From patchwork Mon Jan 8 13:12:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Priyankar Jain X-Patchwork-Id: 1883681 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=oKuoJNQU; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=selector1 header.b=waQgd7gh; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4T7vd607phz1yP7 for ; Tue, 9 Jan 2024 00:13:13 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 935A183300; Mon, 8 Jan 2024 13:13:11 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 935A183300 Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=oKuoJNQU; dkim=fail reason="signature verification failed" (2048-bit key, unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=selector1 header.b=waQgd7gh X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZvybfCYKJ1p; Mon, 8 Jan 2024 13:13:10 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 45CB5820ED; Mon, 8 Jan 2024 13:13:09 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 45CB5820ED Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0D2E9C0077; Mon, 8 Jan 2024 13:13:09 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3E88CC0037 for ; Mon, 8 Jan 2024 13:13:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 18C4560F4B for ; Mon, 8 Jan 2024 13:13:08 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 18C4560F4B Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=oKuoJNQU; dkim=pass (2048-bit key, unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=selector1 header.b=waQgd7gh X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gLdvtxg0Z5tG for ; Mon, 8 Jan 2024 13:13:07 +0000 (UTC) Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by smtp3.osuosl.org (Postfix) with ESMTPS id B663260EC6 for ; Mon, 8 Jan 2024 13:13:06 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org B663260EC6 Received: from pps.filterd (m0127843.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 407Me1BN030329 for ; Mon, 8 Jan 2024 05:13:05 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h= from:to:cc:subject:date:message-id:content-transfer-encoding :content-type:mime-version; s=proofpoint20171006; bh=m/DqTORW3Mc z6X7OZQ+T+ipQRveHPPu/WVT4xcEKY6k=; b=oKuoJNQUHTS17tPbfrvUuaekHd0 WRVcXtAscO2WpuT2VsqXPp3cOOgP+d+h6Ev22bE6n4ip+sXeNk37We1VbBDRWxyQ rCPJRyn0RkeJ7AYVxM9/iq74rP3ywCpp4cjEcTbsFyNPY+C2rzTcJc1jBG9zCuv/ 8xyBzvHfeqIRnRx2hdAK2KFXj1JjjT0o90yTDg/3yMTJGi0Czcuu1SL1kEuf1mxJ VZ0nYcq1z1cR4CsXOGZQWRmLkn8IMzT9YyMeRvK1ib1QvBRiZHmtR9tfEw2p1Vse ZtcGLNHBYNYp4yNosLsdG89X8lavEvgQOyiuZQm570qJOJQKejsHq7JOo4w== Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2168.outbound.protection.outlook.com [104.47.56.168]) by mx0b-002c1b01.pphosted.com (PPS) with ESMTPS id 3vf5uqtruj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 08 Jan 2024 05:13:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZnPI6rDzzyiPlchbxXNDJtEDr2NostNHTmtDfpABrPwXM5iFkxzgu74vfnaHkTB3oGPhzO5SUzt/YVvJTz9ZsR+LUTgffn3UWD3dFo0Hr2PmyQ+793aTddNU63fu5F1gt+izbMMVKScce2uPIAdpxzQc12HbiF0X1z3r3zqCHssrjlMpqjnjP/u4VtsN6NEMEMDN11GlaFUX8t3i541jQuT6TMn4dcprbgCx/y4hvZaewUdS1HqwMvHhtpMJnCkqhRIg3GYGlRfrKW1Gg+PBfPChqfuB0UGGywzR046fb6RnHazW0dQ7NbhMkvKxNAXUZcf4its6lhMzweC4e8F39Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m/DqTORW3Mcz6X7OZQ+T+ipQRveHPPu/WVT4xcEKY6k=; b=Ay1bjiOmPfQ2ybsIzG2cJnQwUQw3e8/DzIXFP8x7269BRa8ucBCS9NR+kR50VgCVLiEVn3qRu0O8FS8x7kKkiMwhfsJlR550rGBCd2FOjX5zn1qW8B/9eZRsLlnFG/yqNJjIsPTVyvZ7LKaUgmBDnkVLn0RV2SnIlBXrggDA1IkH9ZQXYrjw3CCNDFLtpt6Wgk++cBahSyba7Cu8Ul5JJvr5fanf3xyW7VLBRMt5Hv1/lQefPPEDxWPkVklmYYS3prA8mbXRjfnCAgQMvG9tVZhVBuSuVf9IRSlMqqQC3ghp64AdVKozOW9MGIZGVWHKyiRa700GcsZk8fJK70OKcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m/DqTORW3Mcz6X7OZQ+T+ipQRveHPPu/WVT4xcEKY6k=; b=waQgd7ghL2kcpltQXVrK0jP3VXO3I5MnEwvU00AJB5lBXi1S+sg3+18rQOqeYMGf5c+BGQdcHHevZo5ySDbhgpmpwLojz5vovNQBtdM8L46qMJfKlfhtgEj6RS5zzW64zas3YHXtsTR4r3FvBtRpwFedsUFCdWQUhpzl6o/GJd8sFmbm8uf6U+hd4vamOP/Eeq+iKQeTd4GiHfRTQQoJMijDyBwSooLqjXYFYFq9y7Ns9yf7TbvFilFXiJwfyyGr+6byqZqFsLlDDAOSQbemrJdX2E+FpLGPxMTTP0aRbL27ROlvJmGPTL5gkDX1aQnk8qb6lkTi3QoIjv9VeXko6A== Received: from PH0PR02MB7496.namprd02.prod.outlook.com (2603:10b6:510:16::12) by SA2PR02MB7514.namprd02.prod.outlook.com (2603:10b6:806:135::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Mon, 8 Jan 2024 13:13:02 +0000 Received: from PH0PR02MB7496.namprd02.prod.outlook.com ([fe80::1618:78d0:e98c:2910]) by PH0PR02MB7496.namprd02.prod.outlook.com ([fe80::1618:78d0:e98c:2910%7]) with mapi id 15.20.7159.018; Mon, 8 Jan 2024 13:13:02 +0000 From: Priyankar Jain To: dev@openvswitch.org Date: Mon, 8 Jan 2024 18:42:43 +0530 Message-Id: <20240108131243.53816-1-priyankar.jain@nutanix.com> X-Mailer: git-send-email 2.39.2 (Apple Git-143) X-ClientProxiedBy: MA1PR01CA0164.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:71::34) To PH0PR02MB7496.namprd02.prod.outlook.com (2603:10b6:510:16::12) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH0PR02MB7496:EE_|SA2PR02MB7514:EE_ X-MS-Office365-Filtering-Correlation-Id: e244796d-90df-4b24-faee-08dc104b8b6a x-proofpoint-crosstenant: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oOxrT3vKpGME9oHYtOWMFa7ukyvhJAshYJAVLZy+fIObd6YZTXoNouc+TTIp4nZByd0AVL5/6zGcRmu0dwgq2x8UnFZfWJ3UwGvVQyd/iMpjPBU6HxSvn9mllbEnZ46g2l90ovDYfZVZ8qUoKvx3m4iwJ6DCZV4FSApNFZNPcMLMksEkPcgiNZZbjU2JmyVNiQmEBQcqbD+T/aFvGkeZ09T6AyDiXLHxoUkulbnhpyrjNyQcH/oZQN2COU+ZGfSsCLstvoy9ddnFSL7sbKkUxjw1oH6Mk0swuPlHuvekZdwuu1z2HRHcTf/hz2LaBYHURhcx1ACe8tqw9ViTKKB0+wQlA6xPmWAuc3+0+1Y5DbFiDULk16cPfxArYiqYPhDyoXxJflC9M27tlPEYXNahJCfFa8y27bXp58WJJjRif+fa01GtR60vHIv2eZAV7c8UdOC8jv+JZrHIQf0j19ODcQSy0O5mSswsfAfift23NjAlYsvSfcLEpi87QddqjeWai0mslt22Sd+wgD+C2Vhh6BGIn3QOz5iJMu8dUfG3ZmizThFJKPjAGSqXfOpYJt5iAHdunBivN5b8JCYc72BS2V0bNVf66ffxIrq4YbPFfQ+PzUJsBaD4t9dh2EiJXD0ypprk31vdW0WGNnnwCF1yhO0rwBibilCP4U541MvY/XE= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR02MB7496.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(346002)(376002)(136003)(366004)(39860400002)(230173577357003)(230273577357003)(230922051799003)(186009)(1800799012)(64100799003)(451199024)(107886003)(2616005)(52116002)(6512007)(6506007)(26005)(83380400001)(8676002)(1076003)(66574015)(41300700001)(6486002)(86362001)(4326008)(8936002)(30864003)(5660300002)(2906002)(316002)(44832011)(36756003)(66946007)(66556008)(6916009)(66476007)(38350700005)(6666004)(478600001)(38100700002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: bxEh3xJDR2P+jfo0a/LJWHGgQRapG5MOZiB9V65PmoRt60jaGFuXur5cL8tmFdSppFY3SuK+EnnR+X/h7vE2L9B6C/Tew29JG/WgM+OViJO9dFdIOAMCWp5wa8ieQa4MQ3kxmyweH4p5E8wdbelCZ7UF3qSObbTRWa+YGTyr/Rikufh7p7szPTWYcmagJurUCvLAr8zR+hd5HEhXHQJt4aJeLdYO8DDslinUbo40WMJRE8Jso48Yhbji6w5XMR79qCElfMNlpFJrOZ15c7WyBkxK3DOFGkQQVtMYc1KT3mZb8Au6hOPOZi1qA7bMqCc7cGAEoV8h+PHUBZKctVxHw27BkpC/sSBX3FllGeoQ2jgNrW8T/hbTB5zP02Wmo8QEu4NjTBMIcZZ87RTEvYupq5Ki/YUduNzCrtxZzjVlNBPoStPYV8IkSJC0Nbtpte8gO/iYnCPrYRIGpkECxXI7QlN+/Y//47mmOyojg2r263DjPmbJBbU+2WJXNFyGRJVGo7Wdk+niODSviQpq7i6gZkWnAXLACE0X7DnXAFbkuqzQFpXJ8rPAVTNSc/6G/605lj1VPFKH8Zk9EYcIDiH9/H+DAcTfbxYzhFo2EJsk5NQEya1TntnxViBRdiWQ36SRUDKgzcmWL77YEvFg8R8hvmD0diUNMBUUhNMNqetVZrULnELl9Jil5iqcL1ZRAWxIgs2dBkKwLVKrwvpu9KywW7RlFtW2WGobEO6L9VDD6rmPQC9urHD9Cj0GTkOIP7Of6ZOrglpo7hp5yn1LS0PorEZ/KYg9T98dqHTwQ7KgVcKX84KAy3ci/CFg7YM3qTk5WeGHD7EGlRBVLZRxZpUiZCagyD97r+RrYeG5opb+/Jf3o+XHZCIf7rUWz0Hp2GpvHD+kASY87L08bi+kQbIGCDyLJRvvhLubVgO/9GGecNSG20mmkvTqoZirPXKARd+CIcKavY+++tZoYLrLPJgvbzjRACQ9saVICqQu5ALyJlNTG119R5KjdjkSUk7E0eHGDCZr4Do5aOyA8N5af99bRDYnbQU46MaiQeKJRCQ5gOuhS4yOyXWKi0GuhuoYLiZ+obygoqm9KL35NmI5fuxfkB5DeYQTJJVnef94HpOPKpJIhllwPZ1NTi1b2tpcKrOE3KzGqLJLc5NrWDB6+3PIOTeNalw+s5i/X3xO2575dgoATfSuLif1Bbttg31lzArW9gsX/oHl/q+CXLToQJQTWMpmJrndS1dSv1iszYyTag5shR8IV5eZjJT0XTeHDIsD0enaXT5YFFy0mZj75uQX6qVfHYc3RBQ5Pi9pbOcZ/DGy80opPaRMg45HTCWBkp1xrG+8mVcuGeiWoX4YzeRWWnlk1goaxGrFZxhAIQbI49K6DUjWEOvY+YOCL+LUHMKwjukmRiqvs5P9oH8YlMq7HrvW24vsErM6TsbrBv8ERZNa8MbXco9HfcdndDSbgwfrCMwu2Our4f42jmMa86arre0PdTILLGeQKwE9wCtnWdU9gB5D1dU776m+N2GZaZeb6wCvU/w6pE2DHCFN7PL+M7LwdXQQ2z4rs5wUBgVHNBL+HmyiSc4/melXkpydx/9mkyQaXltQeGuuE/sRYDV2LQ== X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: e244796d-90df-4b24-faee-08dc104b8b6a X-MS-Exchange-CrossTenant-AuthSource: PH0PR02MB7496.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2024 13:13:02.8870 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RWFtMYlbDrMwtJ4ENOjvas34SuOAmiGZOEnMC1sf39ZiPYuyWIlRFfEfk9O+r20TNkGEfV+NsFcG4nt7YX+TYeMIevUBORu4mkiNnJMk3uc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR02MB7514 X-Proofpoint-GUID: C3uV3ea0SR8qEiKO1B-Cdp2bxN_FIKQG X-Proofpoint-ORIG-GUID: C3uV3ea0SR8qEiKO1B-Cdp2bxN_FIKQG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-28_27,2023-11-27_01,2023-05-22_02 X-Proofpoint-Spam-Reason: safe Subject: [ovs-dev] [PATCH ovn] northd: Added lb_vip_mac config option in Logical_Switch. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Currently load balancer applied to a logical switch has the following restriction: - VIP of the load balancer cannot reside in the subnet prefix as the clients as OVN does not install ARP responder flows for the LB VIP. This change adds a new config option "lb_vip_mac" in the logical_switch table which is expected to be a MAC address. If the logical_switch has this option configured, northd will program an ARP responder flow for all the LB VIPs of the logical_switch with this MAC address. Usecase: With this change, CMS can set the lb_vip_mac value to same as the default gateway MAC. This allows CMS to allocate VIP of the Load balancer from any subnet prefix. Signed-off-by: Priyankar Jain --- northd/northd.c | 71 ++++++++++++++++++++++++++ northd/northd.h | 2 + northd/ovn-northd.8.xml | 49 ++++++++++++++++++ tests/ovn.at | 109 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 231 insertions(+) diff --git a/northd/northd.c b/northd/northd.c index db3cd272e..ebca2c073 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -790,8 +790,11 @@ init_lb_for_datapath(struct ovn_datapath *od) { if (od->nbs) { od->has_lb_vip = ls_has_lb_vip(od); + od->lb_vip_mac = nullable_xstrdup( + smap_get(&od->nbs->other_config, "lb_vip_mac")); } else { od->has_lb_vip = lr_has_lb_vip(od); + od->lb_vip_mac = NULL; } } @@ -800,6 +803,9 @@ destroy_lb_for_datapath(struct ovn_datapath *od) { ovn_lb_ip_set_destroy(od->lb_ips); od->lb_ips = NULL; + + free(od->lb_vip_mac); + od->lb_vip_mac = NULL; } /* A group of logical router datapaths which are connected - either @@ -12204,6 +12210,70 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip *lb_vip, } } +static void +build_lb_rules_arp_nd_rsp(struct hmap *lflows, struct ovn_lb_datapaths *lb_dps, + const struct ovn_datapaths *ls_datapaths, + struct ds *match, struct ds *actions) +{ + if (!lb_dps->n_nb_ls) { + return; + } + + const struct ovn_northd_lb *lb = lb_dps->lb; + for (size_t i = 0; i < lb->n_vips; i++) { + struct ovn_lb_vip *lb_vip = &lb->vips[i]; + + size_t index; + BITMAP_FOR_EACH_1 (index, ods_size(ls_datapaths), lb_dps->nb_ls_map) { + struct ovn_datapath *od = ls_datapaths->array[index]; + if (!od->lb_vip_mac) { + continue; + } + ds_clear(match); + ds_clear(actions); + if (IN6_IS_ADDR_V4MAPPED(&lb_vip->vip)) { + ds_put_format(match, "arp.tpa == %s && arp.op == 1", + lb_vip->vip_str); + ds_put_format(actions, + "eth.dst = eth.src; " + "eth.src = %s; " + "arp.op = 2; /* ARP reply */ " + "arp.tha = arp.sha; " + "arp.sha = %s; " + "arp.tpa = arp.spa; " + "arp.spa = %s; " + "outport = inport; " + "flags.loopback = 1; " + "output;", + od->lb_vip_mac, od->lb_vip_mac, + lb_vip->vip_str); + } else { + ds_put_format(match, "nd_ns && nd.target == %s", + lb_vip->vip_str); + ds_put_format(actions, + "nd_na { " + "eth.dst = eth.src; " + "eth.src = %s; " + "ip6.src = %s; " + "nd.target = %s; " + "nd.tll = %s; " + "outport = inport; " + "flags.loopback = 1; " + "output; " + "};", + od->lb_vip_mac, + lb_vip->vip_str, + lb_vip->vip_str, + od->lb_vip_mac); + } + ovn_lflow_add_with_hint(lflows, od, + S_SWITCH_IN_ARP_ND_RSP, 130, + ds_cstr(match), ds_cstr(actions), + &lb->nlb->header_); + } + } +} + static void build_lswitch_flows_for_lb(struct ovn_lb_datapaths *lb_dps, struct hmap *lflows, @@ -12255,6 +12325,7 @@ build_lswitch_flows_for_lb(struct ovn_lb_datapaths *lb_dps, ls_datapaths, match, action); build_lb_rules(lflows, lb_dps, ls_datapaths, features, match, action, meter_groups, svc_monitor_map); + build_lb_rules_arp_nd_rsp(lflows, lb_dps, ls_datapaths, match, action); } /* If there are any load balancing rules, we should send the packet to diff --git a/northd/northd.h b/northd/northd.h index 5be7b5384..3e1b24e2c 100644 --- a/northd/northd.h +++ b/northd/northd.h @@ -262,6 +262,8 @@ struct ovn_datapath { bool has_vtep_lports; bool has_arp_proxy_port; + char *lb_vip_mac; + /* IPAM data. */ struct ipam_info ipam_info; diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml index 98cf7adb4..94daf47fb 100644 --- a/northd/ovn-northd.8.xml +++ b/northd/ovn-northd.8.xml @@ -1618,6 +1618,55 @@ output;

+
  • +

    + If E is defined in the value of + , + For each VIP defined in the value of the + + column of table, + priority-130 logical flow is added with the match + arp.tpa == VIP + && && arp.op == 1 and applies the action +

    + + 
    +eth.dst = eth.src;
+eth.src = E;
+arp.op = 2; /* ARP reply. */
+arp.tha = arp.sha;
+arp.sha = E;
+arp.tpa = arp.spa;
+arp.spa = VIP;
+outport = inport;
+flags.loopback = 1;
+output;
+
    + +

    + These flows are required if an ARP request is sent for the + VIP. This enables CMS to have VIP allocated from + the same subnet prefix as the clients. +

    + +

    + For IPv6 the similar flow is added with the following action +

    + + 
    +nd_na {
+    eth.dst = eth.src;
+    eth.src = E;
+    ip6.src = VIP;
+    nd.target = VIP;
+    nd.tll = E;
+    outport = inport;
+    flags.loopback = 1;
+    output;
+};
+
    +
    • +
  • One priority-0 fallback flow that matches all packets and advances to the next table. diff --git a/tests/ovn.at b/tests/ovn.at index 5615ba1a9..f25791d3f 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -37524,3 +37524,112 @@ wait_for_ports_up OVN_CLEANUP([hv1]) AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([Logical Switch lb_vip_mac - IPv4]) +AT_KEYWORDS([lb]) +ovn_start + +net_add n1 + +sim_add hv1 +as hv1 +ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.1 +check ovs-vsctl -- add-port br-int hv1-vif1 -- \ + set interface hv1-vif1 external-ids:iface-id=sw0-p1 \ + options:tx_pcap=hv1/vif1-tx.pcap \ + options:rxq_pcap=hv1/vif1-rx.pcap \ + ofport-request=1 +check ovs-vsctl -- add-port br-int hv1-vif2 -- \ + set interface hv1-vif2 external-ids:iface-id=sw0-p2 \ + options:tx_pcap=hv1/vif2-tx.pcap \ + options:rxq_pcap=hv1/vif2-rx.pcap \ + ofport-request=2 + +sim_add hv2 +as hv2 +check ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.2 +check ovs-vsctl -- add-port br-int hv2-vif1 -- \ + set interface hv2-vif1 external-ids:iface-id=sw1-p1 \ + options:tx_pcap=hv2/vif1-tx.pcap \ + options:rxq_pcap=hv2/vif1-rx.pcap \ + ofport-request=1 + +check ovn-nbctl ls-add sw0 + +check ovn-nbctl lsp-add sw0 sw0-p1 +check ovn-nbctl lsp-set-addresses sw0-p1 "50:54:00:00:00:03 10.0.0.3" +check ovn-nbctl lsp-set-port-security sw0-p1 "50:54:00:00:00:03 10.0.0.3" + +# Create the second logical switch with one port +check ovn-nbctl ls-add sw1 +check ovn-nbctl lsp-add sw1 sw1-p1 +check ovn-nbctl lsp-set-addresses sw1-p1 "40:54:00:00:00:03 20.0.0.3" +check ovn-nbctl lsp-set-port-security sw1-p1 "40:54:00:00:00:03 20.0.0.3" + +OVN_SW0_ID=$(ovn-nbctl --bare --column _uuid find logical_switch name=sw0) +OVN_SW1_ID=$(ovn-nbctl --bare --column _uuid find logical_switch name=sw1) + +# Create a logical router and attach both logical switches +check ovn-nbctl lr-add lr0 +check ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24 +check ovn-nbctl lsp-add sw0 sw0-lr0 +check ovn-nbctl lsp-set-type sw0-lr0 router +check ovn-nbctl lsp-set-addresses sw0-lr0 router +check ovn-nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0 +check ovn-nbctl set Logical_Switch ${OVN_SW0_ID} other_config:lb_vip_mac=00:00:00:00:ff:01 + +check ovn-nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24 +check ovn-nbctl lsp-add sw1 sw1-lr0 +check ovn-nbctl lsp-set-type sw1-lr0 router +check ovn-nbctl lsp-set-addresses sw1-lr0 router +check ovn-nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1 +check ovn-nbctl set Logical_Switch ${OVN_SW1_ID} other_config:lb_vip_mac=00:00:00:00:ff:02 + +check ovn-nbctl lb-add lb1 10.0.0.10:80 10.0.0.3:80,20.0.0.3:80 +OVN_LB_ID=$(ovn-nbctl --bare --column _uuid find load_balancer name=lb1) + +check ovn-nbctl --wait=sb ls-lb-add sw0 lb1 +check ovn-nbctl --wait=sb ls-lb-add sw1 lb1 + +OVN_POPULATE_ARP +wait_for_ports_up +check ovn-nbctl --wait=hv sync + +AT_CAPTURE_FILE([sbflows]) +OVS_WAIT_FOR_OUTPUT( + [ovn-sbctl dump-flows > sbflows + ovn-sbctl dump-flows sw0 | grep ct_lb_mark | grep priority=120 | sed 's/table=..//'], 0, + [dnl + (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(reg1 = 10.0.0.10; reg2[[0..15]] = 80; ct_lb_mark;) + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; ct_lb_mark(backends=10.0.0.3:80,20.0.0.3:80);) +]) + +AT_CAPTURE_FILE([sbflows-arp]) +OVS_WAIT_FOR_OUTPUT( + [ovn-sbctl dump-flows sw0 | grep 00:00:00:00:ff:01 | grep 10.0.0.10 | grep priority=130 | sed 's/table=..//'], 0, + [dnl + (ls_in_arp_rsp ), priority=130 , match=(arp.tpa == 10.0.0.10 && arp.op == 1), action=(eth.dst = eth.src; eth.src = 00:00:00:00:ff:01; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = 00:00:00:00:ff:01; arp.tpa = arp.spa; arp.spa = 10.0.0.10; outport = inport; flags.loopback = 1; output;) +]) + +AT_CAPTURE_FILE([sbflows]) +OVS_WAIT_FOR_OUTPUT( + [ovn-sbctl dump-flows > sbflows + ovn-sbctl dump-flows sw1 | grep ct_lb_mark | grep priority=120 | sed 's/table=..//'], 0, + [dnl + (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(reg1 = 10.0.0.10; reg2[[0..15]] = 80; ct_lb_mark;) + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; ct_lb_mark(backends=10.0.0.3:80,20.0.0.3:80);) +]) + +AT_CAPTURE_FILE([sbflows-arp2]) +OVS_WAIT_FOR_OUTPUT( + [ovn-sbctl dump-flows sw1 | grep 00:00:00:00:ff:02 | grep 10.0.0.10 | grep priority=130 | sed 's/table=..//'], 0, + [dnl + (ls_in_arp_rsp ), priority=130 , match=(arp.tpa == 10.0.0.10 && arp.op == 1), action=(eth.dst = eth.src; eth.src = 00:00:00:00:ff:02; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = 00:00:00:00:ff:02; arp.tpa = arp.spa; arp.spa = 10.0.0.10; outport = inport; flags.loopback = 1; output;) +]) + +OVN_CLEANUP([hv1], [hv2]) +AT_CLEANUP +])