 2019 23:52:19 +0000
From: Ankur Sharma
To: "ovs-dev@openvswitch.org"
Thread-Topic: [PATCH v3 2/4 ovn] OVN: Vlan backed DVR N-S,
redirect-type option
Thread-Index: AQHVSMQnqu9EINNGLEiAaybIybs+4g==
Date: Thu, 1 Aug 2019 23:52:19 +0000
Message-ID: <1564703707-21545-3-git-send-email-ankur.sharma@nutanix.com>
References: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com>
In-Reply-To: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: BYAPR06CA0041.namprd06.prod.outlook.com
(2603:10b6:a03:14b::18) To MW2PR02MB3899.namprd02.prod.outlook.com
(2603:10b6:907:4::28)
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: git-send-email 1.8.3.1
x-originating-ip: [192.146.154.1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8ba7a864-7cbc-49ce-aa92-08d716db49f7
x-microsoft-antispam: BCL:0; PCL:0;
RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);
SRVR:MW2PR02MB3657;
x-ms-traffictypediagnostic: MW2PR02MB3657:
x-microsoft-antispam-prvs:
x-proofpoint-crosstenant: true
x-ms-oob-tlc-oobclassifiers: OLM:1002;
x-forefront-prvs: 01165471DB
x-forefront-antispam-report: SFV:NSPM;
SFS:(10019020)(39860400002)(396003)(346002)(366004)(376002)(136003)(199004)(189003)(76176011)(2501003)(6512007)(2351001)(25786009)(5640700003)(36756003)(8676002)(7736002)(316002)(6506007)(14444005)(6436002)(8936002)(53936002)(71200400001)(305945005)(102836004)(66946007)(2906002)(256004)(5024004)(81156014)(81166006)(6486002)(3846002)(386003)(26005)(86362001)(50226002)(68736007)(2616005)(6916009)(14454004)(478600001)(66574012)(5660300002)(486006)(66476007)(66556008)(64756008)(66446008)(66066001)(52116002)(107886003)(4720700003)(186003)(446003)(4326008)(44832011)(6116002)(99286004)(11346002)(71190400001)(476003)(64030200001);
DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3657;
H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None;
LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nutanix.com does not designate
permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info:
PzkMjYwf0C/VkJGxtzIcA+LiaGHzDq4YelXf/mwcC1h+tV5h9vbYy6yTplQ6iGI683ajZ4sna3IJjmsbLRn57pYAP3yEQA3+gAtdygN6yPpwSX7Gwxpxv3S+9KKQPxxaNvOx29mS7QL6LGSS2Ev1z54lQWj+dhumKKm5yA6mt7sDMFliSsFyksIpqvssucU/gwb7H2640dijWByx9JKWcFj/Uc7lv0TfD2y+PW21fjcvjLmPoOoFxSoxnQN9KwJL4zMaHxEUEic3lBEEFubkte2ofhCXQ/rHumsYlZdoTJANw9ZFV0etHOyZhZFqlvkRzzH7GF+L6uoNzsD1P8fUvUI9eZH5lm9J5eElgISONdsSE+mays/andg7F3hL3OTi75NUwTOGUC5AQV8POFgrqfbCAzB7bJSa7W2d+vNysRM=
MIME-Version: 1.0
X-OriginatorOrg: nutanix.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
8ba7a864-7cbc-49ce-aa92-08d716db49f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2019 23:52:19.2890
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ankur.sharma@nutanix.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3657
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8
definitions=2019-08-01_10:2019-07-31,2019-08-01 signatures=0
X-Proofpoint-Spam-Reason: safe
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v3 2/4 ovn] OVN: Vlan backed DVR N-S,
redirect-type option
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Background:
With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added
support for E-W workflow for vlan backed DVRs.
This series enables N-S workflow for vlan backed DVRs.
Key difference between E-W and N-S traffic flow is that
N-S flow requires a gateway chassis. A gateway chassis
will be respondible for following:
a. Doing Network Address Translation (NAT).
b. Becoming entry and exit point for North->South
and South->North traffic respectively.
OVN by default always uses overlay encapsulation to redirect
the packet to gateway chassis. This series will enable
the redirection to gateway chassis in the absence of encapsulation.
This patch:
a. Add a new key-value in options of a router port.
b. This new config key will be used by ovn-controller
to determine if a redirected packet will go out of
tunnel port or localnet port.
c. key is "redirect-type" and it takes "overlay" and
"vlan" as values.
d. Added ovn-nbctl command to set and get redirect-type
option on a router port.
e. This new configuration is added because vlan or overlay
based forwarding is considered to be a logical switch property,
hence for a router configuration has to be done at the router port
level.
Signed-off-by: Ankur Sharma
---
northd/ovn-northd.c | 6 ++++++
ovn-nb.xml | 43 ++++++++++++++++++++++++++++++++++++++
tests/ovn-nbctl.at | 25 ++++++++++++++++++++++
tests/ovn-northd.at | 31 +++++++++++++++++++++++++++
utilities/ovn-nbctl.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 163 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index cd776fa..7c0fd6c 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -2445,6 +2445,9 @@ ovn_port_update_sbrec(struct northd_context *ctx,
if (op->derived) {
const char *redirect_chassis = smap_get(&op->nbrp->options,
"redirect-chassis");
+ const char *redirect_type = smap_get(&op->nbrp->options,
+ "redirect-type");
+
int n_gw_options_set = 0;
if (op->nbrp->ha_chassis_group) {
n_gw_options_set++;
@@ -2537,6 +2540,9 @@ ovn_port_update_sbrec(struct northd_context *ctx,
sbrec_port_binding_set_gateway_chassis(op->sb, NULL, 0);
}
smap_add(&new, "distributed-port", op->nbrp->name);
+ if (redirect_type) {
+ smap_add(&new, "redirect-type", redirect_type);
+ }
} else {
if (op->peer) {
smap_add(&new, "peer", op->peer->key);
diff --git a/ovn-nb.xml b/ovn-nb.xml
index f5f10a5..971017b 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -1947,6 +1947,49 @@
issues.
+
+
+
+ This options dictates if a packet redirected to
+ gateway chassis
will be overlay encapsulated
+ or go as a regular vlan packet.
+
+
+
+ Option takes following values
+
+
+
+ -
+ OVERLAY
+
+
+ -
+ VLAN
+
+
+
+
+ OVERLAY option will ensure that redirected packet goes out as
+ encapsulation via the tunnel port.
+
+
+
+ VLAN option will ensure that redirected packet goes out as vlan
+ tagged via the localnet port.
+
+
+
+ OVERLAY is the default redirection type.
+
+
+
+ Option is applicable only to gateway chassis attached logical
+ router ports.
+
+
+
+
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index a19e33f..11a3273 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -1220,6 +1220,31 @@ lrp0-chassis1 1
dnl ---------------------------------------------------------------------
+OVN_NBCTL_TEST([ovn_nbctl_redirect_type], [logical router port redirect type], [
+AT_CHECK([ovn-nbctl lr-add lr0])
+AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24])
+AT_CHECK([ovn-nbctl lrp-get-redirect-type lrp0], [0], [dnl
+overlay
+])
+AT_CHECK([ovn-nbctl lrp-set-redirect-type lp0 vlan], [1], [],
+[ovn-nbctl: lp0: port name not found
+])
+AT_CHECK([ovn-nbctl lrp-set-redirect-type lrp0 vlan], [0], [])
+AT_CHECK([ovn-nbctl lrp-get-redirect-type lrp0], [0], [dnl
+vlan
+])
+AT_CHECK([ovn-nbctl lrp-set-redirect-type lrp0 overlay], [0], [])
+AT_CHECK([ovn-nbctl lrp-get-redirect-type lrp0], [0], [dnl
+overlay
+])
+AT_CHECK([ovn-nbctl lrp-set-redirect-type lrp0 abcd], [1], [],
+[ovn-nbctl: Invalid redirect type: abcd
+])
+
+])
+
+dnl ---------------------------------------------------------------------
+
OVN_NBCTL_TEST([ovn_nbctl_lrp_enable], [logical router port enable and disable], [
AT_CHECK([ovn-nbctl lr-add lr0])
AT_CHECK([ovn-nbctl lrp-add lr0 lrp0 00:00:00:01:02:03 192.168.1.1/24])
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index 0dea04e..8718130 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -936,3 +936,34 @@ OVS_WAIT_UNTIL([
test 0 = $?])
AT_CLEANUP
+
+AT_SETUP([ovn -- check Redirect Chassis propagation from NB to SB])
+AT_SKIP_IF([test $HAVE_PYTHON = no])
+ovn_start
+
+ovn-sbctl chassis-add gw1 geneve 127.0.0.1
+
+ovn-nbctl lr-add R1
+ovn-nbctl lrp-add R1 R1-S1 02:ac:10:01:00:01 172.16.1.1/24
+
+ovn-nbctl ls-add S1
+ovn-nbctl lsp-add S1 S1-R1
+ovn-nbctl lsp-set-type S1-R1 router
+ovn-nbctl lsp-set-addresses S1-R1 router
+ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1
+
+ovn-nbctl lrp-set-gateway-chassis R1-S1 gw1
+
+uuid=`ovn-sbctl --columns=_uuid --bare find Port_Binding logical_port=cr-R1-S1`
+echo "CR-LRP UUID is: " $uuid
+
+ovn-nbctl lrp-set-redirect-type R1-S1 vlan
+AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:redirect-type], [0], [vlan
+])
+
+ovn-nbctl lrp-set-redirect-type R1-S1 overlay
+AT_CHECK([ovn-sbctl get Port_Binding ${uuid} options:redirect-type], [0], [overlay
+])
+
+
+AT_CLEANUP
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index ad999dd..991bee5 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -661,6 +661,14 @@ Logical router port commands:\n\
('enabled' or 'disabled')\n\
lrp-get-enabled PORT get administrative state PORT\n\
('enabled' or 'disabled')\n\
+ lrp-set-redirect-type PORT TYPE\n\
+ set whether redirected packet to gateway chassis\n\
+ of PORT will be encapsulated or not\n\
+ ('overlay' or 'vlan')\n\
+ lrp-get-redirect-type PORT\n\
+ get whether redirected packet to gateway chassis\n\
+ of PORT will be encapsulated or not\n\
+ ('overlay' or 'vlan')\n\
\n\
Route commands:\n\
[--policy=POLICY] lr-route-add ROUTER PREFIX NEXTHOP [PORT]\n\
@@ -4591,6 +4599,52 @@ nbctl_lrp_get_enabled(struct ctl_context *ctx)
!lrp->enabled ||
*lrp->enabled ? "enabled" : "disabled");
}
+
+/* Set the logical router port redirect type. */
+static void
+nbctl_lrp_set_redirect_type(struct ctl_context *ctx)
+{
+ const char *id = ctx->argv[1];
+ const char *type = ctx->argv[2];
+ const struct nbrec_logical_router_port *lrp = NULL;
+ struct smap lrp_options;
+
+ char *error = lrp_by_name_or_uuid(ctx, id, true, &lrp);
+ if (error) {
+ ctx->error = error;
+ return;
+ }
+
+ if (strcasecmp(type, "vlan") && strcasecmp(type, "overlay")) {
+ error = xasprintf("Invalid redirect type: %s", type);
+ ctx->error = error;
+ return;
+ }
+
+ smap_init(&lrp_options);
+ smap_add(&lrp_options, "redirect-type", type);
+
+ nbrec_logical_router_port_set_options(lrp, &lrp_options);
+ smap_destroy(&lrp_options);
+}
+
+static void
+nbctl_lrp_get_redirect_type(struct ctl_context *ctx)
+{
+ const char *id = ctx->argv[1];
+ const struct nbrec_logical_router_port *lrp = NULL;
+
+ char *error = lrp_by_name_or_uuid(ctx, id, true, &lrp);
+ if (error) {
+ ctx->error = error;
+ return;
+ }
+
+ const char *redirect_type = smap_get(&lrp->options, "redirect-type");
+ ds_put_format(&ctx->output, "%s\n",
+ !redirect_type ? "overlay": redirect_type);
+}
+
struct ipv4_route {
int priority;
@@ -5598,6 +5652,10 @@ static const struct ctl_command_syntax nbctl_commands[] = {
NULL, "", RW },
{ "lrp-get-enabled", 1, 1, "PORT", NULL, nbctl_lrp_get_enabled,
NULL, "", RO },
+ { "lrp-set-redirect-type", 2, 2, "PORT TYPE", NULL,
+ nbctl_lrp_set_redirect_type, NULL, "", RW },
+ { "lrp-get-redirect-type", 1, 1, "PORT", NULL, nbctl_lrp_get_redirect_type,
+ NULL, "", RO },
/* logical router route commands. */
{ "lr-route-add", 3, 4, "ROUTER PREFIX NEXTHOP [PORT]", NULL,
From patchwork Thu Aug 1 23:52:20 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Sharma
X-Patchwork-Id: 1140845
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=nutanix.com
Authentication-Results: ozlabs.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=nutanix.com header.i=@nutanix.com
header.b="NqFrqycL"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 4606b76hRsz9sBF
for ;
Fri, 2 Aug 2019 09:54:27 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 4454C14D6;
Thu, 1 Aug 2019 23:52:26 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id E8C8D14B8
for ; Thu, 1 Aug 2019 23:52:24 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com
[148.163.155.12])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5D6A1E7
for ; Thu, 1 Aug 2019 23:52:24 +0000 (UTC)
Received: from pps.filterd (m0127841.ppops.net [127.0.0.1])
by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
x71No2f3009191
for ; Thu, 1 Aug 2019 16:52:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com;
h=from : to : cc :
subject : date : message-id : references : in-reply-to : content-type
:
content-transfer-encoding : mime-version; s=proofpoint20171006;
bh=dsKF0T11K4gaxa/wtd/1obzTi3d+oxqVL6IaAb9SRKw=;
b=NqFrqycL0PPqZC8jNRQwa0vIdqUcdjx7yk3AB7VZchXtYnqZC+aqb0hjh2IHfHc7dcgD
mXkL3pWqEAwOtq3zLnd3ejasC3B5ADxqGCr70Dc3HDxPnbW3njTQXY1Srbc4RSGq0P1s
99xwodn5inmtcDC8Vum88q+s4S9ygVkmEtMGXg2V+1Cqkt7IoHVnva89F6PkGNXwPouI
K4c/vXobt2LT7YZjNx3UeI7NYqUFiYQuRaoyDMbmecv14M9EZ/voG+XXhvcjwkOfsniA
MGcEYEafxw5ipct/SvmXtmedud8FwJ4sus12qh8PD6k2g96MAgWwxNMM2TTZlWkzECzu
yQ==
Received: from nam02-cy1-obe.outbound.protection.outlook.com
(mail-cys01nam02lp2057.outbound.protection.outlook.com
[104.47.37.57])
by mx0b-002c1b01.pphosted.com with ESMTP id 2u0m58jget-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 01 Aug 2019 16:52:23 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=daN5yXevWuPxAxT+dpPmbCzEuNCYxvvReF9WRDNep08OQlEz33vWI+8GlpvNylF7YqYzpTuR2n3RUd0WAaMQ4scX+ml8o3Ff+U/k3D1emsqFdAAhn9GxJBzjm1mRI8NCPhVFTPbD1OmZzCuh1gXfPSM21oczdca1t3ORgqXYSXIdcyvY1dqV8XbKeSRrmVKXFVzuh5LyJnuNq+FD36twdvLxBQtLKGzJkTgPWj5oRGC47NtHSnVOh4wI8lQkXrLv7E/3mLS+4Yi2pseOS7LuUo7V4COO6MWkAsebPRaQ4GJTwxL4mSYrBinjbLXZ0GQ71KB36h6tfSwzDI6bFdJnhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=dsKF0T11K4gaxa/wtd/1obzTi3d+oxqVL6IaAb9SRKw=;
b=e6o0CQrLiYArND/YWyfbRiDI1GtJxpMBYszGIwm/oVWZ/L91Zy16yB3NZPQ4j/rFX+XTmIttoIgNNJO940+SG/7a8YqMwHxB/RR7iN1hoDCtYE+RssqYWbRs30RrQpcMfwiPxauBrkvKOD3kbK7wv6OePjl5/bW0ozXxPjf7uu+KjL7jkR595jB/t+5WF6myEyq5KoYpfMlcNFZkDtVjFUGSNVUhTNVZpTMloLcQTbb+TnpnQEFxIR5JoD+fr70BK2kkLTk1TjM8WMgb6rJ+Zyj1z1YRj2uPW82hbMDLWDpTpMeXurjhKJy9fsIKuVolY76xWPiNqlMYj4o+Fugfeg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass
smtp.mailfrom=nutanix.com;dmarc=pass action=none
header.from=nutanix.com;dkim=pass header.d=nutanix.com;arc=none
Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by
MW2PR02MB3657.namprd02.prod.outlook.com (52.132.177.14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2136.13; Thu, 1 Aug 2019 23:52:20 +0000
Received: from MW2PR02MB3899.namprd02.prod.outlook.com
([fe80::a4e3:ca62:dfc6:1149]) by
MW2PR02MB3899.namprd02.prod.outlook.com
([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2136.010;
Thu, 1 Aug 2019 23:52:20 +0000
From: Ankur Sharma
To: "ovs-dev@openvswitch.org"
Thread-Topic: [PATCH v3 3/4 ovn] OVN: Vlan backed DVR N-S, avoid get_arp on
non redirect chassis.
Thread-Index: AQHVSMQoAeYnt18sWU2pnpdpHLrtGg==
Date: Thu, 1 Aug 2019 23:52:20 +0000
Message-ID: <1564703707-21545-4-git-send-email-ankur.sharma@nutanix.com>
References: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com>
In-Reply-To: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: BYAPR06CA0041.namprd06.prod.outlook.com
(2603:10b6:a03:14b::18) To MW2PR02MB3899.namprd02.prod.outlook.com
(2603:10b6:907:4::28)
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: git-send-email 1.8.3.1
x-originating-ip: [192.146.154.1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 77e6d32c-83fa-4774-1cc0-08d716db4a9f
x-microsoft-antispam: BCL:0; PCL:0;
RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);
SRVR:MW2PR02MB3657;
x-ms-traffictypediagnostic: MW2PR02MB3657:
x-microsoft-antispam-prvs:
x-proofpoint-crosstenant: true
x-ms-oob-tlc-oobclassifiers: OLM:3044;
x-forefront-prvs: 01165471DB
x-forefront-antispam-report: SFV:NSPM;
SFS:(10019020)(39860400002)(396003)(346002)(366004)(376002)(136003)(199004)(189003)(76176011)(2501003)(6512007)(2351001)(25786009)(5640700003)(36756003)(8676002)(7736002)(316002)(6506007)(14444005)(6436002)(8936002)(53936002)(71200400001)(305945005)(102836004)(66946007)(2906002)(256004)(5024004)(81156014)(81166006)(6486002)(3846002)(386003)(26005)(86362001)(50226002)(68736007)(2616005)(6916009)(14454004)(478600001)(66574012)(5660300002)(486006)(66476007)(66556008)(64756008)(66446008)(66066001)(52116002)(107886003)(4720700003)(186003)(446003)(4326008)(44832011)(6116002)(99286004)(11346002)(71190400001)(476003)(64030200001);
DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3657;
H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None;
LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nutanix.com does not designate
permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info:
w2FwsygeBCzk1i7pdBn+gQhS07YLuSesYBDXUTDXEDI6van6XBISh5063cJxej9tjNW2QUmx4ifOGVpCk6+4NRI0HvWsDsu2BvtEMZkNb0x1qdNJHAfaVBsJJ/vY/an4dttIgH42n5fOpX+qc7Tgn3g9gv616+BHheLKO4spdkNpQ6ghCErcrlItmR9YFugQtrgJuefj47CUmC0mtS136xRHd7PkKj3L60FmCGwN6A1ZFAEUL82rIk329cRR3lbpu8dnzVIffVeJIyvSszyMpT5LVcRDwqC0LgNTU5Kz7JsWlhtpxpF4h/vD2E712GtYWDPvXOsgt93OxA/Fx2LvJqjAgUctBMUm4PnYSn8uzLBTF2+cDpWHDNXPh7xUyfscslulpYVULVckbTXyumYlRBRuc3sTBHeCKAuJPFCxuVU=
MIME-Version: 1.0
X-OriginatorOrg: nutanix.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
77e6d32c-83fa-4774-1cc0-08d716db4a9f
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2019 23:52:20.3603
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ankur.sharma@nutanix.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3657
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8
definitions=2019-08-01_10:2019-07-31,2019-08-01 signatures=0
X-Proofpoint-Spam-Reason: safe
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v3 3/4 ovn] OVN: Vlan backed DVR N-S,
avoid get_arp on non redirect chassis.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Background:
With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added
support for E-W workflow for vlan backed DVRs.
This series enables N-S workflow for vlan backed DVRs.
Key difference between E-W and N-S traffic flow is that
N-S flow requires a gateway chassis. A gateway chassis
will be respondible for following:
a. Doing Network Address Translation (NAT).
b. Becoming entry and exit point for North->South
and South->North traffic respectively.
OVN by default always uses overlay encapsulation to redirect
the packet to gateway chassis. This series will enable
the redirection to gateway chassis in the absence of encapsulation.
This patch:
a. Make sure that ARP request for endpoint behind the gateway
router port is sent from gateway chassis only and not from
host(compute) chassis.
b. This is achieved by adding a new logical flow in
lr_in_arp_resolve at priority=50.
c. This flow run on non gateway chassis and sets the destination
mac to router port mac, if outport is a gateway chassis attached
router port and redirect-type is set as "vlan".
Example logical flow:
table=9 (lr_in_arp_resolve ), priority=50 , match=(outport == "router-to-underlay" && !is_chassis_resident("cr-router-to-underlay")), action=(eth.dst = 00:00:01:01:02:04; next;)
d. This change is needed because other wise for non resolved ARPs,
we will end up doing get_arp in host chassis. Doing so will
have following issues:
i. We want all the interation with North bound endpoints via
gateway chassis only, doing so on host chassis will violate
that.
ii. With get_arp, ovn-controller will generate the ARP using router
port's mac as source mac, which will lead us to the same issue,
where router port mac will be going through continous mac moves
in physical network. Worst, it would affect the redirection,
since it uses router port mac as destination mac.
Signed-off-by: Ankur Sharma
Signed-off-by: Ankur Sharma >
---
northd/ovn-northd.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 7c0fd6c..ba38ef6 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -7565,6 +7565,28 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
100, ds_cstr(&match), ds_cstr(&actions));
}
}
+
+ if (op->nbrp->n_gateway_chassis && !op->derived) {
+ const char *redirect_type = smap_get(&op->nbrp->options,
+ "redirect-type");
+ if (redirect_type && !strcasecmp(redirect_type, "vlan")) {
+ /* Packet is on a non gateway chassis and
+ * has an unresolved ARP on a network behind gateway
+ * chassis attached router port. Since, redirect type
+ * is set to vlan, hence instead of calling "get_arp"
+ * on this node, we will redirect the packet to gateway
+ * chassis, by setting destination mac router port mac.*/
+ ds_clear(&match);
+ ds_put_format(&match, "outport == %s && "
+ "!is_chassis_resident(%s)", op->json_key,
+ op->od->l3redirect_port->json_key);
+ ds_clear(&actions);
+ ds_put_format(&actions, "eth.dst = %s; next;",
+ op->lrp_networks.ea_s);
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ARP_RESOLVE,
+ 50, ds_cstr(&match), ds_cstr(&actions));
+ }
+ }
} else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router")
&& strcmp(op->nbsp->type, "virtual")) {
/* This is a logical switch port that backs a VM or a container.
From patchwork Thu Aug 1 23:52:21 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Sharma
X-Patchwork-Id: 1140846
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=nutanix.com
Authentication-Results: ozlabs.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=nutanix.com header.i=@nutanix.com
header.b="ChthDjEb"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 4606c612gNz9s7T
for ;
Fri, 2 Aug 2019 09:55:18 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 42F5814F5;
Thu, 1 Aug 2019 23:52:29 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 7093814BA
for ; Thu, 1 Aug 2019 23:52:27 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com
[148.163.155.12])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 88909E7
for ; Thu, 1 Aug 2019 23:52:25 +0000 (UTC)
Received: from pps.filterd (m0127842.ppops.net [127.0.0.1])
by mx0b-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
x71No4iN024075
for ; Thu, 1 Aug 2019 16:52:24 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com;
h=from : to : cc :
subject : date : message-id : references : in-reply-to : content-type
:
content-transfer-encoding : mime-version; s=proofpoint20171006;
bh=jFzXM6p6czZNUf/PoYInGHD1vKosw3oPWRh966Wu1Gw=;
b=ChthDjEbb5A6PMt4UxDXSh23OplS5YcsUuPMp+fPYUAmIKGtUFxHhe5BjRBFSUx4rGl5
sBTiHvKTM3EKcNKbvhlmKJjskV7WcxcV/Xhjvv7g1JPow16Xz+KC09sGLBkp1kDHKJdP
5fi8gUrVQ7bsLL8Pjz93BQEmVHnRvFU7ldB2Dfc9qIRICltrfU5Q//XA1Bp59A827E9p
Cjt9vJ0fvgItq08IjlOnB8n0m/m8MlbnnKsNMZnNkngEVTqysHFl6W6Hr5VVJKlQ+3xJ
DwE4kK5E8qhQfTj1HAhcyS64wMOI75qdUWbOwZdpbXEu4js9y01GJtc2maKHzxLHGlMp
1Q==
Received: from nam02-cy1-obe.outbound.protection.outlook.com
(mail-cys01nam02lp2054.outbound.protection.outlook.com
[104.47.37.54])
by mx0b-002c1b01.pphosted.com with ESMTP id 2u0nxf2dd2-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Thu, 01 Aug 2019 16:52:24 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=He+gwsMyHiw9qDXLpPP01cxqG1BqQQLn4ZDyGLwsnQPBjOPc8XtslTVw7PW6pH1c0V4SUnbr7ugGM/tqTz/xna1YJXnY34GuVerMfz6KPeJd4Z1NYlZ2oDYoo2zmH4Jk0Wh03ujUJsIpT5Elf92ZPU09xLv+Z28jQqmDfSOBf9S8vvkoTQ/27akx7kOh+WQU1z9KWX5D3LMJkVRGuorbPrH4ZmKpZ8Wc3jwJj9QVa0NDtBVUDPUgEMThFRGNvNGuWHu3SazZlGGrLmyBHp/ysRpxB3UuTjg2j1fP36rTUQLHu3UjSX2Y8oI9uVqHUCpdfwA3+pRSBDuW7VzLICqd1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=jFzXM6p6czZNUf/PoYInGHD1vKosw3oPWRh966Wu1Gw=;
b=mijc6aBMZgJB4FxGaSQqN/0ggdRs/NbfNoEa4WmYCqQZw9rCBJErE7jn4XSoH8sIvMamp8eKL3+ivbacmmW4RyzAEpMqqG91I3euSlouB4dMoYhz/HTcbOCo2GUcMo/uhKwT576Jm1eP2lM66GRRwZQPaPPythfNreZOFvlqM6CYF9ZBmkBqrrMj7SQIJH2f4bJAhrk2YAWyQd+UU4gPkDrbm14oKpNpGuAZZaeVSfJaWYRQKl2gddQ6ZB4koADo3+oSozxKnRFxqSIWR0qFPPGuTMy6s75A3wKHhSp3oidNHMUe5hpgMArjhNU/2LCqT0pQSGh66r3AbaHmUEqLCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass
smtp.mailfrom=nutanix.com;dmarc=pass action=none
header.from=nutanix.com;dkim=pass header.d=nutanix.com;arc=none
Received: from MW2PR02MB3899.namprd02.prod.outlook.com (52.132.178.28) by
MW2PR02MB3657.namprd02.prod.outlook.com (52.132.177.14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2136.13; Thu, 1 Aug 2019 23:52:22 +0000
Received: from MW2PR02MB3899.namprd02.prod.outlook.com
([fe80::a4e3:ca62:dfc6:1149]) by
MW2PR02MB3899.namprd02.prod.outlook.com
([fe80::a4e3:ca62:dfc6:1149%3]) with mapi id 15.20.2136.010;
Thu, 1 Aug 2019 23:52:22 +0000
From: Ankur Sharma
To: "ovs-dev@openvswitch.org"
Thread-Topic: [PATCH v3 4/4 ovn] OVN: Vlan backed DVR N-S,
redirect packet via localnet port
Thread-Index: AQHVSMQptVSXtiueCkOhISBM59gY9Q==
Date: Thu, 1 Aug 2019 23:52:21 +0000
Message-ID: <1564703707-21545-5-git-send-email-ankur.sharma@nutanix.com>
References: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com>
In-Reply-To: <1564703707-21545-1-git-send-email-ankur.sharma@nutanix.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: BYAPR06CA0041.namprd06.prod.outlook.com
(2603:10b6:a03:14b::18) To MW2PR02MB3899.namprd02.prod.outlook.com
(2603:10b6:907:4::28)
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: git-send-email 1.8.3.1
x-originating-ip: [192.146.154.1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 55a5f9e9-69e2-45d2-6dbe-08d716db4b6f
x-microsoft-antispam: BCL:0; PCL:0;
RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);
SRVR:MW2PR02MB3657;
x-ms-traffictypediagnostic: MW2PR02MB3657:
x-microsoft-antispam-prvs:
x-proofpoint-crosstenant: true
x-ms-oob-tlc-oobclassifiers: OLM:400;
x-forefront-prvs: 01165471DB
x-forefront-antispam-report: SFV:NSPM;
SFS:(10019020)(39860400002)(396003)(346002)(366004)(376002)(136003)(199004)(189003)(76176011)(2501003)(6512007)(2351001)(53946003)(25786009)(5640700003)(36756003)(8676002)(7736002)(316002)(6506007)(14444005)(6436002)(8936002)(53936002)(71200400001)(305945005)(102836004)(66946007)(2906002)(256004)(5024004)(81156014)(81166006)(6486002)(3846002)(386003)(26005)(86362001)(50226002)(68736007)(2616005)(6916009)(14454004)(30864003)(478600001)(66574012)(5660300002)(486006)(66476007)(66556008)(64756008)(66446008)(66066001)(52116002)(107886003)(4720700003)(186003)(446003)(4326008)(44832011)(6116002)(99286004)(11346002)(71190400001)(476003)(64030200001)(579004)(569006);
DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR02MB3657;
H:MW2PR02MB3899.namprd02.prod.outlook.com; FPR:; SPF:None;
LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nutanix.com does not designate
permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info:
aDbWQdPWeulNxWVsd2DvPxWPLDzsTzKieXyxtFEMCQXpvanTSeRLLLVe3T8ID7x+qUMlrzSFwbbptn3yTlncpLDNbChzjng2SS/glop/PEY2c4fWFfVg5Pr2QDkgjBnLZgMZEKKu8+3vVV2izbRfdxZtVGkkqG0wtx8HCo77rg09XBxYxUHTvlwrTNgHVG+Cc9hJHPF5Bcxx1t9oLXHoJ2J4gTck0Wy155w208XnjhjN+mIznK3pLBh9X4lJpWhPO+sweK2I2TV2KpgDqzE8TlpjgwLeLNjNyi+tis3+MU3fbVA2sGe3hPCFMh7L+d4FlZnaszCUYN4GR/x3aIMl9ZTmhQ/iUUNoPlL4zle5uAPreLfqjUovD69fz1Y53n0p0sdTKl4O4DnvF1H7//Xv3sqggAgMi0HvcQJ7eip5kqc=
MIME-Version: 1.0
X-OriginatorOrg: nutanix.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
55a5f9e9-69e2-45d2-6dbe-08d716db4b6f
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2019 23:52:21.7016
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bb047546-786f-4de1-bd75-24e5b6f79043
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ankur.sharma@nutanix.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR02MB3657
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8
definitions=2019-08-01_10:2019-07-31,2019-08-01 signatures=0
X-Proofpoint-Spam-Reason: safe
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH v3 4/4 ovn] OVN: Vlan backed DVR N-S,
redirect packet via localnet port
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
Background:
With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added
support for E-W workflow for vlan backed DVRs.
This series enables N-S workflow for vlan backed DVRs.
Key difference between E-W and N-S traffic flow is that
N-S flow requires a gateway chassis. A gateway chassis
will be respondible for following:
a. Doing Network Address Translation (NAT).
b. Becoming entry and exit point for North->South
and South->North traffic respectively.
OVN by default always uses overlay encapsulation to redirect
the packet to gateway chassis. This series will enable
the redirection to gateway chassis in the absence of encapsulation.
This patch:
Achieves the vlan backed redirection by doing following:
Sender Side:
------------
a. For a remote port of type "chassisredirect" and if it
has redirect type as "vlan", then do not add tunnel
based redirection flow in table=32.
b. In table=33, add a flow with priority=100, that would do following:
i. Change the metadata to that of gateway logical switch
(i.e logical switch attached to gateway logical router port).
ii. Change REG15 to point to localnet port of gateway logical switch.
iii. send to packet to table=15.
c. In Table=65, packet will hit the existing priority=150 flow to send
the packet to physical bridge, while attaching vlan header and
changing source mac to chassis mac.
Receiver Side:
--------------
a. No changes needed
OVERALL PACKET FLOW:
Sender Side:
-----------
a. logical flow in lr_in_gw_redirect stage will ensure that
outport of the packet is chassisredirect port.
For example:
table=12(lr_in_gw_redirect ), priority=50 , match=(outport == "router-to-underlay"), action=(outport = "cr-router-to-underlay"; next;)
b. After ingress pipeline, packet will enter the table=32, followed by table=33
c. Table=33, will send the packet to table=65.
d. Table=65, will send the packet to uplink bridge
with destination mac of chassisredirect port and vlan
id of peer logical switch.
Receiver Side:
-------------
a. Packet is received by the pipeline of peer logical switch.
b. Since destination mac is that of router port, hence packet will
enter the logical router pipeline.
c. Now, packet will go through regular logical router pipeline
(both ingress and egress).
One caveat with the approach is that ttl will be decremented twice,
since the packets are going through logical router ingress pipeline
twice (once on sender chassis and again on gateway chassis).
No changes needed for the reverse path.
Signed-off-by: Ankur Sharma
---
controller/physical.c | 255 +++++++++++++++++++++++++++-------------
lib/ovn-util.c | 33 ++++++
lib/ovn-util.h | 5 +
ovn-architecture.7.xml | 64 +++++++++++
tests/ovn.at | 307 +++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 581 insertions(+), 83 deletions(-)
diff --git a/controller/physical.c b/controller/physical.c
index aa06b3f..4697821 100644
--- a/controller/physical.c
+++ b/controller/physical.c
@@ -229,6 +229,165 @@ get_zone_ids(const struct sbrec_port_binding *binding,
}
static void
+put_remote_port_redirect_vlan(const struct
+ sbrec_port_binding *binding,
+ const struct hmap *local_datapaths,
+ struct local_datapath *ld,
+ struct match *match,
+ struct ofpbuf *ofpacts_p,
+ struct ovn_desired_flow_table *flow_table)
+{
+ struct eth_addr binding_mac;
+ uint32_t ls_dp_key = 0;
+
+ if (strcmp(binding->type, "chassisredirect")) {
+ /* VLAN based redirect is only supported for chassisredirect
+ * type remote ports. */
+ return;
+ }
+
+ bool is_valid_mac = extract_sbrec_binding_first_mac(binding,
+ &binding_mac);
+ if (!is_valid_mac) {
+ return;
+ }
+
+ for (int i = 0; i < ld->n_peer_ports; i++) {
+ const struct sbrec_port_binding *sport_binding = ld->peer_ports[i];
+ const char *sport_peer_name = smap_get(&sport_binding->options,
+ "peer");
+ const char *distributed_port = smap_get(&binding->options,
+ "distributed-port");
+
+ if (!strcmp(sport_peer_name, distributed_port)) {
+ ls_dp_key = sport_binding->datapath->tunnel_key;
+ break;
+ }
+ }
+
+ if (!ls_dp_key) {
+ return;
+ }
+
+ union mf_value value;
+ struct ofpact_mac *src_mac;
+ const struct sbrec_port_binding *ls_localnet_port;
+
+ ls_localnet_port = get_localnet_port(local_datapaths, ls_dp_key);
+
+ src_mac = ofpact_put_SET_ETH_SRC(ofpacts_p);
+ src_mac->mac = binding_mac;
+
+ value.be64 = htonll(ls_dp_key);
+
+ ofpact_put_set_field(ofpacts_p, mf_from_id(MFF_METADATA),
+ &value, NULL);
+
+ value.be32 = htonl(ls_localnet_port->tunnel_key);
+ ofpact_put_set_field(ofpacts_p, mf_from_id(MFF_REG15),
+ &value, NULL);
+
+ put_resubmit(OFTABLE_LOG_TO_PHY, ofpacts_p);
+ ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, 0,
+ match, ofpacts_p, &binding->header_.uuid);
+
+}
+
+static void
+put_remote_port_redirect_overlay(const struct
+ sbrec_port_binding *binding,
+ bool is_ha_remote,
+ struct ha_chassis_ordered *ha_ch_ordered,
+ enum mf_field_id mff_ovn_geneve,
+ const struct chassis_tunnel *tun,
+ uint32_t port_key,
+ struct match *match,
+ struct ofpbuf *ofpacts_p,
+ struct ovn_desired_flow_table *flow_table)
+{
+ if (!is_ha_remote) {
+ /* Setup encapsulation */
+ const struct chassis_tunnel *rem_tun =
+ get_port_binding_tun(binding);
+ if (!rem_tun) {
+ return;
+ }
+ put_encapsulation(mff_ovn_geneve, tun, binding->datapath,
+ port_key, ofpacts_p);
+ /* Output to tunnel. */
+ ofpact_put_OUTPUT(ofpacts_p)->port = rem_tun->ofport;
+ } else {
+ /* Make sure all tunnel endpoints use the same encapsulation,
+ * and set it up */
+ for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) {
+ const struct sbrec_chassis *ch = ha_ch_ordered->ha_ch[i].chassis;
+ if (!ch) {
+ continue;
+ }
+ if (!tun) {
+ tun = chassis_tunnel_find(ch->name, NULL);
+ } else {
+ struct chassis_tunnel *chassis_tunnel =
+ chassis_tunnel_find(ch->name, NULL);
+ if (chassis_tunnel &&
+ tun->type != chassis_tunnel->type) {
+ static struct vlog_rate_limit rl =
+ VLOG_RATE_LIMIT_INIT(1, 1);
+ VLOG_ERR_RL(&rl, "Port %s has Gateway_Chassis "
+ "with mixed encapsulations, only "
+ "uniform encapsulations are "
+ "supported.", binding->logical_port);
+ return;
+ }
+ }
+ }
+ if (!tun) {
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
+ VLOG_ERR_RL(&rl, "No tunnel endpoint found for HA chassis in "
+ "HA chassis group of port %s",
+ binding->logical_port);
+ return;
+ }
+
+ put_encapsulation(mff_ovn_geneve, tun, binding->datapath,
+ port_key, ofpacts_p);
+
+ /* Output to tunnels with active/backup */
+ struct ofpact_bundle *bundle = ofpact_put_BUNDLE(ofpacts_p);
+
+ for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) {
+ const struct sbrec_chassis *ch =
+ ha_ch_ordered->ha_ch[i].chassis;
+ if (!ch) {
+ continue;
+ }
+ tun = chassis_tunnel_find(ch->name, NULL);
+ if (!tun) {
+ continue;
+ }
+ if (bundle->n_slaves >= BUNDLE_MAX_SLAVES) {
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
+ VLOG_WARN_RL(&rl, "Remote endpoints for port beyond "
+ "BUNDLE_MAX_SLAVES");
+ break;
+ }
+ ofpbuf_put(ofpacts_p, &tun->ofport, sizeof tun->ofport);
+ bundle = ofpacts_p->header;
+ bundle->n_slaves++;
+ }
+
+ bundle->algorithm = NX_BD_ALG_ACTIVE_BACKUP;
+ /* Although ACTIVE_BACKUP bundle algorithm seems to ignore
+ * the next two fields, those are always set */
+ bundle->basis = 0;
+ bundle->fields = NX_HASH_FIELDS_ETH_SRC;
+ ofpact_finish_BUNDLE(ofpacts_p, &bundle);
+ }
+ ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 100, 0,
+ match, ofpacts_p, &binding->header_.uuid);
+}
+
+static void
put_replace_router_port_mac_flows(struct ovsdb_idl_index
*sbrec_port_binding_by_name,
const struct
@@ -485,7 +644,8 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name,
{
uint32_t dp_key = binding->datapath->tunnel_key;
uint32_t port_key = binding->tunnel_key;
- if (!get_local_datapath(local_datapaths, dp_key)) {
+ struct local_datapath *ld;
+ if (!(ld = get_local_datapath(local_datapaths, dp_key))) {
return;
}
@@ -831,6 +991,10 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name,
ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, 0,
&match, ofpacts_p, &binding->header_.uuid);
} else {
+
+ const char *redirect_type = smap_get(&binding->options,
+ "redirect-type");
+
/* Remote port connected by tunnel */
/* Table 32, priority 100.
@@ -847,90 +1011,15 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name,
match_set_metadata(&match, htonll(dp_key));
match_set_reg(&match, MFF_LOG_OUTPORT - MFF_REG0, port_key);
- if (!is_ha_remote) {
- /* Setup encapsulation */
- const struct chassis_tunnel *rem_tun =
- get_port_binding_tun(binding);
- if (!rem_tun) {
- goto out;
- }
- put_encapsulation(mff_ovn_geneve, tun, binding->datapath,
- port_key, ofpacts_p);
- /* Output to tunnel. */
- ofpact_put_OUTPUT(ofpacts_p)->port = rem_tun->ofport;
+ if (redirect_type && !strcasecmp(redirect_type, "vlan")) {
+ put_remote_port_redirect_vlan(binding, local_datapaths,
+ ld, &match, ofpacts_p, flow_table);
} else {
- /* Make sure all tunnel endpoints use the same encapsulation,
- * and set it up */
- for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) {
- const struct sbrec_chassis *ch =
- ha_ch_ordered->ha_ch[i].chassis;
- if (!ch) {
- continue;
- }
- if (!tun) {
- tun = chassis_tunnel_find(ch->name, NULL);
- } else {
- struct chassis_tunnel *chassis_tunnel =
- chassis_tunnel_find(ch->name, NULL);
- if (chassis_tunnel &&
- tun->type != chassis_tunnel->type) {
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_ERR_RL(&rl, "Port %s has Gateway_Chassis "
- "with mixed encapsulations, only "
- "uniform encapsulations are "
- "supported.",
- binding->logical_port);
- goto out;
- }
- }
- }
- if (!tun) {
- static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_ERR_RL(&rl, "No tunnel endpoint found for HA chassis in "
- "HA chassis group of port %s",
- binding->logical_port);
- goto out;
- }
-
- put_encapsulation(mff_ovn_geneve, tun, binding->datapath,
- port_key, ofpacts_p);
-
- /* Output to tunnels with active/backup */
- struct ofpact_bundle *bundle = ofpact_put_BUNDLE(ofpacts_p);
-
- for (size_t i = 0; i < ha_ch_ordered->n_ha_ch; i++) {
- const struct sbrec_chassis *ch =
- ha_ch_ordered->ha_ch[i].chassis;
- if (!ch) {
- continue;
- }
- tun = chassis_tunnel_find(ch->name, NULL);
- if (!tun) {
- continue;
- }
- if (bundle->n_slaves >= BUNDLE_MAX_SLAVES) {
- static struct vlog_rate_limit rl =
- VLOG_RATE_LIMIT_INIT(1, 1);
- VLOG_WARN_RL(&rl, "Remote endpoints for port beyond "
- "BUNDLE_MAX_SLAVES");
- break;
- }
- ofpbuf_put(ofpacts_p, &tun->ofport,
- sizeof tun->ofport);
- bundle = ofpacts_p->header;
- bundle->n_slaves++;
- }
-
- bundle->algorithm = NX_BD_ALG_ACTIVE_BACKUP;
- /* Although ACTIVE_BACKUP bundle algorithm seems to ignore
- * the next two fields, those are always set */
- bundle->basis = 0;
- bundle->fields = NX_HASH_FIELDS_ETH_SRC;
- ofpact_finish_BUNDLE(ofpacts_p, &bundle);
+ put_remote_port_redirect_overlay(binding, is_ha_remote,
+ ha_ch_ordered, mff_ovn_geneve,
+ tun, port_key, &match, ofpacts_p,
+ flow_table);
}
- ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 100, 0,
- &match, ofpacts_p, &binding->header_.uuid);
}
out:
if (ha_ch_ordered) {
diff --git a/lib/ovn-util.c b/lib/ovn-util.c
index de745d7..91ec3d6 100644
--- a/lib/ovn-util.c
+++ b/lib/ovn-util.c
@@ -16,6 +16,7 @@
#include "ovn-util.h"
#include "dirs.h"
#include "openvswitch/vlog.h"
+#include "openvswitch/ofp-parse.h"
#include "ovn/lib/ovn-nb-idl.h"
#include "ovn/lib/ovn-sb-idl.h"
@@ -272,6 +273,38 @@ extract_lrp_networks(const struct nbrec_logical_router_port *lrp,
return true;
}
+bool
+extract_sbrec_binding_first_mac(const struct sbrec_port_binding *binding,
+ struct eth_addr *ea)
+{
+ char *save_ptr = NULL;
+ bool ret = false;
+
+ if (!binding->n_mac) {
+ return ret;
+ }
+
+ char *tokstr = xstrdup(binding->mac[0]);
+
+ for (char *token = strtok_r(tokstr, " ", &save_ptr);
+ token != NULL;
+ token = strtok_r(NULL, " ", &save_ptr)) {
+
+ /* Return the first chassis mac. */
+ char *err_str = str_to_mac(token, ea);
+ if (err_str) {
+ free(err_str);
+ continue;
+ }
+
+ ret = true;
+ break;
+ }
+
+ free(tokstr);
+ return ret;
+}
+
void
destroy_lport_addresses(struct lport_addresses *laddrs)
{
diff --git a/lib/ovn-util.h b/lib/ovn-util.h
index 6d5e1df..8461db5 100644
--- a/lib/ovn-util.h
+++ b/lib/ovn-util.h
@@ -21,6 +21,8 @@
struct nbrec_logical_router_port;
struct sbrec_logical_flow;
struct uuid;
+struct eth_addr;
+struct sbrec_port_binding;
struct ipv4_netaddr {
ovs_be32 addr; /* 192.168.10.123 */
@@ -61,6 +63,9 @@ bool extract_lsp_addresses(const char *address, struct lport_addresses *);
bool extract_ip_addresses(const char *address, struct lport_addresses *);
bool extract_lrp_networks(const struct nbrec_logical_router_port *,
struct lport_addresses *);
+bool extract_sbrec_binding_first_mac(const struct sbrec_port_binding *binding,
+ struct eth_addr *ea);
+
void destroy_lport_addresses(struct lport_addresses *);
char *alloc_nat_zone_key(const struct uuid *key, const char *type);
diff --git a/ovn-architecture.7.xml b/ovn-architecture.7.xml
index c4099f2..366c201 100644
--- a/ovn-architecture.7.xml
+++ b/ovn-architecture.7.xml
@@ -1614,6 +1614,70 @@
+ VLAN based redirection
+
+ As an enhancement to reside-on-redirect-chassis
we support
+ VLAN based redirection as well. By setting options:redirect-type
+ to vlan
to a gateway chassis attached router port, user can
+ enforce that redirected packet should not use tunnel port but rather use
+ localnet port of peer logical switch to go out as vlan packet.
+
+ Following happens for a VLAN based redirection:
+
+ -
+ On compute chassis, packet passes though logical router's
+ ingress pipeline.
+
+
+ -
+ If logical outport is gateway chassis attached router port
+ then packet is "redirected" to gateway chassis using peer logical
+ switch's localnet port.
+
+
+ -
+ This VLAN backed redirected packet has destination mac
+ as router port mac (the one to which gateway chassis is attached) and
+ vlan id is that of localnet port (peer logical switch of
+ the logical router port).
+
+
+ -
+ On the gateway chassis packet will enter the logical router pipeline
+ again and this time it will passthrough egress pipeline as well.
+
+
+ -
+ Reverse traffic packet flows stays the same.
+
+
+
+ Some guidelines and expections with VLAN based redirection:
+
+ -
+ Since router port mac is destination mac, hence it has to be ensured
+ that physical network learns it on ONLY from the gateway chassis.
+ Which means that
ovn-chassis-mac-mappings
should be
+ configure on all the compute nodes, so that physical network
+ never learn router port mac from compute nodes.
+
+
+ -
+ Since packet enters logical router ingress pipeline twice
+ (once on compute chassis and again on gateway chassis),
+ hence ttl will be decremented twice.
+
+
+ -
+ Default redirection type continues to be
overlay
.
+ User can switch the redirect-type between vlan
+ and overlay
by changing the value of
+ options:redirect-type
+
+
+
+
+
Life Cycle of a VTEP gateway
diff --git a/tests/ovn.at b/tests/ovn.at
index dc5887f..1e6625f 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -15303,3 +15303,310 @@ as hv4 ovs-appctl fdb/show br-phys
OVN_CLEANUP([hv1],[hv2],[hv3],[hv4])
AT_CLEANUP
+
+AT_SETUP([ovn -- 2 HVs, 2 lports/HV, localnet ports, DVR N-S Ping])
+ovn_start
+
+# In this test cases we create 3 switches, all connected to same
+# physical network (through br-phys on each HV). LS1 and LS2 have
+# 1 VIF each. Each HV has 1 VIF port. The first digit
+# of VIF port name indicates the hypervisor it is bound to, e.g.
+# lp23 means VIF 3 on hv2.
+#
+# All the switches are connected to a logical router "router".
+#
+# Each switch's VLAN tag and their logical switch ports are:
+# - ls1:
+# - tagged with VLAN 101
+# - ports: lp11
+# - ls2:
+# - tagged with VLAN 201
+# - ports: lp22
+# - ls-underlay:
+# - tagged with VLAN 1000
+# Note: a localnet port is created for each switch to connect to
+# physical network.
+
+for i in 1 2; do
+ ls_name=ls$i
+ ovn-nbctl ls-add $ls_name
+ ln_port_name=ln$i
+ if test $i -eq 1; then
+ ovn-nbctl lsp-add $ls_name $ln_port_name "" 101
+ elif test $i -eq 2; then
+ ovn-nbctl lsp-add $ls_name $ln_port_name "" 201
+ fi
+ ovn-nbctl lsp-set-addresses $ln_port_name unknown
+ ovn-nbctl lsp-set-type $ln_port_name localnet
+ ovn-nbctl lsp-set-options $ln_port_name network_name=phys
+done
+
+# lsp_to_ls LSP
+#
+# Prints the name of the logical switch that contains LSP.
+lsp_to_ls () {
+ case $1 in dnl (
+ lp?[[11]]) echo ls1 ;; dnl (
+ lp?[[12]]) echo ls2 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_hv () {
+ case $1 in dnl (
+ vif[[1]]?) echo hv1 ;; dnl (
+ vif[[2]]?) echo hv2 ;; dnl (
+ vif?[[north]]?) echo hv4 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+ip_to_hex() {
+ printf "%02x%02x%02x%02x" "$@"
+}
+
+net_add n1
+for i in 1 2; do
+ sim_add hv$i
+ as hv$i
+ ovs-vsctl add-br br-phys
+ ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
+ ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:$i$i"
+ ovn_attach n1 br-phys 192.168.0.$i
+
+ ovs-vsctl add-port br-int vif$i$i -- \
+ set Interface vif$i$i external-ids:iface-id=lp$i$i \
+ options:tx_pcap=hv$i/vif$i$i-tx.pcap \
+ options:rxq_pcap=hv$i/vif$i$i-rx.pcap \
+ ofport-request=$i$i
+
+ lsp_name=lp$i$i
+ ls_name=$(lsp_to_ls $lsp_name)
+
+ ovn-nbctl lsp-add $ls_name $lsp_name
+ ovn-nbctl lsp-set-addresses $lsp_name "f0:00:00:00:00:$i$i 192.168.$i.$i"
+ ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:$i$i
+
+ OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup])
+
+done
+
+ovn-nbctl ls-add ls-underlay
+ovn-nbctl lsp-add ls-underlay ln3 "" 1000
+ovn-nbctl lsp-set-addresses ln3 unknown
+ovn-nbctl lsp-set-type ln3 localnet
+ovn-nbctl lsp-set-options ln3 network_name=phys
+
+ovn-nbctl ls-add ls-north
+ovn-nbctl lsp-add ls-north ln4 "" 1000
+ovn-nbctl lsp-set-addresses ln4 unknown
+ovn-nbctl lsp-set-type ln4 localnet
+ovn-nbctl lsp-set-options ln4 network_name=phys
+
+# Add a VM on ls-north
+ovn-nbctl lsp-add ls-north lp-north
+ovn-nbctl lsp-set-addresses lp-north "f0:f0:00:00:00:11 172.31.0.10"
+ovn-nbctl lsp-set-port-security lp-north f0:f0:00:00:00:11
+
+# Add 3rd hypervisor
+sim_add hv3
+as hv3 ovs-vsctl add-br br-phys
+as hv3 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
+as hv3 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:33"
+as hv3 ovn_attach n1 br-phys 192.168.0.3
+
+# Add 4th hypervisor
+sim_add hv4
+as hv4 ovs-vsctl add-br br-phys
+as hv4 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
+as hv4 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:44"
+as hv4 ovn_attach n1 br-phys 192.168.0.4
+
+as hv4 ovs-vsctl add-port br-int vif-north -- \
+ set Interface vif-north external-ids:iface-id=lp-north \
+ options:tx_pcap=hv4/vif-north-tx.pcap \
+ options:rxq_pcap=hv4/vif-north-rx.pcap \
+ ofport-request=44
+
+ovn-nbctl lr-add router
+ovn-nbctl lrp-add router router-to-ls1 00:00:01:01:02:03 192.168.1.3/24
+ovn-nbctl lrp-add router router-to-ls2 00:00:01:01:02:05 192.168.2.3/24
+ovn-nbctl lrp-add router router-to-underlay 00:00:01:01:02:07 172.31.0.1/24
+
+ovn-nbctl lsp-add ls1 ls1-to-router -- set Logical_Switch_Port ls1-to-router type=router \
+ options:router-port=router-to-ls1 -- lsp-set-addresses ls1-to-router router
+ovn-nbctl lsp-add ls2 ls2-to-router -- set Logical_Switch_Port ls2-to-router type=router \
+ options:router-port=router-to-ls2 -- lsp-set-addresses ls2-to-router router
+ovn-nbctl lsp-add ls-underlay underlay-to-router -- set Logical_Switch_Port \
+ underlay-to-router type=router \
+ options:router-port=router-to-underlay \
+ -- lsp-set-addresses underlay-to-router router
+
+ovn-nbctl lrp-set-gateway-chassis router-to-underlay hv3
+ovn-nbctl lrp-set-redirect-type router-to-underlay vlan
+
+ovn-nbctl --wait=sb sync
+
+sleep 2
+
+OVN_POPULATE_ARP
+
+# lsp_to_ls LSP
+#
+# Prints the name of the logical switch that contains LSP.
+lsp_to_ls () {
+ case $1 in dnl (
+ lp?[[11]]) echo ls1 ;; dnl (
+ lp?[[12]]) echo ls2 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_ls () {
+ case $1 in dnl (
+ vif?[[11]]) echo ls1 ;; dnl (
+ vif?[[12]]) echo ls2 ;; dnl (
+ vif-north) echo ls-north ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+hv_to_num () {
+ case $1 in dnl (
+ hv1) echo 1 ;; dnl (
+ hv2) echo 2 ;; dnl (
+ hv3) echo 3 ;; dnl (
+ hv4) echo 4 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_num () {
+ case $1 in dnl (
+ vif22) echo 22 ;; dnl (
+ vif21) echo 21 ;; dnl (
+ vif11) echo 11 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_hv () {
+ case $1 in dnl (
+ vif[[1]]?) echo hv1 ;; dnl (
+ vif[[2]]?) echo hv2 ;; dnl (
+ vif-north) echo hv4 ;; dnl (
+ *) AT_FAIL_IF([:]) ;;
+ esac
+}
+
+vif_to_lrp () {
+ echo router-to-`vif_to_ls $1`
+}
+
+ip_to_hex() {
+ printf "%02x%02x%02x%02x" "$@"
+}
+
+
+test_ip() {
+ # This packet has bad checksums but logical L3 routing doesn't check.
+ local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 outport=$6
+ local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
+ shift; shift; shift; shift; shift
+ hv=`vif_to_hv $inport`
+ as $hv ovs-appctl netdev-dummy/receive $inport $packet
+ in_ls=`vif_to_ls $inport`
+ for outport; do
+ out_ls=`vif_to_ls $outport`
+ if test $in_ls = $out_ls; then
+ # Ports on the same logical switch receive exactly the same packet.
+ echo $packet
+ else
+ # Routing decrements TTL and updates source and dest MAC
+ # (and checksum).
+ out_lrp=`vif_to_lrp $outport`
+ # For North-South, packet will come via gateway chassis, i.e hv3
+ if test $inport = vif-north; then
+ echo f00000000011aabbccddee3308004500001c000000003f110100${src_ip}${dst_ip}0035111100080000 >> $outport.expected
+ fi
+ if test $outport = vif-north; then
+ echo f0f00000001100000101020708004500001c000000003e110200${src_ip}${dst_ip}0035111100080000 >> $outport.expected
+ fi
+ fi >> $outport.expected
+ done
+}
+
+# Dump a bunch of info helpful for debugging if there's a failure.
+
+echo "------ OVN dump ------"
+ovn-nbctl show
+ovn-sbctl show
+ovn-sbctl list port_binding
+ovn-sbctl list mac_binding
+
+echo "------ hv1 dump ------"
+as hv1 ovs-vsctl show
+as hv1 ovs-vsctl list Open_Vswitch
+
+echo "------ hv2 dump ------"
+as hv2 ovs-vsctl show
+as hv2 ovs-vsctl list Open_Vswitch
+
+echo "------ hv3 dump ------"
+as hv3 ovs-vsctl show
+as hv3 ovs-vsctl list Open_Vswitch
+
+echo "------ hv4 dump ------"
+as hv4 ovs-vsctl show
+as hv4 ovs-vsctl list Open_Vswitch
+
+echo "Send traffic North to South"
+
+sip=`ip_to_hex 172 31 0 10`
+dip=`ip_to_hex 192 168 1 1`
+test_ip vif-north f0f000000011 000001010207 $sip $dip vif11
+sleep 1
+
+# Confirm that North to south traffic works fine.
+OVN_CHECK_PACKETS([hv1/vif11-tx.pcap], [vif11.expected])
+
+echo "Send traffic South to Nouth"
+sip=`ip_to_hex 192 168 1 1`
+dip=`ip_to_hex 172 31 0 10`
+test_ip vif11 f00000000011 000001010203 $sip $dip vif-north
+sleep 5
+
+# Confirm that South to North traffic works fine.
+OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv4/vif-north-tx.pcap], [vif-north.expected])
+
+# Confirm that packets did not go out via tunnel port.
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=32 | grep NXM_NX_TUN_METADATA0 | grep n_packets=0 | wc -l], [0], [[0
+]])
+
+# Confirm that packet went out via localnet port
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=65 | grep priority=150 | grep src=00:00:01:01:02:07 | grep n_packets=1 | wc -l], [0], [[1
+]])
+
+echo "----------- Post Traffic hv1 dump -----------"
+as hv1 ovs-ofctl dump-flows br-int
+as hv1 ovs-ofctl show br-phys
+as hv1 ovs-appctl fdb/show br-phys
+
+echo "----------- Post Traffic hv2 dump -----------"
+as hv2 ovs-ofctl dump-flows br-int
+as hv2 ovs-ofctl show br-phys
+as hv2 ovs-appctl fdb/show br-phys
+
+echo "----------- Post Traffic hv3 dump -----------"
+as hv3 ovs-ofctl dump-flows br-int
+as hv3 ovs-ofctl show br-phys
+as hv3 ovs-appctl fdb/show br-phys
+
+echo "----------- Post Traffic hv4 dump -----------"
+as hv4 ovs-ofctl dump-flows br-int
+as hv4 ovs-ofctl show br-phys
+as hv4 ovs-appctl fdb/show br-phys
+
+OVN_CLEANUP([hv1],[hv2],[hv3],[hv4])
+
+AT_CLEANUP