On 1/9/26 9:03 PM, Dima Chumak via dev wrote:
> This patch series introduces infrastructure and user-facing improvements
> for multi-table routing in OVS. The main motivation is to enable more
> advanced routing scenarios, such as policy-based routing with source
> address selectors. For example, this can be used to support
> OVN-Kubernetes multi-VTEP topology where nodes may have multiple SR-IOV
> network adapters and to facilitate selection of which VTEP to use to
> send/receive the packets to/from the wire.
>
> The core of this series adds support for multiple routing tables within
> OVS. This is a prerequisite for importing non-default routing tables
> from the kernel and enables advanced routing lookups that consider
> parameters beyond just the destination address (e.g., source address).
>
> Additional routing tables are now created by reading the Routing Policy
> Database (RPDB) from the kernel. Only tables referenced by RPDB rules
> with a table lookup action are imported, and rule priorities and table
> IDs are preserved. The current implementation supports RPDB rules with a
> source address selector (`[not] from IP`).
>
> User interface improvements:
>
> - The `ovs-appctl ovs/route/show` command now accepts an optional
> `table=ID` or `table=all` parameter, allowing users to display routes
> from specific or all tables.
>
> - The `ovs-appctl ovs/route/add` and `ovs/route/del` commands accept a
> `table=ID` parameter for adding or deleting user routes in non-default
> tables.
>
> - A new `ovs-appctl ovs/route/rule/show` command is introduced to
> display the internal routing rules database, sorted by priority.
>
> - New `ovs-appctl ovs/route/rule/{add,del}` commands are introduced to
> add and delete user-configured routing rules in OVS.
>
> - The `ovs-appctl ovs/route/lookup` command now supports an optional
> `src=IP` parameter for lookups that match on source IP address.
>
> Example usage:
>
> - Show all routes, including those from non-default tables:
>
> ovs-appctl ovs/route/show table=all
>
> - Add a route to a specific table:
>
> ovs-appctl ovs/route/add 10.7.7.0/24 br-phy0 table=10
>
> - Add user routing rules:
>
> ovs-appctl ovs/route/rule/add from=all table=10
> ovs-appctl ovs/route/rule/add -6 from=all table=11
>
> - Show routing rules:
>
> ovs-appctl ovs/route/rule/show [-6]
>
> - Lookup a route with a source IP:
>
> ovs-appctl ovs/route/lookup 10.0.0.5 src=10.0.0.2
>
> v4 -> v5: Changes based on Ilya's feedback:
>
> * Fixed issue with incorrect inverted rule match for a mismatched
> address family.
> * Standard IPv6 rules are imported by default.
> * ovs-appctl ovs/route/rule/show displays only IPv4 rules by default
> and IPv6 rules are shown with -6 flag only.
> * Extended 'route/rule lookup' unit-test to cover inverted rules.
>
> v3 -> v4: Changes based on Ilya's feedback:
>
> * Added flag to identify user-added routes instead of relying on
> priority and table ID.
> * Improved locking for non-standard routing table creation.
> * Added flag to distinguish IPv6 and IPv4 routing rules.
> * Corrected route matching for mixed IPv6 and IPv4 routes in the
> same routing table.
>
> v2 -> v3: Changes based on Ilya's feedback:
>
> * Use cmap instead of hashmap for classifiers.
> * Don't treat standard tables in a special way.
> * Don't treat standard routing rules in a special way.
> * For src_ip validation in route lookup use local table only.
> * Add system test for un-supported routing rules.
>
> v1 -> v2: Changes based on Ilya's feedback:
>
> * Split default classifier into three: local, main and default.
> * Rules based routing is the only way now.
> * The three default rules are always present, on non-Linux systems
> too.
> * Rules list is implemented with pvector instead of rculist.
> * Added more unit tests for rules, including tunnel-push-pop test.
> * Rules related appctl commands are grouped under ovs/route/rule/*
> prefix.
> * Implemented new appctl commands for adding and deleting
> user-configured rules.
> * Updated manpage and tunneling documentation with the new commands
> and parameters.
>
> Dima Chumak (11):
> ovs-router: Add infrastructure for multi-table routing.
> route-table: Introduce multi-table route lookup.
> doc: Fix font formatting in ofproto-tnl-unixctl.man.
> ovs-router: Add 'table=id' parameter in ovs/route/show.
> ovs-router: Drop 'local' and add 'user' flag to ovs_router_entry.
> ovs-router: Introduce ovs/route/rule/show command.
> ovs-router: Add system test for tables and rules.
> ovs-router: Add 'table=id' parameter in ovs/route/{add,del}.
> ovs-router: Add 'src=src_ip' parameter in ovs/route/lookup.
> ovs-router: Introduce ovs/route/rule/{add,del} commands.
> ovs-router: Add test for lookup with rules.
>
> Documentation/howto/userspace-tunneling.rst | 20 +-
> NEWS | 10 +
> lib/netdev-dummy.c | 12 +-
> lib/ovs-router.c | 876 +++++++++++++++++---
> lib/ovs-router.h | 28 +-
> lib/packets.c | 20 +
> lib/packets.h | 7 +
> lib/route-table.c | 262 +++++-
> lib/route-table.h | 22 +-
> ofproto/ofproto-tnl-unixctl.man | 62 +-
> tests/nsh.at | 9 +-
> tests/ofproto-dpif.at | 11 +-
> tests/ovs-router.at | 282 ++++++-
> tests/packet-type-aware.at | 19 +-
> tests/system-route.at | 187 +++++
> tests/test-lib-route-table.c | 5 +-
> tests/tunnel-push-pop-ipv6.at | 32 +-
> tests/tunnel-push-pop.at | 177 +++-
> tests/tunnel.at | 10 +-
> 19 files changed, 1828 insertions(+), 223 deletions(-)
>
Hi. To save some iteration time as we're about to branch for 3.7 release,
I fixed a few minor style issues throughout the set and made the following
small change to the 'rule/show' command:
diff --git a/lib/ovs-router.c b/lib/ovs-router.c
--- a/lib/ovs-router.c
+++ b/lib/ovs-router.c
@@ -907,17 +908,9 @@ ovs_router_rules_show_text(struct ds *ds, bool ipv6)
continue;
}
if (rule->user) {
- if (rule->ipv4) {
- ds_put_format(ds, "User: ");
- } else {
- ds_put_format(ds, "User6: ");
- }
+ ds_put_format(ds, "User: ");
} else {
- if (rule->ipv4) {
- ds_put_format(ds, "Cached: ");
- } else {
- ds_put_format(ds, "Cached6: ");
- }
+ ds_put_format(ds, "Cached: ");
}
ds_put_format(ds, "%"PRIu32": ", rule->prio);
if (rule->invert) {
---
(There is no need to print the extra '6', as we're only printing rules for
one family that was explicitly requested.)
With that, applied the series to main.
It's a nice feature to have. Thanks!
Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
