On 1/20/20 2:25 PM, Numan Siddique wrote: > On Thu, Jan 16, 2020 at 9:08 PM Dumitru Ceara <[email protected]> wrote: >> >> In case a VIF is trying to connect to a load balancer VIP that includes in >> its backends the VIF itself, traffic would get DNAT-ed, ct_lb(VIP), but >> when it reaches the VIF, the VIF will try to reply locally as the source IP >> is known to be local. For this kind of hairpinning to work properly, reply >> traffic must be sent back through OVN and the way to enforce that is to >> perform SNAT (VIF source IP -> VIP) on hairpinned packets. >> >> For load balancers configured on gateway logical routers we already have the >> possibility of using 'lb_force_snat_ip' but for load balancers configured >> on logical switches there's no such configuration. >> >> For this second case we take an automatic approach which determines if >> load balanced traffic needs to be hairpinned and execute the SNAT. To achieve >> this, two new stages are added to the logical switch ingress pipeline: >> - Ingress Table 11: Pre-Hairpin: which matches on load balanced traffic >> coming from VIFs that needs to be hairpinned and sets REGBIT_HAIRPIN >> (reg0[6]) to 1. If the traffic is in the direction that initiated the >> connection then 'ct_snat(VIP)' is performed, otherwise 'ct_snat' is >> used to unSNAT replies. >> - Ingress Table 12: Hairpin: which hairpins packets at L2 (swaps Ethernet >> addresses and loops traffic back on the ingress port) if REGBIT_HAIRPIN >> is 1. >> >> Also, update all references to logical switch ingress pipeline tables to use >> the correct indices. >> >> Reported-at: https://github.com/ovn-org/ovn-kubernetes/issues/817 >> Signed-off-by: Dumitru Ceara <[email protected]> >> --- >> northd/ovn-northd.8.xml | 57 ++++++++-- >> northd/ovn-northd.c | 260 >> ++++++++++++++++++++++++++++++--------------- >> tests/ovn.at | 209 ++++++++++++++++++++++++++++++++---- >> utilities/ovn-trace.8.xml | 4 - >> 4 files changed, 406 insertions(+), 124 deletions(-) > > Hi Dumitru, > > The patch LGTM. I have a small comment below, please take a look. > > Can you please add or enhance the system tests in system-ovn.at to > handle this scenario ? > > Thanks > Numan >
Thanks for reviewing this Numan. V2 posted at https://patchwork.ozlabs.org/patch/1230876/ includes system tests for LB hairpinning and addresses your comments. Regards, Dumitru _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
