[ovs-dev] [PATCH ovn] northd: do not insert identical lflows in S_ROUTER_IN_ARP_RESOLVE

Wed, 11 Mar 2020 09:42:28 -0700 

Avoid to configure multiple identical logical flows in
S_ROUTER_IN_ARP_RESOLVE stage. This can happen adding L2 destination
address info about snat since multiple nat entries will use the same
external_ip

Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com>
---
 northd/ovn-northd.c | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index d42a9892a..921fe1865 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -8614,6 +8614,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
             continue;
         }
 
+        struct sset nat_entries = SSET_INITIALIZER(&nat_entries);
+
         struct v46_ip snat_ip, lb_snat_ip;
         const char *dnat_force_snat_ip = get_force_snat_ip(od, "dnat",
                                                            &snat_ip);
@@ -8839,20 +8841,24 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
                                             &nat->header_);
                 }
 
-                ds_clear(&match);
-                ds_put_format(
-                    &match, "outport == %s && %s == %s",
-                    od->l3dgw_port->json_key,
-                    is_v6 ? "xxreg0" : "reg0", nat->external_ip);
-                ds_clear(&actions);
-                ds_put_format(
-                    &actions, "eth.dst = %s; next;",
-                    distributed ? nat->external_mac :
-                    od->l3dgw_port->lrp_networks.ea_s);
-                ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ARP_RESOLVE,
-                                        100, ds_cstr(&match),
-                                        ds_cstr(&actions),
-                                        &nat->header_);
+                if (!sset_contains(&nat_entries, nat->external_ip)) {
+                    ds_clear(&match);
+                    ds_put_format(
+                        &match, "outport == %s && %s == %s",
+                        od->l3dgw_port->json_key,
+                        is_v6 ? "xxreg0" : "reg0", nat->external_ip);
+                    ds_clear(&actions);
+                    ds_put_format(
+                        &actions, "eth.dst = %s; next;",
+                        distributed ? nat->external_mac :
+                        od->l3dgw_port->lrp_networks.ea_s);
+                    ovn_lflow_add_with_hint(lflows, od,
+                                            S_ROUTER_IN_ARP_RESOLVE,
+                                            100, ds_cstr(&match),
+                                            ds_cstr(&actions),
+                                            &nat->header_);
+                    sset_add(&nat_entries, nat->external_ip);
+                }
             }
 
             /* Egress UNDNAT table: It is for already established connections'
@@ -9033,6 +9039,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap 
*ports,
             }
         }
 
+        sset_destroy(&nat_entries);
+
         /* Handle force SNAT options set in the gateway router. */
         if (dnat_force_snat_ip && !od->l3dgw_port) {
             /* If a packet with destination IP address as that of the
-- 
2.24.1

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to