Similar to gw routers, group together distributed router for processing them in build_lrouter_nat_flows_for_lb routine.
Signed-off-by: Lorenzo Bianconi <[email protected]> --- northd/northd.c | 96 +++++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 47 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 5992f5543..afe723adb 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -9957,6 +9957,10 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip *lb_vip, xcalloc(lb->n_nb_lr, sizeof *gw_router); int n_gw_router = 0; + struct ovn_datapath **distributed_router = + xcalloc(lb->n_nb_lr, sizeof *distributed_router); + int n_distributed_router = 0; + /* Group gw router since we do not have datapath dependency in * lflow generation for them. */ @@ -9971,9 +9975,29 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip *lb_vip, } else { gw_router[n_gw_router++] = od; } + } else { + distributed_router[n_distributed_router++] = od; + } + + if (sset_contains(&od->external_ips, lb_vip->vip_str)) { + /* The load balancer vip is also present in the NAT entries. + * So add a high priority lflow to advance the the packet + * destined to the vip (and the vip port if defined) + * in the S_ROUTER_IN_UNSNAT stage. + * There seems to be an issue with ovs-vswitchd. When the new + * connection packet destined for the lb vip is received, + * it is dnat'ed in the S_ROUTER_IN_DNAT stage in the dnat + * conntrack zone. For the next packet, if it goes through + * unsnat stage, the conntrack flags are not set properly, and + * it doesn't hit the established state flows in + * S_ROUTER_IN_DNAT stage. */ + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, 120, + ds_cstr(&unsnat_match), "next;", + &lb->nlb->header_); } } + /* GW router logic */ build_gw_lrouter_nat_flows_for_lb(lb, gw_router_skip_snat, n_gw_router_skip_snat, reject, new_match, skip_snat_new_action, est_match, @@ -9991,8 +10015,9 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip *lb_vip, reject, new_match, ds_cstr(action), est_match, "next;", lflows, prio, meter_groups); - for (size_t i = 0; i < lb->n_nb_lr; i++) { - struct ovn_datapath *od = lb->nb_lr[i]; + /* Distributed router logic */ + for (size_t i = 0; i < n_distributed_router; i++) { + struct ovn_datapath *od = distributed_router[i]; char *new_match_p = new_match; char *est_match_p = est_match; const char *meter = NULL; @@ -10004,25 +10029,7 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip *lb_vip, meter = copp_meter_get(COPP_REJECT, od->nbr->copp, meter_groups); } - if (sset_contains(&od->external_ips, lb_vip->vip_str)) { - /* The load balancer vip is also present in the NAT entries. - * So add a high priority lflow to advance the the packet - * destined to the vip (and the vip port if defined) - * in the S_ROUTER_IN_UNSNAT stage. - * There seems to be an issue with ovs-vswitchd. When the new - * connection packet destined for the lb vip is received, - * it is dnat'ed in the S_ROUTER_IN_DNAT stage in the dnat - * conntrack zone. For the next packet, if it goes through - * unsnat stage, the conntrack flags are not set properly, and - * it doesn't hit the established state flows in - * S_ROUTER_IN_DNAT stage. */ - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_UNSNAT, 120, - ds_cstr(&unsnat_match), "next;", - &lb->nlb->header_); - } - - if (od->n_l3dgw_ports && - (lb_vip->n_backends || !lb_vip->empty_backend_rej)) { + if (lb_vip->n_backends || !lb_vip->empty_backend_rej) { new_match_p = xasprintf("%s && is_chassis_resident(%s)", new_match, od->l3dgw_ports[0]->cr_port->json_key); @@ -10032,33 +10039,27 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip *lb_vip, } if (lb_skip_snat) { - if (od->n_l3dgw_ports) { - ovn_lflow_add_with_hint__(lflows, od, S_ROUTER_IN_DNAT, prio, - new_match_p, skip_snat_new_action, - NULL, meter, &lb->nlb->header_); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, - est_match_p, skip_snat_est_action, - &lb->nlb->header_); - } + ovn_lflow_add_with_hint__(lflows, od, S_ROUTER_IN_DNAT, prio, + new_match_p, skip_snat_new_action, + NULL, meter, &lb->nlb->header_); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + est_match_p, skip_snat_est_action, + &lb->nlb->header_); } else if (is_dp_lb_force_snat) { - if (od->n_l3dgw_ports) { - ovn_lflow_add_with_hint__(lflows, od, S_ROUTER_IN_DNAT, prio, - new_match_p, new_actions, NULL, - meter, &lb->nlb->header_); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, - est_match_p, - "flags.force_snat_for_lb = 1; next;", - &lb->nlb->header_); - } + ovn_lflow_add_with_hint__(lflows, od, S_ROUTER_IN_DNAT, prio, + new_match_p, new_actions, NULL, + meter, &lb->nlb->header_); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + est_match_p, + "flags.force_snat_for_lb = 1; next;", + &lb->nlb->header_); } else { - if (od->n_l3dgw_ports) { - ovn_lflow_add_with_hint__(lflows, od, S_ROUTER_IN_DNAT, prio, - new_match_p, ds_cstr(action), NULL, - meter, &lb->nlb->header_); - ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, - est_match_p, "next;", - &lb->nlb->header_); - } + ovn_lflow_add_with_hint__(lflows, od, S_ROUTER_IN_DNAT, prio, + new_match_p, ds_cstr(action), NULL, + meter, &lb->nlb->header_); + ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, prio, + est_match_p, "next;", + &lb->nlb->header_); } if (new_match_p != new_match) { @@ -10068,7 +10069,7 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip *lb_vip, free(est_match_p); } - if (!od->n_l3dgw_ports || !lb_vip->n_backends) { + if (!lb_vip->n_backends) { continue; } @@ -10106,6 +10107,7 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip *lb_vip, free(gw_router_force_snat); free(gw_router_skip_snat); + free(distributed_router); free(gw_router); } -- 2.35.3 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
