From patchwork Thu Jan 9 12:17:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Numan Siddique X-Patchwork-Id: 1220339 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47tlWY5lXhz9sNx for ; Thu, 9 Jan 2020 23:18:17 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id C5E1186B2D; Thu, 9 Jan 2020 12:18:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9JmO6ZkdIQuM; Thu, 9 Jan 2020 12:18:14 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 36EE086B55; Thu, 9 Jan 2020 12:18:14 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1A763C18DC; Thu, 9 Jan 2020 12:18:14 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id EEF7FC0881 for ; Thu, 9 Jan 2020 12:18:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id DAB6C87E7D for ; Thu, 9 Jan 2020 12:18:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFW6dkwBD8Zb for ; Thu, 9 Jan 2020 12:18:11 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by hemlock.osuosl.org (Postfix) with ESMTPS id 9CC8887A8D for ; Thu, 9 Jan 2020 12:18:11 +0000 (UTC) Received: from nummac.local (unknown [115.99.61.78]) (Authenticated sender: numans@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 1774C100004; Thu, 9 Jan 2020 12:18:07 +0000 (UTC) From: numans@ovn.org To: dev@openvswitch.org Date: Thu, 9 Jan 2020 17:47:56 +0530 Message-Id: <20200109121756.1002736-1-numans@ovn.org> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn v2] Restrict ARP/IPv6 ND replies for LB VIP only on chassis redirect port X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Numan Siddique Presently when ARP/ND request for the load balance VIP is received from the provider network, all the ovn-controllers' reply to the ARP/ND request which have ovn-bridge-mappings configured. This patch restricts these ARP/ND replies only on the chassis where the chassis redirect port of the distributed router port is resident. Signed-off-by: Numan Siddique Acked-by: Dumitru Ceara --- v1 -> v2 ----- * Added the lflow for IPv6 LB VIPs. northd/ovn-northd.8.xml | 14 ++++++++++++++ northd/ovn-northd.c | 8 ++++++++ 2 files changed, 22 insertions(+) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index c6d5d96b9..4b227ca71 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1680,6 +1680,13 @@ flags.loopback = 1; output; +

+ If the router port P is a distributed gateway router + port, then the is_chassis_resident(P) is + also added in the match condition for the load balancer IPv4 + VIP A. +

+

IPv6: For a configured DNAT IP address or a load balancer IPv6 VIP A, solicited node address S, @@ -1704,6 +1711,13 @@ nd_na { } +

+ If the router port P is a distributed gateway router + port, then the is_chassis_resident(P) + is also added in the match condition for the load balancer IPv6 + VIP A. +

+

For the gateway port on a distributed logical router with NAT (where one of the logical router ports specifies a diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index d91a008b7..b6dc809d7 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -7511,6 +7511,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "inport == %s && arp.tpa == %s && arp.op == 1", op->json_key, ip_address); + if (op == op->od->l3dgw_port) { + ds_put_format(&match, " && is_chassis_resident(%s)", + op->od->l3redirect_port->json_key); + } ds_clear(&actions); ds_put_format(&actions, "eth.dst = eth.src; " @@ -7538,6 +7542,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "inport == %s && nd_ns && nd.target == %s", op->json_key, ip_address); + if (op == op->od->l3dgw_port) { + ds_put_format(&match, " && is_chassis_resident(%s)", + op->od->l3redirect_port->json_key); + } ds_clear(&actions); ds_put_format(&actions, "nd_na { "