On Mon, Dec 14, 2020 at 11:35 PM Mark Michelson <[email protected]> wrote: > > For the series, > > Acked-by: Mark Michelson <[email protected]> > > I think patch 1 should go into the 20.12 branch in addition to going > into master. >
Thanks for the reviews. I applied the series to master and the 1st patch to branch-20.12. I also added a NEWS entry for this which I missed while submitting the patches. Thanks Numan > On 12/11/20 2:10 PM, [email protected] wrote: > > From: Numan Siddique <[email protected]> > > > > Fixes: df4f37ea7f82("Policy-based routing (PBR) in OVN.) > > Fixes: a123ef0fb8fd("Support packet metadata marking for logical router > > policies.") > > Fixes: 4fdca656857d("Add ECMP symmetric replies.") > > > > Signed-off-by: Numan Siddique <[email protected]> > > --- > > > > v1 -> v2 -> v3 > > -------------- > > * No changes. > > > > northd/ovn-northd.8.xml | 86 ++++++++++++++++++++++++++++++++++++----- > > 1 file changed, 77 insertions(+), 9 deletions(-) > > > > diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml > > index 8bbe577b69..d86f36ea63 100644 > > --- a/northd/ovn-northd.8.xml > > +++ b/northd/ovn-northd.8.xml > > @@ -2714,7 +2714,25 @@ icmp6 { > > </li> > > </ul> > > > > - <h3>Ingress Table 7: IPv6 ND RA option processing</h3> > > + <h3>Ingress Table 7: ECMP symmetric reply processing</h3> > > + <ul> > > + <li> > > + If ECMP routes with symmetric reply are configured in the > > + <code>OVN_Northbound</code> database for a gateway router, a > > + priority-100 flow is added for each router port on which symmetric > > + replies are configured. The matching logic for these ports > > essentially > > + reverses the configured logic of the ECMP route. So for instance, a > > + route with a destination routing policy will instead match if the > > + source IP address matches the static route's prefix. The flow uses > > + the action <code>ct_commit { ct_label.ecmp_reply_eth = eth.src;" > > + " ct_label.ecmp_reply_port = <var>K</var>;}; next; </code> to > > commit > > + the connection and storing <code>eth.src</code> and the ECMP > > + reply port binding tunnel key <var>K</var> in the > > + <code>ct_label</code>. > > + </li> > > + </ul> > > + > > + <h3>Ingress Table 8: IPv6 ND RA option processing</h3> > > > > <ul> > > <li> > > @@ -2744,7 +2762,7 @@ reg0[5] = put_nd_ra_opts(<var>options</var>);next; > > </li> > > </ul> > > > > - <h3>Ingress Table 8: IPv6 ND RA responder</h3> > > + <h3>Ingress Table 9: IPv6 ND RA responder</h3> > > > > <p> > > This table implements IPv6 ND RA responder for the IPv6 ND RA > > replies > > @@ -2789,7 +2807,7 @@ output; > > </li> > > </ul> > > > > - <h3>Ingress Table 9: IP Routing</h3> > > + <h3>Ingress Table 10: IP Routing</h3> > > > > <p> > > A packet that arrives at this table is an IP packet that should be > > @@ -2952,7 +2970,7 @@ select(reg8[16..31], <var>MID1</var>, > > <var>MID2</var>, ...); > > </li> > > </ul> > > > > - <h3>Ingress Table 10: IP_ROUTING_ECMP</h3> > > + <h3>Ingress Table 11: IP_ROUTING_ECMP</h3> > > > > <p> > > This table implements the second part of IP routing for ECMP routes > > @@ -3004,7 +3022,57 @@ outport = <var>P</var>; > > </li> > > </ul> > > > > - <h3>Ingress Table 12: ARP/ND Resolution</h3> > > + <h3>Ingress Table 12: Router policies</h3> > > + <p> > > + This table adds flows for the logical router policies configured > > + on the logical router. Please see the > > + <code>OVN_Northbound</code> database > > <code>Logical_Router_Policy</code> > > + table documentation in <code>ovn-nb</code> for supported actions. > > + </p> > > + > > + <ul> > > + <li> > > + <p> > > + For each router policy configured on the logical router, a > > + logical flow is added with specified priority, match and > > + actions. > > + </p> > > + </li> > > + > > + <li> > > + <p> > > + If the policy action is <code>reroute</code>, then the logical > > + flow is added with the following actions: > > + </p> > > + > > + <pre> > > +[xx]reg0 = <var>H</var>; > > +eth.src = <var>E</var>; > > +outport = <var>P</var>; > > +flags.loopback = 1; > > +next; > > + </pre> > > + > > + <p> > > + where <var>H</var> is the <code>nexthop </code> defined in the > > + router policy, <var>E</var> is the ethernet address of the > > + logical router port from which the <code>nexthop</code> is > > + reachable and <var>P</var> is the logical router port from > > + which the <code>nexthop</code> is reachable. > > + </p> > > + </li> > > + > > + <li> > > + <p> > > + If a router policy has the option > > <code>pkt_mark=<var>m</var></code> > > + set and if the action is <code>not</code> drop, then the action > > also > > + includes <code>pkt.mark = <var>m</var></code> to mark the packet > > + with the marker <var>m</var>. > > + </p> > > + </li> > > + </ul> > > + > > + <h3>Ingress Table 13: ARP/ND Resolution</h3> > > > > <p> > > Any packet that reaches this table is an IP packet whose next-hop > > @@ -3190,7 +3258,7 @@ outport = <var>P</var>; > > > > </ul> > > > > - <h3>Ingress Table 13: Check packet length</h3> > > + <h3>Ingress Table 14: Check packet length</h3> > > > > <p> > > For distributed logical routers with distributed gateway port > > configured > > @@ -3220,7 +3288,7 @@ REGBIT_PKT_LARGER = check_pkt_larger(<var>L</var>); > > next; > > and advances to the next table. > > </p> > > > > - <h3>Ingress Table 14: Handle larger packets</h3> > > + <h3>Ingress Table 15: Handle larger packets</h3> > > > > <p> > > For distributed logical routers with distributed gateway port > > configured > > @@ -3281,7 +3349,7 @@ icmp6 { > > and advances to the next table. > > </p> > > > > - <h3>Ingress Table 15: Gateway Redirect</h3> > > + <h3>Ingress Table 16: Gateway Redirect</h3> > > > > <p> > > For distributed logical routers where one of the logical router > > @@ -3321,7 +3389,7 @@ icmp6 { > > </li> > > </ul> > > > > - <h3>Ingress Table 16: ARP Request</h3> > > + <h3>Ingress Table 17: ARP Request</h3> > > > > <p> > > In the common case where the Ethernet destination has been > > resolved, this > > > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
