From patchwork Fri May 19 18:18:55 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vladislav Odintsov
X-Patchwork-Id: 1783951
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
(client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org;
envelope-from=ovs-dev-bounces@openvswitch.org; receiver=)
Authentication-Results: legolas.ozlabs.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
header.s=20221208 header.b=RX07faIC;
dkim-atps=neutral
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4QNFVL58Ctz20PV
for ; Sat, 20 May 2023 04:19:22 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 4996D42CB6;
Fri, 19 May 2023 18:19:19 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 4996D42CB6
Authentication-Results: smtp2.osuosl.org;
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208
header.b=RX07faIC
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id zDjjoAir8a4S; Fri, 19 May 2023 18:19:18 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
by smtp2.osuosl.org (Postfix) with ESMTPS id 27B7840608;
Fri, 19 May 2023 18:19:17 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 27B7840608
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
by lists.linuxfoundation.org (Postfix) with ESMTP id 0C30AC008E;
Fri, 19 May 2023 18:19:15 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
by lists.linuxfoundation.org (Postfix) with ESMTP id C0A40C002A
for ; Fri, 19 May 2023 18:19:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 8BF746116B
for ; Fri, 19 May 2023 18:19:13 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 8BF746116B
Authentication-Results: smtp3.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20221208 header.b=RX07faIC
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 5hV74JvUjKav for ;
Fri, 19 May 2023 18:19:12 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1FD0061179
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com
[IPv6:2a00:1450:4864:20::22b])
by smtp3.osuosl.org (Postfix) with ESMTPS id 1FD0061179
for ; Fri, 19 May 2023 18:19:12 +0000 (UTC)
Received: by mail-lj1-x22b.google.com with SMTP id
38308e7fff4ca-2ac7462d9f1so41117001fa.2
for ; Fri, 19 May 2023 11:19:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1684520350; x=1687112350;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=tDX/quu3XVSKuN0/liuYdpTjBEvXDlSTcpZ4hGhjqZc=;
b=RX07faIC0qkVPt4YSgC3JUaVi6RngYiCdH+C+0CHD2zB/BXcY9E7zCipxxwUmLY7UK
J9lfELKEa5gSzyOfHYVemVKmfWugB3VUNj8T62RjPsyFTJa0xCxm7/jgCBxX8Wd7GIdg
DswNKyXiYQM8zweEtBks+uwubgjBaSCH0UKjbHdrNptxFSioTSU16QrBrTAaw+T4hzeg
k7X+aVU00n2H+PhSU6M+mBeZ8M1ErkadjmmQRTG7PjvxLnleKX2yllw2RDsKYqMdzR5d
CVxGVkisA0BezpXwWVFGQN9shHjMX4D4t4FK8jiG0k7SyserlmMVkMSGDQJqxk0fXuyx
zFaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1684520350; x=1687112350;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=tDX/quu3XVSKuN0/liuYdpTjBEvXDlSTcpZ4hGhjqZc=;
b=NjQPsy81gZeHePMnCxRaouFmjtmPJy45Llw/WmnBu0u7A4fsICQEVeYBc8a8aG1sAv
tK3uVp352MdR2P1kEPeZamFsF9DK0e3h061h/Whyc/P1w2fPb/BWTdfhkQJrhp4uI3LV
1fz33rVkwNGig+ZiqRurXsNDlt/NxzylOcFPqgVhnPRnlqqhnL9R6nAwisxZEFB80igB
kRtgjZqWnWdqjHlmpwO56T5oMk4fme5fYuTCSxFTkoOAhbdnS9yhdeEVOfajJziRGM1C
5XzHuAIsFg7+pycSJx0seX6We4FS7QE/o3hILZJmccRYP4n5X+Hl7NPljHddvn2TwE3h
kf3A==
X-Gm-Message-State: AC+VfDzLYLu+nl9Vz1imSN3UYITFP+sZz148KhwqbcQwKBenPFbnTQgo
BdTEwPE1e3JAlkqq85ALxOBUVECQ3cg=
X-Google-Smtp-Source:
ACHHUZ7TvQfbTyiaomrhXuA4COgvPaZYyXbhZeiVmHVW8rGcnIMERZGhJI6kaEAX5JoZ4aRCTsMXOg==
X-Received: by 2002:a2e:3809:0:b0:2af:1c0a:20e1 with SMTP id
f9-20020a2e3809000000b002af1c0a20e1mr1106059lja.52.1684520349539;
Fri, 19 May 2023 11:19:09 -0700 (PDT)
Received: from ip-10-70-112-12.vpc-1e810be1.internal
(c2-178-216-98-9.elastic.cloud.croc.ru. [178.216.98.9])
by smtp.gmail.com with ESMTPSA id
o11-20020a2e90cb000000b002aa458a7a46sm919962ljg.123.2023.05.19.11.19.08
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 19 May 2023 11:19:09 -0700 (PDT)
From: Vladislav Odintsov
To: dev@openvswitch.org
Date: Fri, 19 May 2023 21:18:55 +0300
Message-Id: <20230519181859.1195040-2-odivlad@gmail.com>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20230519181859.1195040-1-odivlad@gmail.com>
References: <20230519181859.1195040-1-odivlad@gmail.com>
MIME-Version: 1.0
Cc: Vladislav Odintsov
Subject: [ovs-dev] [PATCH ovn 1/5] northd: fix ls_in_hairpin l3dgw flow
generation
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev"
This patch fixes a situation, where logical flow with incorrect syntax could
be generated. If a logical switch has two attached logical router ports and
one of them has configured gateway chassis, then incorrect flow can have the
match like:
`reg0[14] == 1 && (is_chassis_resident("cr-lrp2") || ` or
`is_chassis_resident("cr-lrp1"))`
The flow's match was reworked to have at maximum one 'is_chassis_resident()'
part. For each cr-lport a new lflow is created. There should not be many
cr-lports within one datapath (normally there is just one), so the lflows
count shouldn't increase dramatically.
Now the match looks like:
`reg0[14] == 1 && is_chassis_resident("cr-lrp2")`
As an additional enhancement, the code became easier and tests were also
simplified.
Documentation and relevant testcases were updated.
Fixes: 4e90bcf55c2e ("controller, northd, vtep: support routed networks with HW VTEP")
Signed-off-by: Vladislav Odintsov
---
northd/northd.c | 35 ++++++++++++++---------------------
northd/ovn-northd.8.xml | 13 +++++++------
tests/ovn.at | 17 +++--------------
3 files changed, 24 insertions(+), 41 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index 07b127cdf..d6c26735d 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -7819,37 +7819,30 @@ static void
build_vtep_hairpin(struct ovn_datapath *od, struct hmap *lflows)
{
/* Ingress Pre-ARP flows for VTEP hairpining traffic. Priority 1000:
- * Packets that received from non-VTEP ports should continue processing. */
-
+ * Packets that received from VTEP ports must go directly to L2LKP table.
+ */
char *action = xasprintf("next(pipeline=ingress, table=%d);",
ovn_stage_get_table(S_SWITCH_IN_L2_LKUP));
- /* send all traffic from VTEP directly to L2LKP table. */
ovn_lflow_add(lflows, od, S_SWITCH_IN_HAIRPIN, 1000,
REGBIT_FROM_RAMP" == 1", action);
free(action);
- struct ds match = DS_EMPTY_INITIALIZER;
- size_t n_ports = od->n_router_ports;
- bool dp_has_l3dgw_ports = false;
- for (int i = 0; i < n_ports; i++) {
- if (is_l3dgw_port(od->router_ports[i]->peer)) {
- ds_put_format(&match, "%sis_chassis_resident(%s)%s",
- i == 0 ? REGBIT_FROM_RAMP" == 1 && (" : "",
- od->router_ports[i]->peer->cr_port->json_key,
- i < n_ports - 1 ? " || " : ")");
- dp_has_l3dgw_ports = true;
- }
- }
-
/* Ingress pre-arp flow for traffic from VTEP (ramp) switch.
* Priority 2000: Packets, that were received from VTEP (ramp) switch and
* router ports of current datapath are l3dgw ports and they reside on
* current chassis, should be passed to next table for ARP/ND hairpin
- * processing.
- */
- if (dp_has_l3dgw_ports) {
- ovn_lflow_add(lflows, od, S_SWITCH_IN_HAIRPIN, 2000, ds_cstr(&match),
- "next;");
+ * processing. */
+ struct ds match = DS_EMPTY_INITIALIZER;
+ for (int i = 0; i < od->n_router_ports; i++) {
+ struct ovn_port *op = od->router_ports[i]->peer;
+ if (is_l3dgw_port(op)) {
+ ds_clear(&match);
+ ds_put_format(&match,
+ REGBIT_FROM_RAMP" == 1 && is_chassis_resident(%s)",
+ op->cr_port->json_key);
+ ovn_lflow_add(lflows, od, S_SWITCH_IN_HAIRPIN, 2000,
+ ds_cstr(&match), "next;");
+ }
}
ds_destroy(&match);
}
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index 540fe03bd..a8ef00a28 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -1144,16 +1144,17 @@
For each distributed gateway router port RP attached to
- the logical switch, a priority-2000 flow is added with the match
- reg0[14] == 1 && is_chassis_resident(RP)
-
and action next;
to pass the traffic to the
- next table to respond to the ARP requests for the router port IPs.
+ the logical switch and has chassis redirect port cr-RP, a
+ priority-2000 flow is added with the match
+
+reg0[14] == 1 && is_chassis_resident(cr-RP)
+
+ and action next;
.
reg0[14]
register bit is set in the ingress L2 port
- security check table for traffic received from HW VTEP (ramp)
- ports.
+ security check table for traffic received from HW VTEP (ramp) ports.
diff --git a/tests/ovn.at b/tests/ovn.at
index 9e6e8a14a..53349530b 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -4432,24 +4432,13 @@ response=${sha}${lrpmac}08060001080006040002${lrpmac}${tpa}${sha}${spa}
echo $response >> 3.expected
# First ensure basic flow contents are as we expect.
-AT_CHECK([ovn-sbctl lflow-list lsw0 | grep 'reg0[\[14\]]' | sort | sed 's/table=../table=??/g' | sed 's/is_chassis_resident([[^)]]*)/is_chassis_resident("??")/g'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list lsw0 | grep 'reg0[\[14\]]' | sort | sed 's/table=../table=??/g'], [0], [dnl
table=??(ls_in_check_port_sec), priority=70 , match=(inport == "lp-vtep"), action=(reg0[[14]] = 1; next(pipeline=ingress, table=??);)
table=??(ls_in_hairpin ), priority=1000 , match=(reg0[[14]] == 1), action=(next(pipeline=ingress, table=??);)
- table=??(ls_in_hairpin ), priority=2000 , match=(reg0[[14]] == 1 && (is_chassis_resident("??") || is_chassis_resident("??"))), action=(next;)
+ table=??(ls_in_hairpin ), priority=2000 , match=(reg0[[14]] == 1 && is_chassis_resident("cr-lrp1")), action=(next;)
+ table=??(ls_in_hairpin ), priority=2000 , match=(reg0[[14]] == 1 && is_chassis_resident("cr-lrp2")), action=(next;)
])
-# We've ensured that the expected hairpin flows are present
-# and that the expected number of "is_chassis_resident" fields are in
-# the flow. Now we need to ensure the contents are correct.
-# Unfortunately, the order of the "is_chassis_resident" fields is
-# unpredictable. Therefore we sort them so the order is predictable.
-actual_chassis=$(ovn-sbctl lflow-list lsw0 | grep 'ls_in_hairpin' | grep 'priority=2000' | grep -o 'is_chassis_resident([[^)]]*)' | sort)
-
-expected_chassis='is_chassis_resident("cr-lrp1")
-is_chassis_resident("cr-lrp2")'
-
-check test "$expected_chassis" = "$actual_chassis"
-
# dump information with counters
echo "------ OVN dump ------"
ovn-nbctl show