From patchwork Tue Jul 12 06:56:55 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Pettit X-Patchwork-Id: 647321 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (archives.nicira.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 3rpdKg1DkGz9s2G for ; Tue, 12 Jul 2016 20:21:27 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 5B13A108C2; Tue, 12 Jul 2016 03:20:32 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id BBB9510874 for ; Tue, 12 Jul 2016 03:20:26 -0700 (PDT) Received: from bar5.cudamail.com (unknown [192.168.21.12]) by mx1e4.cudamail.com (Postfix) with ESMTPS id 4EF0C1E0645 for ; Tue, 12 Jul 2016 04:20:26 -0600 (MDT) X-ASG-Debug-ID: 1468318825-09eadd72140c2e0001-byXFYA Received: from mx3-pf3.cudamail.com ([192.168.14.3]) by bar5.cudamail.com with ESMTP id DHmdQlvksg3RItQr (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 12 Jul 2016 04:20:25 -0600 (MDT) X-Barracuda-Envelope-From: jpettit@ovn.org X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.3 Received: from unknown (HELO slow1-d.mail.gandi.net) (217.70.178.86) by mx3-pf3.cudamail.com with SMTP; 12 Jul 2016 10:20:25 -0000 Received-SPF: pass (mx3-pf3.cudamail.com: SPF record at ovn.org designates 217.70.178.86 as permitted sender) X-Barracuda-Apparent-Source-IP: 217.70.178.86 X-Barracuda-RBL-IP: 217.70.178.86 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by slow1-d.mail.gandi.net (Postfix) with ESMTP id 048434B666E for ; Tue, 12 Jul 2016 12:17:18 +0200 (CEST) X-Originating-IP: 98.234.50.139 Received: from localhost.localdomain (unknown [98.234.50.139]) (Authenticated sender: jpettit@ovn.org) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 73448C5B32 for ; Tue, 12 Jul 2016 12:17:18 +0200 (CEST) X-CudaMail-Envelope-Sender: jpettit@ovn.org From: Justin Pettit To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-V3-711003459 X-CudaMail-DTE: 071216 X-CudaMail-Originating-IP: 217.70.178.86 Date: Mon, 11 Jul 2016 23:56:55 -0700 X-ASG-Orig-Subj: [##CM-V3-711003459##][ovn-ipv6 25/26] [RFC] ovn: Add support for link-local addresses. Message-Id: <1468306616-125783-26-git-send-email-jpettit@ovn.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1468306616-125783-1-git-send-email-jpettit@ovn.org> References: <1468306616-125783-1-git-send-email-jpettit@ovn.org> X-Barracuda-Connect: UNKNOWN[192.168.14.3] X-Barracuda-Start-Time: 1468318825 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [ovn-ipv6 25/26] [RFC] ovn: Add support for link-local addresses. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" TODO: - Needs to update ovn-northd man page. - Code should be cleaned up. --- ovn/lib/ovn-util.c | 5 +++++ ovn/northd/ovn-northd.c | 39 ++++++++++++++++++++++++++++++--------- ovn/ovn-nb.xml | 6 ++++++ 3 files changed, 41 insertions(+), 9 deletions(-) diff --git a/ovn/lib/ovn-util.c b/ovn/lib/ovn-util.c index 7ad69ad..3e15c6b 100644 --- a/ovn/lib/ovn-util.c +++ b/ovn/lib/ovn-util.c @@ -175,6 +175,11 @@ extract_lrp_networks(const struct nbrec_logical_router_port *lrp, } } + /* Always add the IPv6 link local address. */ + struct in6_addr lla; + in6_generate_lla(laddrs->ea, &lla); + add_ipv6_netaddr(laddrs, lla, 64); + return true; } diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index e0e40d0..991018d 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -2086,12 +2086,17 @@ find_lrp_member_ip(const struct ovn_port *op, const char *ip_s) static void add_route(struct hmap *lflows, const struct ovn_port *op, const char *lrp_addr_s, const char *network_s, int plen, - const char *gateway) + const char *gateway, bool is_lla) { bool is_ipv4 = strchr(network_s, '.') ? true : false; - char *match = xasprintf("ip%s.dst == %s/%d", is_ipv4 ? "4" : "6", - network_s, plen); + struct ds match = DS_EMPTY_INITIALIZER; + if (is_lla) { + /* xxx This is pretty hacky. */ + ds_put_format(&match, "inport == %s && ", op->json_key); + } + ds_put_format(&match, "ip%s.dst == %s/%d", is_ipv4 ? "4" : "6", + network_s, plen); struct ds actions = DS_EMPTY_INITIALIZER; ds_put_format(&actions, "ip.ttl--; %sreg0 = ", is_ipv4 ? "" : "xx"); @@ -2114,10 +2119,10 @@ add_route(struct hmap *lflows, const struct ovn_port *op, /* The priority here is calculated to implement longest-prefix-match * routing. */ - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, plen, match, - ds_cstr(&actions)); + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, plen, + ds_cstr(&match), ds_cstr(&actions)); ds_destroy(&actions); - free(match); + ds_destroy(&match); } static void @@ -2227,7 +2232,8 @@ build_static_route_flow(struct hmap *lflows, struct ovn_datapath *od, goto free_prefix_s; } - add_route(lflows, out_port, lrp_addr_s, prefix_s, plen, route->nexthop); + add_route(lflows, out_port, lrp_addr_s, prefix_s, plen, + route->nexthop, false); free_prefix_s: free(prefix_s); @@ -2526,6 +2532,9 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } if (op->lrp_networks.n_ipv6_addrs) { + /* xxx Fix this comment about broadcast */ + /* xxx We should only drop a specific lla for the interface, + * xxx since theoretically, it could conflict on a diff iface. */ /* L3 admission control: drop packets that originate from an * IPv6 address owned by the router or a broadcast address * known to the router (priority 100). */ @@ -2547,7 +2556,12 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, "ip6.dst <-> ip6.src; " "ip.ttl = 255; " "icmp6.type = 129; " +#if 0 + /* xxx Disable this to allow pinging the lla, + * xxx since this clears the inport, and our lla + * xxx route needs to scope it. */ "inport = \"\"; /* Allow sending out inport. */ " +#endif "next; "); ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90, ds_cstr(&match), ds_cstr(&actions)); @@ -2733,13 +2747,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) { add_route(lflows, op, op->lrp_networks.ipv4_addrs[i].addr_s, op->lrp_networks.ipv4_addrs[i].network_s, - op->lrp_networks.ipv4_addrs[i].plen, NULL); + op->lrp_networks.ipv4_addrs[i].plen, NULL, false); } for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { + /* Do not route link local addresses. */ + if (in6_is_lla(&op->lrp_networks.ipv6_addrs[i].addr)) { + add_route(lflows, op, op->lrp_networks.ipv6_addrs[i].addr_s, + "fe80::", 64, NULL, true); + continue; + } + add_route(lflows, op, op->lrp_networks.ipv6_addrs[i].addr_s, op->lrp_networks.ipv6_addrs[i].network_s, - op->lrp_networks.ipv6_addrs[i].plen, NULL); + op->lrp_networks.ipv6_addrs[i].plen, NULL, false); } } diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml index e571eeb..22a3fdf 100644 --- a/ovn/ovn-nb.xml +++ b/ovn/ovn-nb.xml @@ -801,6 +801,12 @@ address is 192.168.0.1 and that packets destined to 192.168.0.x should be routed to this port.

+ +

+ A logical router port always adds a link-local IPv6 address + (fe80::/64) automatically generated from the interface's MAC + address using the modified EUI-64 format. +