From patchwork Fri Jun 25 05:49:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: miter X-Patchwork-Id: 1496909 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=outlook.com header.i=@outlook.com header.a=rsa-sha256 header.s=selector1 header.b=SH0CsNs+; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GB5gD58Dzz9sWc for ; Fri, 25 Jun 2021 15:49:44 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id D1582415A4; Fri, 25 Jun 2021 05:49:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAHfpebH6EWJ; Fri, 25 Jun 2021 05:49:40 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 84A35405D5; Fri, 25 Jun 2021 05:49:39 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4E851C001A; Fri, 25 Jun 2021 05:49:39 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 04B0CC0010 for ; Fri, 25 Jun 2021 05:49:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id C86BD400EC for ; Fri, 25 Jun 2021 05:49:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JUGzK9GYaSW3 for ; Fri, 25 Jun 2021 05:49:35 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01olkn2159.outbound.protection.outlook.com [40.92.63.159]) by smtp2.osuosl.org (Postfix) with ESMTPS id 03DC340184 for ; Fri, 25 Jun 2021 05:49:34 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PKTkZZrnywTsbuIoj+n8BSkVfFgopSvMMwYKnOuntN966TswCb7Ev4wseBYDLVb71Q3Woqyi4hBxo4yqASzZ3O5/5BT7n5rqSBNI/Qw0uRLgppLuTrg8E0ywZPg06IRSYJNd4GluAMkrc0jzp+8EOo3QvxzJ+hONnC3AdUHw3Y3Iv4jOxFS8PvAiz5wuvM2kMoRVlb+CoAJHL18KlOugb+DG8ipf5pPHgvuF8CVqiL2V55OYtkmIkgDudUGyt8aC7AU+3ZEvFvte0KmkR+QPYOLHjI010XFNMLDkWtwv5hYhjqYJAzPITXvDn5n8XTI4L7m7dH8qAK6Pe2L7rydiMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TpNmgDyOlyZZNb9RgvXJaN8+60MQ+6b7GGOnuESDVSE=; b=QrrkprA+33mTcm6IjnwUkx3zJOcO9ISI22tSIJDRSMOr9cYXeIdr44O5byZaS48TSxUwK2HBv+zTKHY1EY9mlXOugNVRbXF2T3R7gvsgRuUEip+xouQvXsqfaEbk/pll1KIrA1xhFl11fJpid9p/vp8/3ilbRbEEYYdcyBVnkCne/zk//l5kGoPLg5ubibbpsKobaheIt0JKfBkxtW7RloOeisIa40qpxLZLNvbFQBfJvCAyAg0tTiWzgN9GVMT8K7y5rc0i4/sk1Kkd5UJK4a0bATsIhyiWeeQN6csQqhWhItZW2cwmBulmvJSpWddQdC+47aX45D4KHc1JCsvRyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TpNmgDyOlyZZNb9RgvXJaN8+60MQ+6b7GGOnuESDVSE=; b=SH0CsNs+64Hobu1g1qqwB+Oe+ulRJwuiXt3o3YcWhWPIJswqhmmZyTIp/H3rtUAnopWXlZ+YeKIqUKTyNgYO12ql64rS6DPeHEs1xhCTDbOg5G0M+ebnup9FsTdGM2rPzOOFlNKRdWNgc3VafjM4bWf4cTLhmE15R//U9rrzkQqMIHrHQZosJljiFCPT8GoJuxMJojCY46K5rAU6EHOe9xUCtNoA0jm+jQOVNtl/auxoZcrYDKm30oJoU6Fu79n9FDrh2e6E6AAmLYvGgskLUzFl/iD74w4Fw7z5/AbTCv/w8uEKb2PWji0LPgKiQeNT4QsaYSlfhvHXSSNxMQp1xA== Received: from MEYP282MB3302.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:15b::24) by ME3P282MB3265.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:147::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20; Fri, 25 Jun 2021 05:49:29 +0000 Received: from MEYP282MB3302.AUSP282.PROD.OUTLOOK.COM ([fe80::dd71:a32a:32de:975]) by MEYP282MB3302.AUSP282.PROD.OUTLOOK.COM ([fe80::dd71:a32a:32de:975%7]) with mapi id 15.20.4264.023; Fri, 25 Jun 2021 05:49:28 +0000 Date: Fri, 25 Jun 2021 13:49:25 +0800 From: "miterv@outlook.com" To: dev References: <202106242100348378002@outlook.com>, X-GUID: 3FE8FAD6-F2BA-4C7D-AC74-87539314A43E X-Has-Attach: no X-Mailer: Foxmail 7.2.18.95[cn] Message-ID: X-TMN: [qSatgU3OZsfLcKjuTix6LWojIoWaS99b] X-ClientProxiedBy: HK0PR01CA0054.apcprd01.prod.exchangelabs.com (2603:1096:203:a6::18) To MEYP282MB3302.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:15b::24) X-Microsoft-Original-Message-ID: <202106251330022615463@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from DESKTOP-NHO3ML7 (112.49.37.48) by HK0PR01CA0054.apcprd01.prod.exchangelabs.com (2603:1096:203:a6::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Fri, 25 Jun 2021 05:49:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1ca7d6ec-5484-441b-94e4-08d9379cfe9b X-MS-TrafficTypeDiagnostic: ME3P282MB3265: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nspYaiFiLVqa5VPycnIrWaBqbSXzkAzV4cbphHZbltqedfWM/XICoBteRsZMsWkSvWlreOW8Z8kkc8vlG5u3ipKOslWVBt77cVx3SeENyaoJX/p+s8haq0zRDtQvHzLvge1e+guBos3rrbZSPgfen5W7jTvmSpOasnOZt9oTuU7T7U74nDKQD4d5ejaVEMmSPZy1aSzj8NNVoxbLGvGS5Mu5q5bFdhEP/Ys5TABrPFizL8TrAlUb5UOjeVk8Xj/XLiDRas5shINRF1eHVAJipyhzI37BXiXdFvUGHifdwZ+xNJdIoOyk18krMbL/4g+FmphadRcScRRjy+xQkfO71kXgcUP6dkgc0cqguXCivl6o8OHmzh9OngX1efBjxd/hia/nBjFhg69v994PpCZSGr6nnnz6x9jD08mkMl35bL6hA+AyG9R2nRzXHwRye8ps X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: b1Zeazkpq0pmo2jH1ae8r9qzbvEJdoORGaksQMun6CJ8AZs8R1ZOlIKbfDp8KuxlQ5wbegUngbtqq821Dkq/Q6oA0m3NPuNs52nGJSv49Htl716GjMrEeisNq9ca0BNtedUFFVPO9sK1/gTb/EnNaA== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1ca7d6ec-5484-441b-94e4-08d9379cfe9b X-MS-Exchange-CrossTenant-AuthSource: MEYP282MB3302.AUSP282.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2021 05:49:27.9852 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3P282MB3265 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [ovs-dev] =?eucgb2312_cn?b?u9i4tDogW1BBVENIIHYxXSBvZnByb3RvLWRwaWYteGxh?= =?eucgb2312_cn?b?dGU6IFVzaW5nIG91dHB1dCBuZXRkZXYncyBpcCBhcyB0dW5uZWwgYXJwL25kIHJl?= =?eucgb2312_cn?b?cXVlc3QgaXA=?= X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" If VXLAN tunnel's source ip and the output_bridge netdev's ip are not on the same subnet, tnl_send_arp_request() will use tunnel's source ip as arp/nd sender not the output netdev's ip. This lead to address resolution (i.e., IPv4 ARP and IPv6 ND) scaling issues. OVS unable to get gateway address information. For example, OVS vxlan tunnel source ip is 2.2.2.2. The output_bridge netdev's ip is 1.1.1.1. The ToR gateway ip is 1.1.1.2. After we sending packets into this tunnel, tnl_send_arp_request() will send arp/nd request which sender ip is 2.2.2.2 not the 1.1.1.1. That is arp/nd gateway learning failed, no packets will be encapped in vxlan tunnel. This patch fix it using the output_bridge netdev's ip as arp/nd request ip. Signed-off-by: Lin Huang --- lib/ovs-router.c | 2 +- ofproto/ofproto-dpif-xlate.c | 31 ++++++++++++++++++++++++++----- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/lib/ovs-router.c b/lib/ovs-router.c index 09b81c6e5..3f9a72153 100644 --- a/lib/ovs-router.c +++ b/lib/ovs-router.c @@ -132,7 +132,7 @@ ovs_router_lookup(uint32_t mark, const struct in6_addr *ip6_dst, ovs_strlcpy(output_bridge, p->output_bridge, IFNAMSIZ); *gw = p->gw; - if (src && !ipv6_addr_is_set(src)) { + if (src) { *src = p->src_addr; } return true; diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index a6f4ea334..36253379d 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -3603,9 +3603,10 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, struct netdev_tnl_build_header_params tnl_params; struct ovs_action_push_tnl tnl_push_data; struct xport *out_dev = NULL; - ovs_be32 s_ip = 0, d_ip = 0; + ovs_be32 s_ip = 0, d_ip = 0, o_ip = 0; struct in6_addr s_ip6 = in6addr_any; struct in6_addr d_ip6 = in6addr_any; + struct in6_addr o_ip6 = in6addr_any; struct eth_addr smac; struct eth_addr dmac; int err; @@ -3627,7 +3628,14 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, in6_addr_set_mapped_ipv4(&s_ip6, flow->tunnel.ip_src); } - err = tnl_route_lookup_flow(ctx, flow, &d_ip6, &s_ip6, &out_dev); + if (!ipv6_addr_is_set(&s_ip6)) { + err = tnl_route_lookup_flow(ctx, flow, &d_ip6, &s_ip6, &out_dev); + } else { + /* o_ip6/o_ip means the output_bridge netdev's ip. */ + o_ip6 = s_ip6; + err = tnl_route_lookup_flow(ctx, flow, &d_ip6, &o_ip6, &out_dev); + } + if (err) { xlate_report(ctx, OFT_WARN, "native tunnel routing failed"); return err; @@ -3648,6 +3656,7 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, d_ip = in6_addr_get_mapped_ipv4(&d_ip6); if (d_ip) { s_ip = in6_addr_get_mapped_ipv4(&s_ip6); + o_ip = in6_addr_get_mapped_ipv4(&o_ip6); } err = tnl_neigh_lookup(out_dev->xbridge->name, &d_ip6, &dmac); @@ -3656,10 +3665,22 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, "neighbor cache miss for %s on bridge %s, " "sending %s request", buf_dip6, out_dev->xbridge->name, d_ip ? "ARP" : "ND"); - if (d_ip) { - tnl_send_arp_request(ctx, out_dev, smac, s_ip, d_ip); + if (!ipv6_addr_is_set(&o_ip6) || ipv6_addr_equals(&o_ip6, &s_ip6)) { + if (d_ip) { + tnl_send_arp_request(ctx, out_dev, smac, s_ip, d_ip); + } else { + tnl_send_nd_request(ctx, out_dev, smac, &s_ip6, &d_ip6); + } } else { - tnl_send_nd_request(ctx, out_dev, smac, &s_ip6, &d_ip6); + /* + * s_ip and d_ip is not on the same subnet, we need to using + * output_bridge netdev's ip as the arp sender or nd sender. + */ + if (o_ip) { + tnl_send_arp_request(ctx, out_dev, smac, o_ip, d_ip); + } else { + tnl_send_nd_request(ctx, out_dev, smac, &o_ip6, &d_ip6); + } } return err; } -- 2.12.2 发件人: lin huang 发送时间: 2021-06-24 21:09 收件人: dev@openvswitch.org 主题: [PATCH] ofproto-dpif-xlate: Using output netdev's ip as tunnel arp/nd request ip If VXLAN tunnel's source ip and the output_bridge netdev's ip are not on the same subnet, tnl_send_arp_request() will use tunnel's source ip as arp/nd sender not the output netdev's ip. This lead to address resolution (i.e., IPv4 ARP and IPv6 ND) scaling issues. OVS unable to get gateway address information. For example, OVS vxlan tunnel source ip is 2.2.2.2. The output_bridge netdev's ip is 1.1.1.1. The ToR gateway ip is 1.1.1.2. After we sending packets into this tunnel, tnl_send_arp_request() will send arp/nd request which sender ip is 2.2.2.2 not the 1.1.1.1. That is arp/nd gateway learning failed, no packets will be encapped in vxlan tunnel. This patch fix it using the output_bridge netdev's ip as arp/nd request ip. Signed-off-by: Lin Huang --- lib/ovs-router.c | 2 +- ofproto/ofproto-dpif-xlate.c | 31 ++++++++++++++++++++++++++----- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/lib/ovs-router.c b/lib/ovs-router.c index 09b81c6e5..3f9a72153 100644 --- a/lib/ovs-router.c +++ b/lib/ovs-router.c @@ -132,7 +132,7 @@ ovs_router_lookup(uint32_t mark, const struct in6_addr *ip6_dst, ovs_strlcpy(output_bridge, p->output_bridge, IFNAMSIZ); *gw = p->gw; - if (src && !ipv6_addr_is_set(src)) { + if (src) { *src = p->src_addr; } return true; diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index a6f4ea334..4009fd0f9 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -3603,9 +3603,10 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, struct netdev_tnl_build_header_params tnl_params; struct ovs_action_push_tnl tnl_push_data; struct xport *out_dev = NULL; - ovs_be32 s_ip = 0, d_ip = 0; + ovs_be32 s_ip = 0, d_ip = 0, o_ip = 0; struct in6_addr s_ip6 = in6addr_any; struct in6_addr d_ip6 = in6addr_any; + struct in6_addr o_ip6 = in6addr_any; struct eth_addr smac; struct eth_addr dmac; int err; @@ -3627,7 +3628,14 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, in6_addr_set_mapped_ipv4(&s_ip6, flow->tunnel.ip_src); } - err = tnl_route_lookup_flow(ctx, flow, &d_ip6, &s_ip6, &out_dev); + if (!ipv6_addr_is_set(&s_ip6)) { + err = tnl_route_lookup_flow(ctx, flow, &d_ip6, &s_ip6, &out_dev); + } else { + /* o_ip6/o_ip means the output_bridge netdev's ip. */ + o_ip6 = s_ip6; + err = tnl_route_lookup_flow(ctx, flow, &d_ip6, &o_ip6, &out_dev); + } + if (err) { xlate_report(ctx, OFT_WARN, "native tunnel routing failed"); return err; @@ -3648,6 +3656,7 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, d_ip = in6_addr_get_mapped_ipv4(&d_ip6); if (d_ip) { s_ip = in6_addr_get_mapped_ipv4(&s_ip6); + o_ip = in6_addr_get_mapped_ipv4(&o_ip6); } err = tnl_neigh_lookup(out_dev->xbridge->name, &d_ip6, &dmac); @@ -3656,10 +3665,22 @@ native_tunnel_output(struct xlate_ctx *ctx, const struct xport *xport, "neighbor cache miss for %s on bridge %s, " "sending %s request", buf_dip6, out_dev->xbridge->name, d_ip ? "ARP" : "ND"); - if (d_ip) { - tnl_send_arp_request(ctx, out_dev, smac, s_ip, d_ip); + if (!ipv6_addr_is_set(&o_ip6) || ipv6_addr_equals(&o_ip6, &s_ip6)) { + if (d_ip) { + tnl_send_arp_request(ctx, out_dev, smac, s_ip, d_ip); + } else { + tnl_send_nd_request(ctx, out_dev, smac, &s_ip6, &d_ip6); + } } else { - tnl_send_nd_request(ctx, out_dev, smac, &s_ip6, &d_ip6); + /* + * s_ip and d_ip is not on the same subnet, we need to using + * output_bridge netdev's ip as the arp sender or nd sender. + */ + if (local_ip) { + tnl_send_arp_request(ctx, out_dev, smac, o_ip, d_ip); + } else { + tnl_send_nd_request(ctx, out_dev, smac, &o_ip6, &d_ip6); + } } return err; }