From patchwork Thu Mar 7 13:19:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1909245 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=C0pUNqDC; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Tr8zt1d5Vz1yX3 for ; Fri, 8 Mar 2024 00:20:10 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 4F213600B8; Thu, 7 Mar 2024 13:20:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MuEv-yrZKEcY; Thu, 7 Mar 2024 13:20:07 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 06B2261002 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=C0pUNqDC Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 06B2261002; Thu, 7 Mar 2024 13:20:07 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id CC690C0DD4; Thu, 7 Mar 2024 13:20:06 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6BECFC0077 for ; Thu, 7 Mar 2024 13:20:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 3D0E06102A for ; Thu, 7 Mar 2024 13:19:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4LEKPj27ztf for ; Thu, 7 Mar 2024 13:19:47 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=lorenzo.bianconi@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 01D5E61033 Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 01D5E61033 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 01D5E61033 for ; Thu, 7 Mar 2024 13:19:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709817585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YvZw8FcLzSm2eogs6RAtdE4rJziZZG2wA8dUKXUJZKg=; b=C0pUNqDCHprYHhxlRsPU+qd66ZxUsFdHfar+1NghfXXYx6wB2GoQzLm816Z3D+yxEal9Pp cHXXE0xhkz8aeGmIqD7yO0Ei2QCUgCoBezcCBFkD6qgYLDQhdT+PiRxo+yN9Wgn9Mdmieu XIdn+IAx3CZal4805PZ9XdJvwP6h59E= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-674-PD2upwgINlqboBcXwpeW-Q-1; Thu, 07 Mar 2024 08:19:44 -0500 X-MC-Unique: PD2upwgINlqboBcXwpeW-Q-1 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-412dcaf0bd6so4364225e9.0 for ; Thu, 07 Mar 2024 05:19:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709817563; x=1710422363; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YvZw8FcLzSm2eogs6RAtdE4rJziZZG2wA8dUKXUJZKg=; b=NwXXlQ4+Z+6t++NzkAMXcoogtJEMtXPMpqJA4018+7fn6ikiBRiV40yeBfThHgDFe3 6yaidcDutdm8/Yieojvpo5qG/1oWNqTisRdKRXmyOSiH9IDwTji4LijZ29ELysePyUHB H8tZJmzaxIl8XEsUzTYCSzoSSW3nxP7/NRlQZbd+p0YeYHCHxBbYCN0OLxXQfqCKbw2C 9COLWaNi8GHfVz/GTPKNaOu2uqiLG6h5mG8SsdeIFh4Do7UobFJpzXTpqfMpTBbLZ06M eNYkmjDG3WWek1FOSx/D5uDjgFYlsw3DffCZFuXrGxoDVca2a2KCAGyVZJaEXXEVwPCW 1qYQ== X-Gm-Message-State: AOJu0Yw7fREPcckm6rimAKB5Vk795UKxEaGo8tI1L7mEvGeiGT3Q4sHf 6QNR8UVz8tMvNLgXkMgX1W1CZ62WtrqBtiXFVlNO8+aSkVqY4W4j0i+fJHpwUSwTasEepC31USu RSR1Bnfyx/+VC/A1tag/xskV/5mBRSjvcU1paDsvWOeFIrf2EdtkU9Sef0v/gKF7MRemfxsvuOO rgAeLjyvvV5rU6b8MF+8+1kOGZtHChQYCyocz3mzd0DBiL X-Received: by 2002:a05:600c:1e05:b0:412:e90e:54b7 with SMTP id ay5-20020a05600c1e0500b00412e90e54b7mr7478044wmb.33.1709817563254; Thu, 07 Mar 2024 05:19:23 -0800 (PST) X-Google-Smtp-Source: AGHT+IEZdwK6UooDZZVqeDxM1r/zVT3vu7qq58jsJAGAn3Y5gox5wonuiR6VJ9cMcn/o0B+BChTq9g== X-Received: by 2002:a05:600c:1e05:b0:412:e90e:54b7 with SMTP id ay5-20020a05600c1e0500b00412e90e54b7mr7478022wmb.33.1709817562674; Thu, 07 Mar 2024 05:19:22 -0800 (PST) Received: from localhost (net-93-71-3-198.cust.vodafonedsl.it. [93.71.3.198]) by smtp.gmail.com with ESMTPSA id f15-20020a05600c154f00b00412e97127c0sm2689021wmg.24.2024.03.07.05.19.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 05:19:22 -0800 (PST) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Thu, 7 Mar 2024 14:19:11 +0100 Message-ID: <127b9b4f731f656a380390dffce54711b0ed960b.1709817303.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: References: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH ovn 1/3] northd: Introduce ECMP_Nexthop table in SB db. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Introduce ECMP_Nexthop table in the SB db in order to track active ecmp-symmetric-reply connections and flush stale ones. Signed-off-by: Lorenzo Bianconi --- northd/en-northd.c | 4 ++ northd/inc-proc-northd.c | 8 +++- northd/northd.c | 98 ++++++++++++++++++++++++++++++++++++++++ northd/northd.h | 3 ++ ovn-sb.ovsschema | 15 +++++- ovn-sb.xml | 19 ++++++++ tests/ovn-northd.at | 4 ++ 7 files changed, 147 insertions(+), 4 deletions(-) diff --git a/northd/en-northd.c b/northd/en-northd.c index 4479b4aff..8d2ab481f 100644 --- a/northd/en-northd.c +++ b/northd/en-northd.c @@ -76,6 +76,8 @@ northd_get_input_data(struct engine_node *node, EN_OVSDB_GET(engine_get_input("NB_chassis_template_var", node)); input_data->nbrec_mirror_table = EN_OVSDB_GET(engine_get_input("NB_mirror", node)); + input_data->nbrec_static_route_table = + EN_OVSDB_GET(engine_get_input("NB_logical_router_static_route", node)); input_data->sbrec_datapath_binding_table = EN_OVSDB_GET(engine_get_input("SB_datapath_binding", node)); @@ -101,6 +103,8 @@ northd_get_input_data(struct engine_node *node, EN_OVSDB_GET(engine_get_input("SB_chassis_template_var", node)); input_data->sbrec_mirror_table = EN_OVSDB_GET(engine_get_input("SB_mirror", node)); + input_data->sbrec_ecmp_nexthop_table = + EN_OVSDB_GET(engine_get_input("SB_ecmp_nexthop", node)); struct ed_type_lb_data *lb_data = engine_get_input_data("lb_data", node); diff --git a/northd/inc-proc-northd.c b/northd/inc-proc-northd.c index e1073812c..1c58da0bf 100644 --- a/northd/inc-proc-northd.c +++ b/northd/inc-proc-northd.c @@ -61,7 +61,8 @@ static unixctl_cb_func chassis_features_list; NB_NODE(meter, "meter") \ NB_NODE(bfd, "bfd") \ NB_NODE(static_mac_binding, "static_mac_binding") \ - NB_NODE(chassis_template_var, "chassis_template_var") + NB_NODE(chassis_template_var, "chassis_template_var") \ + NB_NODE(logical_router_static_route, "logical_router_static_route") enum nb_engine_node { #define NB_NODE(NAME, NAME_STR) NB_##NAME, @@ -101,7 +102,8 @@ static unixctl_cb_func chassis_features_list; SB_NODE(fdb, "fdb") \ SB_NODE(static_mac_binding, "static_mac_binding") \ SB_NODE(chassis_template_var, "chassis_template_var") \ - SB_NODE(logical_dp_group, "logical_dp_group") + SB_NODE(logical_dp_group, "logical_dp_group") \ + SB_NODE(ecmp_nexthop, "ecmp_nexthop") enum sb_engine_node { #define SB_NODE(NAME, NAME_STR) SB_##NAME, @@ -180,6 +182,7 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb, engine_add_input(&en_northd, &en_nb_mirror, NULL); engine_add_input(&en_northd, &en_nb_static_mac_binding, NULL); engine_add_input(&en_northd, &en_nb_chassis_template_var, NULL); + engine_add_input(&en_northd, &en_nb_logical_router_static_route, NULL); engine_add_input(&en_northd, &en_sb_chassis, NULL); engine_add_input(&en_northd, &en_sb_mirror, NULL); @@ -192,6 +195,7 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb, engine_add_input(&en_northd, &en_sb_fdb, NULL); engine_add_input(&en_northd, &en_sb_static_mac_binding, NULL); engine_add_input(&en_northd, &en_sb_chassis_template_var, NULL); + engine_add_input(&en_northd, &en_sb_ecmp_nexthop, NULL); engine_add_input(&en_northd, &en_global_config, northd_global_config_handler); diff --git a/northd/northd.c b/northd/northd.c index 4b39137e7..3770f9f94 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -16654,6 +16654,101 @@ sync_mirrors(struct ovsdb_idl_txn *ovnsb_txn, shash_destroy(&sb_mirrors); } +struct sb_ecmp_nexthop_entry { + struct hmap_node hmap_node; + const struct sbrec_ecmp_nexthop *sb_ecmp_nexthop; +}; + +static struct sb_ecmp_nexthop_entry * +sb_ecmp_nexthop_lookup(const struct hmap *map, const char *nexthop) +{ + uint32_t hash = hash_string(nexthop, 0); + struct sb_ecmp_nexthop_entry *enh_e; + + HMAP_FOR_EACH_WITH_HASH (enh_e, hmap_node, hash, map) { + if (!strcmp(enh_e->sb_ecmp_nexthop->nexthop, nexthop)) { + return enh_e; + } + } + return NULL; +} + +#define NEXTHOP_IDS_LEN 65535 +static void +sync_ecmp_symmetric_reply_nexthop(struct ovsdb_idl_txn *ovnsb_txn, + const struct nbrec_logical_router_static_route_table *nbrec_sr_table, + const struct sbrec_ecmp_nexthop_table *sbrec_ecmp_nextop_table) +{ + unsigned long *nexthop_ids = bitmap_allocate(NEXTHOP_IDS_LEN); + struct hmap sb_only = HMAP_INITIALIZER(&sb_only); + const struct sbrec_ecmp_nexthop *sb_ecmp_nexthop; + struct sb_ecmp_nexthop_entry *enh_e; + int id; + + SBREC_ECMP_NEXTHOP_TABLE_FOR_EACH (sb_ecmp_nexthop, + sbrec_ecmp_nextop_table) { + uint32_t hash = hash_string(sb_ecmp_nexthop->nexthop, 0); + enh_e = xmalloc(sizeof *enh_e); + enh_e->sb_ecmp_nexthop = sb_ecmp_nexthop; + hmap_insert(&sb_only, &enh_e->hmap_node, hash); + } + + const struct nbrec_logical_router_static_route *r; + NBREC_LOGICAL_ROUTER_STATIC_ROUTE_TABLE_FOR_EACH (r, nbrec_sr_table) { + if (!smap_get_bool(&r->options, "ecmp_symmetric_reply", false)) { + continue; + } + + id = smap_get_int(&r->options, "nexthop-id", -1); + if (id < 0) { + continue; + } + bitmap_set1(nexthop_ids, id); + } + NBREC_LOGICAL_ROUTER_STATIC_ROUTE_TABLE_FOR_EACH (r, nbrec_sr_table) { + if (!smap_get_bool(&r->options, "ecmp_symmetric_reply", false)) { + continue; + } + + id = smap_get_int(&r->options, "nexthop-id", -1); + if (id < 0) { + id = bitmap_scan(nexthop_ids, 0, 1, NEXTHOP_IDS_LEN); + if (id == NEXTHOP_IDS_LEN) { + continue; + } + bitmap_set1(nexthop_ids, id); + + struct smap options = SMAP_INITIALIZER(&options); + smap_clone(&options, &r->options); + smap_add_format(&options, "nexthop-id", "%d", id); + nbrec_logical_router_static_route_set_options(r, &options); + smap_destroy(&options); + } + + enh_e = sb_ecmp_nexthop_lookup(&sb_only, r->nexthop); + if (!enh_e) { + sb_ecmp_nexthop = sbrec_ecmp_nexthop_insert(ovnsb_txn); + sbrec_ecmp_nexthop_set_nexthop(sb_ecmp_nexthop, r->nexthop); + + struct smap options = SMAP_INITIALIZER(&options); + smap_add_format(&options, "nexthop-id", "%d", id); + sbrec_ecmp_nexthop_set_options(sb_ecmp_nexthop, &options); + smap_destroy(&options); + } else { + hmap_remove(&sb_only, &enh_e->hmap_node); + free(enh_e); + } + } + + HMAP_FOR_EACH_POP (enh_e, hmap_node, &sb_only) { + sbrec_ecmp_nexthop_delete(enh_e->sb_ecmp_nexthop); + free(enh_e); + } + hmap_destroy(&sb_only); + + bitmap_free(nexthop_ids); +} + /* * struct 'dns_info' is used to sync the DNS records between OVN Northbound db * and Southbound db. @@ -17334,6 +17429,9 @@ ovnnb_db_run(struct northd_input *input_data, &data->ls_datapaths.datapaths); sync_template_vars(ovnsb_txn, input_data->nbrec_chassis_template_var_table, input_data->sbrec_chassis_template_var_table); + sync_ecmp_symmetric_reply_nexthop(ovnsb_txn, + input_data->nbrec_static_route_table, + input_data->sbrec_ecmp_nexthop_table); cleanup_stale_fdb_entries(input_data->sbrec_fdb_table, &data->ls_datapaths.datapaths); diff --git a/northd/northd.h b/northd/northd.h index 3f1cd8341..48b38b542 100644 --- a/northd/northd.h +++ b/northd/northd.h @@ -34,6 +34,8 @@ struct northd_input { const struct nbrec_chassis_template_var_table *nbrec_chassis_template_var_table; const struct nbrec_mirror_table *nbrec_mirror_table; + const struct nbrec_logical_router_static_route_table + *nbrec_static_route_table; /* Southbound table references */ const struct sbrec_datapath_binding_table *sbrec_datapath_binding_table; @@ -50,6 +52,7 @@ struct northd_input { const struct sbrec_chassis_template_var_table *sbrec_chassis_template_var_table; const struct sbrec_mirror_table *sbrec_mirror_table; + const struct sbrec_ecmp_nexthop_table *sbrec_ecmp_nexthop_table; /* Northd lb data node inputs*/ const struct hmap *lbs; diff --git a/ovn-sb.ovsschema b/ovn-sb.ovsschema index 84ae09515..fe32dd030 100644 --- a/ovn-sb.ovsschema +++ b/ovn-sb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Southbound", - "version": "20.33.0", - "cksum": "4076371179 31328", + "version": "20.34.0", + "cksum": "1685306144 31809", "tables": { "SB_Global": { "columns": { @@ -607,6 +607,17 @@ "refTable": "Datapath_Binding"}}}}, "indexes": [["logical_port", "ip"]], "isRoot": true}, + "ECMP_Nexthop": { + "columns": { + "nexthop": {"type": "string"}, + "external_ids": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}, + "options": { + "type": {"key": "string", "value": "string", + "min": 0, "max": "unlimited"}}}, + "indexes": [["nexthop"]], + "isRoot": true}, "Chassis_Template_Var": { "columns": { "chassis": {"type": "string"}, diff --git a/ovn-sb.xml b/ovn-sb.xml index ac4e585f2..5f5e2401b 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -5095,4 +5095,23 @@ tcp.flags = RST; The set of variable values for a given chassis. + + + +

+ Nexthop IP address for this route. Nexthop IP address should be the IP + address of a connected router port or the IP address of a logical port + or can be set to discard for dropping packets which match + the given route. +

+ + + + Reserved for future use. + + + + See External IDs at the beginning of this document. + +
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 89aed5adc..2160e8de7 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -6542,6 +6542,7 @@ check ovn-nbctl lsp-set-addresses public-lr0 router check ovn-nbctl lsp-set-options public-lr0 router-port=lr0-public check ovn-nbctl --wait=sb --ecmp-symmetric-reply lr-route-add lr0 1.0.0.1 192.168.0.10 +check_row_count ECMP_Nexthop 1 ovn-sbctl dump-flows lr0 > lr0flows @@ -6553,6 +6554,7 @@ AT_CHECK([grep -e "lr_in_ip_routing_ecmp" lr0flows | ovn_strip_lflows], [0], [dn ]) check ovn-nbctl --wait=sb --ecmp-symmetric-reply lr-route-add lr0 1.0.0.1 192.168.0.20 +check_row_count ECMP_Nexthop 2 ovn-sbctl dump-flows lr0 > lr0flows AT_CHECK([grep -e "lr_in_ip_routing.*select" lr0flows | ovn_strip_lflows], [0], [dnl @@ -6589,6 +6591,7 @@ AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | ovn_strip_lflows], [0], [ # add ecmp route with wrong nexthop check ovn-nbctl --wait=sb --ecmp-symmetric-reply lr-route-add lr0 1.0.0.1 192.168.1.20 +check_row_count ECMP_Nexthop 3 ovn-sbctl dump-flows lr0 > lr0flows AT_CHECK([grep -e "lr_in_ip_routing.*select" lr0flows | ovn_strip_lflows], [0], [dnl @@ -6603,6 +6606,7 @@ AT_CHECK([grep -e "lr_in_ip_routing_ecmp" lr0flows | sed 's/192\.168\.0\..0/192. check ovn-nbctl lr-route-del lr0 wait_row_count nb:Logical_Router_Static_Route 0 +check_row_count ECMP_Nexthop 0 check ovn-nbctl --wait=sb lr-route-add lr0 1.0.0.0/24 192.168.0.10 ovn-sbctl dump-flows lr0 > lr0flows From patchwork Thu Mar 7 13:19:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1909243 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ayhScH/X; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Tr8zD5qD5z1yX8 for ; Fri, 8 Mar 2024 00:19:36 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 94CAD40631; Thu, 7 Mar 2024 13:19:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smWlaN1ueP17; Thu, 7 Mar 2024 13:19:32 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org B48A24021F Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ayhScH/X Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id B48A24021F; Thu, 7 Mar 2024 13:19:32 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 99BD3C0077; Thu, 7 Mar 2024 13:19:32 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 34632C0DD4 for ; Thu, 7 Mar 2024 13:19:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 1721B60FF6 for ; Thu, 7 Mar 2024 13:19:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vdmulnhBx16j for ; Thu, 7 Mar 2024 13:19:30 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=lorenzo.bianconi@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org B8E0C60F3A Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org B8E0C60F3A Authentication-Results: smtp3.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ayhScH/X Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id B8E0C60F3A for ; Thu, 7 Mar 2024 13:19:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709817568; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1KMa+iDVGmtcQhk/Qs0K/ExDUQzbxUHOVit41JfZ73Q=; b=ayhScH/XeTytFpPMwbPGSpAI20h9JQHhAoK+cPqWdQ75duLXhVAaImfBOTdPxJXLaICgVx 6yrE3DojEzYGZrDuN2f5IthFf2QNMMds3bdl1opAJSQ+L/3F7dqWWM7YmwdBBQdkk8QVHr kUW9i+3imrpoOxSO8hUO09Uh41w/orQ= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-91-1oX2B1EbOxKay3BMSq663g-1; Thu, 07 Mar 2024 08:19:27 -0500 X-MC-Unique: 1oX2B1EbOxKay3BMSq663g-1 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-33d7e755f52so387641f8f.1 for ; Thu, 07 Mar 2024 05:19:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709817566; x=1710422366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1KMa+iDVGmtcQhk/Qs0K/ExDUQzbxUHOVit41JfZ73Q=; b=KjNAUDf3QIQKVjISi8esQt+X3MSQSa/RyFenZ3HJaKgfqAvsxn9WmA+axakB5I+G/s AwLbdLq4crwOn9/72uE2pzqvhC31EO00duaek1Ugs5F52f+DxDtTJRBBYprBVGTKm9yo 2twyfLL7EmX6+8revgmqSwOBIMUBJT0ufzU5nkyS8eVyNWmKXyHx3mVyAibDimRL1KLk OkbBS0f3avvdyBEp//Mb2T7jkKu2EOuUr1WE6WARCI8Iv9AgpYjIhiGJYzF/LdL/gHOE KuX0CyOENjh7XVW2jZDbV3LuuCboLcL+wsJtCq2EYXIVrOTw+wlTu7NcJs5lXV245LYp SmRw== X-Gm-Message-State: AOJu0Yz7ywMBXuNen3ByHcRwC63KgTEw6YMpQ1KtjwXW1xE1DnJJfdOd oDDxT3RILhzTpd0XbGvgnOl5lJu3/ugqofKTa08Z2VZVTfaU7LgEz5PSTZPX8GPstLBU8sSzazH UZP/bh0YULx/uqRav1bI0hcP+Z3yiFjdVP5MhJh9lQothkbSY3+U4O7gfuaAusveMTugMd0Cxz9 bFwoMjOFwfW2Zoj3GX7o11dJHeDepbTVMQwutykpfg6GNK X-Received: by 2002:a5d:624e:0:b0:33d:87ed:626 with SMTP id m14-20020a5d624e000000b0033d87ed0626mr11695396wrv.58.1709817565529; Thu, 07 Mar 2024 05:19:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IHT+7IkN6ZjW5gnnHxhnZGvme/Mfia46IXUtfN89V/95dah2YT7bE3Ebfc5K3uCJiELTpOATg== X-Received: by 2002:a5d:624e:0:b0:33d:87ed:626 with SMTP id m14-20020a5d624e000000b0033d87ed0626mr11695370wrv.58.1709817564933; Thu, 07 Mar 2024 05:19:24 -0800 (PST) Received: from localhost (net-93-71-3-198.cust.vodafonedsl.it. [93.71.3.198]) by smtp.gmail.com with ESMTPSA id b12-20020a05600003cc00b0033e451a9b64sm8993321wrg.61.2024.03.07.05.19.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 05:19:24 -0800 (PST) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Thu, 7 Mar 2024 14:19:12 +0100 Message-ID: <1a4c990579a5c1cf90c8eba6e0f4d21e7344c297.1709817303.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: References: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH ovn 2/3] northd: Add nexhop id in ct_label.label. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Introduce the nexthop identifier in the ct_label.label field for ecmp-symmetric replies connections. This field will be used by ovn-controller to track ct entries and to flush them if requested by the CMS (e.g. removing the related static routes). Signed-off-by: Lorenzo Bianconi --- northd/northd.c | 11 +++++++++-- tests/ovn.at | 4 ++-- tests/system-ovn.at | 48 ++++++++++++++++++++++++--------------------- 3 files changed, 37 insertions(+), 26 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 3770f9f94..e85339704 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -10600,15 +10600,22 @@ add_ecmp_symmetric_reply_flows(struct lflow_table *lflows, * ds_put_cstr() call. The previous contents are needed. */ ds_put_cstr(&match, " && !ct.rpl && (ct.new || ct.est)"); + struct ds nexthop_label = DS_EMPTY_INITIALIZER; + int id = smap_get_int(&st_route->options, "nexthop-id", -1); + if (id > 0) { + ds_put_format(&nexthop_label, "ct_label.label = %d;", id); + } ds_put_format(&actions, "ct_commit { ct_label.ecmp_reply_eth = eth.src; " - " %s = %" PRId64 ";}; " + " %s = %" PRId64 "; %s }; " "next;", - ct_ecmp_reply_port_match, out_port->sb->tunnel_key); + ct_ecmp_reply_port_match, out_port->sb->tunnel_key, + ds_cstr(&nexthop_label)); ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ECMP_STATEFUL, 100, ds_cstr(&match), ds_cstr(&actions), &st_route->header_, lflow_ref); + ds_destroy(&nexthop_label); /* Bypass ECMP selection if we already have ct_label information * for where to route the packet. diff --git a/tests/ovn.at b/tests/ovn.at index d26c95054..d5ee7a1f3 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -29181,7 +29181,7 @@ AT_CHECK([ for hv in 1 2; do grep table=17 hv${hv}flows | \ grep "priority=100" | \ - grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))" + grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[96..127\\]]))" grep table=25 hv${hv}flows | \ grep "priority=200" | \ @@ -29306,7 +29306,7 @@ AT_CHECK([ for hv in 1 2; do grep table=17 hv${hv}flows | \ grep "priority=100" | \ - grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))" + grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[96..127\\]]))" grep table=25 hv${hv}flows | \ grep "priority=200" | \ diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 2411b0267..146bf70e2 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -6121,19 +6121,20 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | FORMAT_PING], \ # and just ensure that the known ethernet address is present. AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.0.1) | \ sed -e 's/zone=[[0-9]]*/zone=/' | -sed -e 's/mark=[[0-9]]*/mark=/'], [0], [dnl -icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=,type=0,code=0),zone=,mark=,labels=0x401020400000000 -tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(src=10.0.0.2,dst=172.16.0.1,sport=,dport=),zone=,mark=,labels=0x401020400000000,protoinfo=(state=) +sed -e 's/mark=[[0-9]]*/mark=/' | +sed -e 's/labels=0x[[0-9]]/labels=0x?/'], [0], [dnl +icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=,type=0,code=0),zone=,mark=,labels=0x?000000000401020400000000 +tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(src=10.0.0.2,dst=172.16.0.1,sport=,dport=),zone=,mark=,labels=0x?000000000401020400000000,protoinfo=(state=) ]) # Ensure datapaths show conntrack states as expected # Like with conntrack entries, we shouldn't try to predict # port binding tunnel keys. So omit them from expected labels. ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk).*ct(.*label=0x401020400000000/.*)' -AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk).*ct(.*label=0x401020400000000/.*)' -c], [0], [dnl +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk)' | grep '401020400000000' -c], [0], [dnl 2 ]) -AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk).*ct_label(0x401020400000000)' -c], [0], [dnl +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk)' | grep '401020400000000)' -c], [0], [dnl 2 ]) @@ -6152,18 +6153,19 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | FORMAT_PING], \ [0], [dnl 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk).*ct(.*label=0x1001020400000000/.*)' -c], [0], [dnl +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk)' | grep '1001020400000000/.*)' -c], [0], [dnl 2 ]) -AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk).*ct_label(0x1001020400000000)' -c], [0], [dnl +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk)' | grep '1001020400000000)' -c], [0], [dnl 2 ]) -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 0x1001020400000000 | FORMAT_CT(172.16.0.1) | \ +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 1001020400000000 | FORMAT_CT(172.16.0.1) | \ sed -e 's/zone=[[0-9]]*/zone=/' | -sed -e 's/mark=[[0-9]]*/mark=/' | sort], [0], [dnl -icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=,type=0,code=0),zone=,mark=,labels=0x1001020400000000 -tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(src=10.0.0.2,dst=172.16.0.1,sport=,dport=),zone=,mark=,labels=0x1001020400000000,protoinfo=(state=) +sed -e 's/mark=[[0-9]]*/mark=/' | +sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl +icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=,type=0,code=0),zone=,mark=,labels=0x?000000001001020400000000 +tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(src=10.0.0.2,dst=172.16.0.1,sport=,dport=),zone=,mark=,labels=0x?000000001001020400000000,protoinfo=(state=) ]) # Check entries in table 76 and 77 expires w/o traffic OVS_WAIT_UNTIL([ @@ -6322,11 +6324,11 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 fd01::2 | FORMAT_PING], \ # Ensure datapaths show conntrack states as expected # Like with conntrack entries, we shouldn't try to predict # port binding tunnel keys. So omit them from expected labels. -AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk).*ct(.*label=0x401020400000000/.*)' -c], [0], [dnl +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk)' | grep '401020400000000/.*)' -c], [0], [dnl 2 ]) -AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk).*ct_label(0x401020400000000)' -c], [0], [dnl +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk)' | grep '401020400000000)' -c], [0], [dnl 2 ]) @@ -6335,9 +6337,10 @@ AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk).*ct_lab # and just ensure that the known ethernet address is present. AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd01::2) | \ sed -e 's/zone=[[0-9]]*/zone=/' | -sed -e 's/mark=[[0-9]]*/mark=/' | sort], [0], [dnl -icmpv6,orig=(src=fd07::1,dst=fd01::2,id=,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=,type=129,code=0),zone=,mark=,labels=0x401020400000000 -tcp,orig=(src=fd07::1,dst=fd01::2,sport=,dport=),reply=(src=fd01::2,dst=fd07::1,sport=,dport=),zone=,mark=,labels=0x401020400000000,protoinfo=(state=) +sed -e 's/mark=[[0-9]]*/mark=/' | +sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl +icmpv6,orig=(src=fd07::1,dst=fd01::2,id=,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=,type=129,code=0),zone=,mark=,labels=0x?000000000401020400000000 +tcp,orig=(src=fd07::1,dst=fd01::2,sport=,dport=),reply=(src=fd01::2,dst=fd07::1,sport=,dport=),zone=,mark=,labels=0x?000000000401020400000000,protoinfo=(state=) ]) # Flush conntrack entries for easier output parsing of next test. @@ -6354,18 +6357,19 @@ NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 fd01::2 | FORMAT_PING], \ 3 packets transmitted, 3 received, 0% packet loss, time 0ms ]) -AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk).*ct(.*label=0x1001020400000000/.*)' -c], [0], [dnl +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk)' | grep '1001020400000000/.*)' -c], [0], [dnl 2 ]) -AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk).*ct_label(0x1001020400000000)' -c], [0], [dnl +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk)' | grep '1001020400000000)' -c], [0], [dnl 2 ]) -AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 0x1001020400000000 | FORMAT_CT(fd01::2) | \ +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 1001020400000000 | FORMAT_CT(fd01::2) | \ sed -e 's/zone=[[0-9]]*/zone=/' | -sed -e 's/mark=[[0-9]]*/mark=/'], [0], [dnl -icmpv6,orig=(src=fd07::1,dst=fd01::2,id=,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=,type=129,code=0),zone=,mark=,labels=0x1001020400000000 -tcp,orig=(src=fd07::1,dst=fd01::2,sport=,dport=),reply=(src=fd01::2,dst=fd07::1,sport=,dport=),zone=,mark=,labels=0x1001020400000000,protoinfo=(state=) +sed -e 's/mark=[[0-9]]*/mark=/' | +sed -e 's/labels=0x[[0-9]]/labels=0x?/'], [0], [dnl +icmpv6,orig=(src=fd07::1,dst=fd01::2,id=,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=,type=129,code=0),zone=,mark=,labels=0x?000000001001020400000000 +tcp,orig=(src=fd07::1,dst=fd01::2,sport=,dport=),reply=(src=fd01::2,dst=fd07::1,sport=,dport=),zone=,mark=,labels=0x?000000001001020400000000,protoinfo=(state=) ]) # Check entries in table 76 and 77 expires w/o traffic From patchwork Thu Mar 7 13:19:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1909244 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=bpmVGXy8; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Tr8zJ5H73z1yX8 for ; Fri, 8 Mar 2024 00:19:40 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 9CE166101B; Thu, 7 Mar 2024 13:19:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BBrYPe4fG7Y3; Thu, 7 Mar 2024 13:19:36 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 898C161009 Authentication-Results: smtp3.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=bpmVGXy8 Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTPS id 898C161009; Thu, 7 Mar 2024 13:19:36 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 614F6C0DD4; Thu, 7 Mar 2024 13:19:36 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id B865FC0077 for ; Thu, 7 Mar 2024 13:19:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 9745C6100C for ; Thu, 7 Mar 2024 13:19:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2onXu4kU35Xp for ; Thu, 7 Mar 2024 13:19:34 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=lorenzo.bianconi@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 1CA3061000 Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1CA3061000 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 1CA3061000 for ; Thu, 7 Mar 2024 13:19:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1709817572; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sJ0Pito3oxXa6c5KiBSgpNQJDrbzSJJ3DPgiLEWrSL0=; b=bpmVGXy8ZyFQGqPUBbtx/jVHoeQllfbo357dbICN+oSwY8DBfowv2dJVbkPOqA272Ie5IV tHWMCad7uMuf8WxXoGU/C5ALGG6dM1pu+pjY8ied18JohPGwtWIMP/7zBdD6croqMT71io fFFW3fU/vx5Qyd4W3NuZf+3VYoGCeqY= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-100-SSEzQ2c2PRCLVvws7k5K1Q-1; Thu, 07 Mar 2024 08:19:30 -0500 X-MC-Unique: SSEzQ2c2PRCLVvws7k5K1Q-1 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-33d60ac6781so392465f8f.0 for ; Thu, 07 Mar 2024 05:19:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709817568; x=1710422368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/H34AgZSjYYmqzJpQNnmirNNLQl59f3bqCvzJ/3URC4=; b=r4D8Ood+aRYJ7PyrK201LdEcC35QeVuse2iMV2s9wQ3jvYYVxkr9ryfQGx1uX3RIbf qNzEt/i1GMesnP3qYd5bT3M3Ia+woEsemFWwXsWhKoxB0XzMEMaXfEHDzWTBUdtXlzdN BcvBBW6ZzmdYFVJAr17SBUKEfFgkmESjdmqCWj4q39demhlJqewP8QPfATolTrDGhLfs h5ZAolqLcVfiRohUXNqLLEhIlb7qzEteN0BGnkBLX9SqqbHVEHsrZUewdGdkxrOJCJjF 6i4IKZdOJ3vlwYf23BHibEu8a9/cru76rPoYYdqpwJ5q2S1TIF0lLueLGNqPUEAxQBsw +RBQ== X-Gm-Message-State: AOJu0YyfskX8lWvVoJ6kYhkWP0pPGCCXCCvxkOB0jznPVbhW+qjikh2C vQLAW0KhVbWXeNCkp8mARUnVU9MboUDb/Gkn+FQub/QtuYlAI/4uhTeMVmMZw695v/HkSPG8KhB MPLjdTAddvT6KJnx7S2quejM8swd/A0YScXUhyBV6zxlNUKusJwHjHqL6J3ceE7LY8OynaO8ZEz SUBdYNFEds07ou9hKzDFdKppdFBkAzQEB927ZB5oPHVrT8 X-Received: by 2002:a5d:4047:0:b0:33d:61fe:6ca3 with SMTP id w7-20020a5d4047000000b0033d61fe6ca3mr12099552wrp.26.1709817567745; Thu, 07 Mar 2024 05:19:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IHHsh+VAJ9Y4ytEmML7scisOKxjHFVkQfbXYxRQU3vREyugedLaguMzk1Up1XnDfA0veQjuhg== X-Received: by 2002:a5d:4047:0:b0:33d:61fe:6ca3 with SMTP id w7-20020a5d4047000000b0033d61fe6ca3mr12099533wrp.26.1709817567148; Thu, 07 Mar 2024 05:19:27 -0800 (PST) Received: from localhost (net-93-71-3-198.cust.vodafonedsl.it. [93.71.3.198]) by smtp.gmail.com with ESMTPSA id n15-20020a5d484f000000b0033dec836ea6sm20349032wrs.99.2024.03.07.05.19.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 05:19:26 -0800 (PST) From: Lorenzo Bianconi To: dev@openvswitch.org Date: Thu, 7 Mar 2024 14:19:13 +0100 Message-ID: <4b19c379b7e22f10c87dac40195711b139fdc6bd.1709817303.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: References: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: dceara@redhat.com Subject: [ovs-dev] [PATCH ovn 3/3] ofctrl: Introduce ecmp_nexthop_monitor. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Introduce ecmp_nexthop_monitor in ovn-controller in order to track and flush ecmp-symmetric reply ct entires when requested by the CMS (e.g removing the related static routes). Signed-off-by: Lorenzo Bianconi --- controller/ofctrl.c | 102 ++++++++++++++ controller/ofctrl.h | 2 + controller/ovn-controller.c | 2 + tests/system-ovn-kmod.at | 263 ++++++++++++++++++++++++++++++++++++ tests/system-ovn.at | 4 + 5 files changed, 373 insertions(+) diff --git a/controller/ofctrl.c b/controller/ofctrl.c index f14cd79a8..236fa6897 100644 --- a/controller/ofctrl.c +++ b/controller/ofctrl.c @@ -388,9 +388,24 @@ struct meter_band_entry { static struct shash meter_bands; +static struct hmap ecmp_nexthop_map; +struct ecmp_nexthop_entry { + struct hmap_node node; + bool erase; + + char *nexthop; + int id; +}; + static void ofctrl_meter_bands_destroy(void); static void ofctrl_meter_bands_clear(void); +static void ecmp_nexthop_monitor_destroy(void); +static void ecmp_nexthop_monitor_run( + const struct sbrec_ecmp_nexthop_table *enh_table, + struct ovs_list *msgs); + + /* MFF_* field ID for our Geneve option. In S_TLV_TABLE_MOD_SENT, this is * the option we requested (we don't know whether we obtained it yet). In * S_CLEAR_FLOWS or S_UPDATE_FLOWS, this is really the option we have. */ @@ -429,6 +444,7 @@ ofctrl_init(struct ovn_extend_table *group_table, groups = group_table; meters = meter_table; shash_init(&meter_bands); + hmap_init(&ecmp_nexthop_map); } /* S_NEW, for a new connection. @@ -883,6 +899,7 @@ ofctrl_destroy(void) expr_symtab_destroy(&symtab); shash_destroy(&symtab); ofctrl_meter_bands_destroy(); + ecmp_nexthop_monitor_destroy(); } uint64_t @@ -2306,6 +2323,88 @@ add_meter(struct ovn_extend_table_info *m_desired, ofctrl_meter_bands_alloc(sb_meter, m_desired, msgs); } +static void +ecmp_nexthop_monitor_free_entry(struct ecmp_nexthop_entry *e, + struct ovs_list *msgs) +{ + if (msgs) { + ovs_u128 mask = { + /* ct_labels.label BITS[96-127] */ + .u64.hi = 0xffffffff00000000, + }; + uint64_t id = e->id; + ovs_u128 nexthop = { + .u64.hi = id << 32, + }; + struct ofp_ct_match match = { + .labels = nexthop, + .labels_mask = mask, + }; + struct ofpbuf *msg = ofp_ct_match_encode(&match, NULL, + rconn_get_version(swconn)); + ovs_list_push_back(msgs, &msg->list_node); + } + free(e->nexthop); + free(e); +} + +static void +ecmp_nexthop_monitor_destroy(void) +{ + struct ecmp_nexthop_entry *e; + HMAP_FOR_EACH_POP (e, node, &ecmp_nexthop_map) { + ecmp_nexthop_monitor_free_entry(e, NULL); + } + hmap_destroy(&ecmp_nexthop_map); +} + +static struct ecmp_nexthop_entry * +ecmp_nexthop_monitor_lookup(char *nexthop) +{ + uint32_t hash = hash_string(nexthop, 0); + struct ecmp_nexthop_entry *e; + + HMAP_FOR_EACH_WITH_HASH (e, node, hash, &ecmp_nexthop_map) { + if (!strcmp(e->nexthop, nexthop)) { + return e; + } + } + return NULL; +} + +static void +ecmp_nexthop_monitor_run(const struct sbrec_ecmp_nexthop_table *enh_table, + struct ovs_list *msgs) +{ + struct ecmp_nexthop_entry *e; + HMAP_FOR_EACH (e, node, &ecmp_nexthop_map) { + e->erase = true; + } + + const struct sbrec_ecmp_nexthop *sbrec_ecmp_nexthop; + SBREC_ECMP_NEXTHOP_TABLE_FOR_EACH (sbrec_ecmp_nexthop, enh_table) { + e = ecmp_nexthop_monitor_lookup(sbrec_ecmp_nexthop->nexthop); + if (!e) { + e = xzalloc(sizeof *e); + e->nexthop = xstrdup(sbrec_ecmp_nexthop->nexthop); + e->id = smap_get_int(&sbrec_ecmp_nexthop->options, + "nexthop-id", -1); + uint32_t hash = hash_string(e->nexthop, 0); + hmap_insert(&ecmp_nexthop_map, &e->node, hash); + } else { + e->erase = false; + } + } + + HMAP_FOR_EACH_SAFE (e, node, &ecmp_nexthop_map) { + if (e->erase) { + hmap_remove(&ecmp_nexthop_map, &e->node); + ecmp_nexthop_monitor_free_entry(e, msgs); + } + } + +} + static void installed_flow_add(struct ovn_flow *d, struct ofputil_bundle_ctrl_msg *bc, @@ -2664,6 +2763,7 @@ ofctrl_put(struct ovn_desired_flow_table *lflow_table, struct shash *pending_ct_zones, struct hmap *pending_lb_tuples, struct ovsdb_idl_index *sbrec_meter_by_name, + const struct sbrec_ecmp_nexthop_table *enh_table, uint64_t req_cfg, bool lflows_changed, bool pflows_changed) @@ -2704,6 +2804,8 @@ ofctrl_put(struct ovn_desired_flow_table *lflow_table, /* OpenFlow messages to send to the switch to bring it up-to-date. */ struct ovs_list msgs = OVS_LIST_INITIALIZER(&msgs); + ecmp_nexthop_monitor_run(enh_table, &msgs); + /* Iterate through ct zones that need to be flushed. */ struct shash_node *iter; SHASH_FOR_EACH(iter, pending_ct_zones) { diff --git a/controller/ofctrl.h b/controller/ofctrl.h index 502c73da6..e08b354f4 100644 --- a/controller/ofctrl.h +++ b/controller/ofctrl.h @@ -31,6 +31,7 @@ struct ofpbuf; struct ovsrec_bridge; struct ovsrec_open_vswitch_table; struct sbrec_meter_table; +struct sbrec_ecmp_nexthop_table; struct shash; struct ovn_desired_flow_table { @@ -59,6 +60,7 @@ void ofctrl_put(struct ovn_desired_flow_table *lflow_table, struct shash *pending_ct_zones, struct hmap *pending_lb_tuples, struct ovsdb_idl_index *sbrec_meter_by_name, + const struct sbrec_ecmp_nexthop_table *enh_table, uint64_t nb_cfg, bool lflow_changed, bool pflow_changed); diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 1c9960c70..28cac2683 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -5945,6 +5945,8 @@ main(int argc, char *argv[]) &ct_zones_data->pending, &lb_data->removed_tuples, sbrec_meter_by_name, + sbrec_ecmp_nexthop_table_get( + ovnsb_idl_loop.idl), ofctrl_seqno_get_req_cfg(), engine_node_changed(&en_lflow_output), engine_node_changed(&en_pflow_output)); diff --git a/tests/system-ovn-kmod.at b/tests/system-ovn-kmod.at index 14fe4ecec..830432c30 100644 --- a/tests/system-ovn-kmod.at +++ b/tests/system-ovn-kmod.at @@ -1054,3 +1054,266 @@ OVS_TRAFFIC_VSWITCHD_STOP([" "]) AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([ECMP symmetric reply - kmod]) +AT_KEYWORDS([ecmp]) + +CHECK_CONNTRACK() +ovn_start + +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-int]) + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Logical network: +# Alice is connected to gateway router R1. R1 is connected to two "external" +# routers, R2 and R3 via an "ext" switch. +# Bob is connected to both R2 and R3. R1 contains two ECMP routes, one through R2 +# and one through R3, to Bob. +# +# alice -- R1 -- ext ---- R2 +# | \ +# | bob +# | / +# + ----- R3 +# +# For this test, Bob sends request traffic through R2 to Alice. We want to ensure that +# all response traffic from Alice is routed through R2 as well. + +ovn-nbctl create Logical_Router name=R1 options:chassis=hv1 +ovn-nbctl create Logical_Router name=R2 +ovn-nbctl create Logical_Router name=R3 + +ovn-nbctl ls-add alice +ovn-nbctl ls-add bob +ovn-nbctl ls-add ext + +# connect alice to R1 +ovn-nbctl lrp-add R1 alice 00:00:01:01:02:03 10.0.0.1/24 fd01::1/64 +ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \ + type=router options:router-port=alice addresses='"00:00:01:01:02:03"' + +# connect bob to R2 +ovn-nbctl lrp-add R2 R2_bob 00:00:02:01:02:03 172.16.0.2/16 fd07::2/64 +ovn-nbctl lsp-add bob rp2-bob -- set Logical_Switch_Port rp2-bob \ + type=router options:router-port=R2_bob addresses='"00:00:02:01:02:03"' + +# connect bob to R3 +ovn-nbctl lrp-add R3 R3_bob 00:00:02:01:02:04 172.16.0.3/16 fd07::3/64 +ovn-nbctl lsp-add bob rp3-bob -- set Logical_Switch_Port rp3-bob \ + type=router options:router-port=R3_bob addresses='"00:00:02:01:02:04"' + +# Connect R1 to ext +ovn-nbctl lrp-add R1 R1_ext 00:00:04:01:02:03 20.0.0.1/24 fd02::1/64 +ovn-nbctl lsp-add ext r1-ext -- set Logical_Switch_Port r1-ext \ + type=router options:router-port=R1_ext addresses='"00:00:04:01:02:03"' + +# Connect R2 to ext +ovn-nbctl lrp-add R2 R2_ext 00:00:04:01:02:04 20.0.0.2/24 fd02::2/64 +ovn-nbctl lsp-add ext r2-ext -- set Logical_Switch_Port r2-ext \ + type=router options:router-port=R2_ext addresses='"00:00:04:01:02:04"' + +# Connect R3 to ext +ovn-nbctl lrp-add R3 R3_ext 00:00:04:01:02:05 20.0.0.3/24 fd02::3/64 +ovn-nbctl lsp-add ext r3-ext -- set Logical_Switch_Port r3-ext \ + type=router options:router-port=R3_ext addresses='"00:00:04:01:02:05"' + +# Install ECMP routes for alice. +ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add R1 10.0.0.0/24 20.0.0.2 +ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add R1 10.0.0.0/24 20.0.0.3 + +# Static Routes +ovn-nbctl lr-route-add R2 10.0.0.0/24 20.0.0.1 +ovn-nbctl lr-route-add R3 10.0.0.0/24 20.0.0.1 + +# Logical port 'alice1' in switch 'alice'. +ADD_NAMESPACES(alice1) +# Only send 1 router solicitation as any additional ones can cause datapath +# flows to get evicted, causing unexpected failures below. +NS_CHECK_EXEC([alice1], [sysctl -w net.ipv6.conf.default.router_solicitations=1], [0], [dnl +net.ipv6.conf.default.router_solicitations = 1 +]) +ADD_VETH(alice1, alice1, br-int, "10.0.0.2/24", "f0:00:00:01:02:04", \ + "10.0.0.1") +NS_CHECK_EXEC([alice1], [ip -6 addr add fd01::2/64 dev alice1 nodad]) +NS_CHECK_EXEC([alice1], [ip -6 route add default via fd01::1]) +NS_CHECK_EXEC([alice1], [ip -6 neigh add fd01::1 lladdr 00:00:01:01:02:03 dev alice1], [0]) +ovn-nbctl lsp-add alice alice1 \ +-- lsp-set-addresses alice1 "f0:00:00:01:02:04 10.0.0.2 fd01::2" + +# Logical port 'bob1' in switch 'bob'. +ADD_NAMESPACES(bob1) +# Only send 1 router solicitation as any additional ones can cause datapath +# flows to get evicted, causing unexpected failures below. +NS_CHECK_EXEC([bob1], [sysctl -w net.ipv6.conf.default.router_solicitations=1], [0], [dnl +net.ipv6.conf.default.router_solicitations = 1 +]) +ADD_VETH(bob1, bob1, br-int, "172.16.0.1/16", "f0:00:00:01:02:06", \ + "172.16.0.2") +NS_CHECK_EXEC([bob1], [ip -6 addr add fd07::1/64 dev bob1 nodad]) +NS_CHECK_EXEC([bob1], [ip -6 route add default via fd07::2]) +NS_CHECK_EXEC([bob1], [ip -6 neigh add fd07::2 lladdr 00:00:02:01:02:03 dev bob1]) +NS_CHECK_EXEC([bob1], [ip -6 neigh add fd07::3 lladdr 00:00:01:01:02:04 dev bob1]) + +# Add neighbour MAC addresses to avoid sending IPv6 NS messages which could +# cause datapath flows to be evicted +ovn-nbctl lsp-add bob bob1 \ +-- lsp-set-addresses bob1 "f0:00:00:01:02:06 172.16.0.1 fd07::1" + +# Ensure ovn-controller is caught up +ovn-nbctl --wait=hv sync + +on_exit 'ovs-ofctl dump-flows br-int' + +NETNS_DAEMONIZE([alice1], [nc -l -k 80], [alice1.pid]) +NS_CHECK_EXEC([bob1], [nc -z 10.0.0.2 80], [0]) +NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +# Ensure conntrack entry is present. We should not try to predict +# the tunnel key for the output port, so we strip it from the labels +# and just ensure that the known ethernet address is present. +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.0.1) | \ +sed -e 's/zone=[[0-9]]*/zone=/' | +sed -e 's/mark=[[0-9]]*/mark=/' | +sed -e 's/labels=0x[[0-9]]/labels=0x?/'], [0], [dnl +icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=,type=0,code=0),zone=,mark=,labels=0x?000000000401020400000000 +tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(src=10.0.0.2,dst=172.16.0.1,sport=,dport=),zone=,mark=,labels=0x?000000000401020400000000,protoinfo=(state=) +]) + +# Ensure datapaths show conntrack states as expected +# Like with conntrack entries, we shouldn't try to predict +# port binding tunnel keys. So omit them from expected labels. +ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk).*ct(.*label=0x401020400000000/.*)' +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk)' | grep '401020400000000' -c], [0], [dnl +2 +]) +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk)' | grep '401020400000000)' -c], [0], [dnl +2 +]) + +# Flush conntrack entries for easier output parsing of next test. +AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +# Change bob1 L2 address anche check the reply is properly updated. +ovn-nbctl set Logical_Router_Port R2_ext mac='"00:00:10:01:02:04"' +ovn-nbctl set Logical_Switch_Port r2-ext \ + type=router options:router-port=R2_ext addresses='"00:00:10:01:02:04"' + +# Wait for ovn-controller before sending traffic +ovn-nbctl --wait=hv sync + +NS_CHECK_EXEC([bob1], [nc -z 10.0.0.2 80], [0]) +NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(+new-est-rpl+trk)' | grep '1001020400000000/.*)' -c], [0], [dnl +2 +]) +AT_CHECK([ovs-appctl dpctl/dump-flows | grep 'ct_state(-new+est+rpl+trk)' | grep '1001020400000000)' -c], [0], [dnl +2 +]) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 1001020400000000 | FORMAT_CT(172.16.0.1) | \ +sed -e 's/zone=[[0-9]]*/zone=/' | +sed -e 's/mark=[[0-9]]*/mark=/' | +sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl +icmp,orig=(src=172.16.0.1,dst=10.0.0.2,id=,type=8,code=0),reply=(src=10.0.0.2,dst=172.16.0.1,id=,type=0,code=0),zone=,mark=,labels=0x?000000001001020400000000 +tcp,orig=(src=172.16.0.1,dst=10.0.0.2,sport=,dport=),reply=(src=10.0.0.2,dst=172.16.0.1,sport=,dport=),zone=,mark=,labels=0x?000000001001020400000000,protoinfo=(state=) +]) +# Check entries in table 76 and 77 expires w/o traffic +OVS_WAIT_UNTIL([ +test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH_MAC, n_packets') -eq 0 +]) +OVS_WAIT_UNTIL([ +test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH, n_packets') -eq 0 +]) + +# Flush connection tracking entries +ovn-nbctl --wait=hv lr-route-del R1 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.0.1)]) + +# Install ECMP routes for alice. +ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add R1 fd01::/126 fd02::2 +ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add R1 fd01::/126 fd02::3 + +# Static Routes +ovn-nbctl lr-route-add R2 fd01::/64 fd02::1 +ovn-nbctl lr-route-add R3 fd01::/64 fd02::1 + +NETNS_DAEMONIZE([alice1], [nc -6 -l -k 8080], [alice2.pid]) +NS_CHECK_EXEC([bob1], [nc -6 -z fd01::2 8080], [0]) +NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 fd01::2 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +# Ensure conntrack entry is present. We should not try to predict +# the tunnel key for the output port, so we strip it from the labels +# and just ensure that the known ethernet address is present. +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd01::2) | \ +sed -e 's/zone=[[0-9]]*/zone=/' | +sed -e 's/mark=[[0-9]]*/mark=/' | +sed -e 's/labels=0x[[0-9]]/labels=0x?/' | sort], [0], [dnl +icmpv6,orig=(src=fd07::1,dst=fd01::2,id=,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=,type=129,code=0),zone=,mark=,labels=0x?000000001001020400000000 +tcp,orig=(src=fd07::1,dst=fd01::2,sport=,dport=),reply=(src=fd01::2,dst=fd07::1,sport=,dport=),zone=,mark=,labels=0x?000000001001020400000000,protoinfo=(state=) +]) + +# Flush conntrack entries for easier output parsing of next test. +AT_CHECK([ovs-appctl dpctl/flush-conntrack]) + +# Change bob1 L2 address anche check the reply is properly updated. +ovn-nbctl set Logical_Router_Port R2_ext mac='"00:00:10:01:02:04"' +ovn-nbctl --wait=hv set Logical_Switch_Port r2-ext \ + type=router options:router-port=R2_ext addresses='"00:00:10:01:02:04"' + +NS_CHECK_EXEC([bob1], [nc -6 -z fd01::2 8080], [0]) +NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 fd01::2 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep 1001020400000000 | FORMAT_CT(fd01::2) | \ +sed -e 's/zone=[[0-9]]*/zone=/' | +sed -e 's/mark=[[0-9]]*/mark=/' | +sed -e 's/labels=0x[[0-9]]/labels=0x?/'], [0], [dnl +icmpv6,orig=(src=fd07::1,dst=fd01::2,id=,type=128,code=0),reply=(src=fd01::2,dst=fd07::1,id=,type=129,code=0),zone=,mark=,labels=0x?000000001001020400000000 +tcp,orig=(src=fd07::1,dst=fd01::2,sport=,dport=),reply=(src=fd01::2,dst=fd07::1,sport=,dport=),zone=,mark=,labels=0x?000000001001020400000000,protoinfo=(state=) +]) + +# Flush connection tracking entries +ovn-nbctl --wait=hv lr-route-del R1 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd01::2)]) + +ovs-ofctl dump-flows br-int + +OVS_APP_EXIT_AND_WAIT([ovn-controller]) + +as ovn-sb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as ovn-nb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as northd +OVS_APP_EXIT_AND_WAIT([ovn-northd]) + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d +/connection dropped.*/d"]) + +AT_CLEANUP +]) diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 146bf70e2..06d4ba19a 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -6175,6 +6175,10 @@ OVS_WAIT_UNTIL([ test $(ovs-ofctl dump-flows br-int | grep -c 'table=OFTABLE_ECMP_NH, n_packets') -eq 0 ]) +# Flush connection tracking entries +ovn-nbctl --wait=hv lr-route-del R1 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.0.1)]) + ovs-ofctl dump-flows br-int OVS_APP_EXIT_AND_WAIT([ovn-controller])