Recheck-request: github-robot-_Build_and_Test
On Friday, June 12th, 2026 at 6:35 AM, Dmitrii Shcherbakov
<[email protected]> wrote:
> When an LRP carries dynamic-routing-redistribute=lb or =nat, northd
> already enumerates neighbouring LRs' LB VIPs and NAT external IPs and
> emits Advertised_Route entries for them. The advertising LR, however,
> has no route to those addresses through the peer, so traffic forwarded
> via the advertising LR's VRF cannot reach the backend.
>
> Add a forwarding route on the advertising LR for each such IP: install
> a parsed_route pointing at the peer LRP as nexthop. Forwarding routes
> use a dedicated route source (ROUTE_SOURCE_LB or ROUTE_SOURCE_NAT)
> and the same prefix and lose to operator-installed static routes.
>
> en_dynamic_routes_run rebuilds parsed_routes from scratch each cycle
> and diffs old vs new entries by exact field comparison. When an
> entry matches, the old parsed_route object is retained in the rebuilt
> hmap (preserving pointer identity for downstream nodes like
> group_ecmp_route that store const pointers) and the newly built
> duplicate is freed.
>
> The advertising LRP may be unnumbered (no IP in the nexthop's family),
> in which case lrp_addr_s is passed through as NULL. The emitted route
> omits REG_SRC_IPV{4,6} but ARP resolution still works: the LS-level
> ls_in_arp_rsp responder matches on arp.tpa alone.
>
> Also compare tracked_port in parsed_route_lookup() so that forwarding
> routes with different tracked_port values are not treated as identical.
>
> Signed-off-by: Dmitrii Shcherbakov <[email protected]>
> ---
> northd/en-advertised-route-sync.c | 263 ++++++++++++-
> northd/en-advertised-route-sync.h | 25 +-
> northd/en-group-ecmp-route.c | 76 +++-
> northd/en-group-ecmp-route.h | 4 +
> northd/inc-proc-northd.c | 5 +
> northd/northd.c | 26 +-
> northd/northd.h | 2 +
> tests/ovn-inc-proc-graph-dump.at | 7 +-
> tests/ovn-northd.at | 619 +++++++++++++++++++++++++++++-
> 9 files changed, 994 insertions(+), 33 deletions(-)
>
> diff --git a/northd/en-advertised-route-sync.c
> b/northd/en-advertised-route-sync.c
> index 4a8d13232..fa8bcd697 100644
> --- a/northd/en-advertised-route-sync.c
> +++ b/northd/en-advertised-route-sync.c
> @@ -166,16 +166,104 @@ dynamic_routes_track_od(struct dynamic_routes_data
> *data,
> uuidset_insert(od->nbr ? &data->nb_lr : &data->nb_ls, &od->key);
> }
>
> +/* Install a parsed_route on advertising_od that forwards ip_address (a
> + * LB VIP or NAT external IP) through advertising_op to tracked_port,
> + * where tracked_port must be a peer LRP on the shared LS so that its
> + * first matching-family network address is a valid nexthop.
> + *
> + * Used by the connected-neighbour redistribution paths
> + * (build_{lb,nat}_connected_routes) so the advertising LR can
> + * forward to the peer's VIPs and external IPs, not just advertise
> + * reachability for them.
> + *
> + * For distributed NAT the tracked_port is the backend's LSP (not an LRP) and
> + * doesn't carry lrp_networks - in that case this function is a no-op. Such
> + * deployments still rely on the existing ARP-resolved data path.
> + *
> + * Silently no-ops when:
> + * - tracked_port is not an LRP (no nexthop derivable from this hop), or
> + * - the prefix string fails to parse, or
> + * - the peer LRP carries no address of the prefix's IP family.
> + *
> + * When advertising_op is unnumbered for the nexthop's family, lrp_addr_s
> + * is NULL. */
> +static void
> +add_redistribute_parsed_route(struct hmap *parsed_routes_out,
> + const struct ovn_datapath *advertising_od,
> + const struct ovn_port *advertising_op,
> + const struct ovn_port *tracked_port,
> + const char *ip_address,
> + enum route_source source)
> +{
> + if (!tracked_port || !tracked_port->nbrp) {
> + /* Not an LRP-typed tracked port (e.g. distributed NAT bound to a
> + * specific LSP). No nexthop available from this hop. */
> + return;
> + }
> +
> + /* Parse the prefix (the VIP/FIP). */
> + struct in6_addr prefix;
> + if (!ip46_parse(ip_address, &prefix)) {
> + return;
> + }
> + bool is_v6 = !IN6_IS_ADDR_V4MAPPED(&prefix);
> + unsigned int plen = is_v6 ? 128 : 32;
> +
> + /* Choose the nexthop from the peer LRP's first matching-family address.
> */
> + const char *nexthop_s = NULL;
> + if (!is_v6 && tracked_port->lrp_networks.n_ipv4_addrs) {
> + nexthop_s = tracked_port->lrp_networks.ipv4_addrs[0].addr_s;
> + } else if (is_v6 && tracked_port->lrp_networks.n_ipv6_addrs) {
> + nexthop_s = tracked_port->lrp_networks.ipv6_addrs[0].addr_s;
> + }
> + if (!nexthop_s) {
> + return;
> + }
> +
> + /* If advertising_op has an address in the nexthop's family, use it as
> + * eth.src. Otherwise (unnumbered LRP) leave lrp_addr_s NULL so the
> + * emitted route omits REG_SRC_IPV{4,6}. ARP resolution still works:
> + * the LS-level ls_in_arp_rsp responder matches on arp.tpa alone. */
> + const char *lrp_addr_s = lrp_find_member_ip(advertising_op, nexthop_s);
> +
> + struct in6_addr *nexthop = xmalloc(sizeof *nexthop);
> + if (!ip46_parse(nexthop_s, nexthop)) {
> + free(nexthop);
> + return;
> + }
> +
> + parsed_route_add(advertising_od, nexthop, &prefix, plen,
> + false,
> + lrp_addr_s, advertising_op,
> + 0,
> + false,
> + false,
> + false,
> + NULL,
> + source,
> + false,
> + NULL,
> + tracked_port,
> + parsed_routes_out);
> +}
> +
> /* This function adds a new route for each entry in lr_nat record
> * to "routes". Logical port of the route is set to "advertising_op" and
> * tracked port is set to NAT's distributed gw port. If NAT doesn't have
> * DGP (for example if it's set on gateway router), no tracked port will
> - * be set.*/
> + * be set.
> + *
> + * If parsed_routes_out is non-NULL, also installs a local forwarding
> + * parsed_route on advertising_op->od for each NAT external IP whose
> + * nexthop is available from tracked_port (i.e. a peer LRP). This is the
> + * connected-neighbour redistribution case where the advertising LR
> + * needs to forward to the peer's LR.*/
> static void
> build_nat_route_for_port(const struct ovn_port *advertising_op,
> const struct lr_nat_record *lr_nat,
> const struct hmap *ls_ports,
> - struct hmap *routes)
> + struct hmap *routes,
> + struct hmap *parsed_routes_out)
> {
> const struct ovn_datapath *advertising_od = advertising_op->od;
>
> @@ -203,11 +291,21 @@ build_nat_route_for_port(const struct ovn_port
> *advertising_op,
> nat->nb->external_ip, tracked_port,
> ROUTE_SOURCE_NAT);
> }
> +
> + if (parsed_routes_out) {
> + add_redistribute_parsed_route(parsed_routes_out, advertising_od,
> + advertising_op, tracked_port,
> + nat->nb->external_ip,
> + ROUTE_SOURCE_NAT);
> + }
> }
> }
>
> /* Generate routes for NAT external IPs in lr_nat, for each ovn port
> - * in "od" that has enabled redistribution of NAT adresses.*/
> + * in "od" that has enabled redistribution of NAT addresses.
> + *
> + * No forwarding route is needed because the LR owns the NAT and
> + * its own NAT pipeline handles ingress for the external IP. */
> static void
> build_nat_routes(const struct ovn_datapath *od,
> const struct lr_nat_record *lr_nat,
> @@ -220,15 +318,16 @@ build_nat_routes(const struct ovn_datapath *od,
> continue;
> }
>
> - build_nat_route_for_port(op, lr_nat, ls_ports, routes);
> + build_nat_route_for_port(op, lr_nat, ls_ports, routes,
> + NULL);
> }
> }
>
> /* Similar to build_nat_routes, this function generates routes for nat
> records
> * in neighboring routers. For each ovn port in "od" that has enabled
> - * redistribution of NAT adresses, look up their neighbors (either directly
> + * redistribution of NAT addresses, look up their neighbors (either directly
> * connected routers, or routers connected through common LS) and advertise
> - * thier external NAT IPs too.*/
> + * their external NAT IPs too.*/
> static void
> build_nat_connected_routes(
> const struct ovn_datapath *od,
> @@ -260,9 +359,12 @@ build_nat_connected_routes(
> continue;
> }
>
> - /* Advertise peer's NAT routes via the local port too. */
> + /* Advertise peer's NAT routes via the local port too, and
> + * install forwarding routes so we can reach the
> + * peer's external IPs. */
> build_nat_route_for_port(op, peer_lr_stateful->lrnat_rec,
> - ls_ports, &data->routes);
> + ls_ports, &data->routes,
> + &data->parsed_routes);
> continue;
> }
>
> @@ -282,9 +384,12 @@ build_nat_connected_routes(
> continue;
> }
>
> - /* Advertise peer's NAT routes via the local port too. */
> + /* Advertise peer's NAT routes via the local port too, and
> + * install forwarding routes so we can reach the
> + * peer's external IPs. */
> build_nat_route_for_port(op, peer_lr_stateful->lrnat_rec,
> - ls_ports, &data->routes);
> + ls_ports, &data->routes,
> + &data->parsed_routes);
> /* Track the LR datapath on the other side of LS
> * for any changes. */
> dynamic_routes_track_od(data, rp->peer->od);
> @@ -292,12 +397,19 @@ build_nat_connected_routes(
> }
> }
>
> -/* This function adds a new route for each IP in lb_ips to "routes".*/
> +/* Own-LR entry point used by the own-LR (gateway-router/DGP) path,
> + * which doesn't currently route through a peer LR's LBs. Emits one
> + * Advertised_Route per IP in lb_ips with tracked_port as-is.
> + *
> + * If parsed_routes_out is non-NULL, also installs one local forwarding
> + * parsed_route per VIP, used by the connected-neighbour redistribution
> + * case so the advertising LR can reach the peer's VIPs. */
> static void
> build_lb_route_for_port(const struct ovn_port *advertising_op,
> const struct ovn_port *tracked_port,
> const struct ovn_lb_ip_set *lb_ips,
> - struct hmap *routes)
> + struct hmap *routes,
> + struct hmap *parsed_routes_out)
> {
> const struct ovn_datapath *advertising_od = advertising_op->od;
>
> @@ -305,10 +417,20 @@ build_lb_route_for_port(const struct ovn_port
> *advertising_op,
> SSET_FOR_EACH (ip_address, &lb_ips->ips_v4_adv) {
> ar_entry_add(routes, advertising_od, advertising_op,
> ip_address, tracked_port, ROUTE_SOURCE_LB);
> + if (parsed_routes_out) {
> + add_redistribute_parsed_route(parsed_routes_out, advertising_od,
> + advertising_op, tracked_port,
> + ip_address, ROUTE_SOURCE_LB);
> + }
> }
> SSET_FOR_EACH (ip_address, &lb_ips->ips_v6_adv) {
> ar_entry_add(routes, advertising_od, advertising_op,
> ip_address, tracked_port, ROUTE_SOURCE_LB);
> + if (parsed_routes_out) {
> + add_redistribute_parsed_route(parsed_routes_out, advertising_od,
> + advertising_op, tracked_port,
> + ip_address, ROUTE_SOURCE_LB);
> + }
> }
> }
>
> @@ -343,7 +465,7 @@ build_lb_connected_routes(const struct ovn_datapath *od,
> lr_stateful_rec = lr_stateful_table_find_by_uuid(
> lr_stateful_table, peer_od->key);
> build_lb_route_for_port(op, op->peer, lr_stateful_rec->lb_ips,
> - &data->routes);
> + &data->routes, &data->parsed_routes);
> continue;
> }
>
> @@ -360,7 +482,7 @@ build_lb_connected_routes(const struct ovn_datapath *od,
> lr_stateful_table, rp->peer->od->key);
>
> build_lb_route_for_port(op, rp->peer, lr_stateful_rec->lb_ips,
> - &data->routes);
> + &data->routes, &data->parsed_routes);
> /* Track the LR datapath on the other side of LS
> * for any changes. */
> dynamic_routes_track_od(data, rp->peer->od);
> @@ -385,14 +507,16 @@ build_lb_routes(const struct ovn_datapath *od,
> * - always redirected to a distributed gateway router port
> *
> * Advertise the LB IPs via all 'op' if this is a gateway router or
> - * throuh all DGPs of this distributed router otherwise. */
> + * through all DGPs of this distributed router otherwise. */
>
> if (od->is_gw_router) {
> - build_lb_route_for_port(op, NULL, lb_ips, routes);
> + build_lb_route_for_port(op, NULL, lb_ips, routes,
> + NULL);
> } else {
> struct ovn_port *dgp;
> VECTOR_FOR_EACH (&od->l3dgw_ports, dgp) {
> - build_lb_route_for_port(op, dgp, lb_ips, routes);
> + build_lb_route_for_port(op, dgp, lb_ips, routes,
> + NULL);
> }
> }
> }
> @@ -528,13 +652,32 @@ en_dynamic_routes_init(struct engine_node *node
> OVS_UNUSED,
> struct dynamic_routes_data *data = xmalloc(sizeof *data);
> *data = (struct dynamic_routes_data) {
> .routes = HMAP_INITIALIZER(&data->routes),
> + .parsed_routes = HMAP_INITIALIZER(&data->parsed_routes),
> .nb_lr = UUIDSET_INITIALIZER(&data->nb_lr),
> .nb_ls = UUIDSET_INITIALIZER(&data->nb_ls),
> + .tracked = false,
> + .trk_data.trk_created_parsed_routes =
> + HMAPX_INITIALIZER(&data->trk_data.trk_created_parsed_routes),
> + .trk_data.trk_deleted_parsed_routes =
> + HMAPX_INITIALIZER(&data->trk_data.trk_deleted_parsed_routes),
> };
>
> return data;
> }
>
> +static void
> +dynamic_routes_clear_tracked(struct dynamic_routes_data *data)
> +{
> + hmapx_clear(&data->trk_data.trk_created_parsed_routes);
> + struct hmapx_node *hmapx_node;
> + HMAPX_FOR_EACH_SAFE (hmapx_node,
> + &data->trk_data.trk_deleted_parsed_routes) {
> + parsed_route_free(hmapx_node->data);
> + hmapx_delete(&data->trk_data.trk_deleted_parsed_routes, hmapx_node);
> + }
> + data->tracked = false;
> +}
> +
> static void
> en_dynamic_routes_clear(struct dynamic_routes_data *data)
> {
> @@ -543,6 +686,40 @@ en_dynamic_routes_clear(struct dynamic_routes_data *data)
> ar_entry_free(ar);
> }
>
> + struct parsed_route *pr;
> + HMAP_FOR_EACH_POP (pr, key_node, &data->parsed_routes) {
> + parsed_route_free(pr);
> + }
> +
> + dynamic_routes_clear_tracked(data);
> +
> + uuidset_clear(&data->nb_lr);
> + uuidset_clear(&data->nb_ls);
> +}
> +
> +static void
> +dynamic_routes_prepare_rebuild(struct dynamic_routes_data *data,
> + struct hmap *old_parsed_routes);
> +
> +static void
> +dynamic_routes_diff_parsed(struct dynamic_routes_data *data,
> + struct hmap *old_parsed_routes);
> +
> +/* Save current parsed_routes into *old_parsed_routes and reinitialise
> + * data->parsed_routes for a full rebuild. */
> +static void
> +dynamic_routes_prepare_rebuild(struct dynamic_routes_data *data,
> + struct hmap *old_parsed_routes)
> +{
> + dynamic_routes_clear_tracked(data);
> +
> + hmap_swap(old_parsed_routes, &data->parsed_routes);
> + hmap_init(&data->parsed_routes);
> +
> + struct ar_entry *ar;
> + HMAP_FOR_EACH_POP (ar, hmap_node, &data->routes) {
> + ar_entry_free(ar);
> + }
> uuidset_clear(&data->nb_lr);
> uuidset_clear(&data->nb_ls);
> }
> @@ -554,6 +731,9 @@ en_dynamic_routes_cleanup(void *data_)
>
> en_dynamic_routes_clear(data);
> hmap_destroy(&data->routes);
> + hmap_destroy(&data->parsed_routes);
> + hmapx_destroy(&data->trk_data.trk_created_parsed_routes);
> + hmapx_destroy(&data->trk_data.trk_deleted_parsed_routes);
> uuidset_destroy(&data->nb_lr);
> uuidset_destroy(&data->nb_ls);
> }
> @@ -566,7 +746,8 @@ en_dynamic_routes_run(struct engine_node *node, void
> *data)
> struct ed_type_lr_stateful *lr_stateful_data =
> engine_get_input_data("lr_stateful", node);
>
> - en_dynamic_routes_clear(data);
> + struct hmap old_parsed_routes = HMAP_INITIALIZER(&old_parsed_routes);
> + dynamic_routes_prepare_rebuild(dynamic_routes_data, &old_parsed_routes);
>
> const struct ovn_datapath *od;
> HMAP_FOR_EACH (od, key_node, &northd_data->lr_datapaths.datapaths) {
> @@ -598,9 +779,53 @@ en_dynamic_routes_run(struct engine_node *node, void
> *data)
> build_lb_connected_routes(od, &lr_stateful_data->table,
> dynamic_routes_data);
> }
> +
> + dynamic_routes_diff_parsed(dynamic_routes_data, &old_parsed_routes);
> + hmap_destroy(&old_parsed_routes);
> +
> return EN_UPDATED;
> }
>
> +static void
> +dynamic_routes_diff_parsed(struct dynamic_routes_data *data,
> + struct hmap *old_parsed_routes)
> +{
> + struct parsed_route *pr;
> + HMAP_FOR_EACH (pr, key_node, old_parsed_routes) {
> + pr->stale = true;
> + }
> +
> + HMAP_FOR_EACH_SAFE (pr, key_node, &data->parsed_routes) {
> + size_t hash = parsed_route_hash(pr);
> + struct parsed_route *old_pr = parsed_route_lookup(
> + old_parsed_routes, hash, pr);
> + if (old_pr) {
> + old_pr->stale = false;
> + /* Swap in the pre-existing route so that pointers held by
> + * group_ecmp_route remain valid. Detach from
> + * old_parsed_routes first: hmap_node is intrusive and
> + * cannot live in two maps. */
> + hmap_remove(old_parsed_routes, &old_pr->key_node);
> + hmap_remove(&data->parsed_routes, &pr->key_node);
> + hmap_insert(&data->parsed_routes, &old_pr->key_node, hash);
> + parsed_route_free(pr);
> + } else {
> + hmapx_add(&data->trk_data.trk_created_parsed_routes, pr);
> + }
> + }
> +
> + HMAP_FOR_EACH_SAFE (pr, key_node, old_parsed_routes) {
> + if (pr->stale) {
> + hmapx_add(&data->trk_data.trk_deleted_parsed_routes, pr);
> + }
> + }
> +
> + if (!hmapx_is_empty(&data->trk_data.trk_created_parsed_routes)
> + || !hmapx_is_empty(&data->trk_data.trk_deleted_parsed_routes)) {
> + data->tracked = true;
> + }
> +}
> +
> enum engine_input_handler_result
> dynamic_routes_lr_stateful_change_handler(struct engine_node *node,
> void *data_)
> @@ -801,7 +1026,7 @@ advertised_route_table_sync(
> sbrec_advertised_route_set_datapath(sr, route_e->od->sdp->sb_dp);
> sbrec_advertised_route_set_logical_port(sr, route_e->op->sb);
> sbrec_advertised_route_set_ip_prefix(sr, route_e->ip_prefix);
> - if (route_e->tracked_port) {
> + if (route_e->tracked_port && route_e->tracked_port->sb) {
> sbrec_advertised_route_set_tracked_port(sr,
>
> route_e->tracked_port->sb);
> }
> diff --git a/northd/en-advertised-route-sync.h
> b/northd/en-advertised-route-sync.h
> index 71cd417de..298062412 100644
> --- a/northd/en-advertised-route-sync.h
> +++ b/northd/en-advertised-route-sync.h
> @@ -18,16 +18,39 @@
>
> #include "lib/inc-proc-eng.h"
> #include "lib/uuidset.h"
> +#include "openvswitch/hmap.h"
> +#include "hmapx.h"
> +
> +/* Track what changed in the dynamic_routes engine node's parsed_routes.
> + * All hmapx node data are pointers to struct parsed_route. */
> +struct dynamic_routes_tracked_data {
> + struct hmapx trk_created_parsed_routes;
> + struct hmapx trk_deleted_parsed_routes;
> +};
>
> struct dynamic_routes_data {
> - /* Stores struct ar_entry, one for each dynamic route. */
> + /* Stores struct ar_entry, one for each dynamic route. Fed only to
> + * en_advertised_route_sync (SB Advertised_Route table). */
> struct hmap routes;
> + /* Stores struct parsed_route, one per VIP/NAT-external IP whose
> + * advertisement was synthesized from a *connected-neighbour* LR (i.e.
> + * dynamic-routing-redistribute=lb/nat for an LRP whose peer LS hosts
> + * another LR that owns the LB/NAT). Without these the advertising LR
> + * would claim reachability for a prefix it had no local forwarding
> + * route to. Fed to en_group_ecmp_route alongside en_routes and
> + * en_learned_route_sync. */
> + struct hmap parsed_routes;
> /* Contains the uuids of all NB Logical Routers where we used a
> * lr_stateful_record during computation. */
> struct uuidset nb_lr;
> /* Contains the uuids of all NB Logical Switches where we rely on port
> * changes for host routes. */
> struct uuidset nb_ls;
> +
> + /* 'tracked' is set to true if there is information available for
> + * incremental processing. If true then trk_data is valid. */
> + bool tracked;
> + struct dynamic_routes_tracked_data trk_data;
> };
>
> void *en_advertised_route_sync_init(struct engine_node *, struct engine_arg
> *);
> diff --git a/northd/en-group-ecmp-route.c b/northd/en-group-ecmp-route.c
> index c4c93fd84..8af1dcc0b 100644
> --- a/northd/en-group-ecmp-route.c
> +++ b/northd/en-group-ecmp-route.c
> @@ -21,8 +21,10 @@
> #include "openvswitch/vlog.h"
> #include "northd.h"
>
> +#include "en-advertised-route-sync.h"
> #include "en-group-ecmp-route.h"
> #include "en-learned-route-sync.h"
> +#include "hmapx.h"
> #include "openvswitch/hmap.h"
>
> VLOG_DEFINE_THIS_MODULE(en_group_ecmp_route);
> @@ -356,7 +358,8 @@ add_route(struct group_ecmp_datapath *gn, const struct
> parsed_route *pr)
> static void
> group_ecmp_route(struct group_ecmp_route_data *data,
> const struct routes_data *routes_data,
> - const struct learned_route_sync_data *learned_route_data)
> + const struct learned_route_sync_data *learned_route_data,
> + const struct dynamic_routes_data *dynamic_routes_data)
> {
> struct group_ecmp_datapath *gn;
> const struct parsed_route *pr;
> @@ -369,6 +372,11 @@ group_ecmp_route(struct group_ecmp_route_data *data,
> gn = group_ecmp_datapath_lookup_or_add(data, pr->od);
> add_route(gn, pr);
> }
> +
> + HMAP_FOR_EACH (pr, key_node, &dynamic_routes_data->parsed_routes) {
> + gn = group_ecmp_datapath_lookup_or_add(data, pr->od);
> + add_route(gn, pr);
> + }
> }
>
> enum engine_node_state
> @@ -381,8 +389,11 @@ en_group_ecmp_route_run(struct engine_node *node, void
> *_data)
> = engine_get_input_data("routes", node);
> struct learned_route_sync_data *learned_route_data
> = engine_get_input_data("learned_route_sync", node);
> + struct dynamic_routes_data *dynamic_routes_data
> + = engine_get_input_data("dynamic_routes", node);
>
> - group_ecmp_route(data, routes_data, learned_route_data);
> + group_ecmp_route(data, routes_data, learned_route_data,
> + dynamic_routes_data);
>
> return EN_UPDATED;
> }
> @@ -519,3 +530,64 @@ group_ecmp_route_learned_route_change_handler(struct
> engine_node *eng_node,
> }
> return EN_HANDLED_UNCHANGED;
> }
> +
> +/* When parsed_routes is empty, dynamic_routes has no new content for us.
> + * When tracked is false but parsed_routes is non-empty we fall back to a
> + * full recompute. Otherwise process tracked adds/deletes incrementally
> + * (see group_ecmp_route_learned_route_change_handler for the pattern). */
> +enum engine_input_handler_result
> +group_ecmp_route_dynamic_routes_change_handler(struct engine_node *eng_node,
> + void *data)
> +{
> + struct group_ecmp_route_data *gdata = data;
> + struct dynamic_routes_data *dynamic_routes_data
> + = engine_get_input_data("dynamic_routes", eng_node);
> +
> + if (!dynamic_routes_data->tracked) {
> + if (hmap_is_empty(&dynamic_routes_data->parsed_routes)) {
> + return EN_HANDLED_UNCHANGED;
> + }
> + gdata->tracked = false;
> + return EN_UNHANDLED;
> + }
> +
> + gdata->tracked = true;
> +
> + struct hmapx updated_routes = HMAPX_INITIALIZER(&updated_routes);
> +
> + const struct hmapx_node *hmapx_node;
> + const struct parsed_route *pr;
> + HMAPX_FOR_EACH (hmapx_node,
> +
> &dynamic_routes_data->trk_data.trk_deleted_parsed_routes) {
> + pr = hmapx_node->data;
> + if (!handle_deleted_route(gdata, pr, &updated_routes)) {
> + hmapx_destroy(&updated_routes);
> + return EN_UNHANDLED;
> + }
> + }
> +
> + HMAPX_FOR_EACH (hmapx_node,
> +
> &dynamic_routes_data->trk_data.trk_created_parsed_routes) {
> + pr = hmapx_node->data;
> + handle_added_route(gdata, pr, &updated_routes);
> + }
> +
> + HMAPX_FOR_EACH (hmapx_node, &updated_routes) {
> + struct group_ecmp_datapath *node = hmapx_node->data;
> + if (hmap_is_empty(&node->unique_routes) &&
> + hmap_is_empty(&node->ecmp_groups)) {
> + hmapx_add(&gdata->trk_data.deleted_datapath_routes, node);
> + hmap_remove(&gdata->datapaths, &node->hmap_node);
> + } else {
> + hmapx_add(&gdata->trk_data.crupdated_datapath_routes, node);
> + }
> + }
> +
> + hmapx_destroy(&updated_routes);
> +
> + if (!(hmapx_is_empty(&gdata->trk_data.crupdated_datapath_routes) &&
> + hmapx_is_empty(&gdata->trk_data.deleted_datapath_routes))) {
> + return EN_HANDLED_UPDATED;
> + }
> + return EN_HANDLED_UNCHANGED;
> +}
> diff --git a/northd/en-group-ecmp-route.h b/northd/en-group-ecmp-route.h
> index d4a3248d0..0ebfe7442 100644
> --- a/northd/en-group-ecmp-route.h
> +++ b/northd/en-group-ecmp-route.h
> @@ -98,6 +98,10 @@ enum engine_input_handler_result
> group_ecmp_route_learned_route_change_handler(struct engine_node *,
> void *data);
>
> +enum engine_input_handler_result
> +group_ecmp_route_dynamic_routes_change_handler(struct engine_node *,
> + void *data);
> +
> struct group_ecmp_datapath *group_ecmp_datapath_lookup(
> const struct group_ecmp_route_data *data,
> const struct ovn_datapath *od);
> diff --git a/northd/inc-proc-northd.c b/northd/inc-proc-northd.c
> index a2b464411..62ddf4207 100644
> --- a/northd/inc-proc-northd.c
> +++ b/northd/inc-proc-northd.c
> @@ -378,6 +378,11 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
> engine_add_input(&en_group_ecmp_route, &en_routes, NULL);
> engine_add_input(&en_group_ecmp_route, &en_learned_route_sync,
> group_ecmp_route_learned_route_change_handler);
> + /* Connected-neighbour redistribute={lb,nat} also emits forwarding
> + * parsed_routes. Consume those to compose ECMP groups alongside
> + * routes and learned_route_sync. */
> + engine_add_input(&en_group_ecmp_route, &en_dynamic_routes,
> + group_ecmp_route_dynamic_routes_change_handler);
>
> engine_add_input(&en_sync_meters, &en_nb_acl,
> sync_meters_nb_acl_handler);
> engine_add_input(&en_sync_meters, &en_nb_meter, NULL);
> diff --git a/northd/northd.c b/northd/northd.c
> index 264cdd7a6..652c8ac8a 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -381,13 +381,16 @@ static const char *reg_ct_state[] = {
> * 2. ic-learned connected routes with route_table set.
> * 3. connected routes, including ic-learned.
> * 4. static routes, including ic-learned.
> - * 5. routes learned from the outside via ovn-controller (e.g. bgp)
> - * 6. (lowest priority) src-ip routes */
> + * 5. routes synthesized from connected-neighbour
> + * dynamic-routing-redistribute={lb,nat}.
> + * 6. routes learned from the outside via ovn-controller (e.g. bgp)
> + * 7. (lowest priority) src-ip routes */
> #define ROUTE_PRIO_OFFSET_MULTIPLIER 12
> #define ROUTE_PRIO_OFFSET_PRIORITY_STATIC 10
> #define ROUTE_PRIO_OFFSET_IC_LEARNED_CONNECTED_WITH_TABLEID 8
> #define ROUTE_PRIO_OFFSET_CONNECTED 6
> #define ROUTE_PRIO_OFFSET_STATIC 4
> +#define ROUTE_PRIO_OFFSET_REDISTRIBUTE 3
> #define ROUTE_PRIO_OFFSET_LEARNED 2
>
> #define ROUTE_PRIO_BASE_SHIFT ((MAX_PREFIX_LEN + 1) * \
> @@ -12295,7 +12298,7 @@ find_static_route_outport(const struct ovn_datapath
> *od,
> /* Parse and validate the route. Return the parsed route if successful.
> * Otherwise return NULL. */
>
> -static struct parsed_route *
> +struct parsed_route *
> parsed_route_lookup(struct hmap *routes, size_t hash,
> struct parsed_route *new_pr)
> {
> @@ -12351,6 +12354,10 @@ parsed_route_lookup(struct hmap *routes, size_t hash,
> continue;
> }
>
> + if (pr->tracked_port != new_pr->tracked_port) {
> + continue;
> + }
> +
> if (!nullable_string_is_equal(pr->lrp_addr_s,
> new_pr->lrp_addr_s)) {
> continue;
> @@ -12741,12 +12748,19 @@ get_route_offset(enum route_source source,
> ? ROUTE_PRIO_OFFSET_PRIORITY_STATIC
> : ROUTE_PRIO_OFFSET_STATIC;
>
> + case ROUTE_SOURCE_NAT:
> + case ROUTE_SOURCE_LB:
> + /* Priority offset for forwarding routes installed by
> + * redistribute={lb,nat}. Placed above LEARNED so dynamically
> + * learned routes for the same prefix cannot displace the locally
> + * known nexthop, and below STATIC so operator-installed routes
> + * still win. */
> + return ROUTE_PRIO_OFFSET_REDISTRIBUTE;
> +
> case ROUTE_SOURCE_LEARNED:
> return ROUTE_PRIO_OFFSET_LEARNED;
>
> - /* Dynamic route types (NAT, LB, and connected-as-host) are not used. */
> - case ROUTE_SOURCE_NAT:
> - case ROUTE_SOURCE_LB:
> + /* connected-as-host advertisements don't produce forwarding routes. */
> case ROUTE_SOURCE_CONNECTED_AS_HOST:
> default:
> OVS_NOT_REACHED();
> diff --git a/northd/northd.h b/northd/northd.h
> index b1168c207..3d67381cc 100644
> --- a/northd/northd.h
> +++ b/northd/northd.h
> @@ -861,6 +861,8 @@ struct parsed_route {
> };
>
> struct parsed_route *parsed_route_clone(const struct parsed_route *);
> +struct parsed_route *parsed_route_lookup(struct hmap *routes, size_t hash,
> + struct parsed_route *new_pr);
> struct parsed_route *parsed_route_lookup_by_source(
> const struct ovn_datapath *od, enum route_source source,
> const struct ovsdb_idl_row *source_hint, const struct hmap *routes);
> diff --git a/tests/ovn-inc-proc-graph-dump.at
> b/tests/ovn-inc-proc-graph-dump.at
> index 3750339d0..b81352657 100644
> --- a/tests/ovn-inc-proc-graph-dump.at
> +++ b/tests/ovn-inc-proc-graph-dump.at
> @@ -167,9 +167,13 @@ digraph "Incremental-Processing-Engine" {
> learned_route_sync [[style=filled, shape=box, fillcolor=white,
> label="learned_route_sync"]];
> SB_learned_route -> learned_route_sync
> [[label="learned_route_sync_sb_learned_route_change_handler"]];
> northd -> learned_route_sync
> [[label="learned_route_sync_northd_change_handler"]];
> + dynamic_routes [[style=filled, shape=box, fillcolor=white,
> label="dynamic_routes"]];
> + lr_stateful -> dynamic_routes
> [[label="dynamic_routes_lr_stateful_change_handler"]];
> + northd -> dynamic_routes
> [[label="dynamic_routes_northd_change_handler"]];
> group_ecmp_route [[style=filled, shape=box, fillcolor=white,
> label="group_ecmp_route"]];
> routes -> group_ecmp_route [[label=""]];
> learned_route_sync -> group_ecmp_route
> [[label="group_ecmp_route_learned_route_change_handler"]];
> + dynamic_routes -> group_ecmp_route
> [[label="group_ecmp_route_dynamic_routes_change_handler"]];
> ls_stateful [[style=filled, shape=box, fillcolor=white,
> label="ls_stateful"]];
> northd -> ls_stateful [[label="ls_stateful_northd_handler"]];
> port_group -> ls_stateful [[label="ls_stateful_port_group_handler"]];
> @@ -217,9 +221,6 @@ digraph "Incremental-Processing-Engine" {
> SB_ecmp_nexthop -> ecmp_nexthop [[label=""]];
> SB_port_binding -> ecmp_nexthop [[label=""]];
> SB_mac_binding -> ecmp_nexthop
> [[label="ecmp_nexthop_mac_binding_handler"]];
> - dynamic_routes [[style=filled, shape=box, fillcolor=white,
> label="dynamic_routes"]];
> - lr_stateful -> dynamic_routes
> [[label="dynamic_routes_lr_stateful_change_handler"]];
> - northd -> dynamic_routes
> [[label="dynamic_routes_northd_change_handler"]];
> SB_advertised_route [[style=filled, shape=box, fillcolor=white,
> label="SB_advertised_route"]];
> advertised_route_sync [[style=filled, shape=box, fillcolor=white,
> label="advertised_route_sync"]];
> routes -> advertised_route_sync [[label=""]];
> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> index 51c5b486a..aa3e14410 100644
> --- a/tests/ovn-northd.at
> +++ b/tests/ovn-northd.at
> @@ -16945,7 +16945,12 @@ check_engine_compute northd incremental
> check_engine_compute routes incremental
> check_engine_compute advertised_route_sync recompute
> check_engine_compute learned_route_sync incremental
> -check_engine_compute group_ecmp_route unchanged
> +# dynamic_routes recomputes on every en_northd update. the handler on
> +# en_group_ecmp_route returns UNCHANGED when no connected-neighbour
> +# LB/NAT forwarding routes are produced (this LR uses =connected-as-host,
> +# not =lb/=nat), but the call itself increments compute_ct so the state
> +# is "incremental" rather than "unchanged".
> +check_engine_compute group_ecmp_route incremental
> check_engine_compute lflow incremental
> CHECK_NO_CHANGE_AFTER_RECOMPUTE
>
> @@ -16969,7 +16974,8 @@ check_engine_compute northd incremental
> check_engine_compute routes incremental
> check_engine_compute advertised_route_sync recompute
> check_engine_compute learned_route_sync incremental
> -check_engine_compute group_ecmp_route unchanged
> +# See comment above re group_ecmp_route incremental vs unchanged.
> +check_engine_compute group_ecmp_route incremental
> check_engine_compute lflow incremental
> CHECK_NO_CHANGE_AFTER_RECOMPUTE
>
> @@ -17750,6 +17756,615 @@ OVN_CLEANUP_NORTHD
> AT_CLEANUP
> ])
>
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - LB redistribute installs local forwarding route])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# When dynamic-routing-redistribute=lb is set on an LRP whose peer LS
> +# hosts a neighbouring LR with an attached load balancer, northd emits
> +# both an SB Advertised_Route entry and a /32 forwarding parsed_route
> +# on the advertising LR so it can forward traffic to the peer's VIP.
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +
> +# lr0's transit LRP toward 'up' is unnumbered (no IPv4 address).
> +# dynamic-routing-redistribute=lb is set on this LRP.
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=lb
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr0 lr0-up
> +
> +# lr1 is the neighbouring router that owns the load balancer.
> +# Its LRP on 'up' carries an IPv4 address (10.0.0.1) which becomes the
> +# nexthop for the forwarding route synthesised on lr0.
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:02 10.0.0.1/24
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +
> +check ovn-nbctl \
> + -- lb-add lb0 172.16.1.10:80 192.168.1.10:80,192.168.1.11:80 \
> + -- lr-lb-add lr1 lb0
> +check ovn-nbctl --wait=sb sync
> +
> +# An Advertised_Route entry for lb0's VIP is emitted on lr0 with
> +# tracked_port pointing at lr1's LRP.
> +datapath_lr0=$(fetch_column Datapath_Binding _uuid external_ids:name=lr0)
> +pb_lr0_up=$(fetch_column Port_Binding _uuid logical_port=lr0-up)
> +pb_lr1_up=$(fetch_column Port_Binding _uuid logical_port=lr1-up)
> +check_row_count Advertised_Route 1
> +check_row_count Advertised_Route 1 \
> + ip_prefix="172.16.1.10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_up \
> + tracked_port=$pb_lr1_up
> +
> +# lr0 also gets a /32 forwarding flow with reg0 = lr1's LRP IP
> +# (10.0.0.1) and outport = lr0-up. Because lr0-up is unnumbered
> +# (no IPv4 address) there is no REG_SRC_IPV4 clause in the action.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=1935 , match=(ip4.dst ==
> 172.16.1.10/32), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 10.0.0.1;
> eth.src = 00:00:00:00:00:01; outport = "lr0-up"; flags.loopback = 1;
> reg9[[9]] = 1; next;)
> +])
> +
> +# Removing the redistribution option also removes the forwarding route.
> +check ovn-nbctl --wait=sb remove Logical_Router_Port lr0-up options
> dynamic-routing-redistribute
> +ovn-sbctl lflow-list lr0 > lr0_flows_after_remove
> +AT_CHECK([grep -c 'lr_in_ip_routing.*172.16.1.10/32'
> lr0_flows_after_remove], [1], [0
> +])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - LB redistribute forwarding route - numbered LRP])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# Same as "LB redistribute installs local forwarding route" but the
> +# advertising LRP is numbered (has an IPv4 address), so the emitted
> +# forwarding flow includes reg5 = <src-ip> (REG_SRC_IPV4).
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01 10.0.0.2/24
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=lb
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr0 lr0-up
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:02 10.0.0.1/24
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +
> +check ovn-nbctl \
> + -- lb-add lb0 172.16.1.10:80 192.168.1.10:80,192.168.1.11:80 \
> + -- lr-lb-add lr1 lb0
> +check ovn-nbctl --wait=sb sync
> +
> +# lr0-up is numbered (10.0.0.2) so reg5 = 10.0.0.2 appears in the action.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=1935 , match=(ip4.dst ==
> 172.16.1.10/32), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 10.0.0.1; reg5 =
> 10.0.0.2; eth.src = 00:00:00:00:00:01; outport = "lr0-up"; flags.loopback =
> 1; reg9[[9]] = 1; next;)
> +])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - NAT redistribute forwarding route IPv4])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# When dynamic-routing-redistribute=nat is set on an LRP whose peer LS
> +# hosts a neighbouring LR with a NAT external IP, northd emits a /32
> +# forwarding parsed_route on the advertising LR.
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=nat
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr0 lr0-up
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:02 10.0.0.1/24
> +check ovn-nbctl lrp-set-gateway-chassis lr1-up hv1
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +check ovn-nbctl --add-route lr-nat-add lr1 dnat_and_snat 172.16.1.10
> 192.168.1.10
> +check ovn-nbctl --wait=sb sync
> +
> +datapath_lr0=$(fetch_column Datapath_Binding _uuid external_ids:name=lr0)
> +pb_lr0_up=$(fetch_column Port_Binding _uuid logical_port=lr0-up)
> +pb_lr1_up=$(fetch_column Port_Binding _uuid logical_port=lr1-up)
> +
> +# SB Advertised_Route for lr1's NAT external IP is emitted on lr0.
> +check_row_count Advertised_Route 1
> +check_row_count Advertised_Route 1 \
> + ip_prefix="172.16.1.10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_up \
> + tracked_port=$pb_lr1_up
> +
> +# lr0 also gets a /32 forwarding flow to lr1-up (10.0.0.1).
> +# Grep for priority 1935 specifically to avoid matching the connected
> +# host route (priority 1938) that --add-route also produces.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows | grep
> 'priority=1935' | ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=1935 , match=(ip4.dst ==
> 172.16.1.10/32), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 10.0.0.1;
> eth.src = 00:00:00:00:00:01; outport = "lr0-up"; flags.loopback = 1;
> reg9[[9]] = 1; next;)
> +])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - NAT redistribute forwarding route IPv6])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# IPv6 variant of the NAT redistribute forwarding route test.
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=nat
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr0 lr0-up
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:02 2001:db8::1/64
> +check ovn-nbctl lrp-set-gateway-chassis lr1-up hv1
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +check ovn-nbctl --add-route lr-nat-add lr1 dnat_and_snat 2001:db8:ffff::10
> 2001:db8:1::10
> +check ovn-nbctl --wait=sb sync
> +
> +datapath_lr0=$(fetch_column Datapath_Binding _uuid external_ids:name=lr0)
> +pb_lr0_up=$(fetch_column Port_Binding _uuid logical_port=lr0-up)
> +pb_lr1_up=$(fetch_column Port_Binding _uuid logical_port=lr1-up)
> +
> +check_row_count Advertised_Route 1
> +check_row_count Advertised_Route 1 \
> + ip_prefix="2001\:db8\:ffff\:\:10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_up \
> + tracked_port=$pb_lr1_up
> +
> +# /128 forwarding flow for v6 NAT external IP.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*2001:db8:ffff::10/128' lr0_flows |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=3087 , match=(ip6.dst ==
> 2001:db8:ffff::10/128), action=(ip.ttl--; reg8[[0..15]] = 0; xxreg0 =
> 2001:db8::1; eth.src = 00:00:00:00:00:01; outport = "lr0-up"; flags.loopback
> = 1; reg9[[9]] = 0; next;)
> +])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - NAT redistribute distributed NAT tracked_port])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# When a neighbouring LR has a distributed NAT (logical_port +
> +# external_mac set), the connected-neighbour path must use the
> +# backend LSP as tracked_port rather than the DGP. The DGP must
> +# not be the same port that peers with the advertising LR, because
> +# that creates a cr_port on the peer LSP and disables distributed
> +# NAT (en-lr-nat.c: lr_nat_entry_set_dgw_port).
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=nat
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr0 lr0-up
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:02 10.0.0.1/24
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +
> +# DGP on a separate port (lr1-ext), so lr1-up's peer LSP does not
> +# get a cr_port and the NAT stays distributed.
> +check ovn-nbctl lrp-add lr1 lr1-ext 00:00:00:00:00:04 192.168.2.1/24
> +check ovn-nbctl lrp-set-gateway-chassis lr1-ext hv1
> +check ovn-nbctl ls-add ext
> +check ovn-nbctl lsp-add-router-port ext ext-lr1 lr1-ext
> +check ovn-nbctl lsp-add ext ln-ext
> +check ovn-nbctl lsp-set-type ln-ext localnet
> +check ovn-nbctl lsp-set-options ln-ext network_name=phys
> +
> +check ovn-nbctl lrp-add lr1 lr1-be 00:00:00:00:00:03 192.168.1.1/24
> +check ovn-nbctl ls-add be
> +check ovn-nbctl lsp-add-router-port be be-lr1 lr1-be
> +check ovn-nbctl lsp-add be be-vm1
> +check ovn-nbctl lsp-set-addresses be-vm1 "00:00:00:00:01:01 192.168.1.10"
> +# Distributed NAT: logical_port and external_mac point to the backend LSP.
> +check ovn-nbctl --add-route lr-nat-add lr1 dnat_and_snat 172.16.1.10
> 192.168.1.10 be-vm1 00:00:00:00:01:01
> +check ovn-nbctl --wait=sb sync
> +
> +datapath_lr0=$(fetch_column Datapath_Binding _uuid external_ids:name=lr0)
> +pb_lr0_up=$(fetch_column Port_Binding _uuid logical_port=lr0-up)
> +pb_be_vm1=$(fetch_column Port_Binding _uuid logical_port=be-vm1)
> +
> +# The advertised route must carry the backend LSP as tracked_port,
> +# not the DGP (lr1-ext).
> +check_row_count Advertised_Route 1
> +check_row_count Advertised_Route 1 \
> + ip_prefix="172.16.1.10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_up \
> + tracked_port=$pb_be_vm1
> +
> +# No forwarding parsed_route is installed for distributed NAT: the
> +# backend LSP has no lrp_networks, so add_redistribute_parsed_route
> +# returns early. Verify that lr0 has no /32 routing flow for the
> +# NAT external IP.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows], [1])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - NAT redistribute own-LR distributed NAT])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# When a router with a distributed NAT advertises its own NAT routes
> +# (build_nat_routes path), the Advertised_Route must use the backend
> +# LSP as tracked_port.
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl set Logical_Router lr1 \
> + options:dynamic-routing=true
> +
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:01 10.0.0.1/24
> +check ovn-nbctl lrp-set-options lr1-up dynamic-routing-redistribute=nat
> +check ovn-nbctl lrp-set-gateway-chassis lr1-up hv1
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +check ovn-nbctl lsp-add up ln-up
> +check ovn-nbctl lsp-set-type ln-up localnet
> +check ovn-nbctl lsp-set-options ln-up network_name=phys
> +
> +check ovn-nbctl lrp-add lr1 lr1-be 00:00:00:00:00:03 192.168.1.1/24
> +check ovn-nbctl ls-add be
> +check ovn-nbctl lsp-add-router-port be be-lr1 lr1-be
> +check ovn-nbctl lsp-add be be-vm1
> +check ovn-nbctl lsp-set-addresses be-vm1 "00:00:00:00:01:01 192.168.1.10"
> +
> +# Distributed NAT: logical_port and external_mac point to the backend LSP.
> +check ovn-nbctl --add-route lr-nat-add lr1 dnat_and_snat 172.16.1.10
> 192.168.1.10 be-vm1 00:00:00:00:01:01
> +check ovn-nbctl --wait=sb sync
> +
> +datapath_lr1=$(fetch_column Datapath_Binding _uuid external_ids:name=lr1)
> +pb_lr1_up=$(fetch_column Port_Binding _uuid logical_port=lr1-up)
> +pb_be_vm1=$(fetch_column Port_Binding _uuid logical_port=be-vm1)
> +
> +# The own-LR advertised route must carry the backend LSP as tracked_port.
> +check_row_count Advertised_Route 1
> +check_row_count Advertised_Route 1 \
> + ip_prefix="172.16.1.10" \
> + datapath=$datapath_lr1 \
> + logical_port=$pb_lr1_up \
> + tracked_port=$pb_be_vm1
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - NAT redistribute connected-neighbour distributed
> NAT on localnet LS])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# A provider LS backed by a localnet port connects two LRs. The
> +# neighbour LR has a distributed NAT whose DGP is on a separate
> +# provider LS (also localnet-backed). The advertising LR must emit
> +# an Advertised_Route with the backend LSP as tracked_port and must
> +# NOT install a forwarding parsed_route (the backend LSP has no
> +# lrp_networks for the nexthop).
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01 10.0.0.2/24
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=nat
> +check ovn-nbctl ls-add provider
> +check ovn-nbctl lsp-add-router-port provider prov-lr0 lr0-up
> +check ovn-nbctl lsp-add provider ln-prov
> +check ovn-nbctl lsp-set-type ln-prov localnet
> +check ovn-nbctl lsp-set-options ln-prov network_name=physnet
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-prov 00:00:00:00:00:02 10.0.0.1/24
> +check ovn-nbctl lsp-add-router-port provider prov-lr1 lr1-prov
> +
> +# DGP on a separate provider LS, so lr1-prov's peer LSP does not get
> +# a cr_port and the NAT stays distributed.
> +check ovn-nbctl lrp-add lr1 lr1-ext 00:00:00:00:00:04 192.168.2.1/24
> +check ovn-nbctl lrp-set-gateway-chassis lr1-ext hv1
> +check ovn-nbctl ls-add ext
> +check ovn-nbctl lsp-add-router-port ext ext-lr1 lr1-ext
> +check ovn-nbctl lsp-add ext ln-ext
> +check ovn-nbctl lsp-set-type ln-ext localnet
> +check ovn-nbctl lsp-set-options ln-ext network_name=physnet2
> +
> +check ovn-nbctl lrp-add lr1 lr1-be 00:00:00:00:00:03 192.168.1.1/24
> +check ovn-nbctl ls-add be
> +check ovn-nbctl lsp-add-router-port be be-lr1 lr1-be
> +check ovn-nbctl lsp-add be be-vm1
> +check ovn-nbctl lsp-set-addresses be-vm1 "00:00:00:00:01:01 192.168.1.10"
> +
> +# Distributed NAT: logical_port and external_mac point to the backend LSP.
> +check ovn-nbctl --add-route lr-nat-add lr1 dnat_and_snat 172.16.1.10
> 192.168.1.10 be-vm1 00:00:00:00:01:01
> +check ovn-nbctl --wait=sb sync
> +
> +datapath_lr0=$(fetch_column Datapath_Binding _uuid external_ids:name=lr0)
> +pb_lr0_up=$(fetch_column Port_Binding _uuid logical_port=lr0-up)
> +pb_be_vm1=$(fetch_column Port_Binding _uuid logical_port=be-vm1)
> +
> +# Advertised_Route uses the backend LSP as tracked_port.
> +check_row_count Advertised_Route 1
> +check_row_count Advertised_Route 1 \
> + ip_prefix="172.16.1.10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_up \
> + tracked_port=$pb_be_vm1
> +
> +# No forwarding parsed_route: the backend LSP has no lrp_networks,
> +# so add_redistribute_parsed_route returns early.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows], [1])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - LB redistribute forwarding route IPv6])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# IPv6 variant of the LB forwarding route test.
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=lb
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr0 lr0-up
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:02 2001:db8::1/64
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +
> +check ovn-nbctl \
> + -- lb-add lb0 [[2001:db8:ffff::10]]:80
> [[2001:db8:1::10]]:80,[[2001:db8:1::11]]:80 \
> + -- lr-lb-add lr1 lb0
> +check ovn-nbctl --wait=sb sync
> +
> +datapath_lr0=$(fetch_column Datapath_Binding _uuid external_ids:name=lr0)
> +pb_lr0_up=$(fetch_column Port_Binding _uuid logical_port=lr0-up)
> +pb_lr1_up=$(fetch_column Port_Binding _uuid logical_port=lr1-up)
> +
> +check_row_count Advertised_Route 1
> +check_row_count Advertised_Route 1 \
> + ip_prefix="2001\:db8\:ffff\:\:10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_up \
> + tracked_port=$pb_lr1_up
> +
> +# /128 forwarding flow for v6 LB VIP.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*2001:db8:ffff::10/128' lr0_flows |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=3087 , match=(ip6.dst ==
> 2001:db8:ffff::10/128), action=(ip.ttl--; reg8[[0..15]] = 0; xxreg0 =
> 2001:db8::1; eth.src = 00:00:00:00:00:01; outport = "lr0-up"; flags.loopback
> = 1; reg9[[9]] = 0; next;)
> +])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - LB redistribute forwarding route via LS])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# Two LRs (lr1, lr2) connected to a shared LS "join", both with LBs.
> +# lr0 has redistribute=lb on its LRP toward "join". lr0's peer on "join"
> +# is an LSP (not a direct LR-LR peer), so northd discovers lr1 and lr2
> +# through the LS's router_ports. Both LB VIPs get forwarding
> +# routes on lr0.
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-join 00:00:00:00:00:01
> +check ovn-nbctl lrp-set-options lr0-join dynamic-routing-redistribute=lb
> +check ovn-nbctl ls-add join
> +check ovn-nbctl lsp-add-router-port join join-lr0 lr0-join
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-join 00:00:00:00:00:02 10.0.0.1/24
> +check ovn-nbctl lsp-add-router-port join join-lr1 lr1-join
> +check ovn-nbctl \
> + -- lb-add lb1 172.16.1.10:80 192.168.1.10:80 \
> + -- lr-lb-add lr1 lb1
> +
> +check ovn-nbctl lr-add lr2
> +check ovn-nbctl lrp-add lr2 lr2-join 00:00:00:00:00:03 10.0.0.2/24
> +check ovn-nbctl lsp-add-router-port join join-lr2 lr2-join
> +check ovn-nbctl \
> + -- lb-add lb2 172.16.2.10:80 192.168.2.10:80 \
> + -- lr-lb-add lr2 lb2
> +
> +check ovn-nbctl --wait=sb sync
> +
> +datapath_lr0=$(fetch_column Datapath_Binding _uuid external_ids:name=lr0)
> +pb_lr0_join=$(fetch_column Port_Binding _uuid logical_port=lr0-join)
> +pb_lr1_join=$(fetch_column Port_Binding _uuid logical_port=lr1-join)
> +pb_lr2_join=$(fetch_column Port_Binding _uuid logical_port=lr2-join)
> +
> +# Two advertised routes (one per neighbour LB VIP).
> +check_row_count Advertised_Route 2
> +check_row_count Advertised_Route 1 \
> + ip_prefix="172.16.1.10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_join \
> + tracked_port=$pb_lr1_join
> +check_row_count Advertised_Route 1 \
> + ip_prefix="172.16.2.10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_join \
> + tracked_port=$pb_lr2_join
> +
> +# Two forwarding flows on lr0, one per VIP, each with the correct
> +# nexthop pointing at the respective neighbour LRP IP.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=1935 , match=(ip4.dst ==
> 172.16.1.10/32), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 10.0.0.1;
> eth.src = 00:00:00:00:00:01; outport = "lr0-join"; flags.loopback = 1;
> reg9[[9]] = 1; next;)
> +])
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.2.10/32' lr0_flows |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=1935 , match=(ip4.dst ==
> 172.16.2.10/32), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 10.0.0.2;
> eth.src = 00:00:00:00:00:01; outport = "lr0-join"; flags.loopback = 1;
> reg9[[9]] = 1; next;)
> +])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - LB forwarding route updates on nexthop change])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# Regression test: parsed_route_lookup must treat routes with different
> +# nexthops as distinct. Create a forwarding route for an LB VIP with
> +# nexthop 10.0.0.1, then change the peer LRP address to 10.0.0.42 and
> +# verify the logical flow is updated.
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01 10.0.0.2/24
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=lb
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr0 lr0-up
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:02 10.0.0.1/24
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +
> +check ovn-nbctl \
> + -- lb-add lb0 172.16.1.10:80 192.168.1.10:80 \
> + -- lr-lb-add lr1 lb0
> +check ovn-nbctl --wait=sb sync
> +
> +# Forwarding flow on lr0 points at 10.0.0.1 (lr1-up's address).
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=1935 , match=(ip4.dst ==
> 172.16.1.10/32), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 10.0.0.1; reg5 =
> 10.0.0.2; eth.src = 00:00:00:00:00:01; outport = "lr0-up"; flags.loopback =
> 1; reg9[[9]] = 1; next;)
> +])
> +
> +# Change lr1-up's address from 10.0.0.1 to 10.0.0.42.
> +check ovn-nbctl --wait=sb set Logical_Router_Port lr1-up
> networks=\"10.0.0.42/24\"
> +
> +# The forwarding flow must now use 10.0.0.42 as nexthop.
> +ovn-sbctl lflow-list lr0 > lr0_flows_after
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows_after |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=1935 , match=(ip4.dst ==
> 172.16.1.10/32), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 10.0.0.42; reg5
> = 10.0.0.2; eth.src = 00:00:00:00:00:01; outport = "lr0-up"; flags.loopback =
> 1; reg9[[9]] = 1; next;)
> +])
> +
> +# The old nexthop (10.0.0.1) must no longer appear in the flow.
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows_after | grep -c
> 'reg0 = 10.0.0.1' || true], [0], [0
> +])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> +OVN_FOR_EACH_NORTHD_NO_HV([
> +AT_SETUP([dynamic-routing - LB redistribute advertise=false skips forwarding
> route])
> +AT_KEYWORDS([dynamic-routing])
> +ovn_start
> +
> +# When dynamic-routing-redistribute=lb is set on an LRP but the LB has
> +# options:dynamic-routing-advertise=false, both the Advertised_Route row
> +# and the forwarding parsed route / logical flow are not installed.
> +
> +check ovn-nbctl lr-add lr0
> +check ovn-nbctl set Logical_Router lr0 \
> + options:dynamic-routing=true \
> + options:chassis=hv1
> +check ovn-nbctl lrp-add lr0 lr0-up 00:00:00:00:00:01 10.0.0.2/24
> +check ovn-nbctl lrp-set-options lr0-up dynamic-routing-redistribute=lb
> +check ovn-nbctl ls-add up
> +check ovn-nbctl lsp-add-router-port up up-lr0 lr0-up
> +
> +check ovn-nbctl lr-add lr1
> +check ovn-nbctl lrp-add lr1 lr1-up 00:00:00:00:00:02 10.0.0.1/24
> +check ovn-nbctl lsp-add-router-port up up-lr1 lr1-up
> +
> +check ovn-nbctl \
> + -- lb-add lb0 172.16.1.10:80 192.168.1.10:80 \
> + -- set Load_Balancer lb0 options:dynamic-routing-advertise=false \
> + -- lr-lb-add lr1 lb0
> +check ovn-nbctl --wait=sb sync
> +
> +# No Advertised_Route should be emitted.
> +check_row_count Advertised_Route 0
> +
> +# No forwarding flow for the LB VIP.
> +ovn-sbctl lflow-list lr0 > lr0_flows
> +AT_CHECK([grep -c 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows || true],
> [0], [0
> +])
> +
> +# Enabling advertise should produce both.
> +check ovn-nbctl --wait=sb remove Load_Balancer lb0 options
> dynamic-routing-advertise
> +
> +datapath_lr0=$(fetch_column Datapath_Binding _uuid external_ids:name=lr0)
> +pb_lr0_up=$(fetch_column Port_Binding _uuid logical_port=lr0-up)
> +pb_lr1_up=$(fetch_column Port_Binding _uuid logical_port=lr1-up)
> +check_row_count Advertised_Route 1 \
> + ip_prefix="172.16.1.10" \
> + datapath=$datapath_lr0 \
> + logical_port=$pb_lr0_up \
> + tracked_port=$pb_lr1_up
> +
> +ovn-sbctl lflow-list lr0 > lr0_flows_on
> +AT_CHECK([grep 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows_on |
> ovn_strip_lflows], [0], [dnl
> + table=??(lr_in_ip_routing ), priority=1935 , match=(ip4.dst ==
> 172.16.1.10/32), action=(ip.ttl--; reg8[[0..15]] = 0; reg0 = 10.0.0.1; reg5 =
> 10.0.0.2; eth.src = 00:00:00:00:00:01; outport = "lr0-up"; flags.loopback =
> 1; reg9[[9]] = 1; next;)
> +])
> +
> +# Disabling again should withdraw both.
> +check ovn-nbctl --wait=sb set Load_Balancer lb0
> options:dynamic-routing-advertise=false
> +check_row_count Advertised_Route 0
> +
> +ovn-sbctl lflow-list lr0 > lr0_flows_off
> +AT_CHECK([grep -c 'lr_in_ip_routing.*172.16.1.10/32' lr0_flows_off || true],
> [0], [0
> +])
> +
> +OVN_CLEANUP_NORTHD
> +AT_CLEANUP
> +])
> +
> OVN_FOR_EACH_NORTHD_NO_HV([
> AT_SETUP([dynamic-routing - LB sync to sb IPv6])
> AT_KEYWORDS([dynamic-routing])
> --
> 2.53.0
>
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
