Message ID | 20220907100457.1817917-1-odivlad@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [ovs-dev] controller: flush associated conntrack zone on PB release | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
ovsrobot/github-robot-_ovn-kubernetes | success | github build: passed |
Hi, Acked-by: Mark Michelson <mmichels@redhat.com> In the interest of getting this merged into 22.09 before its impending release, I have gone ahead and backported this to branch-22.09 and branch-22.06, and branch-22.03. Thanks! On 9/7/22 06:04, Vladislav Odintsov wrote: > This patch adds conntrack zone flush when port binding is released. > system-test is added to test this functionality. > > Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2022-September/397524.html > Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> > --- > controller/ovn-controller.c | 4 +- > tests/system-ovn.at | 77 +++++++++++++++++++++++++++++++++++++ > 2 files changed, 79 insertions(+), 2 deletions(-) > > diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c > index 89a495a04..fb81d143c 100644 > --- a/controller/ovn-controller.c > +++ b/controller/ovn-controller.c > @@ -692,7 +692,7 @@ update_ct_zones(const struct shash *binding_lports, > VLOG_DBG("removing ct zone %"PRId32" for '%s'", > ct_zone->data, ct_zone->name); > > - add_pending_ct_zone_entry(pending_ct_zones, CT_ZONE_DB_QUEUED, > + add_pending_ct_zone_entry(pending_ct_zones, CT_ZONE_OF_QUEUED, > ct_zone->data, false, ct_zone->name); > > bitmap_set0(ct_zone_bitmap, ct_zone->data); > @@ -2223,7 +2223,7 @@ ct_zones_runtime_data_handler(struct engine_node *node, void *data) > t_lport->pb->logical_port); > if (ct_zone) { > add_pending_ct_zone_entry( > - &ct_zones_data->pending, CT_ZONE_DB_QUEUED, > + &ct_zones_data->pending, CT_ZONE_OF_QUEUED, > ct_zone->data, false, ct_zone->name); > > bitmap_set0(ct_zones_data->bitmap, ct_zone->data); > diff --git a/tests/system-ovn.at b/tests/system-ovn.at > index 992813614..8acfb3e39 100644 > --- a/tests/system-ovn.at > +++ b/tests/system-ovn.at > @@ -4144,6 +4144,83 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d > AT_CLEANUP > ]) > > +OVN_FOR_EACH_NORTHD([ > +AT_SETUP([conntrack zone flush after port binding release]) > + > +CHECK_CONNTRACK() > +ovn_start > +OVS_TRAFFIC_VSWITCHD_START() > +ADD_BR([br-int]) > + > +# Set external-ids in br-int needed for ovn-controller > +ovs-vsctl \ > + -- set Open_vSwitch . external-ids:system-id=hv1 \ > + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ > + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ > + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ > + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true > + > +# Start ovn-controller > +start_daemon ovn-controller > + > +# Logical network: > +# One LS ls1 with two lports p1 and p2. > +# Stateful ACL is added to ls1. > +# > +# foo -- R1 -- alice > +# | > +# bar ---- > + > +check ovn-nbctl ls-add ls1 > +check ovn-nbctl acl-add ls1 from-lport 1 1 allow-related > + > +# Logical port 'p1' in switch 'ls1'. > +ADD_NAMESPACES(p1) > +ADD_VETH(p1, p1, br-int, "192.168.1.10/24", "00:00:00:00:00:10") > +ovn-nbctl lsp-add ls1 p1 \ > +-- lsp-set-addresses p1 "00:00:00:00:00:10 192.168.1.10" > + > +# Logical port 'p2' in switch 'ls1'. > +ovn-nbctl lsp-add ls1 p2 \ > +-- lsp-set-addresses p2 "00:00:00:00:00:20 192.168.1.20" > + > +ovn-nbctl --wait=hv sync > + > +zone_id=$(ovn-appctl -t ovn-controller ct-zone-list | grep p1 | cut -d ' ' -f2) > + > +# ping from p1 to p2 > +NS_CHECK_EXEC([p1], [ping -q -c 1 -w1 192.168.1.20 > /dev/null], [1]) > + > +# check conntrack zone has icmp entry > +AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=$zone_id | \ > +FORMAT_CT(192.168.1.10) | \ > +sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl > +icmp,orig=(src=192.168.1.10,dst=192.168.1.20,id=<cleared>,type=8,code=0),reply=(src=192.168.1.20,dst=192.168.1.10,id=<cleared>,type=0,code=0),zone=<cleared> > +]) > + > +# release port binding > +check ovs-vsctl clear interface ovs-p1 external_ids > + > +# check conntrack zone is flushed > +check ovs-appctl dpctl/dump-conntrack zone=$zone_id > + > +OVS_APP_EXIT_AND_WAIT([ovn-controller]) > + > +as ovn-sb > +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) > + > +as ovn-nb > +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) > + > +as northd > +OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE]) > + > +as > +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d > +/connection dropped.*/d"]) > +AT_CLEANUP > +]) > + > OVN_FOR_EACH_NORTHD([ > AT_SETUP([2 LSs IGMP and MLD]) > AT_SKIP_IF([test $HAVE_TCPDUMP = no])
Thanks Mark. Regards, Vladislav Odintsov > On 16 Sep 2022, at 18:19, Mark Michelson <mmichels@redhat.com> wrote: > > Hi, > > Acked-by: Mark Michelson <mmichels@redhat.com> > > In the interest of getting this merged into 22.09 before its impending release, I have gone ahead and backported this to branch-22.09 and branch-22.06, and branch-22.03. Thanks! > > On 9/7/22 06:04, Vladislav Odintsov wrote: >> This patch adds conntrack zone flush when port binding is released. >> system-test is added to test this functionality. >> Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2022-September/397524.html >> Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> >> --- >> controller/ovn-controller.c | 4 +- >> tests/system-ovn.at | 77 +++++++++++++++++++++++++++++++++++++ >> 2 files changed, 79 insertions(+), 2 deletions(-) >> diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c >> index 89a495a04..fb81d143c 100644 >> --- a/controller/ovn-controller.c >> +++ b/controller/ovn-controller.c >> @@ -692,7 +692,7 @@ update_ct_zones(const struct shash *binding_lports, >> VLOG_DBG("removing ct zone %"PRId32" for '%s'", >> ct_zone->data, ct_zone->name); >> - add_pending_ct_zone_entry(pending_ct_zones, CT_ZONE_DB_QUEUED, >> + add_pending_ct_zone_entry(pending_ct_zones, CT_ZONE_OF_QUEUED, >> ct_zone->data, false, ct_zone->name); >> bitmap_set0(ct_zone_bitmap, ct_zone->data); >> @@ -2223,7 +2223,7 @@ ct_zones_runtime_data_handler(struct engine_node *node, void *data) >> t_lport->pb->logical_port); >> if (ct_zone) { >> add_pending_ct_zone_entry( >> - &ct_zones_data->pending, CT_ZONE_DB_QUEUED, >> + &ct_zones_data->pending, CT_ZONE_OF_QUEUED, >> ct_zone->data, false, ct_zone->name); >> bitmap_set0(ct_zones_data->bitmap, ct_zone->data); >> diff --git a/tests/system-ovn.at b/tests/system-ovn.at >> index 992813614..8acfb3e39 100644 >> --- a/tests/system-ovn.at >> +++ b/tests/system-ovn.at >> @@ -4144,6 +4144,83 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d >> AT_CLEANUP >> ]) >> +OVN_FOR_EACH_NORTHD([ >> +AT_SETUP([conntrack zone flush after port binding release]) >> + >> +CHECK_CONNTRACK() >> +ovn_start >> +OVS_TRAFFIC_VSWITCHD_START() >> +ADD_BR([br-int]) >> + >> +# Set external-ids in br-int needed for ovn-controller >> +ovs-vsctl \ >> + -- set Open_vSwitch . external-ids:system-id=hv1 \ >> + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ >> + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ >> + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ >> + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true >> + >> +# Start ovn-controller >> +start_daemon ovn-controller >> + >> +# Logical network: >> +# One LS ls1 with two lports p1 and p2. >> +# Stateful ACL is added to ls1. >> +# >> +# foo -- R1 -- alice >> +# | >> +# bar ---- >> + >> +check ovn-nbctl ls-add ls1 >> +check ovn-nbctl acl-add ls1 from-lport 1 1 allow-related >> + >> +# Logical port 'p1' in switch 'ls1'. >> +ADD_NAMESPACES(p1) >> +ADD_VETH(p1, p1, br-int, "192.168.1.10/24", "00:00:00:00:00:10") >> +ovn-nbctl lsp-add ls1 p1 \ >> +-- lsp-set-addresses p1 "00:00:00:00:00:10 192.168.1.10" >> + >> +# Logical port 'p2' in switch 'ls1'. >> +ovn-nbctl lsp-add ls1 p2 \ >> +-- lsp-set-addresses p2 "00:00:00:00:00:20 192.168.1.20" >> + >> +ovn-nbctl --wait=hv sync >> + >> +zone_id=$(ovn-appctl -t ovn-controller ct-zone-list | grep p1 | cut -d ' ' -f2) >> + >> +# ping from p1 to p2 >> +NS_CHECK_EXEC([p1], [ping -q -c 1 -w1 192.168.1.20 > /dev/null], [1]) >> + >> +# check conntrack zone has icmp entry >> +AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=$zone_id | \ >> +FORMAT_CT(192.168.1.10) | \ >> +sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl >> +icmp,orig=(src=192.168.1.10,dst=192.168.1.20,id=<cleared>,type=8,code=0),reply=(src=192.168.1.20,dst=192.168.1.10,id=<cleared>,type=0,code=0),zone=<cleared> >> +]) >> + >> +# release port binding >> +check ovs-vsctl clear interface ovs-p1 external_ids >> + >> +# check conntrack zone is flushed >> +check ovs-appctl dpctl/dump-conntrack zone=$zone_id >> + >> +OVS_APP_EXIT_AND_WAIT([ovn-controller]) >> + >> +as ovn-sb >> +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) >> + >> +as ovn-nb >> +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) >> + >> +as northd >> +OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE]) >> + >> +as >> +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d >> +/connection dropped.*/d"]) >> +AT_CLEANUP >> +]) >> + >> OVN_FOR_EACH_NORTHD([ >> AT_SETUP([2 LSs IGMP and MLD]) >> AT_SKIP_IF([test $HAVE_TCPDUMP = no]) > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 89a495a04..fb81d143c 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -692,7 +692,7 @@ update_ct_zones(const struct shash *binding_lports, VLOG_DBG("removing ct zone %"PRId32" for '%s'", ct_zone->data, ct_zone->name); - add_pending_ct_zone_entry(pending_ct_zones, CT_ZONE_DB_QUEUED, + add_pending_ct_zone_entry(pending_ct_zones, CT_ZONE_OF_QUEUED, ct_zone->data, false, ct_zone->name); bitmap_set0(ct_zone_bitmap, ct_zone->data); @@ -2223,7 +2223,7 @@ ct_zones_runtime_data_handler(struct engine_node *node, void *data) t_lport->pb->logical_port); if (ct_zone) { add_pending_ct_zone_entry( - &ct_zones_data->pending, CT_ZONE_DB_QUEUED, + &ct_zones_data->pending, CT_ZONE_OF_QUEUED, ct_zone->data, false, ct_zone->name); bitmap_set0(ct_zones_data->bitmap, ct_zone->data); diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 992813614..8acfb3e39 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -4144,6 +4144,83 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d AT_CLEANUP ]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([conntrack zone flush after port binding release]) + +CHECK_CONNTRACK() +ovn_start +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-int]) + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Logical network: +# One LS ls1 with two lports p1 and p2. +# Stateful ACL is added to ls1. +# +# foo -- R1 -- alice +# | +# bar ---- + +check ovn-nbctl ls-add ls1 +check ovn-nbctl acl-add ls1 from-lport 1 1 allow-related + +# Logical port 'p1' in switch 'ls1'. +ADD_NAMESPACES(p1) +ADD_VETH(p1, p1, br-int, "192.168.1.10/24", "00:00:00:00:00:10") +ovn-nbctl lsp-add ls1 p1 \ +-- lsp-set-addresses p1 "00:00:00:00:00:10 192.168.1.10" + +# Logical port 'p2' in switch 'ls1'. +ovn-nbctl lsp-add ls1 p2 \ +-- lsp-set-addresses p2 "00:00:00:00:00:20 192.168.1.20" + +ovn-nbctl --wait=hv sync + +zone_id=$(ovn-appctl -t ovn-controller ct-zone-list | grep p1 | cut -d ' ' -f2) + +# ping from p1 to p2 +NS_CHECK_EXEC([p1], [ping -q -c 1 -w1 192.168.1.20 > /dev/null], [1]) + +# check conntrack zone has icmp entry +AT_CHECK([ovs-appctl dpctl/dump-conntrack zone=$zone_id | \ +FORMAT_CT(192.168.1.10) | \ +sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl +icmp,orig=(src=192.168.1.10,dst=192.168.1.20,id=<cleared>,type=8,code=0),reply=(src=192.168.1.20,dst=192.168.1.10,id=<cleared>,type=0,code=0),zone=<cleared> +]) + +# release port binding +check ovs-vsctl clear interface ovs-p1 external_ids + +# check conntrack zone is flushed +check ovs-appctl dpctl/dump-conntrack zone=$zone_id + +OVS_APP_EXIT_AND_WAIT([ovn-controller]) + +as ovn-sb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as ovn-nb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as northd +OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE]) + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d +/connection dropped.*/d"]) +AT_CLEANUP +]) + OVN_FOR_EACH_NORTHD([ AT_SETUP([2 LSs IGMP and MLD]) AT_SKIP_IF([test $HAVE_TCPDUMP = no])
This patch adds conntrack zone flush when port binding is released. system-test is added to test this functionality. Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2022-September/397524.html Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> --- controller/ovn-controller.c | 4 +- tests/system-ovn.at | 77 +++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 2 deletions(-)