From patchwork Fri Jul 2 17:15:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1500196 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=FCygKpdy; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGhZM4WZ4z9sS8 for ; Sat, 3 Jul 2021 03:16:27 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C4C04423E9; Fri, 2 Jul 2021 17:16:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izvQJn9APo5Q; Fri, 2 Jul 2021 17:16:22 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id DBEC642377; Fri, 2 Jul 2021 17:16:21 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8F12CC001B; Fri, 2 Jul 2021 17:16:21 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id E2448C000E for ; Fri, 2 Jul 2021 17:16:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id C497360ABD for ; Fri, 2 Jul 2021 17:16:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp3.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEQ6XJ3kokUj for ; Fri, 2 Jul 2021 17:16:18 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 7C7E8606D5 for ; Fri, 2 Jul 2021 17:16:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625246177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MDgmAsD4UaWsfq763iHQ8yjISUj7FGjK0S3VjHe7Wo8=; b=FCygKpdy1Tz446WThn7MK7JMF3VJv78RFg+eJpXWeSTMGm2qMhfdwot4nbR4L8x1cA50Qn 8dk2bIHwWCSE4X2ID61oyd+Sf8cib9cVTrN9IYNjPIQmz+7Y1Z/pcfCT0q9uiY3J5hRDsq DvFcNYQe6+20/cxfc4jxgivTkMgBjW8= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-544-03du4iEyMi-DYXiY9-E8Cg-1; Fri, 02 Jul 2021 13:16:16 -0400 X-MC-Unique: 03du4iEyMi-DYXiY9-E8Cg-1 Received: by mail-ed1-f71.google.com with SMTP id f20-20020a0564020054b0290395573bbc17so5369311edu.19 for ; Fri, 02 Jul 2021 10:16:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MDgmAsD4UaWsfq763iHQ8yjISUj7FGjK0S3VjHe7Wo8=; b=JI2HFgVFta2X9vH2YBKglj++H04i3eAOxrAPNQ45nyDI1UMVPWeVIVZmdxaR1vhoFz rgQqwujOBtNH9wovUTFqxflVEAen4j4a6/EpssxVCxaCDc4maOtbHgMmF4G27KX9A4TY C+ONLJOXbSedyDK2HO+yoSTnVqO/JDoWmCJYVzVq8usIadS6DyXZnMwUgukSrdv/g/a1 7xufnIbmzghs+B94hGEJayCQmJagEXuXTcSyPaM+meCR0nxMByy2VQKgsaFXCYgNgaaV OJahFcaiyWktk8sO0T+p27UJjy+y9lHPno2oRqL0kiz88L5a+s6bJ+VSY8Yw85umZ4oj +9kw== X-Gm-Message-State: AOAM5336ZAR1/lf1KQtR29/jLcNKzaCOetGDvRyLd9FPM9Y5W49isKYj IQD67K9VfehrFuFBQETCZmAonzqThRSNL3zip9Uo4bGf5HjQDJyMN7JA3un53FEN2hCtoNoxh9l fDEnU0yCuYHZrPcJSTNz6Yf+5KiLIpF6xJgZ6ENCrHo5uQK+3u95lnBEThr3d1tRaI0mldzT6P6 8= X-Received: by 2002:a05:6402:42cb:: with SMTP id i11mr719215edc.56.1625246175184; Fri, 02 Jul 2021 10:16:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzS+FtcBmWzZoax3X347wQlfub0BeIhzx7apc/XmqnOHihrQRkpyE9YzmcfRvqvESY4qBuAAA== X-Received: by 2002:a05:6402:42cb:: with SMTP id i11mr719184edc.56.1625246174970; Fri, 02 Jul 2021 10:16:14 -0700 (PDT) Received: from lore-desk.redhat.com (net-130-25-105-72.cust.vodafonedsl.it. [130.25.105.72]) by smtp.gmail.com with ESMTPSA id i4sm1591685edt.34.2021.07.02.10.16.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 10:16:14 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 2 Jul 2021 19:15:58 +0200 Message-Id: <8e2363e8815c5352e78a478f7093a5911f74ae93.1625246009.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH v4 ovn 1/8] northd: move snat_type out of vip loop X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Move snat_type out of vip loop in build_lrouter_lb_flows() since there is not vip dependency Acked-by: Dumitru Ceara Signed-off-by: Lorenzo Bianconi --- northd/ovn-northd.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 83746f4ab..ccc3470bb 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8867,10 +8867,13 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, ovn_northd_lb_find(lbs, &nb_lb->header_.uuid); ovs_assert(lb); - bool lb_skip_snat = smap_get_bool(&nb_lb->options, "skip_snat", false); - if (lb_skip_snat) { + enum lb_snat_type snat_type = NO_FORCE_SNAT; + if (smap_get_bool(&nb_lb->options, "skip_snat", false)) { ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, 120, "flags.skip_snat_for_lb == 1 && ip", "next;"); + snat_type = SKIP_SNAT; + } else if (lb_force_snat_ip || od->lb_force_snat_router_ip) { + snat_type = FORCE_SNAT; } for (size_t j = 0; j < lb->n_vips; j++) { @@ -8934,13 +8937,6 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, ds_put_format(match, " && is_chassis_resident(%s)", od->l3redirect_port->json_key); } - - enum lb_snat_type snat_type = NO_FORCE_SNAT; - if (lb_skip_snat) { - snat_type = SKIP_SNAT; - } else if (lb_force_snat_ip || od->lb_force_snat_router_ip) { - snat_type = FORCE_SNAT; - } add_router_lb_flow(lflows, od, match, actions, prio, snat_type, lb_vip, proto, nb_lb, meter_groups, nat_entries); From patchwork Fri Jul 2 17:15:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1500195 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=bkuTfDbi; dkim-atps=neutral Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGhZN4dqyz9sT6 for ; Sat, 3 Jul 2021 03:16:28 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 40B9160BC6; Fri, 2 Jul 2021 17:16:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQuXtl3KPUkZ; Fri, 2 Jul 2021 17:16:25 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 4ABBA60BA2; Fri, 2 Jul 2021 17:16:24 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 85960C0025; Fri, 2 Jul 2021 17:16:22 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id A0ADEC000E for ; Fri, 2 Jul 2021 17:16:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 838D260ABD for ; Fri, 2 Jul 2021 17:16:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JZA1SkVp0QDz for ; Fri, 2 Jul 2021 17:16:19 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 3880C60782 for ; Fri, 2 Jul 2021 17:16:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625246178; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0EZOpwNU/Qn2Fbm2d3ih1JHuk2xAsyJd7T+PU+DfM90=; b=bkuTfDbi5H328vBULx8/bUbrjPYu0wlz5m7FPH/NZAVg1aIrCDoAUhKK+rPAPdeyK1YEYc XcEX2gX9KyVL2GsA0dbZ24ELM6s8D2ZDHXOuZXHehGwZPwAybAbTrq4ATuPCky1B58yyMO IcoEZU17vIzlhlF0sRwk5M23FrO48Wc= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-554-Vbu3n83FO4qH2ItVyglsNQ-1; Fri, 02 Jul 2021 13:16:17 -0400 X-MC-Unique: Vbu3n83FO4qH2ItVyglsNQ-1 Received: by mail-ed1-f72.google.com with SMTP id f20-20020a0564020054b0290395573bbc17so5369343edu.19 for ; Fri, 02 Jul 2021 10:16:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0EZOpwNU/Qn2Fbm2d3ih1JHuk2xAsyJd7T+PU+DfM90=; b=IIdW0HuwbUq3kglXaVZCQV5Bn8sF6EduJzATfnrBOi4XnXpUDI8mgRdFxcPipgILw8 Afn7OvmISe+hCQub6XJaBG59++Dbzm28BqSLF7HZdG059XYF/QIKe8ufbBRLoSkPCq1q wPQ0yMi+xY9b9P0xT70Gf1hDA5c7Zyn4+DO2pf5wsvs84n3SfWinZZJ3j+SS4+kKvUm1 t1l8qK7jA4Wyl6WjD2O+2dJ2W/2hvQVwlTgl9IRDV+2tcz0Liv9SGlO3uP4dNhU9qxkB L4eWIzPtee0JYtDqhEmUKQjQgQom2Kp5GvX64160vqrrb4i8bjuS9vhZUNf4sn9VOYly zSnw== X-Gm-Message-State: AOAM532sMRA0AgCdwHveODNF/yjqAs2yr7HgS6VAPcG2ufEZj5oMWbL6 IrOZF1wULsuXC3NP7BxPWZV4psrO8rXl70IRA98k6Y3hsHiijAxVA7UC3Jog++A+C1DML37Nr5K d8vJtt3UPPyH7OGSO362kFylnqMTuqop9M2BXJXkgesgBNms8cEd5iqd4sm2fgf7CBCJbnVcqm/ 4= X-Received: by 2002:a05:6402:313b:: with SMTP id dd27mr657809edb.85.1625246175977; Fri, 02 Jul 2021 10:16:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzqRdgZOfZRNo7HICAwFYkUROwKYq54mrPd/2EVvKNubNC48aPldvv5IteaBcFwWRZEGba3xA== X-Received: by 2002:a05:6402:313b:: with SMTP id dd27mr657782edb.85.1625246175743; Fri, 02 Jul 2021 10:16:15 -0700 (PDT) Received: from lore-desk.redhat.com (net-130-25-105-72.cust.vodafonedsl.it. [130.25.105.72]) by smtp.gmail.com with ESMTPSA id i4sm1591685edt.34.2021.07.02.10.16.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 10:16:15 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 2 Jul 2021 19:15:59 +0200 Message-Id: <16295863c98141a5c3e7e2e465faf878aba06972.1625246009.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH v4 ovn 2/8] lib: link logical {routers, switches} assigned for the same lb X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" add logical {routers,switches} datapath references in ovn_northd_lb data structure. This is a preliminary patch to invert the logic used during the lb flow creation in order to visit lb first and then related datapath. Signed-off-by: Lorenzo Bianconi Acked-by: Dumitru Ceara --- lib/lb.c | 23 +++++++++++++++++------ lib/lb.h | 16 +++++++++++----- northd/ovn-northd.c | 34 ++++++++++++++++++++++++++++------ 3 files changed, 56 insertions(+), 17 deletions(-) diff --git a/lib/lb.c b/lib/lb.c index 4cb46b346..bb8f8e139 100644 --- a/lib/lb.c +++ b/lib/lb.c @@ -236,13 +236,23 @@ ovn_northd_lb_find(struct hmap *lbs, const struct uuid *uuid) } void -ovn_northd_lb_add_datapath(struct ovn_northd_lb *lb, - const struct sbrec_datapath_binding *sb) +ovn_northd_lb_add_lr(struct ovn_northd_lb *lb, struct ovn_datapath *od) { - if (lb->n_allocated_dps == lb->n_dps) { - lb->dps = x2nrealloc(lb->dps, &lb->n_allocated_dps, sizeof *lb->dps); + if (lb->n_allocated_nb_lr == lb->n_nb_lr) { + lb->nb_lr = x2nrealloc(lb->nb_lr, &lb->n_allocated_nb_lr, + sizeof *lb->nb_lr); } - lb->dps[lb->n_dps++] = sb; + lb->nb_lr[lb->n_nb_lr++] = od; +} + +void +ovn_northd_lb_add_ls(struct ovn_northd_lb *lb, struct ovn_datapath *od) +{ + if (lb->n_allocated_nb_ls == lb->n_nb_ls) { + lb->nb_ls = x2nrealloc(lb->nb_ls, &lb->n_allocated_nb_ls, + sizeof *lb->nb_ls); + } + lb->nb_ls[lb->n_nb_ls++] = od; } void @@ -257,7 +267,8 @@ ovn_northd_lb_destroy(struct ovn_northd_lb *lb) sset_destroy(&lb->ips_v4); sset_destroy(&lb->ips_v6); free(lb->selection_fields); - free(lb->dps); + free(lb->nb_lr); + free(lb->nb_ls); free(lb); } diff --git a/lib/lb.h b/lib/lb.h index 58e6bb031..5b79d775b 100644 --- a/lib/lb.h +++ b/lib/lb.h @@ -42,9 +42,13 @@ struct ovn_northd_lb { struct sset ips_v4; struct sset ips_v6; - size_t n_dps; - size_t n_allocated_dps; - const struct sbrec_datapath_binding **dps; + size_t n_nb_ls; + size_t n_allocated_nb_ls; + struct ovn_datapath **nb_ls; + + size_t n_nb_lr; + size_t n_allocated_nb_lr; + struct ovn_datapath **nb_lr; }; struct ovn_lb_vip { @@ -83,8 +87,10 @@ struct ovn_northd_lb_backend { struct ovn_northd_lb *ovn_northd_lb_create(const struct nbrec_load_balancer *); struct ovn_northd_lb * ovn_northd_lb_find(struct hmap *, const struct uuid *); void ovn_northd_lb_destroy(struct ovn_northd_lb *); -void ovn_northd_lb_add_datapath(struct ovn_northd_lb *, - const struct sbrec_datapath_binding *); +void +ovn_northd_lb_add_lr(struct ovn_northd_lb *lb, struct ovn_datapath *od); +void +ovn_northd_lb_add_ls(struct ovn_northd_lb *lb, struct ovn_datapath *od); struct ovn_controller_lb { const struct sbrec_load_balancer *slb; /* May be NULL. */ diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index ccc3470bb..e8cae4314 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -3409,8 +3409,24 @@ build_ovn_lbs(struct northd_context *ctx, struct hmap *datapaths, const struct uuid *lb_uuid = &od->nbs->load_balancer[i]->header_.uuid; lb = ovn_northd_lb_find(lbs, lb_uuid); + ovn_northd_lb_add_ls(lb, od); + } + } - ovn_northd_lb_add_datapath(lb, od->sb); + HMAP_FOR_EACH (od, key_node, datapaths) { + if (!od->nbr) { + continue; + } + if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { + continue; + } + + for (size_t i = 0; i < od->nbr->n_load_balancer; i++) { + const struct uuid *lb_uuid = + &od->nbr->load_balancer[i]->header_.uuid; + lb = ovn_northd_lb_find(lbs, lb_uuid); + + ovn_northd_lb_add_lr(lb, od); } } @@ -3425,7 +3441,7 @@ build_ovn_lbs(struct northd_context *ctx, struct hmap *datapaths, } lb = ovn_northd_lb_find(lbs, &lb_uuid); - if (lb && lb->n_dps) { + if (lb && lb->n_nb_ls) { lb->slb = sbrec_lb; } else { sbrec_load_balancer_delete(sbrec_lb); @@ -3436,7 +3452,7 @@ build_ovn_lbs(struct northd_context *ctx, struct hmap *datapaths, * the SB load balancer columns. */ HMAP_FOR_EACH (lb, hmap_node, lbs) { - if (!lb->n_dps) { + if (!lb->n_nb_ls) { continue; } @@ -3447,6 +3463,13 @@ build_ovn_lbs(struct northd_context *ctx, struct hmap *datapaths, smap_clone(&options, &lb->nlb->options); smap_replace(&options, "hairpin_orig_tuple", "true"); + struct sbrec_datapath_binding **lb_dps = + xmalloc(lb->n_nb_ls * sizeof *lb_dps); + for (size_t i = 0; i < lb->n_nb_ls; i++) { + lb_dps[i] = CONST_CAST(struct sbrec_datapath_binding *, + lb->nb_ls[i]->sb); + } + if (!lb->slb) { sbrec_lb = sbrec_load_balancer_insert(ctx->ovnsb_txn); lb->slb = sbrec_lb; @@ -3460,11 +3483,10 @@ build_ovn_lbs(struct northd_context *ctx, struct hmap *datapaths, sbrec_load_balancer_set_name(lb->slb, lb->nlb->name); sbrec_load_balancer_set_vips(lb->slb, &lb->nlb->vips); sbrec_load_balancer_set_protocol(lb->slb, lb->nlb->protocol); + sbrec_load_balancer_set_datapaths(lb->slb, lb_dps, lb->n_nb_ls); sbrec_load_balancer_set_options(lb->slb, &options); - sbrec_load_balancer_set_datapaths( - lb->slb, (struct sbrec_datapath_binding **)lb->dps, - lb->n_dps); smap_destroy(&options); + free(lb_dps); } /* Set the list of associated load balanacers to a logical switch From patchwork Fri Jul 2 17:16:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1500198 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=exuhN7tm; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGhZT6fFDz9sS8 for ; Sat, 3 Jul 2021 03:16:33 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 11B54842D2; Fri, 2 Jul 2021 17:16:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id psGZI_jRs0H3; Fri, 2 Jul 2021 17:16:28 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 21FD58421E; Fri, 2 Jul 2021 17:16:27 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 51B61C0025; Fri, 2 Jul 2021 17:16:25 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id C6DF6C000E for ; Fri, 2 Jul 2021 17:16:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id A76A6401D6 for ; Fri, 2 Jul 2021 17:16:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IFizHOkUk73E for ; Fri, 2 Jul 2021 17:16:20 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id BDF9A40151 for ; Fri, 2 Jul 2021 17:16:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625246179; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=amawk9dyKCZX25TFJKkIzz8N5+iMygLOzmWG76RSlhg=; b=exuhN7tmmc6aFKlkOz52tAD7ZgwpukeWDs/KDBGItSOawgpmaYJnKpt0Ao0aMiDJn2dpXC h7vnwvT/A6Nu5u/5Z/k/0RHOL1A18V72dm+r7u9R1CrTcPvCVjLheKPpKLqhUh6/61WLzB IZrpLQTHffdC+/tydpioUWgPnldaXgw= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-81-v9cX-r02NkiKGJaFhT0M2Q-1; Fri, 02 Jul 2021 13:16:18 -0400 X-MC-Unique: v9cX-r02NkiKGJaFhT0M2Q-1 Received: by mail-ej1-f71.google.com with SMTP id og25-20020a1709071dd9b02904c99c7e61f1so3786601ejc.18 for ; Fri, 02 Jul 2021 10:16:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=amawk9dyKCZX25TFJKkIzz8N5+iMygLOzmWG76RSlhg=; b=Tfc1HKu9mHKwvgzprtUrTDimQh8G2yV8SlIl4nJKm9XSjKL+kGYm7RMnPwngR/eT4x wXWvlAICvRUmtBWjRF7xmndAY3XVOl68xuxKJpe5wdU9hdbrQtiB+uTWkEKqfLnS5hl6 sfO1wl5jBqpD7FWwaNcrmp2mqeIDyeV+wTXUHfrM3UMnQhaSbaCb5MrL9AiSe6h2jejh v81tTrnIlNuq/xzibJ+sqGoLSuU0ZkdbO59gXmEIi5bOlfsKZzQsmP0bF1LY8PqtrT/9 xmx9tGDBbnzqge5z7dj51dCaIQEQu3EyfOtiQQqzF54DCbWLoY5REqP6xNXmVdg+8sIG atww== X-Gm-Message-State: AOAM533j0nIXPtGfbmfQzt8+eMt3HeABzfIInhX5R6g9dmp7Xl+4oP7Z RAwrH6sRsnlUIN11w7ABd6CUUyWHh7isdXhB1PeZ2xWzM+6HlPzf8iw+nJfxrCBSzTdypzfIMGS eINE9oXslmKjhj/uMRy6K9hvRgcZcX5sytgSGj1/phQwHSoZx8pjQtwDJZpc1IEY1DoAdmG5N8L Q= X-Received: by 2002:aa7:c548:: with SMTP id s8mr693883edr.148.1625246176866; Fri, 02 Jul 2021 10:16:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyCTibDR6zfJIhawcU23XlgWSDpQDt1P+LJ6uiZpnbHTDTA7dOHSI2t+uEDOQz3DEN52MUveQ== X-Received: by 2002:aa7:c548:: with SMTP id s8mr693848edr.148.1625246176639; Fri, 02 Jul 2021 10:16:16 -0700 (PDT) Received: from lore-desk.redhat.com (net-130-25-105-72.cust.vodafonedsl.it. [130.25.105.72]) by smtp.gmail.com with ESMTPSA id i4sm1591685edt.34.2021.07.02.10.16.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 10:16:16 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 2 Jul 2021 19:16:00 +0200 Message-Id: <47b75df58390f6a8d92d559d623e4a91f08280ec.1625246009.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH v4 ovn 3/8] northd: move build_empty_lb_event_flow in build_lrouter_flows_for_lb X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Introduce build_lrouter_flows_for_lb routine in order to visit first each load_balancer and then related datapath during lb flow installation. This patch allows to reduce memory footprint and cpu utilization in ovn-northd. Signed-off-by: Lorenzo Bianconi Acked-by: Dumitru Ceara --- northd/ovn-northd.c | 103 ++++++++++++++++++++++++++++---------------- 1 file changed, 67 insertions(+), 36 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index e8cae4314..6d53e42a9 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -5131,52 +5131,52 @@ ls_has_dns_records(const struct nbrec_logical_switch *nbs) return false; } -static void -build_empty_lb_event_flow(struct ovn_datapath *od, struct hmap *lflows, - struct ovn_lb_vip *lb_vip, - struct nbrec_load_balancer *lb, - int pl, struct shash *meter_groups) +static bool +build_empty_lb_event_flow(struct ovn_lb_vip *lb_vip, + const struct nbrec_load_balancer *lb, + struct shash *meter_groups, + struct ds *match, struct ds *action) { bool controller_event = smap_get_bool(&lb->options, "event", false) || controller_event_en; /* deprecated */ if (!controller_event || lb_vip->n_backends || lb_vip->empty_backend_rej) { - return; + return false; } + ds_clear(action); + ds_clear(match); + bool ipv4 = IN6_IS_ADDR_V4MAPPED(&lb_vip->vip); - struct ds match = DS_EMPTY_INITIALIZER; - char *meter = "", *action; + char *meter = ""; if (meter_groups && shash_find(meter_groups, "event-elb")) { meter = "event-elb"; } - ds_put_format(&match, "ip%s.dst == %s && %s", + ds_put_format(match, "ip%s.dst == %s && %s", ipv4 ? "4": "6", lb_vip->vip_str, lb->protocol); char *vip = lb_vip->vip_str; if (lb_vip->vip_port) { - ds_put_format(&match, " && %s.dst == %u", lb->protocol, + ds_put_format(match, " && %s.dst == %u", lb->protocol, lb_vip->vip_port); vip = xasprintf("%s%s%s:%u", ipv4 ? "" : "[", lb_vip->vip_str, ipv4 ? "" : "]", lb_vip->vip_port); } - action = xasprintf("trigger_event(event = \"%s\", " - "meter = \"%s\", vip = \"%s\", " - "protocol = \"%s\", " - "load_balancer = \"" UUID_FMT "\");", - event_to_string(OVN_EVENT_EMPTY_LB_BACKENDS), - meter, vip, lb->protocol, - UUID_ARGS(&lb->header_.uuid)); - ovn_lflow_add_with_hint(lflows, od, pl, 130, ds_cstr(&match), action, - &lb->header_); - ds_destroy(&match); + ds_put_format(action, + "trigger_event(event = \"%s\", " + "meter = \"%s\", vip = \"%s\", " + "protocol = \"%s\", " + "load_balancer = \"" UUID_FMT "\");", + event_to_string(OVN_EVENT_EMPTY_LB_BACKENDS), + meter, vip, lb->protocol, + UUID_ARGS(&lb->header_.uuid)); if (lb_vip->vip_port) { free(vip); } - free(action); + return true; } static bool @@ -5232,16 +5232,26 @@ build_pre_lb(struct ovn_datapath *od, struct hmap *lflows, ovn_northd_lb_find(lbs, &nb_lb->header_.uuid); ovs_assert(lb); + struct ds action = DS_EMPTY_INITIALIZER; + struct ds match = DS_EMPTY_INITIALIZER; + for (size_t j = 0; j < lb->n_vips; j++) { struct ovn_lb_vip *lb_vip = &lb->vips[j]; - build_empty_lb_event_flow(od, lflows, lb_vip, nb_lb, - S_SWITCH_IN_PRE_LB, meter_groups); + + if (build_empty_lb_event_flow(lb_vip, nb_lb, meter_groups, + &match, &action)) { + ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_PRE_LB, 130, + ds_cstr(&match), ds_cstr(&action), + &nb_lb->header_); + } /* Ignore L4 port information in the key because fragmented packets * may not have L4 information. The pre-stateful table will send * the packet through ct() action to de-fragment. In stateful * table, we will eventually look at L4 information. */ } + ds_destroy(&action); + ds_destroy(&match); vip_configured = (vip_configured || lb->n_vips); } @@ -8757,11 +8767,8 @@ add_router_lb_flow(struct hmap *lflows, struct ovn_datapath *od, struct ds *match, struct ds *actions, int priority, enum lb_snat_type snat_type, struct ovn_lb_vip *lb_vip, const char *proto, struct nbrec_load_balancer *lb, - struct shash *meter_groups, struct sset *nat_entries) + struct sset *nat_entries) { - build_empty_lb_event_flow(od, lflows, lb_vip, lb, S_ROUTER_IN_DNAT, - meter_groups); - /* A match and actions for new connections. */ char *new_match = xasprintf("ct.new && %s", ds_cstr(match)); if (snat_type == FORCE_SNAT || snat_type == SKIP_SNAT) { @@ -8872,11 +8879,32 @@ add_router_lb_flow(struct hmap *lflows, struct ovn_datapath *od, ds_destroy(&undnat_match); } +static void +build_lrouter_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, + struct shash *meter_groups, struct ds *match, + struct ds *action) +{ + if (!lb->n_nb_lr) { + return; + } + + for (size_t i = 0; i < lb->n_vips; i++) { + if (!build_empty_lb_event_flow(&lb->vips[i], lb->nlb, meter_groups, + match, action)) { + continue; + } + for (size_t j = 0; j < lb->n_nb_lr; j++) { + ovn_lflow_add_with_hint(lflows, lb->nb_lr[j], S_ROUTER_IN_DNAT, + 130, ds_cstr(match), ds_cstr(action), + &lb->nlb->header_); + } + } +} + static void build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, - struct hmap *lbs, struct shash *meter_groups, - struct sset *nat_entries, struct ds *match, - struct ds *actions) + struct hmap *lbs, struct sset *nat_entries, + struct ds *match, struct ds *actions) { /* A set to hold all ips that need defragmentation and tracking. */ struct sset all_ips = SSET_INITIALIZER(&all_ips); @@ -8961,7 +8989,7 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, } add_router_lb_flow(lflows, od, match, actions, prio, snat_type, lb_vip, proto, nb_lb, - meter_groups, nat_entries); + nat_entries); } } sset_destroy(&all_ips); @@ -11709,7 +11737,6 @@ lrouter_check_nat_entry(struct ovn_datapath *od, const struct nbrec_nat *nat, static void build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, struct hmap *lflows, - struct shash *meter_groups, struct hmap *lbs, struct ds *match, struct ds *actions) { @@ -11912,8 +11939,7 @@ build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, return; } - build_lrouter_lb_flows(lflows, od, lbs, meter_groups, &nat_entries, - match, actions); + build_lrouter_lb_flows(lflows, od, lbs, &nat_entries, match, actions); sset_destroy(&nat_entries); } @@ -11979,8 +12005,8 @@ build_lswitch_and_lrouter_iterate_by_od(struct ovn_datapath *od, &lsi->actions); build_misc_local_traffic_drop_flows_for_lrouter(od, lsi->lflows); build_lrouter_arp_nd_for_datapath(od, lsi->lflows); - build_lrouter_nat_defrag_and_lb(od, lsi->lflows, lsi->meter_groups, - lsi->lbs, &lsi->match, &lsi->actions); + build_lrouter_nat_defrag_and_lb(od, lsi->lflows, lsi->lbs, &lsi->match, + &lsi->actions); } /* Helper function to combine all lflow generation which is iterated by port. @@ -12088,6 +12114,9 @@ build_lflows_thread(void *arg) build_lswitch_arp_nd_service_monitor(lb, lsi->lflows, &lsi->match, &lsi->actions); + build_lrouter_flows_for_lb(lb, lsi->lflows, + lsi->meter_groups, + &lsi->match, &lsi->actions); } } for (bnum = control->id; @@ -12251,6 +12280,8 @@ build_lswitch_and_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lswitch_arp_nd_service_monitor(lb, lsi.lflows, &lsi.actions, &lsi.match); + build_lrouter_flows_for_lb(lb, lsi.lflows, lsi.meter_groups, + &lsi.match, &lsi.actions); } HMAP_FOR_EACH (igmp_group, hmap_node, igmp_groups) { build_lswitch_ip_mcast_igmp_mld(igmp_group, From patchwork Fri Jul 2 17:16:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1500200 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Fd6ja77w; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGhZX6dPPz9sS8 for ; Sat, 3 Jul 2021 03:16:36 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 4486A84183; Fri, 2 Jul 2021 17:16:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SvlRBQyf3jP3; Fri, 2 Jul 2021 17:16:30 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp1.osuosl.org (Postfix) with ESMTPS id A7021842B5; Fri, 2 Jul 2021 17:16:28 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 52704C002B; Fri, 2 Jul 2021 17:16:26 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 80784C0020 for ; Fri, 2 Jul 2021 17:16:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 621B58419A for ; Fri, 2 Jul 2021 17:16:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NBGDyZbo6s_l for ; Fri, 2 Jul 2021 17:16:21 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 4FF3F83DA3 for ; Fri, 2 Jul 2021 17:16:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625246180; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2e/EEpH+nDs/Vc0WX3pOZkui15GIyrW5xXKvMFuDyjA=; b=Fd6ja77wKO9QaSzTbfegytlnOUZOYjXO8mZjqP04YY2bVCgqNy+VDnJy/3Gt3Ec6+SzC9S EjrBOgLqDoq7QqZPTM5WS7WoKcOPyqDFhtVVNhkBG28sJ2iUX7ICb3dUYIiE96l2K/GRrp LmEf+lTZV/2YdC3CW/8iY9sbSzAKY/k= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-585-JSSxGJ9gONaYwx4a9V9oBw-1; Fri, 02 Jul 2021 13:16:19 -0400 X-MC-Unique: JSSxGJ9gONaYwx4a9V9oBw-1 Received: by mail-ed1-f72.google.com with SMTP id j15-20020a05640211cfb0290394f9de5750so5346121edw.16 for ; Fri, 02 Jul 2021 10:16:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2e/EEpH+nDs/Vc0WX3pOZkui15GIyrW5xXKvMFuDyjA=; b=YxPeXMt93xoe3HBZLYgar1I3OhR/bKYfslvtOda+gvSPIBC+QGHjBu2YtpgvqZdy/e rxxFkobfVuTAC2PidazILWC8EywIXAg0BgWSdNjcva3cybbn0K4xpeAeVFAockyRw2IQ Xh8PQK16MD3eVmc4R5rRHcEWnSb1q4TlwACpw3rzvrpVDQZ2LHU07GpZMA5zaWo6+ceF Y0rjLBe6gyEzpFwaM1cnVH2w9uQa0OsK14j175JL+YlKjkPQQN1XUxMwprNtJx4oCTaw qFY3bCJHZE1OOOBG8EY+qtmiMy+emJLYZLg/V9I+lV3lYzDWRtrvF7jYqJ8TTfvTUaaE NiuA== X-Gm-Message-State: AOAM53349D7R9D4/zOnHu7EqoRjuOsV388Ylyvh0Xqidskiikjw+DMrD zq74HmW/ACK510ngG12o8vLFtS04LlucCidr3F1uhvTNHKGn3ymDf2ZrA9qqE1awHO8QjDAFOFX m2RUHFZFo/XMjSyJR0yUnng3x5Q6mVEqqXl5l8h0oyD6vt3nIm/xDNtSOeAq8Ms4Rz/gLT3wxXh s= X-Received: by 2002:a05:6402:138c:: with SMTP id b12mr694929edv.268.1625246177547; Fri, 02 Jul 2021 10:16:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyp6BtDW7YxQIwtf7jmQI4X+v3piogV93cYeM1OKv+zd+joWjImzfRIBhXDq89H47A7w3NP8w== X-Received: by 2002:a05:6402:138c:: with SMTP id b12mr694890edv.268.1625246177250; Fri, 02 Jul 2021 10:16:17 -0700 (PDT) Received: from lore-desk.redhat.com (net-130-25-105-72.cust.vodafonedsl.it. [130.25.105.72]) by smtp.gmail.com with ESMTPSA id i4sm1591685edt.34.2021.07.02.10.16.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 10:16:16 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 2 Jul 2021 19:16:01 +0200 Message-Id: <5b4c9b77a047dfa1020f39e7134785baf5a99ca1.1625246009.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH v4 ovn 4/8] northd: move lb_{skip, force}_snat code in build_lrouter_nat_lflows_for_lb X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Introduce build_lrouter_nat_lflows_for_lb routine to configuring lb_{skip,force}_snat flows for each configured load_balancer Signed-off-by: Lorenzo Bianconi Acked-by: Dumitru Ceara --- northd/ovn-northd.c | 205 ++++++++++++++++++++++++++++++++------------ 1 file changed, 148 insertions(+), 57 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 6d53e42a9..39aa2dd82 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -3384,6 +3384,29 @@ void build_lb_vip_actions(struct ovn_lb_vip *lb_vip, } } +static void +build_ovn_lr_lbs(struct hmap *datapaths, struct hmap *lbs) +{ + struct ovn_northd_lb *lb; + struct ovn_datapath *od; + + HMAP_FOR_EACH (od, key_node, datapaths) { + if (!od->nbr) { + continue; + } + if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { + continue; + } + + for (size_t i = 0; i < od->nbr->n_load_balancer; i++) { + const struct uuid *lb_uuid = + &od->nbr->load_balancer[i]->header_.uuid; + lb = ovn_northd_lb_find(lbs, lb_uuid); + ovn_northd_lb_add_lr(lb, od); + } + } +} + static void build_ovn_lbs(struct northd_context *ctx, struct hmap *datapaths, struct hmap *lbs) @@ -3413,23 +3436,6 @@ build_ovn_lbs(struct northd_context *ctx, struct hmap *datapaths, } } - HMAP_FOR_EACH (od, key_node, datapaths) { - if (!od->nbr) { - continue; - } - if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { - continue; - } - - for (size_t i = 0; i < od->nbr->n_load_balancer; i++) { - const struct uuid *lb_uuid = - &od->nbr->load_balancer[i]->header_.uuid; - lb = ovn_northd_lb_find(lbs, lb_uuid); - - ovn_northd_lb_add_lr(lb, od); - } - } - /* Delete any stale SB load balancer rows. */ const struct sbrec_load_balancer *sbrec_lb, *next; SBREC_LOAD_BALANCER_FOR_EACH_SAFE (sbrec_lb, next, ctx->ovnsb_idl) { @@ -8764,41 +8770,10 @@ enum lb_snat_type { static void add_router_lb_flow(struct hmap *lflows, struct ovn_datapath *od, - struct ds *match, struct ds *actions, int priority, enum lb_snat_type snat_type, struct ovn_lb_vip *lb_vip, const char *proto, struct nbrec_load_balancer *lb, struct sset *nat_entries) { - /* A match and actions for new connections. */ - char *new_match = xasprintf("ct.new && %s", ds_cstr(match)); - if (snat_type == FORCE_SNAT || snat_type == SKIP_SNAT) { - char *new_actions = xasprintf("flags.%s_snat_for_lb = 1; %s", - snat_type == SKIP_SNAT ? "skip" : "force", - ds_cstr(actions)); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, priority, - new_match, new_actions, &lb->header_); - free(new_actions); - } else { - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, priority, - new_match, ds_cstr(actions), &lb->header_); - } - - /* A match and actions for established connections. */ - char *est_match = xasprintf("ct.est && %s", ds_cstr(match)); - if (snat_type == FORCE_SNAT || snat_type == SKIP_SNAT) { - char *est_actions = xasprintf("flags.%s_snat_for_lb = 1; ct_dnat;", - snat_type == SKIP_SNAT ? "skip" : "force"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, priority, - est_match, est_actions, &lb->header_); - free(est_actions); - } else { - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, priority, - est_match, "ct_dnat;", &lb->header_); - } - - free(new_match); - free(est_match); - const char *ip_match = NULL; if (IN6_IS_ADDR_V4MAPPED(&lb_vip->vip)) { ip_match = "ip4"; @@ -8879,6 +8854,123 @@ add_router_lb_flow(struct hmap *lflows, struct ovn_datapath *od, ds_destroy(&undnat_match); } +static void +build_lrouter_nat_lflows_for_lb(struct ovn_lb_vip *lb_vip, + struct ovn_northd_lb *lb, + struct ovn_northd_lb_vip *vips_nb, + struct hmap *lflows) +{ + struct ds action = DS_EMPTY_INITIALIZER; + struct ds match = DS_EMPTY_INITIALIZER; + char *skip_snat_new_action = NULL; + char *skip_snat_est_action = NULL; + char *new_match; + char *est_match; + + build_lb_vip_actions(lb_vip, vips_nb, &action, + lb->selection_fields, false); + + /* Higher priority rules are added for load-balancing in DNAT + * table. For every match (on a VIP[:port]), we add two flows. + * One flow is for specific matching on ct.new with an action + * of "ct_lb($targets);". The other flow is for ct.est with + * an action of "ct_dnat;". + */ + if (IN6_IS_ADDR_V4MAPPED(&lb_vip->vip)) { + ds_put_format(&match, "ip && ip4.dst == %s", lb_vip->vip_str); + } else { + ds_put_format(&match, "ip && ip6.dst == %s", lb_vip->vip_str); + } + + int prio = 110; + bool is_udp = nullable_string_is_equal(lb->nlb->protocol, "udp"); + bool is_sctp = nullable_string_is_equal(lb->nlb->protocol, "sctp"); + const char *proto = is_udp ? "udp" : is_sctp ? "sctp" : "tcp"; + if (lb_vip->vip_port) { + ds_put_format(&match, " && %s && %s.dst == %d", proto, + proto, lb_vip->vip_port); + prio = 120; + } + + enum lb_snat_type snat_type = NO_FORCE_SNAT; + if (smap_get_bool(&lb->nlb->options, "skip_snat", false)) { + snat_type = SKIP_SNAT; + skip_snat_new_action = xasprintf("flags.skip_snat_for_lb = 1; %s", + ds_cstr(&action)); + skip_snat_est_action = xasprintf("flags.skip_snat_for_lb = 1; " + "ct_dnat;"); + } + new_match = xasprintf("ct.new && %s", ds_cstr(&match)); + est_match = xasprintf("ct.est && %s", ds_cstr(&match)); + + for (size_t i = 0; i < lb->n_nb_lr; i++) { + struct ovn_datapath *od = lb->nb_lr[i]; + char *new_match_p = new_match; + char *est_match_p = est_match; + + if (od->l3redirect_port && + (lb_vip->n_backends || !lb_vip->empty_backend_rej)) { + new_match_p = xasprintf("ct.new && %s && is_chassis_resident(%s)", + ds_cstr(&match), + od->l3redirect_port->json_key); + est_match_p = xasprintf("ct.est && %s && is_chassis_resident(%s)", + ds_cstr(&match), + od->l3redirect_port->json_key); + } + + if (snat_type == NO_FORCE_SNAT && + (!lport_addresses_is_empty(&od->lb_force_snat_addrs) || + od->lb_force_snat_router_ip)) { + snat_type = FORCE_SNAT; + } + + if (snat_type == SKIP_SNAT) { + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + new_match_p, skip_snat_new_action, + &lb->nlb->header_); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + est_match_p, skip_snat_est_action, + &lb->nlb->header_); + } else if (snat_type == FORCE_SNAT) { + char *new_actions = xasprintf("flags.force_snat_for_lb = 1; %s", + ds_cstr(&action)); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + new_match_p, new_actions, + &lb->nlb->header_); + free(new_actions); + + char *est_actions = xasprintf("flags.force_snat_for_lb = 1; " + "ct_dnat;"); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + est_match_p, est_actions, + &lb->nlb->header_); + free(est_actions); + } else { + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + new_match_p, ds_cstr(&action), + &lb->nlb->header_); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + est_match_p, "ct_dnat;", + &lb->nlb->header_); + } + + if (new_match_p != new_match) { + free(new_match_p); + } + if (est_match_p != est_match) { + free(est_match_p); + } + } + + ds_destroy(&action); + ds_destroy(&match); + + free(skip_snat_new_action); + free(skip_snat_est_action); + free(est_match); + free(new_match); +} + static void build_lrouter_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, struct shash *meter_groups, struct ds *match, @@ -8889,8 +8981,12 @@ build_lrouter_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, } for (size_t i = 0; i < lb->n_vips; i++) { - if (!build_empty_lb_event_flow(&lb->vips[i], lb->nlb, meter_groups, - match, action)) { + struct ovn_lb_vip *lb_vip = &lb->vips[i]; + + build_lrouter_nat_lflows_for_lb(lb_vip, lb, &lb->vips_nb[i], lflows); + + if (!build_empty_lb_event_flow(lb_vip, lb->nlb, meter_groups, + match, action)) { continue; } for (size_t j = 0; j < lb->n_nb_lr; j++) { @@ -8928,10 +9024,7 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, for (size_t j = 0; j < lb->n_vips; j++) { struct ovn_lb_vip *lb_vip = &lb->vips[j]; - struct ovn_northd_lb_vip *lb_vip_nb = &lb->vips_nb[j]; ds_clear(actions); - build_lb_vip_actions(lb_vip, lb_vip_nb, actions, - lb->selection_fields, false); if (!sset_contains(&all_ips, lb_vip->vip_str)) { sset_add(&all_ips, lb_vip->vip_str); @@ -8970,7 +9063,6 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, lb_vip->vip_str); } - int prio = 110; bool is_udp = nullable_string_is_equal(nb_lb->protocol, "udp"); bool is_sctp = nullable_string_is_equal(nb_lb->protocol, "sctp"); @@ -8979,7 +9071,6 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, if (lb_vip->vip_port) { ds_put_format(match, " && %s && %s.dst == %d", proto, proto, lb_vip->vip_port); - prio = 120; } if (od->l3redirect_port && @@ -8987,8 +9078,7 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, ds_put_format(match, " && is_chassis_resident(%s)", od->l3redirect_port->json_key); } - add_router_lb_flow(lflows, od, match, actions, prio, - snat_type, lb_vip, proto, nb_lb, + add_router_lb_flow(lflows, od, snat_type, lb_vip, proto, nb_lb, nat_entries); } } @@ -13398,6 +13488,7 @@ ovnnb_db_run(struct northd_context *ctx, build_ovn_lbs(ctx, datapaths, &lbs); build_lrouter_lbs(datapaths, &lbs); build_ports(ctx, sbrec_chassis_by_name, datapaths, ports); + build_ovn_lr_lbs(datapaths, &lbs); build_ovn_lb_svcs(ctx, ports, &lbs); build_ipam(datapaths, ports); build_port_group_lswitches(ctx, &port_groups, ports); From patchwork Fri Jul 2 17:16:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1500201 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=dU/9TSyX; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGhZc3ZVLz9sS8 for ; Sat, 3 Jul 2021 03:16:40 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id A1D6B42401; Fri, 2 Jul 2021 17:16:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4VYh0x_851W; Fri, 2 Jul 2021 17:16:33 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id DB16342433; Fri, 2 Jul 2021 17:16:31 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D796EC0031; Fri, 2 Jul 2021 17:16:27 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 97890C0027 for ; Fri, 2 Jul 2021 17:16:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 7A9B840232 for ; Fri, 2 Jul 2021 17:16:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fpJ3_hI0wch for ; Fri, 2 Jul 2021 17:16:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id 24F9E40151 for ; Fri, 2 Jul 2021 17:16:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625246181; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JgyaZDtMuFB+MPlc6UoEhyAGY1taR9E+wtLaw/B5JAo=; b=dU/9TSyXGBilzYcrKY2fHAQeFdLTVgzp+tf6xhV1JYIU8YjWA1Dp2xcFHRSBvc5lrBdkHx XPWfc1MrUb9/2QFStorgVaRaDgnewHMWD+8wXnkU6pTStj5s+2TfsQnHAadqIhvlBa+EyY jhvpryHz90dtSgN1HtlGgevCHoKfD1c= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-531-TniFTOt-PuKWg970RXzaTw-1; Fri, 02 Jul 2021 13:16:19 -0400 X-MC-Unique: TniFTOt-PuKWg970RXzaTw-1 Received: by mail-ed1-f71.google.com with SMTP id m4-20020a0564024304b0290394d27742e4so5352060edc.10 for ; Fri, 02 Jul 2021 10:16:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JgyaZDtMuFB+MPlc6UoEhyAGY1taR9E+wtLaw/B5JAo=; b=AD36NLWO050Bpos9SZnU8aajBAiADiTRlY/NgWOqIbYR0r/ZeuhE9Oa2eja5MtQN1A SWO0+JEwB4SC+SxkffOAGSXfZw65e0G2rpOvYcRYhigtdDoznxU+4N619Xa7UPbqmKu9 HVPaGXabNahwC/xlrqsAjaCf9FIn34kXsFitccDt9pL5nVkDZ+jTB2j8moCOPcA9DTU2 rUW67AC1etXQkpmTF9p2J8DcG1kw5TPBPS7vJ5czul5VY52O2F+JJAupms7gq4y2hRmi tTGcDW4rPxjo+c5U2dncZ+BJyqn7J6o11de1LG/Mznuxy6fskM/4r3dFVCLM8YMXLzsh cNzQ== X-Gm-Message-State: AOAM532XOeEl0XxcfTA6wApcUSdCATjTaLLugsyRIEBelTZIgpvuDKB5 +mEYcOp779gf38K93pBewbzW+eOmPiEUcwEfqCOGDKvVNhE0I7f9SFBm0Qb5O8V1QHqyK9zdFpo u5upVtT5Q7ps/l3BR+D5a5qoySbjAKXFWYB8zWTPBZow2VMMiOBo1spUNc/qlfG6GlZMtykswtW 0= X-Received: by 2002:a50:eb86:: with SMTP id y6mr652006edr.111.1625246178234; Fri, 02 Jul 2021 10:16:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzB1x7gbhdQvrHZ4djHZA32RhUDJuQZ9f/7URHni5vorhNaZ6K5pGwZ2dKUxWJEptFPbeVo4A== X-Received: by 2002:a50:eb86:: with SMTP id y6mr651956edr.111.1625246177927; Fri, 02 Jul 2021 10:16:17 -0700 (PDT) Received: from lore-desk.redhat.com (net-130-25-105-72.cust.vodafonedsl.it. [130.25.105.72]) by smtp.gmail.com with ESMTPSA id i4sm1591685edt.34.2021.07.02.10.16.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 10:16:17 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 2 Jul 2021 19:16:02 +0200 Message-Id: <4e129a462b8c99f33570bdf3541a99245d775002.1625246009.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH v4 ovn 5/8] northd: get rid of add_router_lb_flow X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Remove add_router_lb_flow routine and move leftover lb flow installation code in build_lrouter_snat_flows_for_lb routine Signed-off-by: Lorenzo Bianconi --- northd/ovn-northd.c | 282 ++++++++++++++++++++------------------------ 1 file changed, 128 insertions(+), 154 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 39aa2dd82..d6b10cdb5 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8768,97 +8768,12 @@ enum lb_snat_type { SKIP_SNAT, }; -static void -add_router_lb_flow(struct hmap *lflows, struct ovn_datapath *od, - enum lb_snat_type snat_type, struct ovn_lb_vip *lb_vip, - const char *proto, struct nbrec_load_balancer *lb, - struct sset *nat_entries) -{ - const char *ip_match = NULL; - if (IN6_IS_ADDR_V4MAPPED(&lb_vip->vip)) { - ip_match = "ip4"; - } else { - ip_match = "ip6"; - } - - if (sset_contains(nat_entries, lb_vip->vip_str)) { - /* The load balancer vip is also present in the NAT entries. - * So add a high priority lflow to advance the the packet - * destined to the vip (and the vip port if defined) - * in the S_ROUTER_IN_UNSNAT stage. - * There seems to be an issue with ovs-vswitchd. When the new - * connection packet destined for the lb vip is received, - * it is dnat'ed in the S_ROUTER_IN_DNAT stage in the dnat - * conntrack zone. For the next packet, if it goes through - * unsnat stage, the conntrack flags are not set properly, and - * it doesn't hit the established state flows in - * S_ROUTER_IN_DNAT stage. */ - struct ds unsnat_match = DS_EMPTY_INITIALIZER; - ds_put_format(&unsnat_match, "%s && %s.dst == %s && %s", - ip_match, ip_match, lb_vip->vip_str, proto); - if (lb_vip->vip_port) { - ds_put_format(&unsnat_match, " && %s.dst == %d", proto, - lb_vip->vip_port); - } - - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, 120, - ds_cstr(&unsnat_match), "next;", &lb->header_); - - ds_destroy(&unsnat_match); - } - - if (!od->l3dgw_port || !od->l3redirect_port || !lb_vip->n_backends) { - return; - } - - /* Add logical flows to UNDNAT the load balanced reverse traffic in - * the router egress pipleine stage - S_ROUTER_OUT_UNDNAT if the logical - * router has a gateway router port associated. - */ - struct ds undnat_match = DS_EMPTY_INITIALIZER; - ds_put_format(&undnat_match, "%s && (", ip_match); - - for (size_t i = 0; i < lb_vip->n_backends; i++) { - struct ovn_lb_backend *backend = &lb_vip->backends[i]; - ds_put_format(&undnat_match, "(%s.src == %s", ip_match, - backend->ip_str); - - if (backend->port) { - ds_put_format(&undnat_match, " && %s.src == %d) || ", - proto, backend->port); - } else { - ds_put_cstr(&undnat_match, ") || "); - } - } - - ds_chomp(&undnat_match, ' '); - ds_chomp(&undnat_match, '|'); - ds_chomp(&undnat_match, '|'); - ds_chomp(&undnat_match, ' '); - ds_put_format(&undnat_match, ") && outport == %s && " - "is_chassis_resident(%s)", od->l3dgw_port->json_key, - od->l3redirect_port->json_key); - if (snat_type == FORCE_SNAT || snat_type == SKIP_SNAT) { - char *action = xasprintf("flags.%s_snat_for_lb = 1; ct_dnat;", - snat_type == SKIP_SNAT ? "skip" : "force"); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_UNDNAT, 120, - ds_cstr(&undnat_match), action, - &lb->header_); - free(action); - } else { - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_UNDNAT, 120, - ds_cstr(&undnat_match), "ct_dnat;", - &lb->header_); - } - - ds_destroy(&undnat_match); -} - static void build_lrouter_nat_lflows_for_lb(struct ovn_lb_vip *lb_vip, struct ovn_northd_lb *lb, struct ovn_northd_lb_vip *vips_nb, - struct hmap *lflows) + struct hmap *lflows, + struct sset *nat_entries) { struct ds action = DS_EMPTY_INITIALIZER; struct ds match = DS_EMPTY_INITIALIZER; @@ -8903,10 +8818,72 @@ build_lrouter_nat_lflows_for_lb(struct ovn_lb_vip *lb_vip, new_match = xasprintf("ct.new && %s", ds_cstr(&match)); est_match = xasprintf("ct.est && %s", ds_cstr(&match)); + const char *ip_match = NULL; + if (IN6_IS_ADDR_V4MAPPED(&lb_vip->vip)) { + ip_match = "ip4"; + } else { + ip_match = "ip6"; + } + + /* Add logical flows to UNDNAT the load balanced reverse traffic in + * the router egress pipleine stage - S_ROUTER_OUT_UNDNAT if the logical + * router has a gateway router port associated. + */ + struct ds undnat_match = DS_EMPTY_INITIALIZER; + ds_put_format(&undnat_match, "%s && (", ip_match); + + for (size_t i = 0; i < lb_vip->n_backends; i++) { + struct ovn_lb_backend *backend = &lb_vip->backends[i]; + ds_put_format(&undnat_match, "(%s.src == %s", ip_match, + backend->ip_str); + + if (backend->port) { + ds_put_format(&undnat_match, " && %s.src == %d) || ", + proto, backend->port); + } else { + ds_put_cstr(&undnat_match, ") || "); + } + } + ds_chomp(&undnat_match, ' '); + ds_chomp(&undnat_match, '|'); + ds_chomp(&undnat_match, '|'); + ds_chomp(&undnat_match, ' '); + + if (sset_contains(nat_entries, lb_vip->vip_str)) { + /* The load balancer vip is also present in the NAT entries. + * So add a high priority lflow to advance the the packet + * destined to the vip (and the vip port if defined) + * in the S_ROUTER_IN_UNSNAT stage. + * There seems to be an issue with ovs-vswitchd. When the new + * connection packet destined for the lb vip is received, + * it is dnat'ed in the S_ROUTER_IN_DNAT stage in the dnat + * conntrack zone. For the next packet, if it goes through + * unsnat stage, the conntrack flags are not set properly, and + * it doesn't hit the established state flows in + * S_ROUTER_IN_DNAT stage. */ + struct ds unsnat_match = DS_EMPTY_INITIALIZER; + ds_put_format(&unsnat_match, "%s && %s.dst == %s && %s", + ip_match, ip_match, lb_vip->vip_str, proto); + if (lb_vip->vip_port) { + ds_put_format(&unsnat_match, " && %s.dst == %d", proto, + lb_vip->vip_port); + } + + for (int i = 0; i < lb->n_nb_lr; i++) { + struct ovn_datapath *od = lb->nb_lr[i]; + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, 120, + ds_cstr(&unsnat_match), "next;", + &lb->nlb->header_); + } + + ds_destroy(&unsnat_match); + } + for (size_t i = 0; i < lb->n_nb_lr; i++) { struct ovn_datapath *od = lb->nb_lr[i]; char *new_match_p = new_match; char *est_match_p = est_match; + char *est_actions = NULL; if (od->l3redirect_port && (lb_vip->n_backends || !lb_vip->empty_backend_rej)) { @@ -8939,12 +8916,11 @@ build_lrouter_nat_lflows_for_lb(struct ovn_lb_vip *lb_vip, &lb->nlb->header_); free(new_actions); - char *est_actions = xasprintf("flags.force_snat_for_lb = 1; " - "ct_dnat;"); + est_actions = xasprintf("flags.force_snat_for_lb = 1; " + "ct_dnat;"); ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, est_match_p, est_actions, &lb->nlb->header_); - free(est_actions); } else { ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, new_match_p, ds_cstr(&action), @@ -8960,8 +8936,35 @@ build_lrouter_nat_lflows_for_lb(struct ovn_lb_vip *lb_vip, if (est_match_p != est_match) { free(est_match_p); } + + if (!od->l3dgw_port || !od->l3redirect_port || !lb_vip->n_backends) { + goto next; + } + + char *undnat_match_p = xasprintf("%s) && outport == %s && " + "is_chassis_resident(%s)", + ds_cstr(&undnat_match), + od->l3dgw_port->json_key, + od->l3redirect_port->json_key); + if (snat_type == SKIP_SNAT) { + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_UNDNAT, 120, + undnat_match_p, skip_snat_est_action, + &lb->nlb->header_); + } else if (snat_type == FORCE_SNAT) { + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_UNDNAT, 120, + undnat_match_p, est_actions, + &lb->nlb->header_); + } else { + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_OUT_UNDNAT, 120, + undnat_match_p, "ct_dnat;", + &lb->nlb->header_); + } + free(undnat_match_p); +next: + free(est_actions); } + ds_destroy(&undnat_match); ds_destroy(&action); ds_destroy(&match); @@ -8973,8 +8976,9 @@ build_lrouter_nat_lflows_for_lb(struct ovn_lb_vip *lb_vip, static void build_lrouter_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, - struct shash *meter_groups, struct ds *match, - struct ds *action) + struct shash *meter_groups, + struct sset *nat_entries, + struct ds *match, struct ds *action) { if (!lb->n_nb_lr) { return; @@ -8983,7 +8987,8 @@ build_lrouter_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, for (size_t i = 0; i < lb->n_vips; i++) { struct ovn_lb_vip *lb_vip = &lb->vips[i]; - build_lrouter_nat_lflows_for_lb(lb_vip, lb, &lb->vips_nb[i], lflows); + build_lrouter_nat_lflows_for_lb(lb_vip, lb, &lb->vips_nb[i], + lflows, nat_entries); if (!build_empty_lb_event_flow(lb_vip, lb->nlb, meter_groups, match, action)) { @@ -8995,17 +9000,21 @@ build_lrouter_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, &lb->nlb->header_); } } + + if (smap_get_bool(&lb->nlb->options, "skip_snat", false)) { + for (size_t i = 0; i < lb->n_nb_lr; i++) { + ovn_lflow_add(lflows, lb->nb_lr[i], S_ROUTER_OUT_SNAT, 120, + "flags.skip_snat_for_lb == 1 && ip", "next;"); + } + } } static void build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, - struct hmap *lbs, struct sset *nat_entries, - struct ds *match, struct ds *actions) + struct hmap *lbs, struct ds *match) { /* A set to hold all ips that need defragmentation and tracking. */ struct sset all_ips = SSET_INITIALIZER(&all_ips); - bool lb_force_snat_ip = - !lport_addresses_is_empty(&od->lb_force_snat_addrs); for (int i = 0; i < od->nbr->n_load_balancer; i++) { struct nbrec_load_balancer *nb_lb = od->nbr->load_balancer[i]; @@ -9013,18 +9022,8 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, ovn_northd_lb_find(lbs, &nb_lb->header_.uuid); ovs_assert(lb); - enum lb_snat_type snat_type = NO_FORCE_SNAT; - if (smap_get_bool(&nb_lb->options, "skip_snat", false)) { - ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT, 120, - "flags.skip_snat_for_lb == 1 && ip", "next;"); - snat_type = SKIP_SNAT; - } else if (lb_force_snat_ip || od->lb_force_snat_router_ip) { - snat_type = FORCE_SNAT; - } - for (size_t j = 0; j < lb->n_vips; j++) { struct ovn_lb_vip *lb_vip = &lb->vips[j]; - ds_clear(actions); if (!sset_contains(&all_ips, lb_vip->vip_str)) { sset_add(&all_ips, lb_vip->vip_str); @@ -9048,38 +9047,6 @@ build_lrouter_lb_flows(struct hmap *lflows, struct ovn_datapath *od, 100, ds_cstr(match), "ct_next;", &nb_lb->header_); } - - /* Higher priority rules are added for load-balancing in DNAT - * table. For every match (on a VIP[:port]), we add two flows - * via add_router_lb_flow(). One flow is for specific matching - * on ct.new with an action of "ct_lb($targets);". The other - * flow is for ct.est with an action of "ct_dnat;". */ - ds_clear(match); - if (IN6_IS_ADDR_V4MAPPED(&lb_vip->vip)) { - ds_put_format(match, "ip && ip4.dst == %s", - lb_vip->vip_str); - } else { - ds_put_format(match, "ip && ip6.dst == %s", - lb_vip->vip_str); - } - - bool is_udp = nullable_string_is_equal(nb_lb->protocol, "udp"); - bool is_sctp = nullable_string_is_equal(nb_lb->protocol, - "sctp"); - const char *proto = is_udp ? "udp" : is_sctp ? "sctp" : "tcp"; - - if (lb_vip->vip_port) { - ds_put_format(match, " && %s && %s.dst == %d", proto, - proto, lb_vip->vip_port); - } - - if (od->l3redirect_port && - (lb_vip->n_backends || !lb_vip->empty_backend_rej)) { - ds_put_format(match, " && is_chassis_resident(%s)", - od->l3redirect_port->json_key); - } - add_router_lb_flow(lflows, od, snat_type, lb_vip, proto, nb_lb, - nat_entries); } } sset_destroy(&all_ips); @@ -11828,6 +11795,7 @@ static void build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, struct hmap *lflows, struct hmap *lbs, + struct sset *nat_entries, struct ds *match, struct ds *actions) { if (!od->nbr) { @@ -11855,8 +11823,6 @@ build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, return; } - struct sset nat_entries = SSET_INITIALIZER(&nat_entries); - bool dnat_force_snat_ip = !lport_addresses_is_empty(&od->dnat_force_snat_addrs); bool lb_force_snat_ip = @@ -11883,7 +11849,7 @@ build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, /* ARP resolve for NAT IPs. */ if (od->l3dgw_port) { - if (!sset_contains(&nat_entries, nat->external_ip)) { + if (!sset_contains(nat_entries, nat->external_ip)) { ds_clear(match); ds_put_format( match, "outport == %s && %s == %s", @@ -11900,13 +11866,13 @@ build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, 100, ds_cstr(match), ds_cstr(actions), &nat->header_); - sset_add(&nat_entries, nat->external_ip); + sset_add(nat_entries, nat->external_ip); } } else { /* Add the NAT external_ip to the nat_entries even for * gateway routers. This is required for adding load balancer * flows.*/ - sset_add(&nat_entries, nat->external_ip); + sset_add(nat_entries, nat->external_ip); } /* S_ROUTER_OUT_UNDNAT */ @@ -12025,13 +11991,10 @@ build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, /* Load balancing and packet defrag are only valid on * Gateway routers or router with gateway port. */ if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { - sset_destroy(&nat_entries); return; } - build_lrouter_lb_flows(lflows, od, lbs, &nat_entries, match, actions); - - sset_destroy(&nat_entries); + build_lrouter_lb_flows(lflows, od, lbs, match); } @@ -12046,6 +12009,7 @@ struct lswitch_flow_build_info { struct shash *meter_groups; struct hmap *lbs; struct hmap *bfd_connections; + struct sset *nat_entries; char *svc_check_match; struct ds match; struct ds actions; @@ -12095,7 +12059,8 @@ build_lswitch_and_lrouter_iterate_by_od(struct ovn_datapath *od, &lsi->actions); build_misc_local_traffic_drop_flows_for_lrouter(od, lsi->lflows); build_lrouter_arp_nd_for_datapath(od, lsi->lflows); - build_lrouter_nat_defrag_and_lb(od, lsi->lflows, lsi->lbs, &lsi->match, + build_lrouter_nat_defrag_and_lb(od, lsi->lflows, lsi->lbs, + lsi->nat_entries, &lsi->match, &lsi->actions); } @@ -12206,6 +12171,7 @@ build_lflows_thread(void *arg) &lsi->actions); build_lrouter_flows_for_lb(lb, lsi->lflows, lsi->meter_groups, + lsi->nat_entries, &lsi->match, &lsi->actions); } } @@ -12273,7 +12239,8 @@ build_lswitch_and_lrouter_flows(struct hmap *datapaths, struct hmap *ports, struct hmap *mcgroups, struct hmap *igmp_groups, struct shash *meter_groups, struct hmap *lbs, - struct hmap *bfd_connections) + struct hmap *bfd_connections, + struct sset *nat_entries) { char *svc_check_match = xasprintf("eth.dst == %s", svc_monitor_mac); @@ -12317,6 +12284,7 @@ build_lswitch_and_lrouter_flows(struct hmap *datapaths, struct hmap *ports, lsiv[index].meter_groups = meter_groups; lsiv[index].lbs = lbs; lsiv[index].bfd_connections = bfd_connections; + lsiv[index].nat_entries = nat_entries; lsiv[index].svc_check_match = svc_check_match; ds_init(&lsiv[index].match); ds_init(&lsiv[index].actions); @@ -12352,6 +12320,7 @@ build_lswitch_and_lrouter_flows(struct hmap *datapaths, struct hmap *ports, .meter_groups = meter_groups, .lbs = lbs, .bfd_connections = bfd_connections, + .nat_entries = nat_entries, .svc_check_match = svc_check_match, .match = DS_EMPTY_INITIALIZER, .actions = DS_EMPTY_INITIALIZER, @@ -12371,7 +12340,8 @@ build_lswitch_and_lrouter_flows(struct hmap *datapaths, struct hmap *ports, &lsi.actions, &lsi.match); build_lrouter_flows_for_lb(lb, lsi.lflows, lsi.meter_groups, - &lsi.match, &lsi.actions); + lsi.nat_entries, &lsi.match, + &lsi.actions); } HMAP_FOR_EACH (igmp_group, hmap_node, igmp_groups) { build_lswitch_ip_mcast_igmp_mld(igmp_group, @@ -12464,7 +12434,8 @@ build_lflows(struct northd_context *ctx, struct hmap *datapaths, struct hmap *ports, struct hmap *port_groups, struct hmap *mcgroups, struct hmap *igmp_groups, struct shash *meter_groups, - struct hmap *lbs, struct hmap *bfd_connections) + struct hmap *lbs, struct hmap *bfd_connections, + struct sset *nat_entries) { struct hmap lflows; @@ -12475,7 +12446,7 @@ build_lflows(struct northd_context *ctx, struct hmap *datapaths, build_lswitch_and_lrouter_flows(datapaths, ports, port_groups, &lflows, mcgroups, igmp_groups, meter_groups, lbs, - bfd_connections); + bfd_connections, nat_entries); if (hmap_count(&lflows) > max_seen_lflow_size) { max_seen_lflow_size = hmap_count(&lflows); @@ -13407,6 +13378,7 @@ ovnnb_db_run(struct northd_context *ctx, struct shash meter_groups = SHASH_INITIALIZER(&meter_groups); struct hmap lbs; struct hmap bfd_connections = HMAP_INITIALIZER(&bfd_connections); + struct sset nat_entries = SSET_INITIALIZER(&nat_entries); /* Sync ipsec configuration. * Copy nb_cfg from northbound to southbound database. @@ -13498,7 +13470,8 @@ ovnnb_db_run(struct northd_context *ctx, build_meter_groups(ctx, &meter_groups); build_bfd_table(ctx, &bfd_connections, ports); build_lflows(ctx, datapaths, ports, &port_groups, &mcast_groups, - &igmp_groups, &meter_groups, &lbs, &bfd_connections); + &igmp_groups, &meter_groups, &lbs, &bfd_connections, + &nat_entries); ovn_update_ipv6_prefix(ports); sync_address_sets(ctx); @@ -13530,6 +13503,7 @@ ovnnb_db_run(struct northd_context *ctx, hmap_destroy(&mcast_groups); hmap_destroy(&port_groups); hmap_destroy(&bfd_connections); + sset_destroy(&nat_entries); struct shash_node *node, *next; SHASH_FOR_EACH_SAFE (node, next, &meter_groups) { From patchwork Fri Jul 2 17:16:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1500199 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=i/4OaFGJ; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGhZV5K57z9sT6 for ; Sat, 3 Jul 2021 03:16:34 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 02C5E41E65; Fri, 2 Jul 2021 17:16:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jf7GX_t2ZrEW; Fri, 2 Jul 2021 17:16:31 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTPS id 4B54B41E5D; Fri, 2 Jul 2021 17:16:30 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1833DC002E; Fri, 2 Jul 2021 17:16:27 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5BD33C0027 for ; Fri, 2 Jul 2021 17:16:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id E4CD48419A for ; Fri, 2 Jul 2021 17:16:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsTREJKTLa8G for ; Fri, 2 Jul 2021 17:16:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 4E2A784183 for ; Fri, 2 Jul 2021 17:16:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625246181; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ND546FFxs06yAnMMnVxfhghdc8DaKGHL3cghJAFMMH8=; b=i/4OaFGJz8bRuHIKX3rZpo8G3fsCNMoizwQh03ku68BgeFH0GYP47aVUG1PSLurecsTgZ7 sksfYenpifTwqCZmi2tSjk6spKbYL/uI4aW8FWuEnbKA0aikm51xtsUOM4jbZhLH5Uf7gW lN1bRpaBvHoYE6HE/SUwOM7TGGW1TwA= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-293-Vyh3pvGaOPS0RteupIl0Cw-1; Fri, 02 Jul 2021 13:16:20 -0400 X-MC-Unique: Vyh3pvGaOPS0RteupIl0Cw-1 Received: by mail-ej1-f71.google.com with SMTP id k1-20020a17090666c1b029041c273a883dso3774768ejp.3 for ; Fri, 02 Jul 2021 10:16:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ND546FFxs06yAnMMnVxfhghdc8DaKGHL3cghJAFMMH8=; b=EwuDtbHS19TPQDyczGUbaPrJlyH7o0X/7CWCTb9mg9cWjiC0QPRFT8AbG1FHHPY1pc N37uBJ1anJYVoHEKn4J+78d6VpI1BLpTQC63KeTjwhTppg9Fg00euYz7tJZ5b2KA8TEI l52RgT1q0rfYWeo5GhBi8dK541hv1+Zf0miOFX1w/pHA3tzysJ+6izYA0nWypQVQUplP YAhplhx4rcHJ4B+HJfhwruvIVK9sXimIa9USSgMl8tYY1Kwdd8IAFbQJrkEAQ3KTSvGK 3EDRuXBoUGf+k1J7Vvg5zO+1bczdm/2NccbLl8BZPwW3WCqwMWHQ1cGcnb/3IYTaWAZi TWjA== X-Gm-Message-State: AOAM530usjXl7zfnSIK9f3ORWLbuRgNAnuXgx7vbultWnZEoSm/6AXlr y2dmL878pd4bpctuijXMoWx7WbR1F+YeIk1Rn+P2Orofvu+TdvKMUOpaJYrydGrDJKNJUBSrfBQ xjjIcqCQCWNh/7F3C9nfu8VhF+2qPHGjbYoGKj8RRfxK2/p0KYOye+CiEnk3NgKLrwIZHWCJ4K1 8= X-Received: by 2002:aa7:c50b:: with SMTP id o11mr664327edq.57.1625246178737; Fri, 02 Jul 2021 10:16:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyr/P5amixuGuUMOkQDJciot2LMqJ4GFVFMaVufND+dyDZBF2Sm1sudZfJh+zMJHT9WxOkMlg== X-Received: by 2002:aa7:c50b:: with SMTP id o11mr664297edq.57.1625246178511; Fri, 02 Jul 2021 10:16:18 -0700 (PDT) Received: from lore-desk.redhat.com (net-130-25-105-72.cust.vodafonedsl.it. [130.25.105.72]) by smtp.gmail.com with ESMTPSA id i4sm1591685edt.34.2021.07.02.10.16.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 10:16:18 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 2 Jul 2021 19:16:03 +0200 Message-Id: <5a3eb7e8e43adbc39c7371f3334b5c6e4b8da6ed.1625246009.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH v4 ovn 6/8] northd: remove dead code in build_lrouter_nat_defrag_and_lb X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Remove if condition that is never executed in build_lrouter_nat_defrag_and_lb routine Acked-by: Dumitru Ceara Signed-off-by: Lorenzo Bianconi --- northd/ovn-northd.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index d6b10cdb5..f344ef7c8 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -11988,12 +11988,6 @@ build_lrouter_nat_defrag_and_lb(struct ovn_datapath *od, "ip", "flags.loopback = 1; ct_dnat;"); } - /* Load balancing and packet defrag are only valid on - * Gateway routers or router with gateway port. */ - if (!smap_get(&od->nbr->options, "chassis") && !od->l3dgw_port) { - return; - } - build_lrouter_lb_flows(lflows, od, lbs, match); } From patchwork Fri Jul 2 17:16:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1500203 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DCRTzA+Z; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGhZq0mWVz9sS8 for ; Sat, 3 Jul 2021 03:16:51 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 2CF074245A; Fri, 2 Jul 2021 17:16:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9TaIfS0L0Q8c; Fri, 2 Jul 2021 17:16:42 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 366CA42418; Fri, 2 Jul 2021 17:16:38 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 06EF2C001A; Fri, 2 Jul 2021 17:16:38 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 78DECC000E for ; Fri, 2 Jul 2021 17:16:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 6C38F40653 for ; Fri, 2 Jul 2021 17:16:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ccQS0MTl4W-F for ; Fri, 2 Jul 2021 17:16:27 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id 81CDC40663 for ; Fri, 2 Jul 2021 17:16:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625246186; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cf98GArWZaFWJE95XZyZAfj2qAA/Q7MzHQ1Yq94+Fo8=; b=DCRTzA+Zmvg4e0j5jBTjF/sGdCsC8FH3/78bCvbYibjzRmFG5v+ga0kymV8Wi1SjQDJs7i aNcKQVHSfGviLxDefM4dyXYbdc59o6An0vcPHM50dljrrG49rbTPJJM8sIYAOI7F32uq7Y HpnWQiN2eJgoyCZBmmETahkqRlAtIR0= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-415-aVHqMd2GMLeBE8m2EnZaUw-1; Fri, 02 Jul 2021 13:16:21 -0400 X-MC-Unique: aVHqMd2GMLeBE8m2EnZaUw-1 Received: by mail-ed1-f70.google.com with SMTP id da21-20020a0564021775b0290395165c6cefso5391107edb.1 for ; Fri, 02 Jul 2021 10:16:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cf98GArWZaFWJE95XZyZAfj2qAA/Q7MzHQ1Yq94+Fo8=; b=fz1SoKcmsDOC2MpDY/H39Y9o7+xnnhQmJnp58XaB55+v+DrToteMFgLluQiABWsHWO uyRVKajTzFSySD9qSJAPKDQEkEQxmFkTXbFbTvonRsACb0OURLHVyY0kRnjCj+Jk+moD Z198XyuCSP2IzN1FeBSaZS6sx4u3phrLF2MR+RfdRqWbEtVb+xYp+PYUPFTnUtqr3P+w 2AobD49Bn2qqabfsC3V33xQ+6oh1DY8RPjyWwYEDActw1IXMWfnqjGKbAG1b0O5TNSrk VpXWBZnxWsdP2E4hvVJB+F1YFLzz+XtChJygIkE6Ll8clEgyzWW6YTKeHgGFGXXdwv/P 2d1w== X-Gm-Message-State: AOAM531Y5TUepoad/zqb1B5xBXvbDIriB/QTUSaCPEvrFVmV14J5gBlK GxZxO1dttNTvGoeXYRbUfy6clpGM2bQzQ1rAupoOxVA8knuTRZxTjkfCPaD51roVqXBG/dxKM3k CCie4JTMlGdhlymcOvNc1o+EvZHs/Yh1djZig73pW5BahvSQ7PLEHP6oArrH1qjzcw97whylbBT U= X-Received: by 2002:a50:ff01:: with SMTP id a1mr627155edu.253.1625246179609; Fri, 02 Jul 2021 10:16:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxcLzel91V9zCdOM+ZgMpIOfvCqdqM1UHFHqRSsBGVDV2I4QbRdF6e6ygM4ZyRueAQj2XWMcg== X-Received: by 2002:a50:ff01:: with SMTP id a1mr627116edu.253.1625246179331; Fri, 02 Jul 2021 10:16:19 -0700 (PDT) Received: from lore-desk.redhat.com (net-130-25-105-72.cust.vodafonedsl.it. [130.25.105.72]) by smtp.gmail.com with ESMTPSA id i4sm1591685edt.34.2021.07.02.10.16.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 10:16:18 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 2 Jul 2021 19:16:04 +0200 Message-Id: <40951a500e58c61b7d3b56ad5d00703f99d87a04.1625246009.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH v4 ovn 7/8] northd: move build_empty_lb_event_flow in build_lswitch_flows_for_lb X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Introduce build_lswitch_flows_for_lb routine in order to visit first each load_balancer and then related datapath (logical switches) during lb flow installation. This patch allows to reduce memory footprint and cpu utilization in ovn-northd. Signed-off-by: Lorenzo Bianconi Acked-by: Dumitru Ceara --- northd/ovn-northd.c | 131 ++++++++++++++++++++++++-------------------- 1 file changed, 71 insertions(+), 60 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index f344ef7c8..2133048b1 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -5200,7 +5200,7 @@ ls_has_lb_vip(struct ovn_datapath *od) static void build_pre_lb(struct ovn_datapath *od, struct hmap *lflows, - struct shash *meter_groups, struct hmap *lbs) + struct hmap *lbs) { /* Do not send ND packets to conntrack */ ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110, @@ -5231,71 +5231,49 @@ build_pre_lb(struct ovn_datapath *od, struct hmap *lflows, 110, lflows); } - bool vip_configured = false; for (int i = 0; i < od->nbs->n_load_balancer; i++) { struct nbrec_load_balancer *nb_lb = od->nbs->load_balancer[i]; struct ovn_northd_lb *lb = ovn_northd_lb_find(lbs, &nb_lb->header_.uuid); ovs_assert(lb); - struct ds action = DS_EMPTY_INITIALIZER; - struct ds match = DS_EMPTY_INITIALIZER; - - for (size_t j = 0; j < lb->n_vips; j++) { - struct ovn_lb_vip *lb_vip = &lb->vips[j]; - - if (build_empty_lb_event_flow(lb_vip, nb_lb, meter_groups, - &match, &action)) { - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_PRE_LB, 130, - ds_cstr(&match), ds_cstr(&action), - &nb_lb->header_); - } - - /* Ignore L4 port information in the key because fragmented packets - * may not have L4 information. The pre-stateful table will send - * the packet through ct() action to de-fragment. In stateful - * table, we will eventually look at L4 information. */ + /* 'REGBIT_CONNTRACK_NAT' is set to let the pre-stateful table send + * packet to conntrack for defragmentation and possibly for unNATting. + * + * Send all the packets to conntrack in the ingress pipeline if the + * logical switch has a load balancer with VIP configured. Earlier + * we used to set the REGBIT_CONNTRACK_DEFRAG flag in the ingress + * pipeline if the IP destination matches the VIP. But this causes + * few issues when a logical switch has no ACLs configured with + * allow-related. + * To understand the issue, lets a take a TCP load balancer - + * 10.0.0.10:80=10.0.0.3:80. + * If a logical port - p1 with IP - 10.0.0.5 opens a TCP connection + * with the VIP - 10.0.0.10, then the packet in the ingress pipeline + * of 'p1' is sent to the p1's conntrack zone id and the packet is + * load balanced to the backend - 10.0.0.3. For the reply packet from + * the backend lport, it is not sent to the conntrack of backend + * lport's zone id. This is fine as long as the packet is valid. + * Suppose the backend lport sends an invalid TCP packet (like + * incorrect sequence number), the packet gets * delivered to the + * lport 'p1' without unDNATing the packet to the VIP - 10.0.0.10. + * And this causes the connection to be reset by the lport p1's VIF. + * + * We can't fix this issue by adding a logical flow to drop ct.inv + * packets in the egress pipeline since it will drop all other + * connections not destined to the load balancers. + * + * To fix this issue, we send all the packets to the conntrack in the + * ingress pipeline if a load balancer is configured. We can now + * add a lflow to drop ct.inv packets. + */ + if (lb->n_vips) { + ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, + 100, "ip", REGBIT_CONNTRACK_NAT" = 1; next;"); + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, + 100, "ip", REGBIT_CONNTRACK_NAT" = 1; next;"); + break; } - ds_destroy(&action); - ds_destroy(&match); - - vip_configured = (vip_configured || lb->n_vips); - } - - /* 'REGBIT_CONNTRACK_NAT' is set to let the pre-stateful table send - * packet to conntrack for defragmentation and possibly for unNATting. - * - * Send all the packets to conntrack in the ingress pipeline if the - * logical switch has a load balancer with VIP configured. Earlier - * we used to set the REGBIT_CONNTRACK_DEFRAG flag in the ingress pipeline - * if the IP destination matches the VIP. But this causes few issues when - * a logical switch has no ACLs configured with allow-related. - * To understand the issue, lets a take a TCP load balancer - - * 10.0.0.10:80=10.0.0.3:80. - * If a logical port - p1 with IP - 10.0.0.5 opens a TCP connection with - * the VIP - 10.0.0.10, then the packet in the ingress pipeline of 'p1' - * is sent to the p1's conntrack zone id and the packet is load balanced - * to the backend - 10.0.0.3. For the reply packet from the backend lport, - * it is not sent to the conntrack of backend lport's zone id. This is fine - * as long as the packet is valid. Suppose the backend lport sends an - * invalid TCP packet (like incorrect sequence number), the packet gets - * delivered to the lport 'p1' without unDNATing the packet to the - * VIP - 10.0.0.10. And this causes the connection to be reset by the - * lport p1's VIF. - * - * We can't fix this issue by adding a logical flow to drop ct.inv packets - * in the egress pipeline since it will drop all other connections not - * destined to the load balancers. - * - * To fix this issue, we send all the packets to the conntrack in the - * ingress pipeline if a load balancer is configured. We can now - * add a lflow to drop ct.inv packets. - */ - if (vip_configured) { - ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, - 100, "ip", REGBIT_CONNTRACK_NAT" = 1; next;"); - ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, - 100, "ip", REGBIT_CONNTRACK_NAT" = 1; next;"); } } @@ -6911,7 +6889,7 @@ build_lswitch_lflows_pre_acl_and_acl(struct ovn_datapath *od, ls_get_acl_flags(od); build_pre_acls(od, port_groups, lflows); - build_pre_lb(od, lflows, meter_groups, lbs); + build_pre_lb(od, lflows, lbs); build_pre_stateful(od, lflows); build_acl_hints(od, lflows); build_acls(od, lflows, port_groups, meter_groups); @@ -8974,6 +8952,34 @@ next: free(new_match); } +static void +build_lswitch_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, + struct shash *meter_groups, struct ds *match, + struct ds *action) +{ + if (!lb->n_nb_ls) { + return; + } + + for (size_t i = 0; i < lb->n_vips; i++) { + struct ovn_lb_vip *lb_vip = &lb->vips[i]; + + if (!build_empty_lb_event_flow(lb_vip, lb->nlb, meter_groups, + match, action)) { + continue; + } + for (int j = 0; j < lb->n_nb_ls; j++) { + ovn_lflow_add_with_hint(lflows, lb->nb_ls[j], + S_SWITCH_IN_PRE_LB, 130, ds_cstr(match), + ds_cstr(action), &lb->nlb->header_); + } + /* Ignore L4 port information in the key because fragmented packets + * may not have L4 information. The pre-stateful table will send + * the packet through ct() action to de-fragment. In stateful + * table, we will eventually look at L4 information. */ + } +} + static void build_lrouter_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, struct shash *meter_groups, @@ -12167,6 +12173,9 @@ build_lflows_thread(void *arg) lsi->meter_groups, lsi->nat_entries, &lsi->match, &lsi->actions); + build_lswitch_flows_for_lb(lb, lsi->lflows, + lsi->meter_groups, + &lsi->match, &lsi->actions); } } for (bnum = control->id; @@ -12336,6 +12345,8 @@ build_lswitch_and_lrouter_flows(struct hmap *datapaths, struct hmap *ports, build_lrouter_flows_for_lb(lb, lsi.lflows, lsi.meter_groups, lsi.nat_entries, &lsi.match, &lsi.actions); + build_lswitch_flows_for_lb(lb, lsi.lflows, lsi.meter_groups, + &lsi.match, &lsi.actions); } HMAP_FOR_EACH (igmp_group, hmap_node, igmp_groups) { build_lswitch_ip_mcast_igmp_mld(igmp_group, From patchwork Fri Jul 2 17:16:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1500202 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Wd7X7vaa; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGhZh6KLTz9sS8 for ; Sat, 3 Jul 2021 03:16:44 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id E2F5484363; Fri, 2 Jul 2021 17:16:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFDJtAfJ98l2; Fri, 2 Jul 2021 17:16:40 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 4F24284326; Fri, 2 Jul 2021 17:16:34 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 09957C001F; Fri, 2 Jul 2021 17:16:32 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1E0D9C001F for ; Fri, 2 Jul 2021 17:16:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 8895E42426 for ; Fri, 2 Jul 2021 17:16:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8NFfdMljxVz for ; Fri, 2 Jul 2021 17:16:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 5211F4241F for ; Fri, 2 Jul 2021 17:16:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625246188; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pDT8LRFm9FyxI3V2vq5EBSJPRaq3upzENLsiXhrXRYE=; b=Wd7X7vaaeCBnYJSU2Zsr/3FsB2/RQPzZgnyGM6YpiMaw8ZSy0Zj8O6f5QmkBKVLblGOjQh Sr2ERpY+v9l19QY5munbCTxbUmM2lD33YRNlsKucPd0Z3ALbzcY6gMIm1fADku40vgp0rl kTGtDpzcIWLq3mh7IRtYaUFBoMr2yeo= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-430-sexGVzNRPeOoFlr1vakk9Q-1; Fri, 02 Jul 2021 13:16:21 -0400 X-MC-Unique: sexGVzNRPeOoFlr1vakk9Q-1 Received: by mail-ej1-f71.google.com with SMTP id p5-20020a17090653c5b02903db1cfa514dso3762889ejo.13 for ; Fri, 02 Jul 2021 10:16:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pDT8LRFm9FyxI3V2vq5EBSJPRaq3upzENLsiXhrXRYE=; b=DoZxa+wH9/RPBd1qyeXRCQOSu5gxZqH9HRqB6JOhYsu0dO9JT6UbNPlpZUf8XVProR bBJTt0RVSkGb/UYiGWf9N0N5/KK7Lyu7NU2+EwUETcrnk8xppYbu4foxW6ZT66a0H5C1 gvcD9ao/OgtsoGF9Ak8x5uQAc2kfhBKB4Uk3pl3KLDBakLsZX/BDBx+j2oSZLzcIsD+V tL3AZ7aGH3tCqxj2pzgs7aP2B2+EFhMOGL8wEw5APIX+Vd3EZBAG6z44JlCFhDfAZ4Cs d6BWxul6jL1J9hCWKmpJQ1onnDxv+1TER6ys2ARWVB2LwAh9KAiXsZzin1E9vZGdrIYM XX+A== X-Gm-Message-State: AOAM532LkvBZVwyj+tEfgAs1hgvu35W4SnVc/QqTc1jzu2FulNYhKkQQ mbSveHdEEEB6iMKcSgQ/w8naqMaRn4sD9lN4wzranWf8FAGz0xhCodJOegNk5ZHQQSvh9jpCTDj gu8x4wrjw3/kPK2KHxuWsEwrjHAc8pyfgHbs/u4W7ViRGHacQZh8MUnPkrSZKU940erqqKFKcPN 4= X-Received: by 2002:a05:6402:845:: with SMTP id b5mr678749edz.266.1625246180239; Fri, 02 Jul 2021 10:16:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyiinrKCbHisyjyBL5+HluNfOYNFtc5jlzDFHejfppghPs/jmGQD2iH+SGapMvbC8Zfhtv2/g== X-Received: by 2002:a05:6402:845:: with SMTP id b5mr678717edz.266.1625246179989; Fri, 02 Jul 2021 10:16:19 -0700 (PDT) Received: from lore-desk.redhat.com (net-130-25-105-72.cust.vodafonedsl.it. [130.25.105.72]) by smtp.gmail.com with ESMTPSA id i4sm1591685edt.34.2021.07.02.10.16.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 10:16:19 -0700 (PDT) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Fri, 2 Jul 2021 19:16:05 +0200 Message-Id: X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lorenzo.bianconi@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH v4 ovn 8/8] northd: move build_lb_rules in build_lswitch_flows_for_lb X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Move stateful lb rules for logical switches in build_lswitch_flows_for_lb routine in order to reduce cpu utilization Signed-off-by: Lorenzo Bianconi Acked-by: Dumitru Ceara --- northd/ovn-northd.c | 45 ++++++++++++++++++++------------------------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 2133048b1..d763fba9a 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -6030,8 +6030,7 @@ build_qos(struct ovn_datapath *od, struct hmap *lflows) { } static void -build_lb_rules(struct ovn_datapath *od, struct hmap *lflows, - struct ovn_northd_lb *lb) +build_lb_rules(struct hmap *lflows, struct ovn_northd_lb *lb) { struct ds action = DS_EMPTY_INITIALIZER; struct ds match = DS_EMPTY_INITIALIZER; @@ -6081,15 +6080,15 @@ build_lb_rules(struct ovn_datapath *od, struct hmap *lflows, ds_put_format(&match, "ct.new && %s.dst == %s", ip_match, lb_vip->vip_str); + int priority = 110; if (lb_vip->vip_port) { ds_put_format(&match, " && %s.dst == %d", proto, lb_vip->vip_port); - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_STATEFUL, 120, - ds_cstr(&match), ds_cstr(&action), - &lb->nlb->header_); - } else { - ovn_lflow_add_with_hint(lflows, od, S_SWITCH_IN_STATEFUL, 110, - ds_cstr(&match), ds_cstr(&action), - &lb->nlb->header_); + priority = 120; + } + for (size_t j = 0; j < lb->n_nb_ls; j++) { + ovn_lflow_add_with_hint(lflows, lb->nb_ls[j], S_SWITCH_IN_STATEFUL, + priority, ds_cstr(&match), + ds_cstr(&action), &lb->nlb->header_); } } ds_destroy(&action); @@ -6097,7 +6096,7 @@ build_lb_rules(struct ovn_datapath *od, struct hmap *lflows, } static void -build_stateful(struct ovn_datapath *od, struct hmap *lflows, struct hmap *lbs) +build_stateful(struct ovn_datapath *od, struct hmap *lflows) { /* Ingress and Egress stateful Table (Priority 0): Packets are * allowed by default. */ @@ -6114,19 +6113,6 @@ build_stateful(struct ovn_datapath *od, struct hmap *lflows, struct hmap *lbs) ovn_lflow_add(lflows, od, S_SWITCH_OUT_STATEFUL, 100, REGBIT_CONNTRACK_COMMIT" == 1", "ct_commit { ct_label.blocked = 0; }; next;"); - - /* Load balancing rules for new connections get committed to conntrack - * table. So even if REGBIT_CONNTRACK_COMMIT is set in a previous table - * a higher priority rule for load balancing below also commits the - * connection, so it is okay if we do not hit the above match on - * REGBIT_CONNTRACK_COMMIT. */ - for (int i = 0; i < od->nbs->n_load_balancer; i++) { - struct ovn_northd_lb *lb = - ovn_northd_lb_find(lbs, &od->nbs->load_balancer[i]->header_.uuid); - - ovs_assert(lb); - build_lb_rules(od, lflows, lb); - } } static void @@ -6894,7 +6880,7 @@ build_lswitch_lflows_pre_acl_and_acl(struct ovn_datapath *od, build_acl_hints(od, lflows); build_acls(od, lflows, port_groups, meter_groups); build_qos(od, lflows); - build_stateful(od, lflows, lbs); + build_stateful(od, lflows); build_lb_hairpin(od, lflows); } } @@ -8964,11 +8950,12 @@ build_lswitch_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, for (size_t i = 0; i < lb->n_vips; i++) { struct ovn_lb_vip *lb_vip = &lb->vips[i]; + /* pre-stateful lb */ if (!build_empty_lb_event_flow(lb_vip, lb->nlb, meter_groups, match, action)) { continue; } - for (int j = 0; j < lb->n_nb_ls; j++) { + for (size_t j = 0; j < lb->n_nb_ls; j++) { ovn_lflow_add_with_hint(lflows, lb->nb_ls[j], S_SWITCH_IN_PRE_LB, 130, ds_cstr(match), ds_cstr(action), &lb->nlb->header_); @@ -8978,6 +8965,14 @@ build_lswitch_flows_for_lb(struct ovn_northd_lb *lb, struct hmap *lflows, * the packet through ct() action to de-fragment. In stateful * table, we will eventually look at L4 information. */ } + + /* stateful lb + * Load balancing rules for new connections get committed to conntrack + * table. So even if REGBIT_CONNTRACK_COMMIT is set in a previous table + * a higher priority rule for load balancing below also commits the + * connection, so it is okay if we do not hit the above match on + * REGBIT_CONNTRACK_COMMIT. */ + build_lb_rules(lflows, lb); } static void