From patchwork Wed Apr 24 09:56:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Naveen Yerramneni X-Patchwork-Id: 1927079 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=BpYgAiIy; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=selector1 header.b=rO8Dhk1X; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VPZBl60wxz1yZr for ; Wed, 24 Apr 2024 19:56:30 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id B4DC160B8B; Wed, 24 Apr 2024 09:56:25 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id bPLM1_71aFC2; Wed, 24 Apr 2024 09:56:23 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 63C9F60A9A Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=BpYgAiIy; dkim=fail reason="signature verification failed" (2048-bit key, unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=selector1 header.b=rO8Dhk1X Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 63C9F60A9A; Wed, 24 Apr 2024 09:56:23 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 25E1AC0077; Wed, 24 Apr 2024 09:56:23 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8B5F0C0037 for ; Wed, 24 Apr 2024 09:56:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 86B9F40289 for ; Wed, 24 Apr 2024 09:56:22 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id GGiBWAFAJn5p for ; Wed, 24 Apr 2024 09:56:21 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=148.163.155.12; helo=mx0b-002c1b01.pphosted.com; envelope-from=naveen.yerramneni@nutanix.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org C01D940278 Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=nutanix.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C01D940278 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=BpYgAiIy; dkim=pass (2048-bit key, unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=selector1 header.b=rO8Dhk1X Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by smtp4.osuosl.org (Postfix) with ESMTPS id C01D940278 for ; Wed, 24 Apr 2024 09:56:19 +0000 (UTC) Received: from pps.filterd (m0127842.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 43O0S4sa022480; Wed, 24 Apr 2024 02:56:19 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h= from:to:cc:subject:date:message-id:content-transfer-encoding :content-type:mime-version; s=proofpoint20171006; bh=mHgnYfqh3gK gXUhPl90hUwmjr01aUG5Y6Lus7djW2BE=; b=BpYgAiIyhk9gCat6n9VQ3shGDsr GhLiQTuvElHtOlRDVAGEiSUhMdJ9yA5HooN3p67191DEVKNhhE+IILEMKQkkDOYt kDpwNx+gpiIu0Rf/eP6vV+biKN8aEOSH4xON1/oLAi/xYBOjUAP4r6zl06Ppj/FQ 3h3AT6yDI2VZINBn6PM34JvT38IkY3kcQKP8dSXL8s1e9wRX7fnoyuYr/vKSLL0Q ugn7zvE5p3+M3FBioDHDZu32P3kdfwn+FDxoef3JHk6ftC38MQoXEx08QihBJOkC 60MgAXWAV7wLtkek+O4YBP3gMNIVQuuRmpo7o8TmZyoflfaPlS6pXA2elNg== Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam02lp2040.outbound.protection.outlook.com [104.47.56.40]) by mx0b-002c1b01.pphosted.com (PPS) with ESMTPS id 3xmd1d7vbb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 24 Apr 2024 02:56:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IRfMUHrpl291UnIA32neQ3+58DWT15kAOS1f05j/gyp7pe7joAYxTlnwWU6DOqFHnhZykbpq2tuFJDs0Uw3mgKy7X4RQVCcyUd5FnYq3Z7wfjWoQWrnEIgninZwmqYvB2hBYDmN/cRL8xgA+/kWZf+tmVC67xfVKctz4Hja4Plleauo9/XJBTxjWBxObQto2EnNTILNYDJ1BjzeHioP38SZiitLih6xR//8GCd3G69Fsgj9e5d3ULP7J71g8Jrfv04dPvzU0HKTMeYspfUaQlcKrDrvvwg32DQYL/zrCR5Qp5sEHRNiJ8Z/AjBnCwwDV1DN4ji/gmlRa3QdLF+PVbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mHgnYfqh3gKgXUhPl90hUwmjr01aUG5Y6Lus7djW2BE=; b=MrMYNCwIjnF5/gdZwowf9IgzhE41j3sRiVdcbEhn26tR1whOQjcXxYW2KSd+Q0i5vp610ZTFQ9cA0JtXlqDiDlaioGLbC4USQqH8Trw15nQaOAUmXCUhuuw2i+I2jHW5u3tm1Gi8VHN+zVv6Dum4lPsYuomJsc3OisWZLCjL3CXG1JZytIyN22KNRrWYk4Renx71LSo7/guNE+XZvqAr83KknKcYeDx1vvuvsMmNyhKNXacQCyPRAH9k/+Ll1YXRMZHpEhrbDoi5Hc2vcm2fNvOikSYZa9PKQsuRp3tcVVtKYsvD7mYKDLy9Gb+eH1uSgKQHtVxvlttC8C8G1XQdAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mHgnYfqh3gKgXUhPl90hUwmjr01aUG5Y6Lus7djW2BE=; b=rO8Dhk1XAkPCh5iWMJn4l2X5sviqcMQGx+2BJMyGhp/RINbm50n3aROKDq7RfRZFp+3O3IYKU5yzmuvCXC5ZPHA/8ukA9u5drCJQUPqhWM/8IWQvsx2UKlqt+OX8jKfJ2aglhaaFhR+6zQnYikmgPYqfYc5Ogb5gfn2XZok0+xZvIeVlKPsiyD4isg4sK45nfDcVSFLIUI5tGbgd4TXy9IZuvdIy5dhVdx3gEOmB5QFkcROQks69eHNdhzrshgFE1Q5G9lbUqwPKa2CIgDPoswxkUeAfIyDG/1OhoY+VmaksdZUH1rdWqHIxx0faHV60BP6hjAf9Oi06PyPhEWLo+A== Received: from SJ0PR02MB7808.namprd02.prod.outlook.com (2603:10b6:a03:326::16) by SJ0PR02MB7453.namprd02.prod.outlook.com (2603:10b6:a03:29b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.23; Wed, 24 Apr 2024 09:56:16 +0000 Received: from SJ0PR02MB7808.namprd02.prod.outlook.com ([fe80::d95e:4ad8:aa24:7c4]) by SJ0PR02MB7808.namprd02.prod.outlook.com ([fe80::d95e:4ad8:aa24:7c4%3]) with mapi id 15.20.7519.021; Wed, 24 Apr 2024 09:56:16 +0000 From: Naveen Yerramneni To: dev@openvswitch.org Date: Wed, 24 Apr 2024 09:56:04 +0000 Message-Id: <20240424095607.129155-1-naveen.yerramneni@nutanix.com> X-Mailer: git-send-email 2.36.6 X-ClientProxiedBy: PH8PR21CA0001.namprd21.prod.outlook.com (2603:10b6:510:2ce::25) To SJ0PR02MB7808.namprd02.prod.outlook.com (2603:10b6:a03:326::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ0PR02MB7808:EE_|SJ0PR02MB7453:EE_ X-MS-Office365-Filtering-Correlation-Id: 04154849-61e8-4ff3-147b-08dc6444c846 x-proofpoint-crosstenant: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230031|366007|52116005|376005|1800799015|38350700005; X-Microsoft-Antispam-Message-Info: D5dZwVyCnmuYMGOrUVXUhYWL56Pe4hqvcHMlMBCYkoYdfO1ud8AmdtAuEiecCvJ8HXXa439OBNW87K7QXynM+YwTw2i621JDDWsqZvV+qwfwiOi3tnht3EaZtE55xIL4y55FVX7w0HaeaXq2JzQhzpiE07tTxoVYOHXFB3k+7H5/MUmEh+17feiJY6exZOLsMgtJZM7Qb0f4CjiGzYYMgua3ShRboJQlIMCSkFf1ysIIzPu4V35kdFxwLQupTDjH4o0LIjnnjvqCY29KPxk84Tn4G19C9VVie2ZA2IknQtERbT4bfff9kR0t08YGYjQdVD+Uebawdt/7nAX2AnrbqSTV4aTNNMGX23u+he54Pw4KHnuwKpQX2o4PETm5NvFZQLg0Sj5rFYXFq6+4fQyF/5RHZdENzReq9xZnpF/f9EMb5eVMrnpBMccO5W03gQKOAawIUAgeeERt/FLZXSaHPjM5BmQjUbZh5qWrskgPqgBPTDl+gs8i5+Fl0FeuSP8rqAU1mDZ7u8k8xnseSRbNHUcQ7tH2aKKByj7989kTRbbI0rQ8iBZ6skxru0CTZpSCxz/fw4v1+m5K5BFBdMjYBKpuVcZGzpvr7fvPlab+/pyKB8KWOgJ9XBuJXNZVF49T0V5PSQID0CxtxOyHpmIYW5HgFhAvtGsEm42ZBUpWznFIjRfLluQBVfj5l7+padhIaljlmZZEdJCJngUf+La5/SKSf9YWx/ILI911xX5Eqz/mwg91DeZOa2yv+1PaLJunA6BdQo1GeXIsyXnq8atkUSE8lHxBEzCdFUYpmghC5qZaxzF5m84mCWRpzsuyyy1Nar7QCEqsoRiDO8u7/NRqQR1NzStJbQt+jx1xSrekOejnYljMoMwbo2qfkGw8jwpd/3yxv0El885EkwiK8cgZHYyByJgE5rGbdbgNaj7hP2S5HkvIunAP/IVV3XNutD009alWbzNG/rIIe4tHWuv3UJfwrOYogFeM8ibf5CfX3uw1C6+xVvlJQBzxo2baHtv7SpliQ9n9ovgZcfW1oExEkiseH9AT2rtEFdPCylYv8rVcKF/QUBoaWoK71h28STl+yUqSbsZ6pSFXvOJeUZL0+9R9auq42IuMQq9GqzfBaxI83iDpriPFarlP3WFxo0HSOjGqbHcrm9fUZq6mc6CIyY2VTPG8zBdJkmYWVjwgGhDTVNN3w/O3tdhqWcby7FeGjL8N9A8IQd4XK2J/3GejorBk8Bzx4GvwaI9l9s6liNU9P698exiU5FHJnwP1hpFSDoq/9AJ0D6Wu1qsAtAGWxr6LVknKbZqS+5hC60fwh4I79ceTj7DlFZvdFyaz6pVj+LTvUXH2u+ATpTKZiVsdNw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB7808.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(52116005)(376005)(1800799015)(38350700005); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: p+yda8/CtsF5s8ubhvAYzJRYF1FV85UZW1Z2vvOPBqG6X3aSLUZn/xDxJAHX5b/9WqQTnx/pD+tl3YA584AmxypNYl0rtMRC//goRlzxf6BQsPKcUwco8EYnk496EcVfoCHEKRIISvImCHHQrazXzihwqOdIUos1fHnYzqNdSrVKzF4MmfBLfyv1c5aqyeBJJPnQfd2KPOvTlXpme3itxKOT3QalqVszDVXMq9OnhQLLlbHddIclweT7Z8uQHhXyLdHx4NTU7wJ07FKsoIC8kRehjI9UpHeoros3oa5uLFvjfT0ojVyRhkbDZI0bQ/gKarH7jMs4z/TG/lCnDz5Llq4OOgMDEJKzWFvmpl7OZ5TNjd5uorT2Uc1BiZ7ige8/qX+b6g0hniDlJQEMshITpFJK47HPdvx3TcIJ0Cfqk79M5P3Csb+97tk9lJAI1fhbq4vJMJqJ5mhzJ3izjJH1otd2S3CRe2dU869CquPA20BwTpBdeTF8m0Ug8jDbY4GpjwWwP7RC7sYzTjbJIiDkPyXxTa8u+BDMaD2nMPGxNjojUfZNPsEGUrFiVsf233eC8A/Y3X64u1JcbB+Tys+wKszxHWIICUV3Lm5nGszwcIwlPD23f8V6PnpGNPuC3HzeVDRTEbBdjFDVCQOytE6t6gNUqqUcFI1Ng4LM+orzfUbQjSpihg9IyQ3EEqYci1pLwJhqKhJfBX2xRTwWeuNDGqpHp9Vy08jB1gesVWafkrS1sP/6nWGgEkxI1v/wDkz1cgPzXhlwOLeqhb0BR/w/JEpAfM42TVnFKh/jV1okobHhA5/DX1Um0WLGfpiYk3DWlmMAJB0xZJgrwxKraxPvFVoyiZcTIGQ8sLijiC9Mwq26JoEmvpTxzb6c25SIrzjYyl6kPqORbc5GtHRrxq0j8vLoT7oxoAyhXBmh8D//ZRIaS/N22RWq21NmDE+QxBspbaKL+nwTTZVJxIVAnl5BamPeQSkQ48x8WqDfnSfNTgNPYtxQWfOGcaXDsclK7g3cgmIsTkuc4m95Nf2GxfGYIn0of2yAAnlQbfOcnoNVBXrP89ZsvFCZv/pTZybPaQnZGXQZQ8HgIuX95Q8IcstR8v6uxyzXdMpotH8OprldnvhFNpSadWd1mca92QkGuwPUBtUVjUG1sBY3CWfjab+Uoix34imTp2zDa5eBztNRx+HZU1h/az/FymepO2KhtFGHSNybvefiG8Mj9LqFHC3yKKBqUHDZQIzk+YLq3JOCWSW3dokooywEwyMhoOE17LMngYLkeK/ZVkOq/zkjXVPD8xn8oHn7opy3fIo2gJjJGoZhFdSqHS/8STyfukdqBQkF3iwTDW9n8hso7Un42mqD6peXuMeus93OInybPNCDa4xSfKdTt2WwLA9Ilf6o2lSsisfG6KyqXyCqclCLeC4VomGWywL9E99K+D2f+mrzhFubsOkbt9REUbF1yN834DBVwDxy0FmGnqBTL5afL1C72lPce2TEcTqNw0PCHIDbukhUpbvxlW2oX2z4G9ck5jm/v2v77Z6B4R6AKsVre7M3AhILR377yMKWfpemiez8ZfYSwHxpO+6+OBm89k+d3Lw83cUnAfk5MpD4BWTilXUghh4QP/Byi9HLl1GCajMXVIw= X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 04154849-61e8-4ff3-147b-08dc6444c846 X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7808.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2024 09:56:16.1646 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Mr+VAC3Sc7LoMM19RIEN7ODsZvDlqMeQpnk+O4oaYKzVP6TfbGovgRcTlr1HC45FK9jOoxgF1394f4g1yXyqbUxQH2iLwbqW+ltz0soSRkw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR02MB7453 X-Proofpoint-ORIG-GUID: CO7iKPAik0LiTu9bbEDKcpYDB9IInjVs X-Proofpoint-GUID: CO7iKPAik0LiTu9bbEDKcpYDB9IInjVs X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.650,FMLib:17.11.176.26 definitions=2024-04-24_07,2024-04-23_02,2023-05-22_02 X-Proofpoint-Spam-Reason: safe Cc: huzaifa.c@nutanix.com Subject: [ovs-dev] [PATCH OVN v6 0/3] DHCP Relay Agent support for overlay subnets. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This patch contains changes to enable DHCP Relay Agent support for overlay subnets. USE CASE: ---------- - Enable IP address assignment for overlay subnets from the centralized DHCP server present in the underlay network. PREREQUISITES -------------- - Logical Router Port IP should be assigned (statically) from the same overlay subnet which is managed by DHCP server. - LRP IP is used for GIADRR field when relaying the DHCP packets and also same IP needs to be configured as default gateway for the overlay subnet. - Overlay subnets managed by external DHCP server are expected to be directly reachable from the underlay network. EXPECTED PACKET FLOW: ---------------------- Following is the expected packet flow inorder to support DHCP rleay functionality in OVN. 1. DHCP client originates DHCP discovery (broadcast). 2. DHCP relay (running on the OVN) receives the broadcast and forwards the packet to the DHCP server by converting it to unicast. While forwarding the packet, it updates the GIADDR in DHCP header to its interface IP on which DHCP packet is received and increments hop count. 3. DHCP server uses GIADDR field to decide the IP address pool from which IP has to be assigned and DHCP offer is sent to the same IP (GIADDR). 4. DHCP relay agent forwards the offer to the client. 5. DHCP client sends DHCP request (broadcast) packet. 6. DHCP relay (running on the OVN) receives the broadcast and forwards the packet to the DHCP server by converting it to unicast. While forwarding the packet, it updates the GIADDR in DHCP header to its interface IP on which DHCP packet is received. 7. DHCP Server sends the ACK packet. 8. DHCP relay agent forwards the ACK packet to the client. 9. All the future renew/release packets are directly exchanged between DHCP client and DHCP server. OVN DHCP RELAY PACKET FLOW: ---------------------------- To add DHCP Relay support on OVN, we need to replicate all the behavior described above using distributed logical switch and logical router. At, highlevel packet flow is distributed among Logical Switch and Logical Router on source node (where VM is deployed) and redirect chassis(RC) node. 1. Request packet gets processed on the source node where VM is deployed and relays the packet to DHCP server. 2. Response packet is first processed on RC node (which first recieves the packet from underlay network). RC node forwards the packet to the right node by filling in the dest MAC and IP. OVN Packet flow with DHCP relay is explained below. 1. DHCP client (VM) sends the DHCP discover packet (broadcast). 2. Logical switch converts the packet to L2 unicast by setting the destination MAC to LRP's MAC 3. Logical Router receives the packet and redirects it to the OVN controller. 4. OVN controller updates the required information(GIADDR, HOP count) in the DHCP payload after doing the required checks. If any check fails, packet is dropped. 5. Logical Router converts the packet to L3 unicast and forwards it to the server. This packets gets routed like any other packet (via RC node). 6. Server replies with DHCP offer. 7. RC node processes the DHCP offer and forwards it to the OVN controller. 8. OVN controller does sanity checks and updates the destination MAC (available in DHCP header), destination IP (available in DHCP header) and reinjects the packet to datapath. If any check fails, packet is dropped. 9. Logical router updates the source IP and port and forwards the packet to logical switch. 10. Logical switch delivers the packet to the DHCP client. 11. Similar steps are performed for Request and Ack packets. 12. All the future renew/release packets are directly exchanged between DHCP client and DHCP server NEW OVN ACTIONS --------------- 1. dhcp_relay_req_chk(, ) - This action executes on the source node on which the DHCP request originated. - This action relays the DHCP request coming from client to the server. Relay-ip is used to update GIADDR in the DHCP header. 2. dhcp_relay_resp_chk(, ) - This action executes on the first node (RC node) which processes the DHCP response from the server. - This action updates the destination MAC and destination IP so that the response can be forwarded to the appropriate node from which request was originated. - Relay-ip, server-ip are used to validate GIADDR and SERVER ID in the DHCP payload. FLOWS ----- Following are the flows added when DHCP Relay is configured on one overlay subnet, one additonal flow is added in ls_in_l2_lkup table for each VM part of the subnet. 1. table=27(ls_in_l2_lkup ), priority=100 , match=(inport == && eth.src == && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67), action=(eth.dst=;outport=;next;/* DHCP_RELAY_REQ */) 2. table=3 (lr_in_ip_input ), priority=110 , match=(inport == && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && ip.frag == 0 && udp.src == 68 && udp.dst == 67), action=(reg9[7] = dhcp_relay_req_chk(, );next; /* DHCP_RELAY_REQ */) 3. table=3 (lr_in_ip_input ), priority=110 , match=(ip4.src == && ip4.dst == && udp.src == 67 && udp.dst == 67), action=(next;/* DHCP_RELAY_RESP */) 4. table=4 (lr_in_dhcp_relay_req), priority=100 , match=(inport == "lrp1" && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67 && reg9[7]), action=(ip4.src=;ip4.dst=;udp.src=67;next; /* DHCP_RELAY_REQ */) 5. table=4 (lr_in_dhcp_relay_req), priority=1 , match=(inport == && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67 && reg9[7] == 0), action=(drop; /* DHCP_RELAY_REQ */) 6. table=18(lr_in_dhcp_relay_resp_chk), priority=100 , match=(ip4.src == && ip4.dst == && ip.frag == 0 && udp.src == 67 && udp.dst == 67), action=(reg2 = ip4.dst;reg9[8] = dhcp_relay_resp_chk(, );next;/* DHCP_RELAY_RESP */) 7. table=19(lr_in_dhcp_relay_resp), priority=100 , match=(ip4.src == && reg2 == && udp.src == 67 && udp.dst == 67 && reg9[8]), action=(ip4.src=;udp.dst=68;outport=;output; /* DHCP_RELAY_RESP */) 8. table=19(lr_in_dhcp_relay_resp), priority=1 , match=(ip4.src == && reg2 == && udp.src == 67 && udp.dst == 67 && reg9[8] == 0), action=(drop; /* DHCP_RELAY_RESP */) NEW PIPELINE STAGES ------------------- Following stage is added for DHCP relay feature. Some of the flows are fitted into the existing pipeline tages. 1. lr_in_dhcp_relay_req - This stage process the DHCP request packets coming from DHCP clients. - DHCP request packets for which dhcp_relay_req_chk action (which gets applied in ip input stage) is successful are forwarded to DHCP server. - DHCP request packets for which dhcp_relay_req_chk action is unsuccessful gets dropped. 2. lr_in_dhcp_relay_resp_chk - This stage applied the dhcp_relay_resp_chk action for DHCP response packets coming from the DHCP server. 3. lr_in_dhcp_relay_resp - DHCP response packets for which dhcp_relay_resp_chk is sucessful are forwarded to the DHCP clients. - DHCP response packets for which dhcp_relay_resp_chk is unsucessful gets dropped. REGISTRY USAGE --------------- - reg9[7] : To store the result of dhcp_relay_req_chk action. - reg9[8] : To store the result of dhcp_relay_resp_chk action. - reg2 : To store the original dest ip for DHCP response packets. This is required to properly match the packets in lr_in_dhcp_relay_resp stage since dhcp_relay_resp_chk action changes the dest ip. NB SCHEMA CHANGES ---------------- 1. New DHCP_Relay table "DHCP_Relay": { "columns": { "name": {"type": "string"}, "servers": {"type": {"key": "string", "min": 0, "max": 1}}, "external_ids": { "type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}}}, "options": {"type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}}, "isRoot": true}, 2. New column to Logical_Router_Port table "dhcp_relay": {"type": {"key": {"type": "uuid", "refTable": "DHCP_Relay", "refType": "strong"}, "min": 0, "max": 1}}, Commands to enable the feature: ------------------------------ ovn-nbctl create DHCP_Relay name= servers= ovn-nbctl set Logical_Router_port dhcp_relay= ovn-nbctl set Logical_Switch other_config:dhcp_relay_port= Example: ------- ovn-nbctl ls-add ls0 ovn-nbctl lsp-add ls0 vif0 ovn-nbctl lsp-set-addresses vif0 #Only MAC address has to be specified when logical ports are created. ovn-nbctl lsp-add ls0 lrp1-attachment ovn-nbctl lsp-set-type lrp1-attachment router ovn-nbctl lsp-set-addresses lrp1-attachment ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1 ovn-nbctl lr-add lr0 ovn-nbctl lrp-add lr0 lrp1 #GATEWAY IP is set in GIADDR field when relaying the DHCP requests to server. ovn-nbctl lrp-add lr0 lrp-ext ovn-nbctl ls-add ls-ext ovn-nbctl lsp-add ls-ext lrp-ext-attachment ovn-nbctl lsp-set-type lrp-ext-attachment router ovn-nbctl lsp-set-addresses lrp-ext-attachment ovn-nbctl lsp-set-options lrp-ext-attachment router-port=lrp-ext ovn-nbctl lsp-add ls-ext ln_port ovn-nbctl lsp-set-addresses ln_port unknown ovn-nbctl lsp-set-type ln_port localnet ovn-nbctl lsp-set-options ln_port network_name=physnet1 # Enable DHCP Relay feature ovn-nbctl create DHCP_Relay name=dhcp_relay_test servers= ovn-nbctl set Logical_Router_port lrp1 dhcp_relay= ovn-nbctl set Logical_Switch ls0 other_config:dhcp_relay_port=lrp1-attachment Limitations: ------------ - All OVN features that needs IP address to be configured on logical port (like proxy arp, etc) will not be supported for overlay subnets on which DHCP relay is enabled. References: ---------- - rfc1541, rfc1542, rfc2131 V1: - First patch. V2: - Addressed review comments from Numan. V3: - Split the patch into series. - Addressed review comments from Numan. - Updated the match condition for DHCP Relay flows. V4: - Fix sparse errors. - Reorder patch series. V5: - Fix test failures. V6: - Addressed review comments from Numan. - Increment NB schema version. Naveen Yerramneni (3): actions: DHCP Relay Agent support for overlay IPv4 subnets. controller: DHCP Relay Agent support for overlay IPv4 subnets. northd, tests: DHCP Relay Agent support for overlay IPv4 subnets. controller/pinctrl.c | 597 +++++++++++++++++++++++++++++++++++----- include/ovn/actions.h | 27 ++ lib/actions.c | 116 ++++++++ lib/ovn-l7.h | 2 + northd/northd.c | 271 +++++++++++++++++- northd/northd.h | 41 +-- northd/ovn-northd.8.xml | 211 ++++++++++++-- ovn-nb.ovsschema | 21 +- ovn-nb.xml | 39 +++ ovn-sb.xml | 62 +++++ tests/atlocal.in | 3 + tests/ovn-northd.at | 38 +++ tests/ovn.at | 258 ++++++++++++++++- tests/system-ovn.at | 148 ++++++++++ utilities/ovn-trace.c | 67 +++++ 15 files changed, 1784 insertions(+), 117 deletions(-)