Below is the proposal to add native DNS support in OVN for internal DNS resolution. This will be useful If a VM sends a DNS lookup request for another VM belonging to the same virtual network.
- hostname of the logical ports will be stored in the north db lsp row - ovn-northd will add the below logical flows for each of the lsp's having hostname defined. (3 new logical stages "ls_in_l7_parse", "ls_in_l7_match", "ls_in_l7_response" will be defined). ---------------------------------------- table=13(ls_in_l7_parse ), priority=100 , match=(ip4 && udp.dst == 53), action=(reg0[4] = extract_dns_packet(); next;) table=13(ls_in_l7_parse ), priority=0 , match=(1), action=(next;) table=14(ls_in_l7_match ), priority=90 , match=(dns.query == "vm1"), action=(put_dns_answer(10.0.0.20);) table=14(ls_in_l7_match ), priority=90 , match=(dns.query == "vm2"), action=(put_dns_answer(10.0.0.21);) .... .... table=14(ls_in_l7_match ), priority=0 , match=(1), action=(next;) table=15(ls_in_l7_response ), priority=100 , match=(ip4 && udp.dst == 53 && reg0[4]), action=(eth.dst <-> eth.src; ip4.src <-> ip4.dst; udp.dst <-> udp.src; outport = inport; flags.loopback = 1; output;) table=15(ls_in_l7_response ), priority=0 , match=(1), action=(next;) ---------------------------------------------------- - ovn-controller will translate these into below OF Flows cookie=0x0, duration=631.516s, table=29, n_packets=8, n_bytes=504, idle_age=585, priority=100,udp,metadata=0x1,tp_dst=53 actions=controller(userdata=00.00.00.06.00.00.00.00.00.01. de.10.00.00.00.64,pause),resubmit(,30) cookie=0x0, duration=631.517s, table=29, n_packets=0, n_bytes=0, idle_age=631, priority=0,metadata=0x1 actions=resubmit(,30) cookie=0x0, duration=631.523s, table=30, n_packets=0, n_bytes=0, idle_age=631, priority=0,metadata=0x1 actions=resubmit(,31) cookie=0x0, duration=631.521s, table=31, n_packets=0, n_bytes=0, idle_age=631, priority=100,udp,reg0=0x10/0x10,metadata=0x1,tp_dst=53 actions=push:NXM_OF_ETH_SRC[],push:NXM_OF_ETH_DST[],pop:NXM_ OF_ETH_SRC[],pop:NXM_OF_ETH_DST[],push:NXM_OF_IP_DST[], push:NXM_OF_IP_SRC[],pop:NXM_OF_IP_DST[],pop:NXM_OF_IP_SRC[ ],push:NXM_OF_UDP_SRC[],push:NXM_OF_UDP_DST[],pop:NXM_OF_ UDP_SRC[],pop:NXM_OF_UDP_DST[],move:NXM_NX_REG14[]->NXM_NX_ REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32) ovn-controller will translate the "extract_dns_packet" ovn action to "controller action with pause flag set. For the flows in the table "ls_in_l7_match", ovn-controller will NOT translate it into any OF Flow, instead it will - maintain a hash map for each logical datapath (with datapath_key as key) - "l7_dp_flows" - store the (dns query value, ip address) pair in the hash map of the datapath. Below is what happens when a dns request packet is received - ovs-vswitchd will send it to ovn-controller. - ovn-controller will parse the dns packet and extract the host name - ovn-controller will extract the datapath key from the packet metadata and looks up the ip address for the host name in the hash map (l7_dp_flows). - If the match is found, it will generate a dns response packet, sets 1 bit in the result register bit and resumes the packet. - on resuming the packet, the flow in "ls_in_l7_response" will reply back if the result register bit is set. otherwise the packet will continue further down in the pipeline. - It will handle both queries for A (IPv4) and AAAA (IPv6) records. I want to get the feedback and see if this approach is reasonable ? If so, I will continue with the development. Thanks Numan _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev