From c4621fefd5a5a9169125c104e6a81bf987b4c029 Mon Sep 17 00:00:00 2001
From: Numan Siddique <numans@ovn.org>
Date: Sun, 5 Jan 2020 00:46:37 +0530
Subject: [PATCH 2/2] Restrict ARP/IPv6 ND replies for LB VIP only on chassis
 redirect port

Presently when ARP/ND request for the load balance VIP is received
from the provider network, all the ovn-controllers' reply to the ARP/ND
request which have ovn-bridge-mappings configured.

This patch restricts these ARP/ND replies only on the chassis where the
chassis redirect port of the distributed router port is resident.

Acked-by: Dumitru Ceara <dceara@redhat.com>
Signed-off-by: Numan Siddique <numans@ovn.org>

(cherry-picked from upstream commit 6a5783021c35429dbb98ecebbbfbd7cdf3983f73)

Change-Id: I70b091730a7380ed8be63040ce30aa9e64a684bd
---
 ovn/northd/ovn-northd.8.xml | 14 ++++++++++++++
 ovn/northd/ovn-northd.c     |  8 ++++++++
 2 files changed, 22 insertions(+)

diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index 956a10362..11ef65964 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -1670,6 +1670,13 @@ flags.loopback = 1;
 output;
         </pre>
 
+        <p>
+          If the router port <var>P</var> is a distributed gateway router
+          port, then the <code>is_chassis_resident(<var>P</var>)</code> is
+          also added in the match condition for the load balancer IPv4
+          VIP <var>A</var>.
+        </p>
+
         <p>
           IPv6: For a configured DNAT IP address or a load balancer
           IPv6 VIP <var>A</var>, solicited node address <var>S</var>,
@@ -1694,6 +1701,13 @@ nd_na {
 }
         </pre>
 
+        <p>
+          If the router port <var>P</var> is a distributed gateway router
+          port, then the <code>is_chassis_resident(<var>P</var>)</code>
+          is also added in the match condition for the load balancer IPv6
+          VIP <var>A</var>.
+        </p>
+
         <p>
           For the gateway port on a distributed logical router with NAT
           (where one of the logical router ports specifies a
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 55734b090..655d6240a 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -7495,6 +7495,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           "inport == %s && arp.tpa == %s && arp.op == 1",
                           op->json_key, ip_address);
 
+            if (op == op->od->l3dgw_port) {
+                ds_put_format(&match, " && is_chassis_resident(%s)",
+                              op->od->l3redirect_port->json_key);
+            }
             ds_clear(&actions);
             ds_put_format(&actions,
                           "eth.dst = eth.src; "
@@ -7522,6 +7526,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           "inport == %s && nd_ns && nd.target == %s",
                           op->json_key, ip_address);
 
+            if (op == op->od->l3dgw_port) {
+                ds_put_format(&match, " && is_chassis_resident(%s)",
+                              op->od->l3redirect_port->json_key);
+            }
             ds_clear(&actions);
             ds_put_format(&actions,
                           "nd_na { "
-- 
2.24.1