OVN 26.03 introduced distributed load balancers [1]: when a
Load_Balancer has options:distributed=true and ip_port_mappings is
configured, each chassis delivers traffic only to the local backend.
Deployments that use BGP to advertise tenant routes into the fabric
[2] could previously advertise LB VIPs only as a single prefix per
VIP, with no per-chassis health awareness. The fabric could ECMP
across chassis but could not prefer those hosting healthy backends
or withdraw routes from chassis with unhealthy ones.
This series splits the Advertised_Route emission for LB VIPs from
one-per-VIP to one-per-(VIP, backend LSP) and adds a controller-side
gate that skips route installation when the Service_Monitor for the
corresponding backend is offline. This allows the local dynamic
routing speaker to advertise the VIP prefix only from chassis that
host a healthy backend, so fabric ECMP converges onto
healthy chassis.
The series also installs local forwarding routes on the advertising
logical router for peer-LR LB VIPs and NAT external IPs enumerated for
redistribution, so that the advertising LR can forward traffic to
those addresses through the peer.
Patch 1 fixes an existing bug where attaching a distributed LB to a
router with a chassis-redirect port can leave stale lr_in_admission
guards, dropping ingress LB traffic on non-gateway chassis.
Patch 2 installs local forwarding routes for peer-LR LB VIPs and NAT
external IPs that an advertising LRP has enumerated for redistribution.
Patch 3 splits Advertised_Route emission from one-per-VIP to
one-per-(VIP, backend LSP), populating service selector columns
that let ovn-controller match the Service_Monitor row for each
backend.
Patch 4 adds the controller-side gate: kernel-route installation is
skipped when the Service_Monitor for a backend is offline.
A separate LRP option for VRF route sharing (share-advertise-routes)
is deferred to a follow-up series. Deployments that need cross-VRF
route sharing before the option lands can achieve the same effect
by configuring the dynamic routing speaker (e.g., FRR's
"ip import-table" route-map) to import routes between the OVN-managed
VRFs on each chassis.
Prior work: RFC for LB BGP advertisement [3] in which a review [4]
suggested a separate incremental processing node for dynamic routes,
which this series adopts. For tracked_port, patch 2 uses the peer LRP
for forwarding routes and patch 3 uses the backend LSP (from
ip_port_mappings) for per-backend locality rows. Patch 4 adds
Service_Monitor gating on the per-backend rows.
The SB schema (version 21.9.0) gains tracked_service_{ip,port,protocol}
columns on Advertised_Route for the service selector. All new columns
are optional with safe defaults, so rolling upgrades are supported.
Builds on the distributed LB feature (OVN 26.03+).
Tests cover LB and NAT route redistribution (IPv4/IPv6), forwarding
route installation, per-backend selector emission, SCTP exclusion,
ip_port_mappings fallback (per-backend rows when mappings exist,
one peer-LRP row when none do), and Service_Monitor gating.
[1] commit 7b0eb4d9ed ("northd: Add distributed load balancer support.")
[2]
https://opendev.org/openstack/neutron-specs/src/branch/master/specs/2025.2/ovn-bgp-integration.rst
[3] https://mail.openvswitch.org/pipermail/ovs-dev/2025-February/420552.html
[4] https://mail.openvswitch.org/pipermail/ovs-dev/2025-February/420789.html
Dmitrii Shcherbakov (4):
northd: Trigger full recompute when LR's is_distributed flips on LB
attach.
northd: Install forwarding routes for redistribute={lb,nat}.
northd: Emit per-backend Advertised_Route for LB redistribution.
controller: Skip LB route install when local Service_Monitor is
offline.
controller/ovn-controller.c | 25 +-
controller/route.c | 99 ++++
controller/route.h | 1 +
northd/en-advertised-route-sync.c | 535 ++++++++++++++++--
northd/en-advertised-route-sync.h | 30 +-
northd/en-group-ecmp-route.c | 76 ++-
northd/en-group-ecmp-route.h | 4 +
northd/en-lb-data.c | 8 +-
northd/inc-proc-northd.c | 5 +
northd/lb.h | 14 +
northd/northd.c | 41 +-
northd/northd.h | 2 +
ovn-sb.ovsschema | 18 +-
ovn-sb.xml | 56 +-
tests/ovn-inc-proc-graph-dump.at | 9 +-
tests/ovn-northd.at | 878 +++++++++++++++++++++++++++++-
tests/system-ovn.at | 808 +++++++++++++++++++++++++++
17 files changed, 2539 insertions(+), 70 deletions(-)
--
2.53.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
