On 11/17/20 3:28 PM, [email protected] wrote: > From: Numan Siddique <[email protected]> > > This patch makes use of the new hairpin OVN actions - chk_lb_hairpin, > chk_lb_hairpin_reply > and ct_snat_to_vip. > > Suppose there are 'm' load balancers associated to a logical switch and each > load balancer > has 'n' VIPs and each VIP has 'p' backends then ovn-northd adds (m * ((n * p) > + n)) > hairpin logical flows. After this patch, ovn-northd adds just 5 hairpin > logical flows. > > With this patch number of hairpin related OF flows on a chassis are almost > the same as before, > but in a large scale deployment, this reduces memory consumption and load on > ovn-northd and > SB DB ovsdb-servers. > > Signed-off-by: Numan Siddique <[email protected]> > --- > northd/ovn-northd.8.xml | 65 +++++++++++----- > northd/ovn-northd.c | 160 +++++++++++++--------------------------- > tests/ovn-northd.at | 28 +++---- > tests/ovn.at | 2 +- > 4 files changed, 116 insertions(+), 139 deletions(-) > > diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml > index b37cecd381..8c0a4a98f5 100644 > --- a/northd/ovn-northd.8.xml > +++ b/northd/ovn-northd.8.xml > @@ -718,24 +718,55 @@ > <h3>Ingress Table 12: Pre-Hairpin</h3> > <ul> > <li> > - For all configured load balancer VIPs a priority-2 flow that > - matches on traffic that needs to be hairpinned, i.e., after load > - balancing the destination IP matches the source IP, which sets > - <code>reg0[6] = 1 </code> and executes <code>ct_snat(VIP)</code> > - to force replies to these packets to come back through OVN. > + If the logical switch has load balancer(s) configured, then a > + priorirty-100 flow is added with the match > + <code>ip && ct.trk&& ct.dnat</code> to check if the > + packet needs to be hairpinned ( if after load balancing the > destination
Nit: s/( if/(if/ > + IP matches the source IP) or not by executing the action > + <code>reg0[6] = chk_lb_hairpin();</code> and advances the packet to > + the next table. > + </li> > + > + <li> > + If the logical switch has load balancer(s) configured, then a > + priorirty-90 flow is added with the match <code>ip</code> to check if > + the packet is a reply for a hairpinned connection or not by executing > + the action <code>reg0[6] = chk_lb_hairpin_reply();</code> and > advances > + the packet to the next table. > </li> > + > <li> > - For all configured load balancer VIPs a priority-1 flow that > - matches on replies to hairpinned traffic, i.e., destination IP is > VIP, > - source IP is the backend IP and source L4 port is backend port, which > - sets <code>reg0[6] = 1 </code> and executes <code>ct_snat;</code>. > + A priority-0 flow that simply moves traffic to the next table. > </li> > + </ul> > + > + <h3>Ingress Table 13: Nat-Hairpin</h3> > + <ul> > + <li> > + If the logical switch has load balancer(s) configured, then a > + priorirty-100 flow is added with the match > + <code>ip && (ct.new || ct.est) && ct.trk && > + ct.dnat && reg0[6] == 1</code> which hairpins the traffic by > + NATting source IP to the load balancer VIP by executing the action > + <code>ct_snat_to_vip</code> and advances the packet to the next > table. > + </li> > + > + <li> > + If the logical switch has load balancer(s) configured, then a > + priorirty-90 flow is added with the match > + <code>ip && reg0[6] == 1</code> which matches on the replies > + of hairpinned traffic ( i.e., destination IP is VIP, Nit: s/( i.e./(i.e./ Otherwise, this patch looks good to me, thanks! Acked-by: Dumitru Ceara <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
