Re: [ovs-dev] [PATCH ovn v2] northd: Add logical flow to skip GARP with LLA

Tue, 30 May 2023 22:03:55 -0700 

On Tue, May 30, 2023 at 11:59 AM Ales Musil <amu...@redhat.com> wrote:

> Skip GARP packet with link-local address being advertised
> when "always_learn_from_arp_request=false", this should
> prevent huge grow of MAC Binding table. To keep the option
> consistent overwrite the previous MAC with LLA if it was
> already stored in DB.
>
> Signed-off-by: Ales Musil <amu...@redhat.com>
> ---
> v2: Remove leftover from previous tests.
> ---
>  northd/northd.c | 11 +++++++
>  tests/ovn.at    | 78 ++++++++++++++++++++++++++++++++-----------------
>  2 files changed, 63 insertions(+), 26 deletions(-)
>
> diff --git a/northd/northd.c b/northd/northd.c
> index a6eca916b..ff305fc67 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -11951,6 +11951,17 @@ build_neigh_learning_flows_for_lrouter(
>      ovn_lflow_add(lflows, od, S_ROUTER_IN_LOOKUP_NEIGHBOR, 100, "nd_ns",
>                    ds_cstr(actions));
>
> +    if (!learn_from_arp_request) {
> +        /* Add flow to skip LLA only if we don't know it already. */
> +        ds_clear(actions);
> +        ds_put_format(actions, REGBIT_LOOKUP_NEIGHBOR_RESULT
> +                      " = lookup_nd(inport, ip6.src, nd.tll); "
> +                      REGBIT_LOOKUP_NEIGHBOR_IP_RESULT
> +                      " = lookup_nd_ip(inport, ip6.src); next;");
> +        ovn_lflow_add(lflows, od, S_ROUTER_IN_LOOKUP_NEIGHBOR, 110,
> +                      "nd_na && ip6.src == fe80::/10", ds_cstr(actions));
> +    }
> +
>      /* For other packet types, we can skip neighbor learning.
>       * So set REGBIT_LOOKUP_NEIGHBOR_RESULT to 1. */
>      ovn_lflow_add(lflows, od, S_ROUTER_IN_LOOKUP_NEIGHBOR, 0, "1",
> diff --git a/tests/ovn.at b/tests/ovn.at
> index 6f9fbbfd2..7a2658f40 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -5073,6 +5073,7 @@ AT_CLEANUP
>
>  OVN_FOR_EACH_NORTHD([
>  AT_SETUP([IP relocation using GARP request])
> +AT_SKIP_IF([test $HAVE_SCAPY = no])
>  ovn_start
>
>  # Logical network:
> @@ -5172,7 +5173,9 @@ done
>  test_ip() {
>      # This packet has bad checksums but logical L3 routing doesn't check.
>      local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
> -    local
> packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
> +    local packet=$(fmt_pkt "Ether(dst='${dst_mac}', src='${src_mac}')/ \
> +                            IP(dst='${dst_ip}', src='${src_ip}')/ \
> +                            UDP(sport=53, dport=4369)")
>      shift; shift; shift; shift; shift
>      hv=hv`vif_to_hv $inport`
>      as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
> @@ -5187,7 +5190,9 @@ test_ip() {
>              # Routing decrements TTL and updates source and dest MAC
>              # (and checksum).
>              out_lrp=`vif_to_lrp $outport`
> -            echo
> f000000000${outport}00000000ff0${out_lrp}08004500001c00000000"3f1101"00${src_ip}${dst_ip}0035111100080000
> +            echo $(fmt_pkt "Ether(dst='f0:00:00:00:00:${outport}',
> src='00:00:00:00:ff:${out_lrp}')/ \
> +                            IP(src='${src_ip}', dst='${dst_ip}', ttl=63)/
> \
> +                            UDP(sport=53, dport=4369)")
>          fi >> $outport.expected
>      done
>  }
> @@ -5203,8 +5208,10 @@ test_ip() {
>  # SHA and REPLY_HA are each 12 hex digits.
>  # SPA and TPA are each 8 hex digits.
>  test_arp() {
> -    local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
> -    local
> request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
> +    local inport=$1 sha=$2 spa=$3 tpa=$3
> +    local request=$(fmt_pkt "Ether(dst='ff:ff:ff:ff:ff:ff',
> src='${sha}')/ \
> +                             ARP(hwsrc='${sha}',
> hwdst='ff:ff:ff:ff:ff:ff', psrc='${spa}', pdst='${tpa}')")
> +
>      hv=hv`vif_to_hv $inport`
>      as $hv ovs-appctl netdev-dummy/receive vif$inport $request
>
> @@ -5217,53 +5224,72 @@ test_arp() {
>              echo $request >> $i$j$k.expected
>          fi
>      done
> +}
>
> -    # Expect to receive the reply, if any.
> -    if test X$reply_ha != X; then
> -        lrp=`vif_to_lrp $inport`
> -        local
> reply=${sha}00000000ff0${lrp}08060001080006040002${reply_ha}${tpa}${sha}${spa}
> -        echo $reply >> $inport.expected
> -    fi
> +test_na() {
> +    local inport=$1 sha=$2 spa=$3
> +    local request=$(fmt_pkt "Ether(dst='ff:ff:ff:ff:ff:ff',
> src='${sha}')/ \
> +                             IPv6(dst='fe80::1', src='${spa}')/ \
> +                             ICMPv6ND_NA(tgt='${spa}')")
> +
> +    hv=hv`vif_to_hv $inport`
> +    as $hv ovs-appctl netdev-dummy/receive vif$inport $request
> +
> +    # Expect to receive the broadcast ARP on the other logical switch
> ports if
> +    # IP address is not configured to the switch patch port.
> +    local i=`vif_to_ls $inport`
> +    local j
> +    for j in 1 2; do
> +        if test $i$j != $inport; then
> +            echo $request >> $i$j$k.expected
> +        fi
> +    done
>  }
>
> -# lp11 send GARP request to announce ownership of 192.168.1.100.
> +# lp11 send GARP request to announce ownership of 192.168.1.100 and
> fe80::abcd:1.
>
> -sha=f00000000011
> -spa=`ip_to_hex 192 168 1 100`
> -tpa=$spa
> +sha="f0:00:00:00:00:11"
> +spa="192.168.1.100"
> +spa6="fe80::abcd:1"
>
>  # When always_learn_from_arp_request=false, the new mac-binding will not
> be learned
>  # through GARP request.
>  ovn-nbctl --wait=hv set logical_router lr0
> options:always_learn_from_arp_request=false
>
> -test_arp 11 $sha $spa $tpa
> +test_arp 11 $sha $spa
> +test_na 11 $sha $spa6
>  sleep 1
> -check_row_count MAC_Binding 0 ip="192.168.1.100"
> +check_row_count MAC_Binding 0 ip="$spa"
> +check_row_count MAC_Binding 0 ip="$spa6"
>
>  # When always_learn_from_arp_request=true, the new mac-binding will be
> learned.
>  ovn-nbctl --wait=hv set logical_router lr0
> options:always_learn_from_arp_request=true
>
> -test_arp 11 $sha $spa $tpa
> -OVS_WAIT_UNTIL([test `ovn-sbctl find mac_binding ip="192.168.1.100" | wc
> -l` -gt 0])
> +test_arp 11 $sha $spa
> +test_na 11 $sha $spa6
> +wait_row_count MAC_Binding 1 ip="$spa" mac=\"$sha\"
> +wait_row_count MAC_Binding 1 ip=\"$spa6\" mac=\"$sha\"
>  ovn-nbctl --wait=hv sync
>
>  # Send an IP packet from lp21 to 192.168.1.100, which should go to lp11.
>
> -smac=f00000000021
> -dmac=00000000ff02
> -sip=`ip_to_hex 192 168 2 11`
> -dip=`ip_to_hex 192 168 1 100`
> +smac="f0:00:00:00:00:21"
> +dmac="00:00:00:00:ff:02"
> +sip="192.168.2.11"
> +dip="192.168.1.100"
>  test_ip 21 $smac $dmac $sip $dip 11
>
> -# lp12 send GARP request to announce ownership of 192.168.1.100.
> +# lp12 send GARP request to announce ownership of 192.168.1.100 and
> fe80::abcd:1.
>
>  # Even when always_learn_from_arp_request=false, the existing mac-binding
> should be
>  # updated through GARP request.
>  ovn-nbctl --wait=hv set logical_router lr0
> options:always_learn_from_arp_request=false
>
> -sha=f00000000012
> -test_arp 12 $sha $spa $tpa
> -wait_row_count MAC_Binding 1 ip="192.168.1.100" mac='"f0:00:00:00:00:12"'
> +sha="f0:00:00:00:00:12"
> +test_arp 12 $sha $spa
> +test_na 11 $sha $spa6
> +wait_row_count MAC_Binding 1 ip="$spa" mac=\"$sha\"
> +wait_row_count MAC_Binding 1 ip=\"$spa6\" mac=\"$sha\"
>  ovn-nbctl --wait=hv sync
>  # give to the hv the time to send queued ip packets
>  sleep 1
> --
> 2.40.1
>
>
We are missing the "Reported-at: https://bugzilla.redhat.com/2211240";
if there will be any change request I'll add it to v3, if not it should be
added before merging.

Thanks,
Ales
-- 

Ales Musil

Senior Software Engineer - OVN Core

Red Hat EMEA <https://www.redhat.com>

amu...@redhat.com    IM: amusil
<https://red.ht/sig>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to