This series adds ARP/ND suppression for EVPN-enabled logical
switches. When a broadcast ARP request or multicast ND
solicitation targets an IP address that was learned via EVPN,
OVN now generates proxy-reply flows instead of flooding the
request to remote VTEPs.
Problem
-------
In EVPN deployments, every broadcast ARP request and multicast
ND solicitation is flooded across VXLAN tunnels to all remote
VTEPs. This wastes bandwidth on the overlay fabric and adds
latency to address resolution. The remote VTEPs already
advertised their MAC/IP bindings via EVPN type-2 routes, so the
local switch has enough information to answer on their behalf.
Approach
--------
The solution introduces a dedicated OpenFlow side table
(table 113) populated with EVPN-learned MAC/IP bindings. A new
chk_evpn_arp() action performs a lookup in this table. If the
target IP is found, the resolved MAC is loaded into eth.dst and
a regbit flag is set. The northd pipeline then uses the flag to
generate a proxy ARP reply or ND NA reply directly on the
ingress switch, short-circuiting the flood.
Patch breakdown
---------------
1/5 tests: Replace hardcoded table numbers with OFTABLE macros
in ovn.at.
Preparatory cleanup. A few test cases used raw OpenFlow
table numbers; replace them with OFTABLE_* m4 macros so
that the tests adapt automatically when table assignments
change.
2/5 controller: Add room between OpenFlow table stages.
Shift the output-implementation, egress, and post-egress
table regions to leave comfortable gaps between them. This
prevents table-number collisions when new stages are added
(as this series does) and removes the need for cascading
renumbering.
3/5 actions: Add chk_evpn_arp action and EVPN side table.
Infrastructure patch. Defines OFTABLE_EVPN_ARP_LOOKUP
(table 113), the OVNACT for chk_evpn_arp(), and the
parse/format/encode/free functions. Also adds an
ovn-trace stub. No flows use the action yet.
4/5 controller: Populate EVPN ARP side table for logical
switches.
Extends physical_consider_evpn_arp() to install flows in
the EVPN side table for the switch datapath. Each flow
matches on metadata + IP address and loads the resolved
MAC into eth.dst on a hit.
5/5 northd: Add EVPN ARP/ND suppression for logical switches.
Adds a pre-lookup stage (ls_in_arp_nd_pre_lookup) and
EVPN suppression response flows in ls_in_arp_rsp. The
pre-lookup calls chk_evpn_arp(); the response flows
generate proxy ARP/ND replies when the lookup succeeds.
Testing
-------
- Unit tests in ovn-northd.at verify the generated logical
flows for the new pipeline stage.
- Integration tests in ovn.at verify the chk_evpn_arp action
encoding.
- A system test in system-ovn.at exercises the full ARP
suppression path end-to-end with an EVPN-enabled switch
topology.
Ales Musil (5):
tests: Replace hardcoded table numbers with OFTABLE macros in ovn.at.
controller: Add room between OpenFlow table stages.
actions: Add chk_evpn_arp action and EVPN side table.
controller: Populate EVPN ARP side table for logical switches.
northd: Add EVPN ARP/ND suppression for logical switches.
Documentation/ref/ovn-logical-flows.7.rst | 72 ++++++++---
NEWS | 6 +
controller/lflow.c | 1 +
controller/lflow.h | 76 ++++++-----
controller/physical.c | 151 ++++++++++++++--------
include/ovn/actions.h | 10 ++
include/ovn/logical-fields.h | 4 +
lib/actions.c | 78 +++++++++++
lib/ovn-util.c | 4 +-
lib/ovn-util.h | 2 +-
northd/northd.c | 83 ++++++++++++
northd/northd.h | 18 +--
ovn-architecture.7.xml | 124 +++++++++---------
ovn-sb.ovsschema | 6 +-
ovn-sb.xml | 41 ++++++
tests/ovn-macros.at | 64 ++++-----
tests/ovn-northd.at | 39 ++++++
tests/ovn.at | 62 ++++++---
tests/system-ovn.at | 137 ++++++++++++++++++++
tests/test-ovn.c | 1 +
utilities/ovn-trace.c | 37 ++++++
21 files changed, 784 insertions(+), 232 deletions(-)
--
2.54.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
