> On 12/5/22 16:16, Lorenzo Bianconi wrote:
> >> For the case when multiple LBs (same VIP but different port) share the
> >> same subset of backends we need to differentiate between them by also
> >> matching on the L4 port. Without that affinity configuration from one
> >> load balancer might be incorrectly applied to another.
> >>
> >> Adapt the unit and system tests to cover this scenario too.
> >>
> >> Fixes: d3926b433e44 ("northd: rely on new actions for lb affinity")
> >> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2150533
> >> Reported-by: Surya Seetharaman <[email protected]>
> >> Signed-off-by: Dumitru Ceara <[email protected]>
> >
> > Hi Dumitru,
> >
>
> Hi Lorenzo,
>
> > thx for fixing this issue, just a small nit inline.
> >
> > Acked-by: Lorenzo Bianconi <[email protected]>
> >
>
> Thanks for your review!
>
> >> ---
> >> northd/northd.c | 48 +++++++++++++++++++++++++++-----------
> >> tests/ovn-northd.at | 8 +++----
> >> tests/system-ovn.at | 57 ++++++++++++++++++++++++++++++++++++++++++++-
> >> 3 files changed, 95 insertions(+), 18 deletions(-)
> >>
> >> diff --git a/northd/northd.c b/northd/northd.c
> >> index 74facce7ac..27047ff74b 100644
> >> --- a/northd/northd.c
> >> +++ b/northd/northd.c
> >> @@ -6984,13 +6984,15 @@ build_lb_rules_pre_stateful(struct hmap *lflows,
> >> struct ovn_northd_lb *lb,
> >> * table=lr_in_lb_aff_learn, priority=100
> >> * match=(REGBIT_KNOWN_LB_SESSION == 0
> >> * && ct.new && ip4
> >> - * && REG_ORIG_DIP_IPV4 == V && ip4.dst == B1 && tcp.dst ==
> >> BP1)
> >> + * && REG_NEXT_HOP_IPV4 == V && REG_ORIG_TP_DPORT_ROUTER = VP
> >> + * && ip4.dst == B1 && tcp.dst == BP1)
> >> * action=(commit_lb_aff(vip = "V:VP", backend = "B1:BP1",
> >> * proto = tcp, timeout = T));
> >> * table=lr_in_lb_aff_learn, priority=100
> >> * match=(REGBIT_KNOWN_LB_SESSION == 0
> >> * && ct.new && ip4
> >> - * && REG_ORIG_DIP_IPV4 == V && ip4.dst == B2 && tcp.dst ==
> >> BP2)
> >> + * && REG_NEXT_HOP_IPV4 == V && REG_ORIG_TP_DPORT_ROUTER = VP
> >> + * && ip4.dst == B2 && tcp.dst == BP2)
> >> * action=(commit_lb_aff(vip = "V:VP", backend = "B2:BP2",
> >> * proto = tcp, timeout = T));
> >> *
> >> @@ -7032,6 +7034,7 @@ build_lb_affinity_lr_flows(struct hmap *lflows,
> >> struct ovn_northd_lb *lb,
> >> const char *ip_match = ipv6 ? "ip6" : "ip4";
> >>
> >> const char *reg_vip = ipv6 ? REG_NEXT_HOP_IPV6 : REG_NEXT_HOP_IPV4;
> >> + const char *reg_port = REG_ORIG_TP_DPORT_ROUTER;
> >
> > do we need reg_port? I guess we can just use REG_ORIG_TP_DPORT_ROUTER
> > directly.
> >
>
> We can use it directly but I wanted to match the rest of the flow's
> style. Would it seem better if I renamed it to 'reg_vport'?
> Alternatively, if you prefer, I can easily inline it.
I would say to use REG_ORIG_TP_DPORT_ROUTER directly, in the other cases we
have ternary operator, but I do not have a strong opinion on it, up to you.
Regards,
Lorenzo
>
> What do you think?
>
> Thanks,
> Dumitru
>
> > Regards,
> > Lorenzo
> >
> >> const char *reg_backend =
> >> ipv6 ? REG_LB_L3_AFF_BACKEND_IP6 : REG_LB_AFF_BACKEND_IP4;
> >>
> >> @@ -7040,7 +7043,7 @@ build_lb_affinity_lr_flows(struct hmap *lflows,
> >> struct ovn_northd_lb *lb,
> >> ds_put_cstr(&aff_action_learn, "commit_lb_aff(vip = \"");
> >>
> >> if (lb_vip->vip_port) {
> >> - ds_put_format(&aff_action_learn, ipv6 ? "[%s]:%d" : "%s:%d",
> >> + ds_put_format(&aff_action_learn, ipv6 ? "[%s]:%"PRIu16 :
> >> "%s:%"PRIu16,
> >> lb_vip->vip_str, lb_vip->vip_port);
> >> } else {
> >> ds_put_cstr(&aff_action_learn, lb_vip->vip_str);
> >> @@ -7053,9 +7056,17 @@ build_lb_affinity_lr_flows(struct hmap *lflows,
> >> struct ovn_northd_lb *lb,
> >> ds_put_cstr(&aff_action_learn, "\", backend = \"");
> >>
> >> /* Prepare common part of affinity learn match. */
> >> - ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
> >> - "ct.new && %s && %s == %s && %s.dst == ", ip_match,
> >> - reg_vip, lb_vip->vip_str, ip_match);
> >> + if (lb_vip->vip_port) {
> >> + ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
> >> + "ct.new && %s && %s == %s && "
> >> + "%s == %"PRIu16" && %s.dst == ", ip_match,
> >> + reg_vip, lb_vip->vip_str,
> >> + reg_port, lb_vip->vip_port, ip_match);
> >> + } else {
> >> + ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
> >> + "ct.new && %s && %s == %s && %s.dst == ", ip_match,
> >> + reg_vip, lb_vip->vip_str, ip_match);
> >> + }
> >>
> >> /* Prepare common part of affinity match. */
> >> ds_put_format(&aff_match, REGBIT_KNOWN_LB_SESSION" == 1 && "
> >> @@ -7172,13 +7183,15 @@ build_lb_affinity_lr_flows(struct hmap *lflows,
> >> struct ovn_northd_lb *lb,
> >> * table=ls_in_lb_aff_learn, priority=100
> >> * match=(REGBIT_KNOWN_LB_SESSION == 0
> >> * && ct.new && ip4
> >> - * && REG_ORIG_DIP_IPV4 == V && ip4.dst == B1 && tcp.dst ==
> >> BP1)
> >> + * && REG_ORIG_DIP_IPV4 == V && REG_ORIG_TP_DPORT == VP
> >> + * && ip4.dst == B1 && tcp.dst == BP1)
> >> * action=(commit_lb_aff(vip = "V:VP", backend = "B1:BP1",
> >> * proto = tcp, timeout = T));
> >> * table=ls_in_lb_aff_learn, priority=100
> >> * match=(REGBIT_KNOWN_LB_SESSION == 0
> >> * && ct.new && ip4
> >> - * && REG_ORIG_DIP_IPV4 == V && ip4.dst == B2 && tcp.dst ==
> >> BP2)
> >> + * && REG_ORIG_DIP_IPV4 == V && REG_ORIG_TP_DPORT == VP
> >> + * && ip4.dst == B2 && tcp.dst == BP2)
> >> * action=(commit_lb_aff(vip = "V:VP", backend = "B2:BP2",
> >> * proto = tcp, timeout = T));
> >> *
> >> @@ -7236,6 +7249,7 @@ build_lb_affinity_ls_flows(struct hmap *lflows,
> >> struct ovn_northd_lb *lb,
> >> const char *ip_match = ipv6 ? "ip6" : "ip4";
> >>
> >> const char *reg_vip = ipv6 ? REG_ORIG_DIP_IPV6 : REG_ORIG_DIP_IPV4;
> >> + const char *reg_port = REG_ORIG_TP_DPORT;
> >> const char *reg_backend =
> >> ipv6 ? REG_LB_L2_AFF_BACKEND_IP6 : REG_LB_AFF_BACKEND_IP4;
> >>
> >> @@ -7245,9 +7259,9 @@ build_lb_affinity_ls_flows(struct hmap *lflows,
> >> struct ovn_northd_lb *lb,
> >> ds_put_cstr(&aff_action_learn, "commit_lb_aff(vip = \"");
> >>
> >> if (lb_vip->vip_port) {
> >> - ds_put_format(&aff_action, REG_ORIG_TP_DPORT" = %d; ",
> >> + ds_put_format(&aff_action, REG_ORIG_TP_DPORT" = %"PRIu16"; ",
> >> lb_vip->vip_port);
> >> - ds_put_format(&aff_action_learn, ipv6 ? "[%s]:%d" : "%s:%d",
> >> + ds_put_format(&aff_action_learn, ipv6 ? "[%s]:%"PRIu16 :
> >> "%s:%"PRIu16,
> >> lb_vip->vip_str, lb_vip->vip_port);
> >> } else {
> >> ds_put_cstr(&aff_action_learn, lb_vip->vip_str);
> >> @@ -7257,9 +7271,17 @@ build_lb_affinity_ls_flows(struct hmap *lflows,
> >> struct ovn_northd_lb *lb,
> >> ds_put_cstr(&aff_action_learn, "\", backend = \"");
> >>
> >> /* Prepare common part of affinity learn match. */
> >> - ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
> >> - "ct.new && %s && %s == %s && %s.dst == ", ip_match,
> >> - reg_vip, lb_vip->vip_str, ip_match);
> >> + if (lb_vip->vip_port) {
> >> + ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
> >> + "ct.new && %s && %s == %s && "
> >> + "%s == %"PRIu16" && %s.dst == ",
> >> + ip_match, reg_vip, lb_vip->vip_str,
> >> + reg_port, lb_vip->vip_port, ip_match);
> >> + } else {
> >> + ds_put_format(&aff_match_learn, REGBIT_KNOWN_LB_SESSION" == 0 && "
> >> + "ct.new && %s && %s == %s && %s.dst == ",
> >> + ip_match, reg_vip, lb_vip->vip_str, ip_match);
> >> + }
> >>
> >> /* Prepare common part of affinity match. */
> >> ds_put_format(&aff_match, REGBIT_KNOWN_LB_SESSION" == 1 && "
> >> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> >> index 9a76ca3409..ca4263eac0 100644
> >> --- a/tests/ovn-northd.at
> >> +++ b/tests/ovn-northd.at
> >> @@ -8023,8 +8023,8 @@ AT_CHECK([grep "ls_in_lb " S0flows | sort], [0], [dnl
> >> ])
> >> AT_CHECK([grep "ls_in_lb_aff_learn" S0flows | sort], [0], [dnl
> >> table=13(ls_in_lb_aff_learn ), priority=0 , match=(1), action=(next;)
> >> - table=13(ls_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
> >> ct.new && ip4 && reg1 == 172.16.0.10 && ip4.dst == 10.0.0.2 && tcp.dst ==
> >> 80), action=(commit_lb_aff(vip = "172.16.0.10:80", backend =
> >> "10.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
> >> - table=13(ls_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
> >> ct.new && ip4 && reg1 == 172.16.0.10 && ip4.dst == 20.0.0.2 && tcp.dst ==
> >> 80), action=(commit_lb_aff(vip = "172.16.0.10:80", backend =
> >> "20.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
> >> + table=13(ls_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
> >> ct.new && ip4 && reg1 == 172.16.0.10 && reg2[[0..15]] == 80 && ip4.dst ==
> >> 10.0.0.2 && tcp.dst == 80), action=(commit_lb_aff(vip = "172.16.0.10:80",
> >> backend = "10.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
> >> + table=13(ls_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
> >> ct.new && ip4 && reg1 == 172.16.0.10 && reg2[[0..15]] == 80 && ip4.dst ==
> >> 20.0.0.2 && tcp.dst == 80), action=(commit_lb_aff(vip = "172.16.0.10:80",
> >> backend = "20.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
> >> ])
> >>
> >> AS_BOX([Test LR flows])
> >> @@ -8045,8 +8045,8 @@ AT_CHECK([grep "lr_in_dnat " R1flows | sort], [0],
> >> [dnl
> >> ])
> >> AT_CHECK([grep "lr_in_lb_aff_learn" R1flows | sort], [0], [dnl
> >> table=8 (lr_in_lb_aff_learn ), priority=0 , match=(1), action=(next;)
> >> - table=8 (lr_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
> >> ct.new && ip4 && reg0 == 172.16.0.10 && ip4.dst == 10.0.0.2 && tcp.dst ==
> >> 80), action=(commit_lb_aff(vip = "172.16.0.10:80", backend =
> >> "10.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
> >> - table=8 (lr_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
> >> ct.new && ip4 && reg0 == 172.16.0.10 && ip4.dst == 20.0.0.2 && tcp.dst ==
> >> 80), action=(commit_lb_aff(vip = "172.16.0.10:80", backend =
> >> "20.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
> >> + table=8 (lr_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
> >> ct.new && ip4 && reg0 == 172.16.0.10 && reg9[[16..31]] == 80 && ip4.dst ==
> >> 10.0.0.2 && tcp.dst == 80), action=(commit_lb_aff(vip = "172.16.0.10:80",
> >> backend = "10.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
> >> + table=8 (lr_in_lb_aff_learn ), priority=100 , match=(reg9[[6]] == 0 &&
> >> ct.new && ip4 && reg0 == 172.16.0.10 && reg9[[16..31]] == 80 && ip4.dst ==
> >> 20.0.0.2 && tcp.dst == 80), action=(commit_lb_aff(vip = "172.16.0.10:80",
> >> backend = "20.0.0.2:80", proto = tcp, timeout = 60); /* drop */)
> >> ])
> >>
> >> AS_BOX([Test LR flows - skip_snat=true])
> >> diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> >> index 3e904c9dcb..b99578b9e1 100644
> >> --- a/tests/system-ovn.at
> >> +++ b/tests/system-ovn.at
> >> @@ -8583,8 +8583,12 @@ ovn-nbctl lsp-add bar bar2 \
> >>
> >> ovn-nbctl lb-add lb0 172.16.1.100:8080 192.168.1.2:80,192.168.2.2:80
> >> ovn-nbctl lb-add lb10 172.16.1.110:8080 192.168.1.2:80,192.168.2.2:80
> >> +ovn-nbctl lb-add lb0-no-aff 172.16.1.100:8081
> >> 192.168.1.2:80,192.168.2.2:80
> >> +ovn-nbctl lb-add lb10-no-aff 172.16.1.110:8081
> >> 192.168.1.2:80,192.168.2.2:80
> >> ovn-nbctl lr-lb-add R2 lb0
> >> ovn-nbctl lr-lb-add R2 lb10
> >> +ovn-nbctl lr-lb-add R2 lb0-no-aff
> >> +ovn-nbctl lr-lb-add R2 lb10-no-aff
> >>
> >> # Start webservers in 'foo1', 'bar1'.
> >> NETNS_DAEMONIZE([foo1], [nc -l -k 192.168.1.2 80], [nc-foo1.pid])
> >> @@ -8636,17 +8640,22 @@ n2=$(ovs-ofctl dump-flows br-int table=15 |awk
> >> '/priority=150,ct_state=\+new\+tr
> >> echo $?
> >> }
> >> AT_CHECK([test $(check_affinity_flows) -eq 0])
> >> +NS_CHECK_EXEC([alice1], [nc -z 172.16.1.100 8081])
> >>
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >>
> >> ovn-nbctl lb-add lb1 172.16.1.101:8080 192.168.1.2:80,192.168.2.2:80
> >> ovn-nbctl lb-add lb11 172.16.1.111:8080 192.168.1.2:80,192.168.2.2:80
> >> +ovn-nbctl lb-add lb1-no-aff 172.16.1.101:8081
> >> 192.168.1.2:80,192.168.2.2:80
> >> +ovn-nbctl lb-add lb11-no-aff 172.16.1.111:8081
> >> 192.168.1.2:80,192.168.2.2:80
> >> # Enable lb affinity
> >> ovn-nbctl --wait=sb set load_balancer lb1 options:affinity_timeout=3
> >> -ovn-nbctl --wait=sb set load_balancer lb1 options:affinity_timeout=3
> >> +ovn-nbctl --wait=sb set load_balancer lb11 options:affinity_timeout=3
> >> ovn-nbctl lr-lb-add R2 lb1
> >> ovn-nbctl lr-lb-add R2 lb11
> >> +ovn-nbctl lr-lb-add R2 lb1-no-aff
> >> +ovn-nbctl lr-lb-add R2 lb11-no-aff
> >>
> >> # check we use both backends
> >> for i in $(seq 1 15); do
> >> @@ -8661,6 +8670,7 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
> >>
> >> tcp,orig=(src=172.16.1.2,dst=172.16.1.101,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=172.16.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >>
> >> tcp,orig=(src=172.16.1.2,dst=172.16.1.101,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=172.16.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([alice1], [nc -z 172.16.1.101 8081])
> >>
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >> @@ -8669,10 +8679,14 @@ NETNS_DAEMONIZE([bar2], [nc -l -k 192.168.2.3 80],
> >> [nc-bar2.pid])
> >>
> >> ovn-nbctl lb-add lb2 192.168.2.100:8080 192.168.2.2:80,192.168.2.3:80
> >> ovn-nbctl lb-add lb20 192.168.2.120:8080 192.168.2.2:80,192.168.2.3:80
> >> +ovn-nbctl lb-add lb2-no-aff 192.168.2.100:8081
> >> 192.168.2.2:80,192.168.2.3:80
> >> +ovn-nbctl lb-add lb20-no-aff 192.168.2.120:8081
> >> 192.168.2.2:80,192.168.2.3:80
> >> ovn-nbctl --wait=sb set load_balancer lb2 options:affinity_timeout=60
> >> ovn-nbctl --wait=sb set load_balancer lb20 options:affinity_timeout=60
> >> ovn-nbctl ls-lb-add foo lb2
> >> ovn-nbctl ls-lb-add foo lb20
> >> +ovn-nbctl ls-lb-add foo lb2-no-aff
> >> +ovn-nbctl ls-lb-add foo lb20-no-aff
> >>
> >> for i in $(seq 1 15); do
> >> echo Request $i
> >> @@ -8683,16 +8697,21 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack |
> >> FORMAT_CT(192.168.2.100) |
> >> sed -e 's/zone=[[0-9]]*/zone=<cleared>/;
> >> s/src=192.168.2.[[0-9]]/src=192.168.2.<cleared>/'], [0], [dnl
> >>
> >> tcp,orig=(src=192.168.1.2,dst=192.168.2.100,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.<cleared>,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([foo1], [nc -z 192.168.2.100 8081])
> >>
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >>
> >> ovn-nbctl lb-add lb3 192.168.2.101:8080 192.168.2.2:80,192.168.2.3:80
> >> ovn-nbctl lb-add lb30 192.168.2.131:8080 192.168.2.2:80,192.168.2.3:80
> >> +ovn-nbctl lb-add lb3-no-aff 192.168.2.101:8081
> >> 192.168.2.2:80,192.168.2.3:80
> >> +ovn-nbctl lb-add lb30-no-aff 192.168.2.131:8081
> >> 192.168.2.2:80,192.168.2.3:80
> >> ovn-nbctl --wait=sb set load_balancer lb3 options:affinity_timeout=3
> >> ovn-nbctl --wait=sb set load_balancer lb30 options:affinity_timeout=3
> >> ovn-nbctl ls-lb-add foo lb3
> >> ovn-nbctl ls-lb-add foo lb30
> >> +ovn-nbctl ls-lb-add foo lb3-no-aff
> >> +ovn-nbctl ls-lb-add foo lb30-no-aff
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >>
> >> @@ -8708,16 +8727,23 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0],
> >> [dnl
> >>
> >> tcp,orig=(src=192.168.1.2,dst=192.168.2.101,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >>
> >> tcp,orig=(src=192.168.1.2,dst=192.168.2.101,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.3,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([foo1], [nc -z 192.168.2.101 8081])
> >>
> >> NS_CHECK_EXEC([foo1], [ip neigh add 192.168.1.200 lladdr
> >> 00:00:01:01:02:03 dev foo1], [0])
> >> ovn-nbctl lb-add lb4 192.168.1.100:8080 192.168.1.2:80
> >> ovn-nbctl lb-add lb40 192.168.1.140:8080 192.168.1.2:80
> >> +ovn-nbctl lb-add lb4-no-aff 192.168.1.100:8081 192.168.1.2:80
> >> +ovn-nbctl lb-add lb40-no-aff 192.168.1.140:8081 192.168.1.2:80
> >> ovn-nbctl --wait=sb set load_balancer lb4 options:affinity_timeout=60
> >> options:hairpin_snat_ip=192.168.1.200
> >> ovn-nbctl --wait=sb set load_balancer lb40 options:affinity_timeout=60
> >> options:hairpin_snat_ip=192.168.1.200
> >> ovn-nbctl ls-lb-add foo lb4
> >> ovn-nbctl ls-lb-add foo lb40
> >> ovn-nbctl lr-lb-add R1 lb4
> >> ovn-nbctl lr-lb-add R1 lb40
> >> +ovn-nbctl ls-lb-add foo lb4-no-aff
> >> +ovn-nbctl ls-lb-add foo lb40-no-aff
> >> +ovn-nbctl lr-lb-add R1 lb4-no-aff
> >> +ovn-nbctl lr-lb-add R1 lb40-no-aff
> >>
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >> @@ -8734,6 +8760,7 @@
> >> tcp,orig=(src=192.168.1.2,dst=192.168.1.100,sport=<cleared>,dport=<cleared>),rep
> >>
> >> tcp,orig=(src=192.168.1.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=192.168.1.200,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
> >>
> >> tcp,orig=(src=192.168.1.200,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=192.168.1.200,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([foo1], [nc -z 192.168.1.100 8081])
> >>
> >> OVS_APP_EXIT_AND_WAIT([ovn-controller])
> >>
> >> @@ -8855,8 +8882,12 @@ ovn-nbctl lsp-add bar bar2 \
> >>
> >> ovn-nbctl lb-add lb0 [[fd30::1]]:8080 [[fd11::2]]:80,[[fd12::2]]:80
> >> ovn-nbctl lb-add lb10 [[fd30::10]]:8080 [[fd11::2]]:80,[[fd12::2]]:80
> >> +ovn-nbctl lb-add lb0-no-aff [[fd30::1]]:8081 [[fd11::2]]:80,[[fd12::2]]:80
> >> +ovn-nbctl lb-add lb10-no-aff [[fd30::10]]:8081
> >> [[fd11::2]]:80,[[fd12::2]]:80
> >> ovn-nbctl lr-lb-add R2 lb0
> >> ovn-nbctl lr-lb-add R2 lb10
> >> +ovn-nbctl lr-lb-add R2 lb0-no-aff
> >> +ovn-nbctl lr-lb-add R2 lb10-no-aff
> >>
> >> # Wait for ovn-controller to catch up.
> >> ovn-nbctl --wait=hv sync
> >> @@ -8879,6 +8910,7 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
> >>
> >> tcp,orig=(src=fd72::2,dst=fd30::1,sport=<cleared>,dport=<cleared>),reply=(src=fd11::2,dst=fd72::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >>
> >> tcp,orig=(src=fd72::2,dst=fd30::1,sport=<cleared>,dport=<cleared>),reply=(src=fd12::2,dst=fd72::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([alice1], [nc -z fd30::1 8081])
> >>
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >> @@ -8908,17 +8940,22 @@ n2=$(ovs-ofctl dump-flows br-int table=15 |awk
> >> '/priority=150,ct_state=\+new\+tr
> >> echo $?
> >> }
> >> AT_CHECK([test $(check_affinity_flows) -eq 0])
> >> +NS_CHECK_EXEC([alice1], [nc -z fd30::1 8081])
> >>
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >>
> >> ovn-nbctl lb-add lb1 [[fd30::2]]:8080 [[fd11::2]]:80,[[fd12::2]]:80
> >> ovn-nbctl lb-add lb11 [[fd30::12]]:8080 [[fd11::2]]:80,[[fd12::2]]:80
> >> +ovn-nbctl lb-add lb1-no-aff [[fd30::2]]:8081 [[fd11::2]]:80,[[fd12::2]]:80
> >> +ovn-nbctl lb-add lb11-no-aff [[fd30::12]]:8081
> >> [[fd11::2]]:80,[[fd12::2]]:80
> >> # Enable lb affinity
> >> ovn-nbctl --wait=sb set load_balancer lb1 options:affinity_timeout=3
> >> ovn-nbctl --wait=sb set load_balancer lb11 options:affinity_timeout=3
> >> ovn-nbctl lr-lb-add R2 lb1
> >> ovn-nbctl lr-lb-add R2 lb11
> >> +ovn-nbctl lr-lb-add R2 lb1-no-aff
> >> +ovn-nbctl lr-lb-add R2 lb11-no-aff
> >>
> >> # check we use both backends
> >> for i in $(seq 1 15); do
> >> @@ -8933,6 +8970,7 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
> >>
> >> tcp,orig=(src=fd72::2,dst=fd30::2,sport=<cleared>,dport=<cleared>),reply=(src=fd11::2,dst=fd72::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >>
> >> tcp,orig=(src=fd72::2,dst=fd30::2,sport=<cleared>,dport=<cleared>),reply=(src=fd12::2,dst=fd72::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([alice1], [nc -z fd30::2 8081])
> >>
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >> @@ -8941,10 +8979,14 @@ NETNS_DAEMONIZE([bar2], [nc -l -k fd12::3 80],
> >> [nc-bar2.pid])
> >>
> >> ovn-nbctl lb-add lb2 [[fd12::a]]:8080 [[fd12::2]]:80,[[fd12::3]]:80
> >> ovn-nbctl lb-add lb20 [[fd12::2a]]:8080 [[fd12::2]]:80,[[fd12::3]]:80
> >> +ovn-nbctl lb-add lb2-no-aff [[fd12::a]]:8081 [[fd12::2]]:80,[[fd12::3]]:80
> >> +ovn-nbctl lb-add lb20-no-aff [[fd12::2a]]:8081
> >> [[fd12::2]]:80,[[fd12::3]]:80
> >> ovn-nbctl --wait=sb set load_balancer lb2 options:affinity_timeout=60
> >> ovn-nbctl --wait=sb set load_balancer lb20 options:affinity_timeout=60
> >> ovn-nbctl ls-lb-add foo lb2
> >> ovn-nbctl ls-lb-add foo lb20
> >> +ovn-nbctl ls-lb-add foo lb2-no-aff
> >> +ovn-nbctl ls-lb-add foo lb20-no-aff
> >>
> >> for i in $(seq 1 15); do
> >> echo Request $i
> >> @@ -8956,15 +8998,20 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack |
> >> FORMAT_CT(fd12::a) | grep -v fe80 |
> >> sed -e 's/zone=[[0-9]]*/zone=<cleared>/;
> >> s/src=fd12::[[0-9]]/src=fd12::<cleared>/'], [0], [dnl
> >>
> >> tcp,orig=(src=fd11::2,dst=fd12::a,sport=<cleared>,dport=<cleared>),reply=(src=fd12::<cleared>,dst=fd11::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([foo1], [nc -z fd12::a 8081])
> >>
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >>
> >> ovn-nbctl lb-add lb3 [[fd12::b]]:8080 [[fd12::2]]:80,[[fd12::3]]:80
> >> ovn-nbctl lb-add lb30 [[fd12::3b]]:8080 [[fd12::2]]:80,[[fd12::3]]:80
> >> +ovn-nbctl lb-add lb3-no-aff [[fd12::b]]:8081 [[fd12::2]]:80,[[fd12::3]]:80
> >> +ovn-nbctl lb-add lb30-no-aff [[fd12::3b]]:8081
> >> [[fd12::2]]:80,[[fd12::3]]:80
> >> ovn-nbctl --wait=sb set load_balancer lb3 options:affinity_timeout=3
> >> ovn-nbctl --wait=sb set load_balancer lb30 options:affinity_timeout=3
> >> ovn-nbctl ls-lb-add foo lb3
> >> ovn-nbctl ls-lb-add foo lb30
> >> +ovn-nbctl ls-lb-add foo lb3-no-aff
> >> +ovn-nbctl ls-lb-add foo lb30-no-aff
> >>
> >> for i in $(seq 1 15); do
> >> echo Request $i
> >> @@ -8977,16 +9024,23 @@ sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0],
> >> [dnl
> >>
> >> tcp,orig=(src=fd11::2,dst=fd12::b,sport=<cleared>,dport=<cleared>),reply=(src=fd12::2,dst=fd11::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >>
> >> tcp,orig=(src=fd11::2,dst=fd12::b,sport=<cleared>,dport=<cleared>),reply=(src=fd12::3,dst=fd11::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([foo1], [nc -z fd12::b 8081])
> >>
> >> NS_CHECK_EXEC([foo1], [ip -6 neigh add fd11::b lladdr 00:00:01:01:02:03
> >> dev foo1], [0])
> >> ovn-nbctl --wait=sb lb-add lb4 [[fd11::a]]:8080 [[fd11::2]]:80
> >> ovn-nbctl --wait=sb lb-add lb40 [[fd11::a]]:8080 [[fd11::2]]:80
> >> +ovn-nbctl --wait=sb lb-add lb4-no-aff [[fd11::a]]:8081 [[fd11::2]]:80
> >> +ovn-nbctl --wait=sb lb-add lb40-no-aff [[fd11::a]]:8081 [[fd11::2]]:80
> >> ovn-nbctl --wait=sb set load_balancer lb4 options:affinity_timeout=60
> >> options:hairpin_snat_ip="fd11::b"
> >> ovn-nbctl --wait=sb set load_balancer lb40 options:affinity_timeout=60
> >> options:hairpin_snat_ip="fd11::b"
> >> ovn-nbctl ls-lb-add foo lb4
> >> ovn-nbctl ls-lb-add foo lb40
> >> ovn-nbctl lr-lb-add R1 lb4
> >> ovn-nbctl lr-lb-add R1 lb40
> >> +ovn-nbctl ls-lb-add foo lb4-no-aff
> >> +ovn-nbctl ls-lb-add foo lb40-no-aff
> >> +ovn-nbctl lr-lb-add R1 lb4-no-aff
> >> +ovn-nbctl lr-lb-add R1 lb40-no-aff
> >>
> >> # Flush conntrack entries for easier output parsing of next test.
> >> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> >> @@ -9003,6 +9057,7 @@
> >> tcp,orig=(src=fd11::2,dst=fd11::2,sport=<cleared>,dport=<cleared>),reply=(src=fd
> >>
> >> tcp,orig=(src=fd11::2,dst=fd11::a,sport=<cleared>,dport=<cleared>),reply=(src=fd11::2,dst=fd11::2,sport=<cleared>,dport=<cleared>),zone=<cleared>,mark=2,protoinfo=(state=<cleared>)
> >>
> >> tcp,orig=(src=fd11::b,dst=fd11::2,sport=<cleared>,dport=<cleared>),reply=(src=fd11::2,dst=fd11::b,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
> >> ])
> >> +NS_CHECK_EXEC([foo1], [nc -z fd11::a 8081])
> >>
> >> OVS_APP_EXIT_AND_WAIT([ovn-controller])
> >>
> >> --
> >> 2.31.1
> >>
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
