For the case when multiple LBs (same VIP but different port) share the
same subset of backends we need to differentiate between them by also
matching on the L4 port. Without that affinity configuration from one
load balancer might be incorrectly applied to another.
Adapt the unit and system tests to cover this scenario too.
Fixes: d3926b433e44 ("northd: rely on new actions for lb affinity")
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2150533
Reported-by: Surya Seetharaman <[email protected]>
Signed-off-by: Dumitru Ceara <[email protected]>
---
northd/northd.c | 48 +++++++++++++++++++++++++++-----------
tests/ovn-northd.at | 8 +++----
tests/system-ovn.at | 57 ++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 95 insertions(+), 18 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index 74facce7ac..27047ff74b 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -6984,13 +6984,15 @@ build_lb_rules_pre_stateful(struct hmap *lflows, struct
ovn_northd_lb *lb,
* table=lr_in_lb_aff_learn, priority=100
* match=(REGBIT_KNOWN_LB_SESSION == 0
* && ct.new && ip4
- * && REG_ORIG_DIP_IPV4 == V && ip4.dst == B1 && tcp.dst == BP1)
+ * && REG_NEXT_HOP_IPV4 == V && REG_ORIG_TP_DPORT_ROUTER = VP
+ * && ip4.dst == B1 && tcp.dst == BP1)
* action=(commit_lb_aff(vip = "V:VP", backend = "B1:BP1",
* proto = tcp, timeout = T));
* table=lr_in_lb_aff_learn, priority=100
* match=(REGBIT_KNOWN_LB_SESSION == 0
* && ct.new && ip4
- * && REG_ORIG_DIP_IPV4 == V && ip4.dst == B2 && tcp.dst == BP2)
+ * && REG_NEXT_HOP_IPV4 == V && REG_ORIG_TP_DPORT_ROUTER = VP
+ * && ip4.dst == B2 && tcp.dst == BP2)
* action=(commit_lb_aff(vip = "V:VP", backend = "B2:BP2",
* proto = tcp, timeout = T));
*
@@ -7032,6 +7034,7 @@ build_lb_affinity_lr_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
const char *ip_match = ipv6 ? "ip6" : "ip4";
const char *reg_vip = ipv6 ? REG_NEXT_HOP_IPV6 : REG_NEXT_HOP_IPV4;
+ const char *reg_port = REG_ORIG_TP_DPORT_ROUTER;
const char *reg_backend =
ipv6 ? REG_LB_L3_AFF_BACKEND_IP6 : REG_LB_AFF_BACKEND_IP4;
@@ -7040,7 +7043,7 @@ build_lb_affinity_lr_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
ds_put_cstr(&aff_action_learn, "commit_lb_aff(vip = \"");
if (lb_vip->vip_port) {
- ds_put_format(&aff_action_learn, ipv6 ? "[%s]:%d" : "%s:%d",
+ ds_put_format(&aff_action_learn, ipv6 ? "[%s]:%"PRIu16 : "%s:%"PRIu16,
lb_vip->vip_str, lb_vip->vip_port);
} else {
ds_put_cstr(&aff_action_learn, lb_vip->vip_str);
@@ -7053,9 +7056,17 @@ build_lb_affinity_lr_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
ds_put_cstr(&aff_action_learn, "\", backend = \"");
/* Prepare common part of affinity learn match. */
- ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
- "ct.new && %s && %s == %s && %s.dst == ", ip_match,
- reg_vip, lb_vip->vip_str, ip_match);
+ if (lb_vip->vip_port) {
+ ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
+ "ct.new && %s && %s == %s && "
+ "%s == %"PRIu16" && %s.dst == ", ip_match,
+ reg_vip, lb_vip->vip_str,
+ reg_port, lb_vip->vip_port, ip_match);
+ } else {
+ ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
+ "ct.new && %s && %s == %s && %s.dst == ", ip_match,
+ reg_vip, lb_vip->vip_str, ip_match);
+ }
/* Prepare common part of affinity match. */
ds_put_format(&aff_match, REGBIT_KNOWN_LB_SESSION" == 1 && "
@@ -7172,13 +7183,15 @@ build_lb_affinity_lr_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
* table=ls_in_lb_aff_learn, priority=100
* match=(REGBIT_KNOWN_LB_SESSION == 0
* && ct.new && ip4
- * && REG_ORIG_DIP_IPV4 == V && ip4.dst == B1 && tcp.dst == BP1)
+ * && REG_ORIG_DIP_IPV4 == V && REG_ORIG_TP_DPORT == VP
+ * && ip4.dst == B1 && tcp.dst == BP1)
* action=(commit_lb_aff(vip = "V:VP", backend = "B1:BP1",
* proto = tcp, timeout = T));
* table=ls_in_lb_aff_learn, priority=100
* match=(REGBIT_KNOWN_LB_SESSION == 0
* && ct.new && ip4
- * && REG_ORIG_DIP_IPV4 == V && ip4.dst == B2 && tcp.dst == BP2)
+ * && REG_ORIG_DIP_IPV4 == V && REG_ORIG_TP_DPORT == VP
+ * && ip4.dst == B2 && tcp.dst == BP2)
* action=(commit_lb_aff(vip = "V:VP", backend = "B2:BP2",
* proto = tcp, timeout = T));
*
@@ -7236,6 +7249,7 @@ build_lb_affinity_ls_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
const char *ip_match = ipv6 ? "ip6" : "ip4";
const char *reg_vip = ipv6 ? REG_ORIG_DIP_IPV6 : REG_ORIG_DIP_IPV4;
+ const char *reg_port = REG_ORIG_TP_DPORT;
const char *reg_backend =
ipv6 ? REG_LB_L2_AFF_BACKEND_IP6 : REG_LB_AFF_BACKEND_IP4;
@@ -7245,9 +7259,9 @@ build_lb_affinity_ls_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
ds_put_cstr(&aff_action_learn, "commit_lb_aff(vip = \"");
if (lb_vip->vip_port) {
- ds_put_format(&aff_action, REG_ORIG_TP_DPORT" = %d; ",
+ ds_put_format(&aff_action, REG_ORIG_TP_DPORT" = %"PRIu16"; ",
lb_vip->vip_port);
- ds_put_format(&aff_action_learn, ipv6 ? "[%s]:%d" : "%s:%d",
+ ds_put_format(&aff_action_learn, ipv6 ? "[%s]:%"PRIu16 : "%s:%"PRIu16,
lb_vip->vip_str, lb_vip->vip_port);
} else {
ds_put_cstr(&aff_action_learn, lb_vip->vip_str);
@@ -7257,9 +7271,17 @@ build_lb_affinity_ls_flows(struct hmap *lflows, struct
ovn_northd_lb *lb,
ds_put_cstr(&aff_action_learn, "\", backend = \"");
/* Prepare common part of affinity learn match. */
- ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
- "ct.new && %s && %s == %s && %s.dst == ", ip_match,
- reg_vip, lb_vip->vip_str, ip_match);
+ if (lb_vip->vip_port) {
+ ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
+ "ct.new && %s && %s == %s && "
+ "%s == %"PRIu16" && %s.dst == ",
+ ip_match, reg_vip, lb_vip->vip_str,
+ reg_port, lb_vip->vip_port, ip_match);
+ } else {
+ ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
+ "ct.new && %s && %s == %s && %s.dst == ",
+ ip_match, reg_vip, lb_vip->vip_str, ip_match);
+ }
/* Prepare common part of affinity match. */
ds_put_format(&aff_match, REGBIT_KNOWN_LB_SESSION" == 1 && "
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index 9a76ca3409..ca4263eac0 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -8023,8 +8023,8 @@ AT_CHECK([grep "ls_in_lb " S0flows | sort], [0], [dnl
])
AT_CHECK([grep "ls_in_lb_aff_learn" S0flows | sort], [0], [dnl
table=13(ls_in_lb_aff_learn ), priority=0 , match=(1), action=(next;)
- table=13(ls_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
ct.new && ip4 && reg1 == 172.16.0.10 && ip4.dst == 10.0.0.2 && tcp.dst == 80),
action=(commit_lb_aff(vip = "172.16.0.10:80", backend = "10.0.0.2:80", proto =
tcp, timeout = 60); /* drop */)
- table=13(ls_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
ct.new && ip4 && reg1 == 172.16.0.10 && ip4.dst == 20.0.0.2 && tcp.dst == 80),
action=(commit_lb_aff(vip = "172.16.0.10:80", backend = "20.0.0.2:80", proto =
tcp, timeout = 60); /* drop */)
+ table=13(ls_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
ct.new && ip4 && reg1 == 172.16.0.10 && reg2[[0..15]] == 80 && ip4.dst ==
10.0.0.2 && tcp.dst == 80), action=(commit_lb_aff(vip = "172.16.0.10:80",
backend = "10.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
+ table=13(ls_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
ct.new && ip4 && reg1 == 172.16.0.10 && reg2[[0..15]] == 80 && ip4.dst ==
20.0.0.2 && tcp.dst == 80), action=(commit_lb_aff(vip = "172.16.0.10:80",
backend = "20.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
])
AS_BOX([Test LR flows])
@@ -8045,8 +8045,8 @@ AT_CHECK([grep "lr_in_dnat " R1flows | sort], [0], [dnl
])
AT_CHECK([grep "lr_in_lb_aff_learn" R1flows | sort], [0], [dnl
table=8 (lr_in_lb_aff_learn ), priority=0 , match=(1), action=(next;)
- table=8 (lr_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
ct.new && ip4 && reg0 == 172.16.0.10 && ip4.dst == 10.0.0.2 && tcp.dst == 80),
action=(commit_lb_aff(vip = "172.16.0.10:80", backend = "10.0.0.2:80", proto =
tcp, timeout = 60); /* drop */)
- table=8 (lr_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
ct.new && ip4 && reg0 == 172.16.0.10 && ip4.dst == 20.0.0.2 && tcp.dst == 80),
action=(commit_lb_aff(vip = "172.16.0.10:80", backend = "20.0.0.2:80", proto =
tcp, timeout = 60); /* drop */)
+ table=8 (lr_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
ct.new && ip4 && reg0 == 172.16.0.10 && reg9[[16..31]] == 80 && ip4.dst ==
10.0.0.2 && tcp.dst == 80), action=(commit_lb_aff(vip = "172.16.0.10:80",
backend = "10.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
+ table=8 (lr_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
ct.new && ip4 && reg0 == 172.16.0.10 && reg9[[16..31]] == 80 && ip4.dst ==
20.0.0.2 && tcp.dst == 80), action=(commit_lb_aff(vip = "172.16.0.10:80",
backend = "20.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
])
AS_BOX([Test LR flows - skip_snat=true])
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 3e904c9dcb..b99578b9e1 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -8583,8 +8583,12 @@ ovn-nbctl lsp-add bar bar2 \
ovn-nbctl lb-add lb0 172.16.1.100:8080 192.168.1.2:80,192.168.2.2:80
ovn-nbctl lb-add lb10 172.16.1.110:8080 192.168.1.2:80,192.168.2.2:80
+ovn-nbctl lb-add lb0-no-aff 172.16.1.100:8081 192.168.1.2:80,192.168.2.2:80
+ovn-nbctl lb-add lb10-no-aff 172.16.1.110:8081 192.168.1.2:80,192.168.2.2:80
ovn-nbctl lr-lb-add R2 lb0
ovn-nbctl lr-lb-add R2 lb10
+ovn-nbctl lr-lb-add R2 lb0-no-aff
+ovn-nbctl lr-lb-add R2 lb10-no-aff
# Start webservers in 'foo1', 'bar1'.
NETNS_DAEMONIZE([foo1], [nc -l -k 192.168.1.2 80], [nc-foo1.pid])
@@ -8636,17 +8640,22 @@ n2=$(ovs-ofctl dump-flows br-int table=15 |awk
'/priority=150,ct_state=\+new\+tr
echo $?
}
AT_CHECK([test $(check_affinity_flows) -eq 0])
+NS_CHECK_EXEC([alice1], [nc -z 172.16.1.100 8081])
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
ovn-nbctl lb-add lb1 172.16.1.101:8080 192.168.1.2:80,192.168.2.2:80
ovn-nbctl lb-add lb11 172.16.1.111:8080 192.168.1.2:80,192.168.2.2:80
+ovn-nbctl lb-add lb1-no-aff 172.16.1.101:8081 192.168.1.2:80,192.168.2.2:80
+ovn-nbctl lb-add lb11-no-aff 172.16.1.111:8081 192.168.1.2:80,192.168.2.2:80
# Enable lb affinity
ovn-nbctl --wait=sb set load_balancer lb1 options:affinity_timeout=3
-ovn-nbctl --wait=sb set load_balancer lb1 options:affinity_timeout=3
+ovn-nbctl --wait=sb set load_balancer lb11 options:affinity_timeout=3
ovn-nbctl lr-lb-add R2 lb1
ovn-nbctl lr-lb-add R2 lb11
+ovn-nbctl lr-lb-add R2 lb1-no-aff
+ovn-nbctl lr-lb-add R2 lb11-no-aff
# check we use both backends
for i in $(seq 1 15); do
@@ -8661,6 +8670,7 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
tcp,orig=(src=172.16.1.2,dst=172.16.1.101,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=172.16.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
tcp,orig=(src=172.16.1.2,dst=172.16.1.101,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=172.16.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([alice1], [nc -z 172.16.1.101 8081])
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
@@ -8669,10 +8679,14 @@ NETNS_DAEMONIZE([bar2], [nc -l -k 192.168.2.3 80],
[nc-bar2.pid])
ovn-nbctl lb-add lb2 192.168.2.100:8080 192.168.2.2:80,192.168.2.3:80
ovn-nbctl lb-add lb20 192.168.2.120:8080 192.168.2.2:80,192.168.2.3:80
+ovn-nbctl lb-add lb2-no-aff 192.168.2.100:8081 192.168.2.2:80,192.168.2.3:80
+ovn-nbctl lb-add lb20-no-aff 192.168.2.120:8081 192.168.2.2:80,192.168.2.3:80
ovn-nbctl --wait=sb set load_balancer lb2 options:affinity_timeout=60
ovn-nbctl --wait=sb set load_balancer lb20 options:affinity_timeout=60
ovn-nbctl ls-lb-add foo lb2
ovn-nbctl ls-lb-add foo lb20
+ovn-nbctl ls-lb-add foo lb2-no-aff
+ovn-nbctl ls-lb-add foo lb20-no-aff
for i in $(seq 1 15); do
echo Request $i
@@ -8683,16 +8697,21 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack |
FORMAT_CT(192.168.2.100) |
sed -e 's/zone=[[0-9]]*/zone=<cleared>/;
s/src=192.168.2.[[0-9]]/src=192.168.2.<cleared>/'], [0], [dnl
tcp,orig=(src=192.168.1.2,dst=192.168.2.100,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.<cleared>,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([foo1], [nc -z 192.168.2.100 8081])
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
ovn-nbctl lb-add lb3 192.168.2.101:8080 192.168.2.2:80,192.168.2.3:80
ovn-nbctl lb-add lb30 192.168.2.131:8080 192.168.2.2:80,192.168.2.3:80
+ovn-nbctl lb-add lb3-no-aff 192.168.2.101:8081 192.168.2.2:80,192.168.2.3:80
+ovn-nbctl lb-add lb30-no-aff 192.168.2.131:8081 192.168.2.2:80,192.168.2.3:80
ovn-nbctl --wait=sb set load_balancer lb3 options:affinity_timeout=3
ovn-nbctl --wait=sb set load_balancer lb30 options:affinity_timeout=3
ovn-nbctl ls-lb-add foo lb3
ovn-nbctl ls-lb-add foo lb30
+ovn-nbctl ls-lb-add foo lb3-no-aff
+ovn-nbctl ls-lb-add foo lb30-no-aff
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
@@ -8708,16 +8727,23 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
tcp,orig=(src=192.168.1.2,dst=192.168.2.101,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
tcp,orig=(src=192.168.1.2,dst=192.168.2.101,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.3,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([foo1], [nc -z 192.168.2.101 8081])
NS_CHECK_EXEC([foo1], [ip neigh add 192.168.1.200 lladdr 00:00:01:01:02:03 dev
foo1], [0])
ovn-nbctl lb-add lb4 192.168.1.100:8080 192.168.1.2:80
ovn-nbctl lb-add lb40 192.168.1.140:8080 192.168.1.2:80
+ovn-nbctl lb-add lb4-no-aff 192.168.1.100:8081 192.168.1.2:80
+ovn-nbctl lb-add lb40-no-aff 192.168.1.140:8081 192.168.1.2:80
ovn-nbctl --wait=sb set load_balancer lb4 options:affinity_timeout=60
options:hairpin_snat_ip=192.168.1.200
ovn-nbctl --wait=sb set load_balancer lb40 options:affinity_timeout=60
options:hairpin_snat_ip=192.168.1.200
ovn-nbctl ls-lb-add foo lb4
ovn-nbctl ls-lb-add foo lb40
ovn-nbctl lr-lb-add R1 lb4
ovn-nbctl lr-lb-add R1 lb40
+ovn-nbctl ls-lb-add foo lb4-no-aff
+ovn-nbctl ls-lb-add foo lb40-no-aff
+ovn-nbctl lr-lb-add R1 lb4-no-aff
+ovn-nbctl lr-lb-add R1 lb40-no-aff
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
@@ -8734,6 +8760,7 @@
tcp,orig=(src=192.168.1.2,dst=192.168.1.100,sport=<cleared>,dport=<cleared>),rep
tcp,orig=(src=192.168.1.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=192.168.1.200,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
tcp,orig=(src=192.168.1.200,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=192.168.1.200,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([foo1], [nc -z 192.168.1.100 8081])
OVS_APP_EXIT_AND_WAIT([ovn-controller])
@@ -8855,8 +8882,12 @@ ovn-nbctl lsp-add bar bar2 \
ovn-nbctl lb-add lb0 [[fd30::1]]:8080 [[fd11::2]]:80,[[fd12::2]]:80
ovn-nbctl lb-add lb10 [[fd30::10]]:8080 [[fd11::2]]:80,[[fd12::2]]:80
+ovn-nbctl lb-add lb0-no-aff [[fd30::1]]:8081 [[fd11::2]]:80,[[fd12::2]]:80
+ovn-nbctl lb-add lb10-no-aff [[fd30::10]]:8081 [[fd11::2]]:80,[[fd12::2]]:80
ovn-nbctl lr-lb-add R2 lb0
ovn-nbctl lr-lb-add R2 lb10
+ovn-nbctl lr-lb-add R2 lb0-no-aff
+ovn-nbctl lr-lb-add R2 lb10-no-aff
# Wait for ovn-controller to catch up.
ovn-nbctl --wait=hv sync
@@ -8879,6 +8910,7 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
tcp,orig=(src=fd72::2,dst=fd30::1,sport=<cleared>,dport=<cleared>),reply=(src=fd11::2,dst=fd72::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
tcp,orig=(src=fd72::2,dst=fd30::1,sport=<cleared>,dport=<cleared>),reply=(src=fd12::2,dst=fd72::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([alice1], [nc -z fd30::1 8081])
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
@@ -8908,17 +8940,22 @@ n2=$(ovs-ofctl dump-flows br-int table=15 |awk
'/priority=150,ct_state=\+new\+tr
echo $?
}
AT_CHECK([test $(check_affinity_flows) -eq 0])
+NS_CHECK_EXEC([alice1], [nc -z fd30::1 8081])
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
ovn-nbctl lb-add lb1 [[fd30::2]]:8080 [[fd11::2]]:80,[[fd12::2]]:80
ovn-nbctl lb-add lb11 [[fd30::12]]:8080 [[fd11::2]]:80,[[fd12::2]]:80
+ovn-nbctl lb-add lb1-no-aff [[fd30::2]]:8081 [[fd11::2]]:80,[[fd12::2]]:80
+ovn-nbctl lb-add lb11-no-aff [[fd30::12]]:8081 [[fd11::2]]:80,[[fd12::2]]:80
# Enable lb affinity
ovn-nbctl --wait=sb set load_balancer lb1 options:affinity_timeout=3
ovn-nbctl --wait=sb set load_balancer lb11 options:affinity_timeout=3
ovn-nbctl lr-lb-add R2 lb1
ovn-nbctl lr-lb-add R2 lb11
+ovn-nbctl lr-lb-add R2 lb1-no-aff
+ovn-nbctl lr-lb-add R2 lb11-no-aff
# check we use both backends
for i in $(seq 1 15); do
@@ -8933,6 +8970,7 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
tcp,orig=(src=fd72::2,dst=fd30::2,sport=<cleared>,dport=<cleared>),reply=(src=fd11::2,dst=fd72::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
tcp,orig=(src=fd72::2,dst=fd30::2,sport=<cleared>,dport=<cleared>),reply=(src=fd12::2,dst=fd72::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([alice1], [nc -z fd30::2 8081])
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
@@ -8941,10 +8979,14 @@ NETNS_DAEMONIZE([bar2], [nc -l -k fd12::3 80],
[nc-bar2.pid])
ovn-nbctl lb-add lb2 [[fd12::a]]:8080 [[fd12::2]]:80,[[fd12::3]]:80
ovn-nbctl lb-add lb20 [[fd12::2a]]:8080 [[fd12::2]]:80,[[fd12::3]]:80
+ovn-nbctl lb-add lb2-no-aff [[fd12::a]]:8081 [[fd12::2]]:80,[[fd12::3]]:80
+ovn-nbctl lb-add lb20-no-aff [[fd12::2a]]:8081 [[fd12::2]]:80,[[fd12::3]]:80
ovn-nbctl --wait=sb set load_balancer lb2 options:affinity_timeout=60
ovn-nbctl --wait=sb set load_balancer lb20 options:affinity_timeout=60
ovn-nbctl ls-lb-add foo lb2
ovn-nbctl ls-lb-add foo lb20
+ovn-nbctl ls-lb-add foo lb2-no-aff
+ovn-nbctl ls-lb-add foo lb20-no-aff
for i in $(seq 1 15); do
echo Request $i
@@ -8956,15 +8998,20 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack |
FORMAT_CT(fd12::a) | grep -v fe80 |
sed -e 's/zone=[[0-9]]*/zone=<cleared>/;
s/src=fd12::[[0-9]]/src=fd12::<cleared>/'], [0], [dnl
tcp,orig=(src=fd11::2,dst=fd12::a,sport=<cleared>,dport=<cleared>),reply=(src=fd12::<cleared>,dst=fd11::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([foo1], [nc -z fd12::a 8081])
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
ovn-nbctl lb-add lb3 [[fd12::b]]:8080 [[fd12::2]]:80,[[fd12::3]]:80
ovn-nbctl lb-add lb30 [[fd12::3b]]:8080 [[fd12::2]]:80,[[fd12::3]]:80
+ovn-nbctl lb-add lb3-no-aff [[fd12::b]]:8081 [[fd12::2]]:80,[[fd12::3]]:80
+ovn-nbctl lb-add lb30-no-aff [[fd12::3b]]:8081 [[fd12::2]]:80,[[fd12::3]]:80
ovn-nbctl --wait=sb set load_balancer lb3 options:affinity_timeout=3
ovn-nbctl --wait=sb set load_balancer lb30 options:affinity_timeout=3
ovn-nbctl ls-lb-add foo lb3
ovn-nbctl ls-lb-add foo lb30
+ovn-nbctl ls-lb-add foo lb3-no-aff
+ovn-nbctl ls-lb-add foo lb30-no-aff
for i in $(seq 1 15); do
echo Request $i
@@ -8977,16 +9024,23 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
tcp,orig=(src=fd11::2,dst=fd12::b,sport=<cleared>,dport=<cleared>),reply=(src=fd12::2,dst=fd11::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
tcp,orig=(src=fd11::2,dst=fd12::b,sport=<cleared>,dport=<cleared>),reply=(src=fd12::3,dst=fd11::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([foo1], [nc -z fd12::b 8081])
NS_CHECK_EXEC([foo1], [ip -6 neigh add fd11::b lladdr 00:00:01:01:02:03 dev
foo1], [0])
ovn-nbctl --wait=sb lb-add lb4 [[fd11::a]]:8080 [[fd11::2]]:80
ovn-nbctl --wait=sb lb-add lb40 [[fd11::a]]:8080 [[fd11::2]]:80
+ovn-nbctl --wait=sb lb-add lb4-no-aff [[fd11::a]]:8081 [[fd11::2]]:80
+ovn-nbctl --wait=sb lb-add lb40-no-aff [[fd11::a]]:8081 [[fd11::2]]:80
ovn-nbctl --wait=sb set load_balancer lb4 options:affinity_timeout=60
options:hairpin_snat_ip="fd11::b"
ovn-nbctl --wait=sb set load_balancer lb40 options:affinity_timeout=60
options:hairpin_snat_ip="fd11::b"
ovn-nbctl ls-lb-add foo lb4
ovn-nbctl ls-lb-add foo lb40
ovn-nbctl lr-lb-add R1 lb4
ovn-nbctl lr-lb-add R1 lb40
+ovn-nbctl ls-lb-add foo lb4-no-aff
+ovn-nbctl ls-lb-add foo lb40-no-aff
+ovn-nbctl lr-lb-add R1 lb4-no-aff
+ovn-nbctl lr-lb-add R1 lb40-no-aff
# Flush conntrack entries for easier output parsing of next test.
AT_CHECK([ovs-appctl dpctl/flush-conntrack])
@@ -9003,6 +9057,7 @@
tcp,orig=(src=fd11::2,dst=fd11::2,sport=<cleared>,dport=<cleared>),reply=(src=fd
tcp,orig=(src=fd11::2,dst=fd11::a,sport=<cleared>,dport=<cleared>),reply=(src=fd11::2,dst=fd11::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
tcp,orig=(src=fd11::b,dst=fd11::2,sport=<cleared>,dport=<cleared>),reply=(src=fd11::2,dst=fd11::b,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
])
+NS_CHECK_EXEC([foo1], [nc -z fd11::a 8081])
OVS_APP_EXIT_AND_WAIT([ovn-controller])
--
2.31.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
