On Wed, Aug 28, 2019 at 7:27 AM Ankur Sharma <[email protected]>
wrote:
> Background:
> With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added
> support for E-W workflow for vlan backed DVRs.
>
> This series enables N-S workflow for vlan backed DVRs.
>
> Key difference between E-W and N-S traffic flow is that
> N-S flow requires a gateway chassis. A gateway chassis
> will be respondible for following:
> a. Doing Network Address Translation (NAT).
> b. Becoming entry and exit point for North->South
> and South->North traffic respectively.
>
> OVN by default always uses overlay encapsulation to redirect
> the packet to gateway chassis. This series will enable
> the redirection to gateway chassis in the absence of encapsulation.
>
> This patch:
> a. Make sure that ARP request for endpoint behind the gateway
> router port is sent from gateway chassis only and not from
> host(compute) chassis.
>
> b. This is achieved by adding a new logical flow in
> lr_in_arp_resolve at priority=50.
>
> c. This flow run on non gateway chassis and sets the destination
> mac to router port mac, if outport is a gateway chassis attached
> router port and redirect-type is set as "vlan".
> Example logical flow:
> table=9 (lr_in_arp_resolve ), priority=50 , match=(outport ==
> "router-to-underlay" && !is_chassis_resident("cr-router-to-underlay")),
> action=(eth.dst = 00:00:01:01:02:04; next;)
>
> d. This change is needed because other wise for non resolved ARPs,
> we will end up doing get_arp in host chassis. Doing so will
> have following issues:
> i. We want all the interation with North bound endpoints via
> gateway chassis only, doing so on host chassis will violate
> that.
>
> ii. With get_arp, ovn-controller will generate the ARP using router
> port's mac as source mac, which will lead us to the same issue,
> where router port mac will be going through continous mac moves
> in physical network. Worst, it would affect the redirection,
> since it uses router port mac as destination mac.
>
> Signed-off-by: Ankur Sharma <[email protected]>
>
Hi Ankur,
I applied this patch with some commit correction in the commit message and
below changes
******************
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0daf3271a..78246506c 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -3636,16 +3636,6 @@ lsp_is_external(const struct
nbrec_logical_switch_port *nbsp)
return !strcmp(nbsp->type, "external");
}
-/* Returns true if lrp has either gateway chassis or ha chassis group
- * attached to it. */
-static bool
-lrp_has_gateway(const struct nbrec_logical_router_port *nbrp)
-{
- return (nbrp->n_gateway_chassis ||
- (nbrp->ha_chassis_group &&
nbrp->ha_chassis_group->n_ha_chassis))
- ? true : false;
-}
-
static bool
build_dhcpv4_action(struct ovn_port *op, ovs_be32 offer_ip,
struct ds *options_action, struct ds *response_action,
@@ -7754,7 +7744,7 @@ build_lrouter_flows(struct hmap *datapaths, struct
hmap *ports,
}
}
- if (!op->derived && lrp_has_gateway(op->nbrp)) {
+ if (!op->derived && op->od->l3redirect_port) {
const char *redirect_type = smap_get(&op->nbrp->options,
"redirect-type");
if (redirect_type && !strcasecmp(redirect_type,
"bridged")) {
***********
Let me know if you think this isn't fine.
Thanks
Numan
> ---
> northd/ovn-northd.8.xml | 12 ++++++++++++
> northd/ovn-northd.c | 32 ++++++++++++++++++++++++++++++++
> 2 files changed, 44 insertions(+)
>
> diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> index d45bb15..442e899 100644
> --- a/northd/ovn-northd.8.xml
> +++ b/northd/ovn-northd.8.xml
> @@ -2239,6 +2239,18 @@ next;
> <code>get_nd(outport, xxreg0); next;</code>.
> </p>
> </li>
> +
> + <li>
> + <p>
> + For logical router port with redirect-chassis and redirect-type
> + being set as <code>bridged</code>, a priority-50 flow will match
> + <code>outport == "ROUTER_PORT" and !is_chassis_resident
> + ("cr-ROUTER_PORT")</code> has actions <code>eth.dst =
> <var>E</var>;
> + next;</code>, where <var>E</var> is the ethernet address of the
> + logical router port.
> + </p>
> + </li>
> +
> </ul>
>
> <h3>Ingress Table 9: Check packet length</h3>
> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> index 0a7f181..0daf327 100644
> --- a/northd/ovn-northd.c
> +++ b/northd/ovn-northd.c
> @@ -3636,6 +3636,16 @@ lsp_is_external(const struct
> nbrec_logical_switch_port *nbsp)
> return !strcmp(nbsp->type, "external");
> }
>
> +/* Returns true if lrp has either gateway chassis or ha chassis group
> + * attached to it. */
> +static bool
> +lrp_has_gateway(const struct nbrec_logical_router_port *nbrp)
> +{
> + return (nbrp->n_gateway_chassis ||
> + (nbrp->ha_chassis_group &&
> nbrp->ha_chassis_group->n_ha_chassis))
> + ? true : false;
> +}
> +
> static bool
> build_dhcpv4_action(struct ovn_port *op, ovs_be32 offer_ip,
> struct ds *options_action, struct ds *response_action,
> @@ -7743,6 +7753,28 @@ build_lrouter_flows(struct hmap *datapaths, struct
> hmap *ports,
> 100, ds_cstr(&match),
> ds_cstr(&actions));
> }
> }
> +
> + if (!op->derived && lrp_has_gateway(op->nbrp)) {
> + const char *redirect_type = smap_get(&op->nbrp->options,
> + "redirect-type");
> + if (redirect_type && !strcasecmp(redirect_type,
> "bridged")) {
> + /* Packet is on a non gateway chassis and
> + * has an unresolved ARP on a network behind gateway
> + * chassis attached router port. Since, redirect type
> + * is set to vlan, hence instead of calling "get_arp"
> + * on this node, we will redirect the packet to
> gateway
> + * chassis, by setting destination mac router port
> mac.*/
> + ds_clear(&match);
> + ds_put_format(&match, "outport == %s && "
> + "!is_chassis_resident(%s)",
> op->json_key,
> + op->od->l3redirect_port->json_key);
> + ds_clear(&actions);
> + ds_put_format(&actions, "eth.dst = %s; next;",
> + op->lrp_networks.ea_s);
> + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ARP_RESOLVE,
> + 50, ds_cstr(&match), ds_cstr(&actions));
> + }
> + }
> } else if (op->od->n_router_ports && strcmp(op->nbsp->type,
> "router")
> && strcmp(op->nbsp->type, "virtual")) {
> /* This is a logical switch port that backs a VM or a
> container.
> --
> 1.8.3.1
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
