From patchwork Fri Apr 19 11:14:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ales Musil X-Patchwork-Id: 1925511 X-Patchwork-Delegate: dceara@redhat.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ajpvS3ZC; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VLX9X44c0z1yZP for ; Fri, 19 Apr 2024 21:14:56 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id D139241958; Fri, 19 Apr 2024 11:14:54 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id HUTaBmJcdz29; Fri, 19 Apr 2024 11:14:53 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 58A97403AC Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ajpvS3ZC Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id 58A97403AC; Fri, 19 Apr 2024 11:14:53 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2AC37C007C; Fri, 19 Apr 2024 11:14:53 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4E0B4C0037 for ; Fri, 19 Apr 2024 11:14:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 3847240893 for ; Fri, 19 Apr 2024 11:14:51 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id PKaJa2JJs69x for ; Fri, 19 Apr 2024 11:14:49 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 87B2340843 Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 87B2340843 Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ajpvS3ZC Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 87B2340843 for ; Fri, 19 Apr 2024 11:14:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1713525288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VGcBB2aAiehRyvd0xS9CMBIhjOaoJtf4y+FYGLY8Bm0=; b=ajpvS3ZCw5SrB+dHcWxHZewUx8/XVZeuYq9apHMTDcDAiULpZGws8sfU3BM5vEmMrAqBiu hICu9s6VWu/C7RYcFf5GkHdnBrGAzcHjcA/XMiOIjAPknERmsVnDy3WtQvabwPfl6Bh6C8 WaXOpNLPPSPWWM9iMXTazjlcdaYvacE= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-386-S1dNJNyCO0myuDVBGVL_WA-1; Fri, 19 Apr 2024 07:14:46 -0400 X-MC-Unique: S1dNJNyCO0myuDVBGVL_WA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 426F6101B42B for ; Fri, 19 Apr 2024 11:14:46 +0000 (UTC) Received: from amusil.redhat.com (unknown [10.45.224.106]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6FA6440829C5; Fri, 19 Apr 2024 11:14:45 +0000 (UTC) From: Ales Musil To: dev@openvswitch.org Date: Fri, 19 Apr 2024 13:14:44 +0200 Message-ID: <20240419111444.1223539-1-amusil@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH ovn] controller: Remove the ovn-set-local-ip option. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The local_ip should be present for chassis with single encap whenever we configure its interface in OvS. Not having the local_ip can lead to traffic being dropped on the other side of tunnel because the source IP might be different, this is more likely to happen in pure IPv6 deployments. Remove the option as with the local_ip being enforced also for single encap it became "true" in all scenarios, and it's not needed anymore. Reported-at: https://issues.redhat.com/browse/FDP-570 Signed-off-by: Ales Musil Acked-by: Han Zhou --- NEWS | 3 +++ controller/encaps.c | 31 +++------------------------ controller/ovn-controller.8.xml | 14 +----------- tests/ovn-controller.at | 38 +++++++++++++++++++++++++++------ 4 files changed, 39 insertions(+), 47 deletions(-) diff --git a/NEWS b/NEWS index 141f1831c..9adf6a31c 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,9 @@ Post v24.03.0 "lflow-stage-to-oftable STAGE_NAME" that converts stage name into OpenFlow table id. - Rename the ovs-sandbox script to ovn-sandbox. + - Remove "ovn-set-local-ip" config option from vswitchd + external-ids, the option is no longer needed as it became effectively + "true" for all scenarios. OVN v24.03.0 - 01 Mar 2024 -------------------------- diff --git a/controller/encaps.c b/controller/encaps.c index a9cb604b8..b5ef66371 100644 --- a/controller/encaps.c +++ b/controller/encaps.c @@ -208,11 +208,12 @@ out: static void tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg, const char *new_chassis_id, const struct sbrec_encap *encap, - bool must_set_local_ip, const char *local_ip, + const char *local_ip, const struct ovsrec_open_vswitch_table *ovs_table) { struct smap options = SMAP_INITIALIZER(&options); smap_add(&options, "remote_ip", encap->ip); + smap_add(&options, "local_ip", local_ip); smap_add(&options, "key", "flow"); const char *dst_port = smap_get(&encap->options, "dst_port"); const char *csum = smap_get(&encap->options, "csum"); @@ -239,7 +240,6 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg, const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_table_first(ovs_table); - bool set_local_ip = must_set_local_ip; if (cfg) { /* If the tos option is configured, get it */ const char *encap_tos = @@ -259,19 +259,10 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg, if (encap_df) { smap_add(&options, "df_default", encap_df); } - - if (!set_local_ip) { - /* If ovn-set-local-ip option is configured, get it */ - set_local_ip = - get_chassis_external_id_value_bool( - &cfg->external_ids, tc->this_chassis->name, - "ovn-set-local-ip", false); - } } /* Add auth info if ipsec is enabled. */ if (sbg->ipsec) { - set_local_ip = true; smap_add(&options, "remote_name", new_chassis_id); /* Force NAT-T traversal via configuration */ @@ -290,10 +281,6 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg, } } - if (set_local_ip) { - smap_add(&options, "local_ip", local_ip); - } - /* If there's an existing tunnel record that does not need any change, * keep it. Otherwise, create a new record (if there was an existing * record, the new record will supplant it and encaps_run() will delete @@ -412,18 +399,6 @@ chassis_tunnel_add(const struct sbrec_chassis *chassis_rec, continue; } - /* Check if need to pass the local ip. We always set local ip if there - * are multiple local IPs for the selected encap type. */ - int count = 0; - bool set_local_ip = false; - for (int j = 0; j < this_chassis->n_encaps; j++) { - if (pref_type == get_tunnel_type(this_chassis->encaps[j]->type) && - count++ > 0) { - set_local_ip = true; - break; - } - } - for (int j = 0; j < this_chassis->n_encaps; j++) { if (pref_type != get_tunnel_type(this_chassis->encaps[j]->type)) { continue; @@ -431,7 +406,7 @@ chassis_tunnel_add(const struct sbrec_chassis *chassis_rec, VLOG_DBG("tunnel_add: '%s', local ip: %s", chassis_rec->name, this_chassis->encaps[j]->ip); tunnel_add(tc, sbg, chassis_rec->name, chassis_rec->encaps[i], - set_local_ip, this_chassis->encaps[j]->ip, ovs_table); + this_chassis->encaps[j]->ip, ovs_table); tuncnt++; } } diff --git a/controller/ovn-controller.8.xml b/controller/ovn-controller.8.xml index 5ebef048d..85e7966d7 100644 --- a/controller/ovn-controller.8.xml +++ b/controller/ovn-controller.8.xml @@ -367,16 +367,6 @@ of how many entries there are in the cache. By default this is set to 30000 (30 seconds). -
external_ids:ovn-set-local-ip
-
- The boolean flag indicates if ovn-controller when create - tunnel ports should set local_ip parameter. Can be - heplful to pin source outer IP for the tunnel when multiple interfaces - are used on the host for overlay traffic. This is also useful when - running multiple ovn-controller instances on the same - chassis, in which case this setting will guarantee that their tunnel - ports have unique configuration and can exist in parallel. -
external_ids:garp-max-timeout-sec
When used, this configuration value specifies the maximum timeout @@ -410,9 +400,7 @@ names on the same host using the same vswitchd instance. This may be useful when running a hybrid setup with more than one CMS managing ports on the host, or to use different datapath types on the - same host. Make sure you also set - external_ids:ovn-set-local-ip when using such - configuration. Also note that this ability is highly experimental and + same host. Also note that this ability is highly experimental and has known limitations (for example, stateful ACLs are not supported). Use at your own risk.

diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index f2c792c9c..be198e00d 100644 --- a/tests/ovn-controller.at +++ b/tests/ovn-controller.at @@ -318,11 +318,6 @@ OVS_WAIT_UNTIL([check_tunnel_property type geneve]) ovs-vsctl del-port ovn-fakech-0 OVS_WAIT_UNTIL([check_tunnel_property type geneve]) -# set `ovn-set-local-ip` option to true and check if tunnel parameters -OVS_WAIT_WHILE([check_tunnel_property options:local_ip "\"192.168.0.1\""]) -ovs-vsctl set open . external_ids:ovn-set-local-ip=true -OVS_WAIT_UNTIL([check_tunnel_property options:local_ip "\"192.168.0.1\""]) - # Change the local_ip on the OVS side and check than OVN fixes it ovs-vsctl set interface ovn-fakech-0 options:local_ip="1.1.1.1" OVS_WAIT_UNTIL([check_tunnel_property options:local_ip "\"192.168.0.1\""]) @@ -817,7 +812,7 @@ check_tunnel_property () { } # without any tos options -no_tos_options="{csum=\"true\", key=flow, remote_ip=\"192.168.0.2\"}" +no_tos_options="{csum=\"true\", key=flow, local_ip=\"192.168.0.1\", remote_ip=\"192.168.0.2\"}" # # Start off with a remote chassis supporting geneve @@ -2880,3 +2875,34 @@ AT_CHECK([test x"$port_uuid"=$(ovs-vsctl get port $fakech_tunnel _uuid)]) OVN_CLEANUP([hv1]) AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([Encap enforce local_ip]) +ovn_start + +net_add n1 + +sim_add hv1 +as hv1 +check ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.11 + +sim_add hv2 +as hv2 +check ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.12 + +as hv1 +OVS_WAIT_UNTIL([ + test $(ovs-vsctl --bare --columns _uuid find interface options:local_ip="192.168.0.11" | wc -l) -eq 1 +]) + +as hv2 +OVS_WAIT_UNTIL([ + test $(ovs-vsctl --bare --columns _uuid find interface options:local_ip="192.168.0.12" | wc -l) -eq 1 +]) + +OVN_CLEANUP([hv1],[hv2]) + +AT_CLEANUP +])