|
 |
bbaaef |
From c4621fefd5a5a9169125c104e6a81bf987b4c029 Mon Sep 17 00:00:00 2001
|
|
|
bbaaef |
From: Numan Siddique <numans@ovn.org>
|
|
|
bbaaef |
Date: Sun, 5 Jan 2020 00:46:37 +0530
|
|
|
bbaaef |
Subject: [PATCH 2/2] Restrict ARP/IPv6 ND replies for LB VIP only on chassis
|
|
|
bbaaef |
redirect port
|
|
|
bbaaef |
|
|
|
bbaaef |
Presently when ARP/ND request for the load balance VIP is received
|
|
|
bbaaef |
from the provider network, all the ovn-controllers' reply to the ARP/ND
|
|
|
bbaaef |
request which have ovn-bridge-mappings configured.
|
|
|
bbaaef |
|
|
|
bbaaef |
This patch restricts these ARP/ND replies only on the chassis where the
|
|
|
bbaaef |
chassis redirect port of the distributed router port is resident.
|
|
|
bbaaef |
|
|
|
bbaaef |
Acked-by: Dumitru Ceara <dceara@redhat.com>
|
|
|
bbaaef |
Signed-off-by: Numan Siddique <numans@ovn.org>
|
|
|
bbaaef |
|
|
|
bbaaef |
(cherry-picked from upstream commit 6a5783021c35429dbb98ecebbbfbd7cdf3983f73)
|
|
|
bbaaef |
|
|
|
bbaaef |
Change-Id: I70b091730a7380ed8be63040ce30aa9e64a684bd
|
|
|
bbaaef |
---
|
|
|
bbaaef |
ovn/northd/ovn-northd.8.xml | 14 ++++++++++++++
|
|
|
bbaaef |
ovn/northd/ovn-northd.c | 8 ++++++++
|
|
|
bbaaef |
2 files changed, 22 insertions(+)
|
|
|
bbaaef |
|
|
|
bbaaef |
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
index 956a10362..11ef65964 100644
|
|
|
bbaaef |
--- a/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
+++ b/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
@@ -1670,6 +1670,13 @@ flags.loopback = 1;
|
|
|
bbaaef |
output;
|
|
|
bbaaef |
|
|
|
bbaaef |
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ If the router port P is a distributed gateway router
|
|
|
bbaaef |
+ port, then the is_chassis_resident(P) is
|
|
|
bbaaef |
+ also added in the match condition for the load balancer IPv4
|
|
|
bbaaef |
+ VIP A.
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+
|
|
|
bbaaef |
|
|
|
bbaaef |
IPv6: For a configured DNAT IP address or a load balancer
|
|
|
bbaaef |
IPv6 VIP A, solicited node address S,
|
|
|
bbaaef |
@@ -1694,6 +1701,13 @@ nd_na {
|
|
|
bbaaef |
}
|
|
|
bbaaef |
|
|
|
bbaaef |
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ If the router port P is a distributed gateway router
|
|
|
bbaaef |
+ port, then the is_chassis_resident(P)
|
|
|
bbaaef |
+ is also added in the match condition for the load balancer IPv6
|
|
|
bbaaef |
+ VIP A.
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+
|
|
|
bbaaef |
|
|
|
bbaaef |
For the gateway port on a distributed logical router with NAT
|
|
|
bbaaef |
(where one of the logical router ports specifies a
|
|
|
bbaaef |
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
index 55734b090..655d6240a 100644
|
|
|
bbaaef |
--- a/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
+++ b/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
@@ -7495,6 +7495,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
|
|
|
bbaaef |
"inport == %s && arp.tpa == %s && arp.op == 1",
|
|
|
bbaaef |
op->json_key, ip_address);
|
|
|
bbaaef |
|
|
|
bbaaef |
+ if (op == op->od->l3dgw_port) {
|
|
|
bbaaef |
+ ds_put_format(&match, " && is_chassis_resident(%s)",
|
|
|
bbaaef |
+ op->od->l3redirect_port->json_key);
|
|
|
bbaaef |
+ }
|
|
|
bbaaef |
ds_clear(&actions);
|
|
|
bbaaef |
ds_put_format(&actions,
|
|
|
bbaaef |
"eth.dst = eth.src; "
|
|
|
bbaaef |
@@ -7522,6 +7526,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
|
|
|
bbaaef |
"inport == %s && nd_ns && nd.target == %s",
|
|
|
bbaaef |
op->json_key, ip_address);
|
|
|
bbaaef |
|
|
|
bbaaef |
+ if (op == op->od->l3dgw_port) {
|
|
|
bbaaef |
+ ds_put_format(&match, " && is_chassis_resident(%s)",
|
|
|
bbaaef |
+ op->od->l3redirect_port->json_key);
|
|
|
bbaaef |
+ }
|
|
|
bbaaef |
ds_clear(&actions);
|
|
|
bbaaef |
ds_put_format(&actions,
|
|
|
bbaaef |
"nd_na { "
|
|
|
bbaaef |
--
|
|
|
bbaaef |
2.24.1
|
|
|
bbaaef |
|