|
 |
bbaaef |
From e00d6083ad1ee972ec3705401dc9c8d43cd43f7d Mon Sep 17 00:00:00 2001
|
|
|
bbaaef |
From: Ankur Sharma <ankur.sharma@nutanix.com>
|
|
|
bbaaef |
Date: Wed, 28 Aug 2019 01:55:29 +0000
|
|
|
bbaaef |
Subject: [PATCH 03/12] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect
|
|
|
bbaaef |
chassis.
|
|
|
bbaaef |
|
|
|
bbaaef |
Background:
|
|
|
bbaaef |
With 795d7f24ce0e ("OVN: Enable E-W Traffic, Vlan backed DVR"), we have added
|
|
|
bbaaef |
support for E-W workflow for vlan backed DVRs.
|
|
|
bbaaef |
|
|
|
bbaaef |
This series enables N-S workflow for vlan backed DVRs.
|
|
|
bbaaef |
|
|
|
bbaaef |
Key difference between E-W and N-S traffic flow is that
|
|
|
bbaaef |
N-S flow requires a gateway chassis. A gateway chassis
|
|
|
bbaaef |
will be respondible for following:
|
|
|
bbaaef |
a. Doing Network Address Translation (NAT).
|
|
|
bbaaef |
b. Becoming entry and exit point for North->South
|
|
|
bbaaef |
and South->North traffic respectively.
|
|
|
bbaaef |
|
|
|
bbaaef |
OVN by default always uses overlay encapsulation to redirect
|
|
|
bbaaef |
the packet to gateway chassis. This series will enable
|
|
|
bbaaef |
the redirection to gateway chassis in the absence of encapsulation.
|
|
|
bbaaef |
|
|
|
bbaaef |
This patch:
|
|
|
bbaaef |
a. Make sure that ARP request for endpoint behind the gateway
|
|
|
bbaaef |
router port is sent from gateway chassis only and not from
|
|
|
bbaaef |
host(compute) chassis.
|
|
|
bbaaef |
|
|
|
bbaaef |
b. This is achieved by adding a new logical flow in
|
|
|
bbaaef |
lr_in_arp_resolve at priority=50.
|
|
|
bbaaef |
|
|
|
bbaaef |
c. This flow run on non gateway chassis and sets the destination
|
|
|
bbaaef |
mac to router port mac, if outport is a gateway chassis attached
|
|
|
bbaaef |
router port and redirect-type is set as "bridged".
|
|
|
bbaaef |
Example logical flow:
|
|
|
bbaaef |
table=9 (lr_in_arp_resolve ), priority=50 , match=(outport == "router-to-underlay" && !is_chassis_resident("cr-router-to-underlay")), action=(eth.dst = 00:00:01:01:02:04; next;)
|
|
|
bbaaef |
|
|
|
bbaaef |
d. This change is needed because other wise for non resolved ARPs,
|
|
|
bbaaef |
we will end up doing get_arp in host chassis. Doing so will
|
|
|
bbaaef |
have following issues:
|
|
|
bbaaef |
i. We want all the interation with North bound endpoints via
|
|
|
bbaaef |
gateway chassis only, doing so on host chassis will violate
|
|
|
bbaaef |
that.
|
|
|
bbaaef |
|
|
|
bbaaef |
ii. With get_arp, ovn-controller will generate the ARP using router
|
|
|
bbaaef |
port's mac as source mac, which will lead us to the same issue,
|
|
|
bbaaef |
where router port mac will be going through continous mac moves
|
|
|
bbaaef |
in physical network. Worst, it would affect the redirection,
|
|
|
bbaaef |
since it uses router port mac as destination mac.
|
|
|
bbaaef |
|
|
|
bbaaef |
Signed-off-by: Ankur Sharma <ankur.sharma@nutanix.com>
|
|
|
bbaaef |
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
|
|
|
bbaaef |
---
|
|
|
bbaaef |
ovn/northd/ovn-northd.8.xml | 12 ++++++++++++
|
|
|
bbaaef |
ovn/northd/ovn-northd.c | 22 ++++++++++++++++++++++
|
|
|
bbaaef |
2 files changed, 34 insertions(+)
|
|
|
bbaaef |
|
|
|
bbaaef |
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
index dc5fdf471..83c90d680 100644
|
|
|
bbaaef |
--- a/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
+++ b/ovn/northd/ovn-northd.8.xml
|
|
|
bbaaef |
@@ -2422,6 +2422,18 @@ next;
|
|
|
bbaaef |
get_nd(outport, xxreg0); next;.
|
|
|
bbaaef |
|
|
|
bbaaef |
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ For logical router port with redirect-chassis and redirect-type
|
|
|
bbaaef |
+ being set as bridged, a priority-50 flow will match
|
|
|
bbaaef |
+ outport == "ROUTER_PORT" and !is_chassis_resident
|
|
|
bbaaef |
+ ("cr-ROUTER_PORT") has actions eth.dst = E;
|
|
|
bbaaef |
+ next;, where E is the ethernet address of the
|
|
|
bbaaef |
+ logical router port.
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+
|
|
|
bbaaef |
|
|
|
bbaaef |
|
|
|
bbaaef |
Ingress Table 11: Check packet length
|
|
|
bbaaef |
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
index cd13f308e..27e90fcb2 100644
|
|
|
bbaaef |
--- a/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
+++ b/ovn/northd/ovn-northd.c
|
|
|
bbaaef |
@@ -8459,6 +8459,28 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
|
|
|
bbaaef |
100, ds_cstr(&match), ds_cstr(&actions));
|
|
|
bbaaef |
}
|
|
|
bbaaef |
}
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ if (!op->derived && op->od->l3redirect_port) {
|
|
|
bbaaef |
+ const char *redirect_type = smap_get(&op->nbrp->options,
|
|
|
bbaaef |
+ "redirect-type");
|
|
|
bbaaef |
+ if (redirect_type && !strcasecmp(redirect_type, "bridged")) {
|
|
|
bbaaef |
+ /* Packet is on a non gateway chassis and
|
|
|
bbaaef |
+ * has an unresolved ARP on a network behind gateway
|
|
|
bbaaef |
+ * chassis attached router port. Since, redirect type
|
|
|
bbaaef |
+ * is set to vlan, hence instead of calling "get_arp"
|
|
|
bbaaef |
+ * on this node, we will redirect the packet to gateway
|
|
|
bbaaef |
+ * chassis, by setting destination mac router port mac.*/
|
|
|
bbaaef |
+ ds_clear(&match);
|
|
|
bbaaef |
+ ds_put_format(&match, "outport == %s && "
|
|
|
bbaaef |
+ "!is_chassis_resident(%s)", op->json_key,
|
|
|
bbaaef |
+ op->od->l3redirect_port->json_key);
|
|
|
bbaaef |
+ ds_clear(&actions);
|
|
|
bbaaef |
+ ds_put_format(&actions, "eth.dst = %s; next;",
|
|
|
bbaaef |
+ op->lrp_networks.ea_s);
|
|
|
bbaaef |
+ ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ARP_RESOLVE,
|
|
|
bbaaef |
+ 50, ds_cstr(&match), ds_cstr(&actions));
|
|
|
bbaaef |
+ }
|
|
|
bbaaef |
+ }
|
|
|
bbaaef |
} else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router")
|
|
|
bbaaef |
&& strcmp(op->nbsp->type, "virtual")) {
|
|
|
bbaaef |
/* This is a logical switch port that backs a VM or a container.
|
|
|
bbaaef |
--
|
|
|
bbaaef |
2.23.0
|
|
|
bbaaef |
|