From patchwork Fri May 21 13:09:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1482234 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DLauoO6/; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Fmn4x75Sfz9sVt for ; Fri, 21 May 2021 23:09:37 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 10CB2606C8; Fri, 21 May 2021 13:09:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ahYbG47JDQcX; Fri, 21 May 2021 13:09:31 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTP id 6C11C606C5; Fri, 21 May 2021 13:09:30 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id A4206C0022; Fri, 21 May 2021 13:09:29 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 303AAC0001 for ; Fri, 21 May 2021 13:09:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 2F1D9831A5 for ; Fri, 21 May 2021 13:09:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mh0p-o83HQ0Q for ; Fri, 21 May 2021 13:09:21 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id B753683112 for ; Fri, 21 May 2021 13:09:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1621602560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=USlvMJqrmoTfR57rTomWtEAhdmGCeCSu4Pf78R+AyQY=; b=DLauoO6/dz+HUxvgVLG3LbV3MC9F4J0VC7zHSe10nMsW1O7lGUtSOAGcGJcKUH09gtPwU4 LE/gXma1iivyeSPRJn9v63VS665ElzTJf/mRlotgSRx8QVVcAZfUYWGaIRe377uuTda4ZS hqiBQ3zVC8tGuQ63cUDyXPK9uGPziF8= Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-393-18EN2sUCM4eZfouJkxiN4g-1; Fri, 21 May 2021 09:09:17 -0400 X-MC-Unique: 18EN2sUCM4eZfouJkxiN4g-1 Received: by mail-qv1-f69.google.com with SMTP id z93-20020a0ca5e60000b02901ec19d8ff47so16837434qvz.8 for ; Fri, 21 May 2021 06:09:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=USlvMJqrmoTfR57rTomWtEAhdmGCeCSu4Pf78R+AyQY=; b=XpWF1uWd95LQdx8x8WB+9A0b5Tqlz9TkE432onHcAu1i6EjTbVQE63/nX0s50bgr1C MWSrwiVjAWuLaYeXPeW9cZtgz7qXutiu6bKbQ+EIk0nSu/oNJTPX78VWFplSsEcG1Nqj N6LqCjYHFaCaRILcZZj3pcl5X0ejJ8vNbQsNVD0Y9DGzldyKIgBSfra1dTqMIsVkYq3l GfAf/ZVAkNYP5yqdNt3Fx26LFVPdv8ZQSsAiMHPfA2nW2G2HIoflojtkDsHPuiRZI5tZ reWcN2hXYyviVp1lhV9pLYFyVDyuf1LSiwgCYLdH3S//H6aBfzYQX+rjIK8UcB7Hp0+I B6Gg== X-Gm-Message-State: AOAM532G8FMjCxUg/SEgdPXe+iYZ2c0tezVDRlcyIgyqZVnmI6cs30Ro J1qhJCsEhzqIySCJh4uvR2Qb8qvQetsWlSOkrH3mreHqY5SqN9rHuWOobYtfzH5RFymNw8b0F1P gm7z09XEkJFVh1KL0FDTsuVpSAVkKP9iDNdYoHgKQul2u8/tO/yei0hfnCVGvOb9MBcFW X-Received: by 2002:a05:620a:2114:: with SMTP id l20mr11954642qkl.51.1621602556233; Fri, 21 May 2021 06:09:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJygsvnapLlDhefUe7UmnFZZc6dN4uklLjZw3kHad96wh+PtPHtFuB8TXaSJ5mE+OfH0he5jvA== X-Received: by 2002:a05:620a:2114:: with SMTP id l20mr11954614qkl.51.1621602555990; Fri, 21 May 2021 06:09:15 -0700 (PDT) Received: from wsfd-netdev91.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id k13sm4855721qke.46.2021.05.21.06.09.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 May 2021 06:09:15 -0700 (PDT) From: Mark Gray To: dev@openvswitch.org Date: Fri, 21 May 2021 09:09:12 -0400 Message-Id: <20210521130913.2962564-2-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210521130913.2962564-1-mark.d.gray@redhat.com> References: <20210521130913.2962564-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 1/2] ovn-nb.xml: Fix typo X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Mark Gray --- ovn-nb.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ovn-nb.xml b/ovn-nb.xml index ed271d8eb3f2..cb3aef1ba881 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -2750,7 +2750,7 @@ - It true, then new traffic that arrives over this route will have + If true, then new traffic that arrives over this route will have its reply traffic bypass ECMP route selection and will be sent out this route instead. Note that this option overrides any rules set in the table. This option From patchwork Fri May 21 13:09:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1482233 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MfDn8TDX; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Fmn4x1lNrz9sSs for ; Fri, 21 May 2021 23:09:35 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 50A3D40237; Fri, 21 May 2021 13:09:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ciBtV1FuPvhl; Fri, 21 May 2021 13:09:28 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTP id DE74840175; Fri, 21 May 2021 13:09:27 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id BF2F7C000D; Fri, 21 May 2021 13:09:27 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 26F2FC0001 for ; Fri, 21 May 2021 13:09:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 16BBA83216 for ; Fri, 21 May 2021 13:09:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SEE7fBsg1y6P for ; Fri, 21 May 2021 13:09:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id F1448831A5 for ; Fri, 21 May 2021 13:09:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1621602560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lthgWWumFtMotnu7hGf84RjSstwsidjfvpoQzVSoA6Q=; b=MfDn8TDXSJti19G/hfyTWcclcTwn9qWd0Wn7x5cjvMrhidAgxP0b6uB4PTDTY+C628k+bo AsXzfbzkiMTsf5KnrABqsz7m9yvyKymlkyQjabljn0qEyeUqP8Y9UKxe+SX/4C2mz51C5P M3ZDimxFBsLfDNgJn48e8T4R6u+60Zk= Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-545-InaZJwsGPN2clGsz9D-gyg-1; Fri, 21 May 2021 09:09:19 -0400 X-MC-Unique: InaZJwsGPN2clGsz9D-gyg-1 Received: by mail-qt1-f198.google.com with SMTP id 1-20020aed31010000b029019d1c685840so15370395qtg.3 for ; Fri, 21 May 2021 06:09:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lthgWWumFtMotnu7hGf84RjSstwsidjfvpoQzVSoA6Q=; b=tYhFeYQi3I8MrE0Zdr5ih5DbvHle62DSZHJZ9NvXWNLXxp31PO4tOu7fFXyjdoTWIv xOHTTQ05XlSLkeVfurKQdh6z0qcpthPYTaY3WiqbiQ48sXE5btbgWs1vHKTbKGpdusm2 B+jPxJpTQKyyD69GyRSKrrX7UTdmfNMXTiadF7X/GbxEJ5VhVlw45KQdakyVABX4DNKH n3eCG/gnv7t0nIcULxae+fNBHuR7X35cOuDRlvQlaqM+40PFwPUWhR9z96ndzSP+RgqS 20jUlRdLyW6OyEhXYkM0sYrqRByCc84z865y8bwo4GwhNgKvy+4Aj7h1WJvFzv0O4NCQ W6bw== X-Gm-Message-State: AOAM5319Nz+r9GhLOuNVZT3tmeVNUjn2YoMrN59sDMAeuHGLYcA8iIl8 rUOir4GxxHEeJM27zOwD5EWT4bFyly6EWa5B08o7r9XJhcxlmjfTInrBKrtPxNdX6vrxZbgtkGg 9UaktvBylFy595oM13AV9ZoI2+tMS8tro7KCP2qilwRs3J234vhGjQQXkBePusktb9Jhp X-Received: by 2002:a0c:a9db:: with SMTP id c27mr12853918qvb.50.1621602557621; Fri, 21 May 2021 06:09:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxO2IiFJjPInH7iMYqXsYXy9zXyJGMDgquptqXsvnbJQhM8QyF36BigxxOaqlRXbHabo3qBng== X-Received: by 2002:a0c:a9db:: with SMTP id c27mr12853871qvb.50.1621602557263; Fri, 21 May 2021 06:09:17 -0700 (PDT) Received: from wsfd-netdev91.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id k13sm4855721qke.46.2021.05.21.06.09.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 May 2021 06:09:16 -0700 (PDT) From: Mark Gray To: dev@openvswitch.org Date: Fri, 21 May 2021 09:09:13 -0400 Message-Id: <20210521130913.2962564-3-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210521130913.2962564-1-mark.d.gray@redhat.com> References: <20210521130913.2962564-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 2/2] ovn-northd: Fix IPv6 ECMP symmetric reply flows X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When adding ECMP routes with symmetric replies, ovn-northd adds a priority 100 flow in the table "lr_in_ip_routing" which bypasses the ECMP routes for replies by using the ct.rpl field. Lower priority flows are also added in this table for each route to IPv4/6 network. These flows have a priority that is calculated by build_route_match() as a function of the length of the prefix of the route. For long prefixes the priority of these flows exceeds that of the symmetric reply flow causing unexpected behaviour. This is particularly seen with IPv6 due to the long length of IPv6 prefixes. This patch changes the priority of the symmetric reply flow to 300 which will ensure it will have a greater priority than the route flows even at the maximum prefix length of 128. This patch also adds additional tests for this condition. Reported-at: https://bugzilla.redhat.com/1959008 Fixes: 4fdca656857d ("Add ECMP symmetric replies.") Signed-off-by: Mark Gray --- v2: * Added ddlog code * Changed ECMP route prefix length in system test in order to improve test as this will catch any future accidental lowering of the reply flow priority northd/ovn-northd.8.xml | 2 +- northd/ovn-northd.c | 2 +- northd/ovn_northd.dl | 2 +- tests/ovn.at | 127 +++++++++++++++++++++++++++++++ tests/system-ovn.at | 162 ++++++++++++++++++++++++++++++++++++++++ 5 files changed, 292 insertions(+), 3 deletions(-) diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index bca9cb4f4e79..bb77689de516 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -2621,7 +2621,7 @@ icmp6 {

If ECMP routes with symmetric reply are configured in the - OVN_Northbound database for a gateway router, a priority-100 + OVN_Northbound database for a gateway router, a priority-300 flow is added for each router port on which symmetric replies are configured. The matching logic for these ports essentially reverses the configured logic of the ECMP route. So for instance, a route with a diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 7464b7fba153..08eac1208dcb 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8426,7 +8426,7 @@ add_ecmp_symmetric_reply_flows(struct hmap *lflows, out_port->lrp_networks.ea_s, IN6_IS_ADDR_V4MAPPED(&route->prefix) ? "" : "xx", port_ip, out_port->json_key); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING, 100, + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_IP_ROUTING, 300, ds_cstr(&match), ds_cstr(&actions), &st_route->header_); diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl index 5e1788351f99..29773aa43a59 100644 --- a/northd/ovn_northd.dl +++ b/northd/ovn_northd.dl @@ -6551,7 +6551,7 @@ Flow(.logical_datapath = router.lr._uuid, */ Flow(.logical_datapath = router.lr._uuid, .stage = s_ROUTER_IN_IP_ROUTING(), - .priority = 100, + .priority = 300, .__match = "${ecmp_reply} && ${route_match}", .actions = "ip.ttl--; " "flags.loopback = 1; " diff --git a/tests/ovn.at b/tests/ovn.at index dcf3e0e09164..4220eb0f2c6f 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -22982,6 +22982,133 @@ OVN_CLEANUP([hv1], [hv2]) AT_CLEANUP ]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- Symmetric IPv6 ECMP reply flows]) +ovn_start + +net_add n1 +sim_add hv1 +as hv1 +check ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.1 + +sim_add hv2 +as hv2 +check ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.2 + +# Logical network +# +# ls1 \ +# \ +# DR -- join -- GW -- ext +# / +# ls2 / +# +# ls1 and ls2 are internal switches connected to distributed router +# DR. DR is then connected via a join switch to gateway router GW. +# GW is then connected to external switch ext. In real life, this +# would likely have a localnet port, but for the purposes of this test +# it is unnecessary. + +ovn-nbctl create Logical_Router name=DR +gw_uuid=$(ovn-nbctl create Logical_Router name=GW) + +check ovn-nbctl ls-add ls1 +check ovn-nbctl ls-add ls2 +check ovn-nbctl ls-add join +check ovn-nbctl ls-add ext + +# Connect ls1 to DR +check ovn-nbctl lrp-add DR dr-ls1 00:00:01:01:02:03 1001::1/64 +check ovn-nbctl lsp-add ls1 ls1-dr -- set Logical_Switch_Port ls1-dr \ + type=router options:router-port=dr-ls1 addresses='"00:00:01:01:02:03"' + +# Connect ls2 to DR +check ovn-nbctl lrp-add DR dr-ls2 00:00:01:01:02:04 1001::2/64 +check ovn-nbctl lsp-add ls2 ls2-dr -- set Logical_Switch_Port ls2-dr \ + type=router options:router-port=dr-ls2 addresses='"00:00:01:01:02:04"' + +# Connect join to DR +check ovn-nbctl lrp-add DR dr-join 00:00:02:01:02:03 2001::1/64 +check ovn-nbctl lsp-add join join-dr -- set Logical_Switch_Port join-dr \ + type=router options:router-port=dr-join addresses='"00:00:02:01:02:03"' + +# Connect join to GW +check ovn-nbctl lrp-add GW gw-join 00:00:02:01:02:04 2001::2/64 +check ovn-nbctl lsp-add join join-gw -- set Logical_Switch_Port join-gw \ + type=router options:router-port=gw-join addresses='"00:00:02:01:02:04"' + +# Connect ext to GW +check ovn-nbctl lrp-add GW gw-ext 00:00:03:01:02:03 7001::1/64 +check ovn-nbctl lsp-add ext ext-gw -- set Logical_Switch_Port ext-gw \ + type=router options:router-port=gw-ext addresses='"00:00:03:01:02:03"' + +check ovn-nbctl lr-route-add GW 1001::/64 2001::1 +check ovn-nbctl --policy="src-ip" lr-route-add DR 1001::0/64 2001::2 + +# Now add some ECMP routes to the GW router. +check ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add GW 1001::/64 7001::2 +check ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add GW 1001::/64 7001::3 + +wait_for_ports_up +check ovn-nbctl --wait=hv sync + +# Ensure ECMP symmetric reply flows are not present on any hypervisor. +AT_CHECK([ + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=15 | \ + grep "priority=100" | \ + grep "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))" -c) +]) +AT_CHECK([ + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=21 | \ + grep "priority=200" | \ + grep "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]" -c) +]) + +AT_CHECK([ + test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=15 | \ + grep "priority=100" | \ + grep "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))" -c) +]) +AT_CHECK([ + test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=21 | \ + grep "priority=200" | \ + grep "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]" -c) +]) + +# Now make GW a gateway router on hv1 +ovn-nbctl set Logical_Router $gw_uuid options:chassis=hv1 +ovn-nbctl --wait=hv sync + +# And ensure that ECMP symmetric reply flows are present only on hv1 +as hv1 ovs-ofctl dump-flows br-int > hv1flows +AT_CAPTURE_FILE([hv1flows]) +as hv2 ovs-ofctl dump-flows br-int > hv2flows +AT_CAPTURE_FILE([hv2flows]) + +AT_CHECK([ + for hv in 1 2; do + grep table=15 hv${hv}flows | \ + grep "priority=100" | \ + grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))" + + grep table=22 hv${hv}flows | \ + grep "priority=200" | \ + grep -c "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]" + done; :], [0], [dnl +1 +1 +0 +0 +]) + +OVN_CLEANUP([hv1], [hv2]) +AT_CLEANUP +]) + + + OVN_FOR_EACH_NORTHD([ # Test option:dynamic_neigh_routers. No static neighbor flows when enabled, and # traffic should still work, with the help of dynamic mac_bindings. diff --git a/tests/system-ovn.at b/tests/system-ovn.at index adc087b8d4b1..76fc21c87ec9 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -5537,6 +5537,168 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d AT_CLEANUP ]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ovn -- ECMP IPv6 symmetric reply]) +AT_KEYWORDS([ecmp]) + +CHECK_CONNTRACK() +ovn_start + +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-int]) + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Logical network: +# Alice is connected to gateway router R1. R1 is connected to two "external" +# routers, R2 and R3 via an "ext" switch. +# Bob is connected to both R2 and R3. R1 contains two ECMP routes, one through R2 +# and one through R3, to Bob. +# +# alice -- R1 -- ext ---- R2 +# | \ +# | bob +# | / +# + ----- R3 +# +# For this test, Bob sends request traffic through R2 to Alice. We want to ensure that +# all response traffic from Alice is routed through R2 as well. + +ovn-nbctl create Logical_Router name=R1 options:chassis=hv1 +ovn-nbctl create Logical_Router name=R2 +ovn-nbctl create Logical_Router name=R3 + +ovn-nbctl ls-add alice +ovn-nbctl ls-add bob +ovn-nbctl ls-add ext + +# connect alice to R1 +ovn-nbctl lrp-add R1 alice 00:00:01:01:02:03 fd01::1/64 +ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \ + type=router options:router-port=alice addresses='"00:00:01:01:02:03"' + +# connect bob to R2 +ovn-nbctl lrp-add R2 R2_bob 00:00:02:01:02:03 fd07::2/64 +ovn-nbctl lsp-add bob rp2-bob -- set Logical_Switch_Port rp2-bob \ + type=router options:router-port=R2_bob addresses='"00:00:02:01:02:03"' + +# connect bob to R3 +ovn-nbctl lrp-add R3 R3_bob 00:00:02:01:02:04 fd07::3/64 +ovn-nbctl lsp-add bob rp3-bob -- set Logical_Switch_Port rp3-bob \ + type=router options:router-port=R3_bob addresses='"00:00:02:01:02:04"' + +# Connect R1 to ext +ovn-nbctl lrp-add R1 R1_ext 00:00:04:01:02:03 fd02::1/64 +ovn-nbctl lsp-add ext r1-ext -- set Logical_Switch_Port r1-ext \ + type=router options:router-port=R1_ext addresses='"00:00:04:01:02:03"' + +# Connect R2 to ext +ovn-nbctl lrp-add R2 R2_ext 00:00:04:01:02:04 fd02::2/64 +ovn-nbctl lsp-add ext r2-ext -- set Logical_Switch_Port r2-ext \ + type=router options:router-port=R2_ext addresses='"00:00:04:01:02:04"' + +# Connect R3 to ext +ovn-nbctl lrp-add R3 R3_ext 00:00:04:01:02:05 fd02::3/64 +ovn-nbctl lsp-add ext r3-ext -- set Logical_Switch_Port r3-ext \ + type=router options:router-port=R3_ext addresses='"00:00:04:01:02:05"' + +# Install ECMP routes for alice. +ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add R1 fd01::/126 fd02::2 +ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add R1 fd01::/126 fd02::3 + +# Static Routes +ovn-nbctl lr-route-add R2 fd01::/64 fd02::1 +ovn-nbctl lr-route-add R3 fd01::/64 fd02::1 + +# Logical port 'alice1' in switch 'alice'. +ADD_NAMESPACES(alice1) +ADD_VETH(alice1, alice1, br-int, "fd01::2/64", "f0:00:00:01:02:04", \ + "fd01::1") +OVS_WAIT_UNTIL([test "$(ip netns exec alice1 ip a | grep fd01::2 | grep tentative)" = ""]) +ovn-nbctl lsp-add alice alice1 \ +-- lsp-set-addresses alice1 "f0:00:00:01:02:04 fd01::2" + +# Logical port 'bob1' in switch 'bob'. +ADD_NAMESPACES(bob1) +ADD_VETH(bob1, bob1, br-int, "fd07::1/64", "f0:00:00:01:02:06", \ + "fd07::2") +OVS_WAIT_UNTIL([test "$(ip netns exec bob1 ip a | grep fd07::1 | grep tentative)" = ""]) +ovn-nbctl lsp-add bob bob1 \ +-- lsp-set-addresses bob1 "f0:00:00:01:02:06 fd07::1" + +# Ensure ovn-controller is caught up +ovn-nbctl --wait=hv sync + +on_exit 'ovs-ofctl dump-flows br-int' + +# Later in this test we will check for a datapath flow that matches: +# "ct_state(+new-est-rpl+trk).*ct(.*label=0x200000401020400000000/.*)". Due +# to the way OVS generates datapath flows with wildcards, ICMPv6 NS flows will +# evict this datapath flow. In order to ensure that the flow does not +# get evicted, we send one ping packet in order to carry out neighbor +# discovery. We then flush the datpath to remove the NS flows so that the flow +# "ct_state(+new-est-rpl+trk).*ct(.*label=0x200000401020400000000/.*)" will +# be present when we check for it. +NS_CHECK_EXEC([bob1], [ping -q -c 2 -i 0.3 -w 15 fd01::2 | FORMAT_PING], \ +[0], [dnl +2 packets transmitted, 2 received, 0% packet loss, time 0ms +]) +ovs-appctl dpctl/del-flows + +# 'bob1' should be able to ping 'alice1' directly. +NS_CHECK_EXEC([bob1], [ping -q -c 20 -i 0.3 -w 15 fd01::2 | FORMAT_PING], \ +[0], [dnl +20 packets transmitted, 20 received, 0% packet loss, time 0ms +]) + +# Ensure conntrack entry is present. We should not try to predict +# the tunnel key for the output port, so we strip it from the labels +# and just ensure that the known ethernet address is present. +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd01::2) | \ +sed -e 's/zone=[[0-9]]*/zone=/' | +sed -e 's/labels=0x[[0-9a-f]]*00000401020400000000/labels=0x00000401020400000000/'], [0], [dnl +icmpv6,orig=(src=fd07::1,dst=fd01::2,id=,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=,type=129,code=0),zone=,labels=0x00000401020400000000 +]) + +# Ensure datapaths show conntrack states as expected +# Like with conntrack entries, we shouldn't try to predict +# port binding tunnel keys. So omit them from expected labels. +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk).*ct(.*label=0x200000401020400000000/.*)' -c], [0], [dnl +1 +]) +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk).*ct_label(0x.*00000401020400000000/.*)' -c], [0], [dnl +1 +]) + +ovs-ofctl dump-flows br-int + +OVS_APP_EXIT_AND_WAIT([ovn-controller]) + +as ovn-sb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as ovn-nb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as northd +OVS_APP_EXIT_AND_WAIT([ovn-northd]) + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d +/connection dropped.*/d"]) + +AT_CLEANUP +]) + OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn -- controller I-P handling when ovs iface ofport is -1])