From patchwork Thu Dec 22 17:43:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladislav Odintsov X-Patchwork-Id: 1718922 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=JnCLUWxG; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NdHjH5MGnz1ydb for ; Fri, 23 Dec 2022 04:43:31 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id BEA5941892; Thu, 22 Dec 2022 17:43:28 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org BEA5941892 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=JnCLUWxG X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s3g7kIp1GK1D; Thu, 22 Dec 2022 17:43:27 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id A619A416BC; Thu, 22 Dec 2022 17:43:25 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A619A416BC Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id B20B0C007E; Thu, 22 Dec 2022 17:43:23 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 10F09C0070 for ; Thu, 22 Dec 2022 17:43:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C888F416A3 for ; Thu, 22 Dec 2022 17:43:21 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C888F416A3 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ht1wCcnC_TEu for ; Thu, 22 Dec 2022 17:43:20 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 8897141831 Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by smtp4.osuosl.org (Postfix) with ESMTPS id 8897141831 for ; Thu, 22 Dec 2022 17:43:19 +0000 (UTC) Received: by mail-lj1-x232.google.com with SMTP id s25so2647946lji.2 for ; Thu, 22 Dec 2022 09:43:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=oc55Y28PQL6taoP8eM2AcN+f9SniBR8SwcRFfvguzug=; b=JnCLUWxGtTq3G6xRXxNWV0TpK2Kn8tl830ZkuICdEgIHYveT3VBMAfrpXu0E5hMqqr puo9bGrx7rQ7rI8Tcs5Xz8GQo1lereQM6FM60e7pnmCs7J3NW17HEIbi+ojO8tsF70Y1 5lF12xtp/fmtX3VUKG2Iwox/nBO1MlQu7/m1txs8CWqoHRG4PMC/KpemkasI6zb2ARt0 gArebaF248vAUdQTN13C2ElHtivzTWLzfI5GJe9j47SoO4l1h8Ox+0vOue5+s9BCIAqL dzM+wFqPkLxgFDQJOyybeNsuuGqOWlvs/Dqip59VCmknb2uzbTlWZ0hVOh4XxqsDH4Tw nVYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oc55Y28PQL6taoP8eM2AcN+f9SniBR8SwcRFfvguzug=; b=UwbkWsMW6/Z4mPoTiPOOvytgjvXIfcCvNTDIdpko3F41zLRqAzKLpeAPdKvaixKL+3 X1v1cE8JZ447Zztik+cfHn4mRzXHKVmWiCoJIvEwAH+9Chxo5cvAor2dI4GToWUMc/vq iP6jGDlspPp5LRRBcb4JSe0Ay+0fRBeD39P5uH0PUFGL5JIFP4dSVefK7L6sGJk6C22J qLr+h1Vt74UyDBFaFLYWMJSXVPFL7ZE+AzVN+qrj0p99MVNxhLyGnADiPwV+1csp6OFc 3pd4mqXAfmf2ot9bGzx/eEmRsFJBMh8TyRzq3IilHsKE3fPmeVVbK948xNSOB+dzYmZ5 5NTA== X-Gm-Message-State: AFqh2kqgCkSxppnd4B0nPjgHxBW6u509p6t6y85aTp1zFh6XMVbaqH8q wNUJc2zKKSmYmTfroiMthShCzkqEwh1sFQ== X-Google-Smtp-Source: AMrXdXsvgzCd9Xt3uRgiMERgmiuRMDuJ3d8PTVc+ZvDCXfUVX3IclOvXoGOHqojpf/Y4JiEHdtYQ/g== X-Received: by 2002:a2e:300e:0:b0:27f:9493:76b3 with SMTP id w14-20020a2e300e000000b0027f949376b3mr1938209ljw.31.1671730997028; Thu, 22 Dec 2022 09:43:17 -0800 (PST) Received: from ip-10-70-112-12.vpc-1e810be1.internal (c2-178-216-98-9.elastic.cloud.croc.ru. [178.216.98.9]) by smtp.gmail.com with ESMTPSA id p7-20020a2eb7c7000000b0026dcf81d804sm117433ljo.31.2022.12.22.09.43.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Dec 2022 09:43:16 -0800 (PST) From: Vladislav Odintsov To: dev@openvswitch.org Date: Thu, 22 Dec 2022 20:43:08 +0300 Message-Id: <20221222174309.3141692-1-odivlad@gmail.com> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Cc: Vladislav Odintsov Subject: [ovs-dev] [PATCH ovn 1/2] northd: make traffic routed to vtep lport distributed X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" There were two issues prior to this patch: 1. It was unable to have connectivity to networks over a router in physical network connected through VTEP (ramp) gateway. Consider next topology: ovn-nbctl lr-add lr1 ovn-nbctl lrp-add lr1 lrp1 00:00:00:00:00:01 10.0.0.1/24 ovn-nbctl ls-add ls1 ovn-nbctl lrp-add ls1 lsp1 -- \ lsp-set-addresses lsp1 router -- \ lsp-set-type lsp1 router -- \ lsp-set-options lsp1 router-port=lrp1 ovn-nbctl lsp-add ls1 lsp-vtep -- \ lsp-set-type lsp-vtep vtep -- \ lsp-set-addresses lsp-vtep unknown -- \ lsp-set-options lsp-vtep vtep-physical-switch=<..> vtep-logical-switch=<..> ovn-nbctl lr-route-add lr1 192.168.0.0/24 10.0.0.100 If one issues ping from lsp1 to some address from 192.168.0.0/24 (via vtep lsp), to enable routing support with vtep it is required to set redirect chassis or ha chassis group on lrp1. This topology didn't provide connectivity. Now such traffic flow will work properly. 2. Traffic from lport in one subnet to vtep lport in another subnet of same LR previously traversed via l3gw chassis, now in 'to vtep lport' direction goes directly from hypervisor handling lport to VTEP (RAMP) switch. In the opposite direction traffic still goes from VTEP (RAMP) switch through l3gw chassis and then to hypervisor. Signed-off-by: Vladislav Odintsov --- northd/northd.c | 16 +++++++++++++++- tests/ovn-northd.at | 26 +++++++++++++++++++++++++- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 4751feab4..07fb0ab9a 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -3362,7 +3362,12 @@ ovn_port_update_sbrec(struct northd_input *input_data, } smap_add(&new, "distributed-port", op->nbrp->name); - bool always_redirect = !op->od->has_distributed_nat; + bool always_redirect = !( + op->od->has_distributed_nat || + (op->l3dgw_port->peer && + op->l3dgw_port->peer->od->has_vtep_lports) + ); + if (redirect_type) { smap_add(&new, "redirect-type", redirect_type); /* XXX Why can't we enable always-redirect when redirect-type @@ -12815,6 +12820,15 @@ build_gateway_redirect_flows_for_lrouter( return; } for (size_t i = 0; i < od->n_l3dgw_ports; i++) { + if (od->l3dgw_ports[i]->peer && + od->l3dgw_ports[i]->peer->od->has_vtep_lports) { + /* Skip adding redirect rule for vtep-enabled l3dgw ports. + Traffic from hypervisor to VTEP (ramp) switch should go in + distributed manner. Only returning routed traffic must go + through centralized gateway (or ha-chassis-group). */ + continue; + } + const struct ovsdb_idl_row *stage_hint = NULL; bool add_def_flow = true; diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 56c1e6c2e..72f7c3e2d 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -6074,7 +6074,7 @@ AT_CLEANUP ]) OVN_FOR_EACH_NORTHD_NO_HV([ -AT_SETUP([ovn-northd -- lr admission with vtep lports]) +AT_SETUP([ovn-northd -- lrp with chassis-redirect and ls with vtep lport]) AT_KEYWORDS([multiple-l3dgw-ports]) ovn_start NORTHD_TYPE check ovn-sbctl chassis-add ch1 geneve 127.0.0.2 @@ -6098,6 +6098,11 @@ AT_CHECK([grep lr_in_admission lrflows | grep lrp1 | sed 's/table=../table=??/' table=??(lr_in_admission ), priority=50 , match=(eth.mcast && inport == "lrp1"), action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;) ]) +# Check the flows in lr_in_gw_redirect stage +AT_CHECK([grep lr_in_gw_redirect lrflows | grep lrp1 | sed 's/table=../table=??/' | sort], [0], []) + +wait_row_count Port_Binding 0 logical_port=cr-lrp1 options:always-redirect="true" + # make lrp a cr-port and check its flows check ovn-nbctl lrp-set-gateway-chassis lrp1 ch1 @@ -6111,6 +6116,13 @@ AT_CHECK([grep lr_in_admission lrflows | grep lrp1 | sed 's/table=../table=??/' table=??(lr_in_admission ), priority=50 , match=(eth.mcast && inport == "lrp1"), action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;) ]) +# Check the flows in lr_in_gw_redirect stage +AT_CHECK([grep lr_in_gw_redirect lrflows | grep lrp1 | sed 's/table=../table=??/' | sort], [0], [dnl + table=??(lr_in_gw_redirect ), priority=50 , match=(outport == "lrp1"), action=(outport = "cr-lrp1"; next;) +]) + +wait_row_count Port_Binding 1 logical_port=cr-lrp1 options:always-redirect="true" + # attach vtep logical port to logical switch and check flows. # there should not be is_chassis_resident part. check ovn-nbctl lsp-add ls1 lsp-vtep -- lsp-set-type lsp-vtep vtep @@ -6125,6 +6137,11 @@ AT_CHECK([grep lr_in_admission lrflows | grep lrp1 | sed 's/table=../table=??/' table=??(lr_in_admission ), priority=50 , match=(eth.mcast && inport == "lrp1"), action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;) ]) +# Check the flows in lr_in_gw_redirect stage +AT_CHECK([grep lr_in_gw_redirect lrflows | grep lrp1 | sed 's/table=../table=??/' | sort], [0], []) + +wait_row_count Port_Binding 0 logical_port=cr-lrp1 options:always-redirect="true" + # delete vtep lport and check lrp has is_chassis_resident match part again. check ovn-nbctl lsp-del lsp-vtep @@ -6138,6 +6155,13 @@ AT_CHECK([grep lr_in_admission lrflows | grep lrp1 | sed 's/table=../table=??/' table=??(lr_in_admission ), priority=50 , match=(eth.mcast && inport == "lrp1"), action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;) ]) +# Check the flows in lr_in_gw_redirect stage +AT_CHECK([grep lr_in_gw_redirect lrflows | grep lrp1 | sed 's/table=../table=??/' | sort], [0], [dnl + table=??(lr_in_gw_redirect ), priority=50 , match=(outport == "lrp1"), action=(outport = "cr-lrp1"; next;) +]) + +wait_row_count Port_Binding 1 logical_port=cr-lrp1 options:always-redirect="true" + AT_CLEANUP ])