|
 |
bbaaef |
From adcdbd9a4ead77037f5d0e6fe9dbc64bf55dce0b Mon Sep 17 00:00:00 2001
|
|
|
bbaaef |
From: Dumitru Ceara <dceara@redhat.com>
|
|
|
bbaaef |
Date: Wed, 16 Oct 2019 15:06:41 +0200
|
|
|
bbaaef |
Subject: [PATCH ovn] ovn-northd: Fix IP multicast flooding to mrouter.
|
|
|
bbaaef |
|
|
|
bbaaef |
OVN logical flow "drop" actions can't be combined with other actions.
|
|
|
bbaaef |
Commit 79308138891a created such a scenario if a logical switch has
|
|
|
bbaaef |
mcast_snoop=true, mcast_flood_unregistered=false and is connected to a
|
|
|
bbaaef |
logical router with mcast_relay=enabled.
|
|
|
bbaaef |
|
|
|
bbaaef |
To fix the issue we now explicitly add a drop flow for unregistered IP
|
|
|
bbaaef |
multicast traffic in a logical switch if mcast_snoop=true,
|
|
|
bbaaef |
mcast_flood_unregistered=false and the switch doesn't have any ports
|
|
|
bbaaef |
with mcast_flood=true and isn't connected to a router with
|
|
|
bbaaef |
mcast_relay=true.
|
|
|
bbaaef |
|
|
|
bbaaef |
Fixes: 79308138891a ("ovn-northd: Add static IP multicast flood configuration")
|
|
|
bbaaef |
Signed-off-by: Dumitru Ceara <dceara@redhat.com>
|
|
|
bbaaef |
Signed-off-by: Numan Siddique <numans@ovn.org>
|
|
|
bbaaef |
---
|
|
|
bbaaef |
ovn/northd/ovn-northd.8.xml | 13 +++++++++++++
|
|
|
bbaaef |
ovn/northd/ovn-northd.c | 8 +++++++-
|
|
|
bbaaef |
tests/ovn.at | 50 ++++++++++++++++++++++++++++++++++++++++++++++---
|
|
|
bbaaef |
3 files changed, 67 insertions(+), 4 deletions(-)
|
|
|
bbaaef |
|
|
|
bbaaef |
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
index 937702e..b5dfcd1 100644
|
|
|
bbaaef |
--- a/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
+++ b/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
@@ -992,6 +992,19 @@ output;
|
|
|
bbaaef |
|
|
|
bbaaef |
|
|
|
bbaaef |
|
|
|
bbaaef |
+ A priority-80 flow that drops all unregistered IP multicast traffic
|
|
|
bbaaef |
+ if <ref column="other_config" table="Logical_Switch"/>
|
|
|
bbaaef |
+ :mcast_snoop='true' and
|
|
|
bbaaef |
+ <ref column="other_config" table="Logical_Switch"/>
|
|
|
bbaaef |
+ :mcast_flood_unregistered='false' and the switch is
|
|
|
bbaaef |
+ not connected to a logical router that has
|
|
|
bbaaef |
+ <ref column="options" table="Logical_Router"/>
|
|
|
bbaaef |
+ :mcast_relay='true' and the switch doesn't have any
|
|
|
bbaaef |
+ logical port with <ref column="options" table="Logical_Switch_Port"/>
|
|
|
bbaaef |
+ :mcast_flood='true'.
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+
|
|
|
bbaaef |
A priority-70 flow that outputs all packets with an Ethernet broadcast
|
|
|
bbaaef |
or multicast eth.dst to the MC_FLOOD
|
|
|
bbaaef |
multicast group.
|
|
|
bbaaef |
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
index e41c9d7..d0844dd 100644
|
|
|
bbaaef |
--- a/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
+++ b/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
@@ -5661,7 +5661,13 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
|
|
|
bbaaef |
|
|
|
bbaaef |
if (mcast_sw_info->flood_static) {
|
|
|
bbaaef |
ds_put_cstr(&actions, "outport =\""MC_STATIC"\"; output;");
|
|
|
bbaaef |
- } else {
|
|
|
bbaaef |
+ }
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ /* Explicitly drop the traffic if relay or static flooding
|
|
|
bbaaef |
+ * is not configured.
|
|
|
bbaaef |
+ */
|
|
|
bbaaef |
+ if (!mcast_sw_info->flood_relay &&
|
|
|
bbaaef |
+ !mcast_sw_info->flood_static) {
|
|
|
bbaaef |
ds_put_cstr(&actions, "drop;");
|
|
|
bbaaef |
}
|
|
|
bbaaef |
|
|
|
bbaaef |
diff --git a/tests/ovn.at b/tests/ovn.at
|
|
|
bbaaef |
index df00517..d141367 100644
|
|
|
bbaaef |
--- a/tests/ovn.at
|
|
|
bbaaef |
+++ b/tests/ovn.at
|
|
|
bbaaef |
@@ -16306,7 +16306,7 @@ sleep 1
|
|
|
bbaaef |
OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [expected])
|
|
|
bbaaef |
OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected])
|
|
|
bbaaef |
|
|
|
bbaaef |
-# Dissable IGMP querier on sw2.
|
|
|
bbaaef |
+# Disable IGMP querier on sw2.
|
|
|
bbaaef |
ovn-nbctl set Logical_Switch sw2 \
|
|
|
bbaaef |
other_config:mcast_querier="false"
|
|
|
bbaaef |
|
|
|
bbaaef |
@@ -16357,6 +16357,50 @@ send_igmp_v3_report hv2-vif3 hv2 \
|
|
|
bbaaef |
000000000001 $(ip_to_hex 10 0 0 1) f9f8 \
|
|
|
bbaaef |
$(ip_to_hex 239 0 1 68) 04 e9b9 \
|
|
|
bbaaef |
/dev/null
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Check that the IGMP Group is learned by all switches.
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([
|
|
|
bbaaef |
+ total_entries=`ovn-sbctl find IGMP_Group | grep "239.0.1.68" | wc -l`
|
|
|
bbaaef |
+ test "${total_entries}" = "2"
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Send traffic from sw3 and make sure it is relayed by rtr.
|
|
|
bbaaef |
+# to ports that joined.
|
|
|
bbaaef |
+truncate -s 0 expected_routed_sw1
|
|
|
bbaaef |
+truncate -s 0 expected_routed_sw2
|
|
|
bbaaef |
+truncate -s 0 expected_empty
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as hv1 reset_pcap_file hv1-vif1 hv1/vif1
|
|
|
bbaaef |
+as hv1 reset_pcap_file hv1-vif2 hv1/vif2
|
|
|
bbaaef |
+as hv1 reset_pcap_file hv1-vif3 hv1/vif3
|
|
|
bbaaef |
+as hv1 reset_pcap_file hv1-vif4 hv1/vif4
|
|
|
bbaaef |
+as hv2 reset_pcap_file hv2-vif1 hv2/vif1
|
|
|
bbaaef |
+as hv2 reset_pcap_file hv2-vif2 hv2/vif2
|
|
|
bbaaef |
+as hv2 reset_pcap_file hv2-vif3 hv2/vif3
|
|
|
bbaaef |
+as hv2 reset_pcap_file hv2-vif4 hv2/vif4
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+send_ip_multicast_pkt hv2-vif4 hv2 \
|
|
|
bbaaef |
+ 000000000001 01005e000144 \
|
|
|
bbaaef |
+ $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e 20 ca70 11 \
|
|
|
bbaaef |
+ e518e518000a3b3a0000
|
|
|
bbaaef |
+store_ip_multicast_pkt \
|
|
|
bbaaef |
+ 000000000100 01005e000144 \
|
|
|
bbaaef |
+ $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e 1f cb70 11 \
|
|
|
bbaaef |
+ e518e518000a3b3a0000 expected_routed_sw1
|
|
|
bbaaef |
+store_ip_multicast_pkt \
|
|
|
bbaaef |
+ 000000000200 01005e000144 \
|
|
|
bbaaef |
+ $(ip_to_hex 10 0 0 42) $(ip_to_hex 239 0 1 68) 1e 1f cb70 11 \
|
|
|
bbaaef |
+ e518e518000a3b3a0000 expected_routed_sw2
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [expected_routed_sw1])
|
|
|
bbaaef |
+OVN_CHECK_PACKETS([hv2/vif3-tx.pcap], [expected_routed_sw2])
|
|
|
bbaaef |
+OVN_CHECK_PACKETS([hv1/vif4-tx.pcap], [expected_empty])
|
|
|
bbaaef |
+OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected_empty])
|
|
|
bbaaef |
+OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [expected_empty])
|
|
|
bbaaef |
+OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected_empty])
|
|
|
bbaaef |
+OVN_CHECK_PACKETS([hv2/vif2-tx.pcap], [expected_empty])
|
|
|
bbaaef |
+OVN_CHECK_PACKETS([hv2/vif4-tx.pcap], [expected_empty])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
# Inject IGMP Join for 239.0.1.68 on sw3-p1.
|
|
|
bbaaef |
send_igmp_v3_report hv1-vif4 hv1 \
|
|
|
bbaaef |
000000000001 $(ip_to_hex 10 0 0 1) f9f8 \
|
|
|
bbaaef |
@@ -16369,8 +16413,8 @@ OVS_WAIT_UNTIL([
|
|
|
bbaaef |
test "${total_entries}" = "3"
|
|
|
bbaaef |
])
|
|
|
bbaaef |
|
|
|
bbaaef |
-# Send traffic from sw3 and make sure it is relayed by rtr.
|
|
|
bbaaef |
-# and ports that joined.
|
|
|
bbaaef |
+# Send traffic from sw3 and make sure it is relayed by rtr
|
|
|
bbaaef |
+# to ports that joined.
|
|
|
bbaaef |
truncate -s 0 expected_routed_sw1
|
|
|
bbaaef |
truncate -s 0 expected_routed_sw2
|
|
|
bbaaef |
truncate -s 0 expected_switched
|
|
|
bbaaef |
--
|
|
|
bbaaef |
1.8.3.1
|
|
|
bbaaef |
|