On Tue, Jan 23, 2024 at 11:14 AM Lorenzo Bianconi
<[email protected]> wrote:
>
> Introduce specif flows for E/W ICMPv{4,6} packets if tunnelled packets
> do not fit path MTU. This patch enable PMTUD for East/West Geneve traffic.
>
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2241711
> Tested-at:
> https://github.com/LorenzoBianconi/ovn/actions/runs/7627345562/job/20777962659
> Signed-off-by: Lorenzo Bianconi <[email protected]>
Thanks Lorenzo for fixing this issue and for the patience.
I applied this patch to main and branch-23.09
Numan
> ---
> Changes since v3:
> - fix flaky ovn multinode test
> - rebase on top of ovn main branch
> Changes since v2:
> - fix openshift regression for regular icmp traffic received from a remote
> node
> - add gw router selftest
> Changes since v1:
> - add fix for vxlan and stt tunnels
> ---
> .../workflows/ovn-fake-multinode-tests.yml | 6 +-
> NEWS | 1 +
> controller/physical.c | 30 +-
> include/ovn/logical-fields.h | 3 +
> lib/logical-fields.c | 2 +
> northd/northd.c | 83 ++
> northd/ovn-northd.8.xml | 41 +-
> tests/multinode.at | 813 +++++++++++++++++-
> tests/ovn-northd.at | 12 +
> 9 files changed, 985 insertions(+), 6 deletions(-)
>
> diff --git a/.github/workflows/ovn-fake-multinode-tests.yml
> b/.github/workflows/ovn-fake-multinode-tests.yml
> index 25610df53..b3ba82a30 100644
> --- a/.github/workflows/ovn-fake-multinode-tests.yml
> +++ b/.github/workflows/ovn-fake-multinode-tests.yml
> @@ -76,8 +76,8 @@ jobs:
> fail-fast: false
> matrix:
> cfg:
> - - { branch: "main" }
> - - { branch: "branch-22.03" }
> + - { branch: "main", testsuiteflags: ""}
> + - { branch: "branch-22.03", testsuiteflags: "-k 'basic test'" }
> name: multinode tests ${{ join(matrix.cfg.*, ' ') }}
> env:
> RUNC_CMD: podman
> @@ -176,7 +176,7 @@ jobs:
>
> - name: Run fake-multinode system tests
> run: |
> - if ! sudo make check-multinode; then
> + if ! sudo make check-multinode TESTSUITEFLAGS="${{
> matrix.cfg.testsuiteflags }}"; then
> sudo podman exec -it ovn-central ovn-nbctl show || :
> sudo podman exec -it ovn-central ovn-sbctl show || :
> sudo podman exec -it ovn-chassis-1 ovs-vsctl show || :
> diff --git a/NEWS b/NEWS
> index 5f267b4c6..72c40df82 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -14,6 +14,7 @@ Post v23.09.0
> - ovn-northd-ddlog has been removed.
> - A new LSP option "enable_router_port_acl" has been added to enable
> conntrack for the router port whose peer is l3dgw_port if set it true.
> + - Enable PMTU discovery on geneve tunnels for E/W traffic.
>
> OVN v23.09.0 - 15 Sep 2023
> --------------------------
> diff --git a/controller/physical.c b/controller/physical.c
> index eda085441..c3f8769bb 100644
> --- a/controller/physical.c
> +++ b/controller/physical.c
> @@ -2452,9 +2452,37 @@ physical_run(struct physical_ctx *p_ctx,
> }
>
> put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
> -
> ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG, 100, 0, &match,
> &ofpacts, hc_uuid);
> +
> + /* Set allow rx from tunnel bit. */
> + put_load(1, MFF_LOG_FLAGS, MLF_RX_FROM_TUNNEL_BIT, 1, &ofpacts);
> +
> + /* Add specif flows for E/W ICMPv{4,6} packets if tunnelled packets
> + * do not fit path MTU.
> + */
> + put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, &ofpacts);
> +
> + /* IPv4 */
> + match_init_catchall(&match);
> + match_set_in_port(&match, tun->ofport);
> + match_set_dl_type(&match, htons(ETH_TYPE_IP));
> + match_set_nw_proto(&match, IPPROTO_ICMP);
> + match_set_icmp_type(&match, 3);
> + match_set_icmp_code(&match, 4);
> +
> + ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG, 120, 0, &match,
> + &ofpacts, hc_uuid);
> + /* IPv6 */
> + match_init_catchall(&match);
> + match_set_in_port(&match, tun->ofport);
> + match_set_dl_type(&match, htons(ETH_TYPE_IPV6));
> + match_set_nw_proto(&match, IPPROTO_ICMPV6);
> + match_set_icmp_type(&match, 2);
> + match_set_icmp_code(&match, 0);
> +
> + ofctrl_add_flow(flow_table, OFTABLE_PHY_TO_LOG, 120, 0, &match,
> + &ofpacts, hc_uuid);
> }
>
> /* Add VXLAN specific rules to transform port keys
> diff --git a/include/ovn/logical-fields.h b/include/ovn/logical-fields.h
> index 272277ec4..e8e0e6d33 100644
> --- a/include/ovn/logical-fields.h
> +++ b/include/ovn/logical-fields.h
> @@ -78,6 +78,7 @@ enum mff_log_flags_bits {
> MLF_LOOKUP_COMMIT_ECMP_NH_BIT = 13,
> MLF_USE_LB_AFF_SESSION_BIT = 14,
> MLF_LOCALNET_BIT = 15,
> + MLF_RX_FROM_TUNNEL_BIT = 16,
> };
>
> /* MFF_LOG_FLAGS_REG flag assignments */
> @@ -129,6 +130,8 @@ enum mff_log_flags {
> /* Indicate that the port is localnet. */
> MLF_LOCALNET = (1 << MLF_LOCALNET_BIT),
>
> + /* Indicate the packet has been received from the tunnel. */
> + MLF_RX_FROM_TUNNEL = (1 << MLF_RX_FROM_TUNNEL_BIT),
> };
>
> /* OVN logical fields
> diff --git a/lib/logical-fields.c b/lib/logical-fields.c
> index 7a1e66d0a..662c1ef0e 100644
> --- a/lib/logical-fields.c
> +++ b/lib/logical-fields.c
> @@ -133,6 +133,8 @@ ovn_init_symtab(struct shash *symtab)
> MLF_LOCALNET_BIT);
> expr_symtab_add_subfield(symtab, "flags.localnet", NULL,
> flags_str);
> + snprintf(flags_str, sizeof flags_str, "flags[%d]",
> MLF_RX_FROM_TUNNEL_BIT);
> + expr_symtab_add_subfield(symtab, "flags.tunnel_rx", NULL, flags_str);
>
> /* Connection tracking state. */
> expr_symtab_add_field_scoped(symtab, "ct_mark", MFF_CT_MARK, NULL, false,
> diff --git a/northd/northd.c b/northd/northd.c
> index de15ca101..b8d738a42 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -9775,6 +9775,13 @@ build_lswitch_lflows_admission_control(struct
> ovn_datapath *od,
> struct hmap *lflows)
> {
> ovs_assert(od->nbs);
> +
> + /* Default action for recirculated ICMP error 'packet too big'. */
> + ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 110,
> + "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> + " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> + " flags.tunnel_rx == 1", debug_drop_action());
> +
> /* Logical VLANs not supported. */
> if (!is_vlan_transparent(od)) {
> /* Block logical VLANs. */
> @@ -12814,6 +12821,72 @@ build_lrouter_force_snat_flows(struct hmap *lflows,
> struct ovn_datapath *od,
> ds_destroy(&actions);
> }
>
> +/* Following flows are used to manage traffic redirected by the kernel
> + * (e.g. ICMP errors packets) that enter the cluster from the geneve ports
> + */
> +static void
> +build_lrouter_icmp_packet_toobig_admin_flows(
> + struct ovn_port *op, struct hmap *lflows,
> + struct ds *match, struct ds *actions)
> +{
> + ovs_assert(op->nbrp);
> +
> + if (!is_l3dgw_port(op)) {
> + return;
> + }
> +
> + ds_clear(match);
> + ds_put_format(match,
> + "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> + " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> + " eth.dst == %s && !is_chassis_resident(%s) &&"
> + " flags.tunnel_rx == 1",
> + op->nbrp->mac, op->cr_port->json_key);
> + ds_clear(actions);
> + ds_put_format(actions, "outport <-> inport; inport = %s; next;",
> + op->json_key);
> + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ADMISSION, 120,
> + ds_cstr(match), ds_cstr(actions));
> +}
> +
> +static void
> +build_lswitch_icmp_packet_toobig_admin_flows(
> + struct ovn_port *op, struct hmap *lflows,
> + struct ds *match, struct ds *actions)
> +{
> + ovs_assert(op->nbsp);
> +
> + if (!lsp_is_router(op->nbsp)) {
> + return;
> + }
> +
> + struct ovn_port *peer = op->peer;
> + if (!peer) {
> + return;
> + }
> +
> + ds_clear(match);
> + if (peer->od->is_gw_router) {
> + ds_put_format(match,
> + "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> + " (ip6 && icmp6.type == 2 && icmp6.code == 0)) && "
> + "eth.src == %s && outport == %s && flags.tunnel_rx ==
> 1",
> + peer->nbrp->mac, op->json_key);
> + } else {
> + ds_put_format(match,
> + "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> + " (ip6 && icmp6.type == 2 && icmp6.code == 0)) && "
> + "eth.dst == %s && flags.tunnel_rx == 1",
> + peer->nbrp->mac);
> + }
> + ds_clear(actions);
> + ds_put_format(actions,
> + "outport <-> inport; next(pipeline=ingress,table=%d);",
> + ovn_stage_get_table(S_SWITCH_IN_L2_LKUP));
> + ovn_lflow_add(lflows, op->od, S_SWITCH_IN_CHECK_PORT_SEC, 120,
> + ds_cstr(match), ds_cstr(actions));
> +}
> +
> static void
> build_lrouter_force_snat_flows_op(struct ovn_port *op,
> struct hmap *lflows,
> @@ -12946,6 +13019,13 @@ build_adm_ctrl_flows_for_lrouter(
> struct ovn_datapath *od, struct hmap *lflows)
> {
> ovs_assert(od->nbr);
> +
> + /* Default action for recirculated ICMP error 'packet too big'. */
> + ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 110,
> + "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> + " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> + " flags.tunnel_rx == 1", debug_drop_action());
> +
> /* Logical VLANs not supported.
> * Broadcast/multicast source address is invalid. */
> ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 100,
> @@ -16181,6 +16261,7 @@ build_lswitch_and_lrouter_iterate_by_lsp(struct
> ovn_port *op,
> build_lswitch_dhcp_options_and_response(op, lflows, meter_groups);
> build_lswitch_external_port(op, lflows);
> build_lswitch_ip_unicast_lookup(op, lflows, actions, match);
> + build_lswitch_icmp_packet_toobig_admin_flows(op, lflows, match, actions);
>
> /* Build Logical Router Flows. */
> build_ip_routing_flows_for_router_type_lsp(op, lr_ports, lflows);
> @@ -16217,6 +16298,8 @@ build_lswitch_and_lrouter_iterate_by_lrp(struct
> ovn_port *op,
> &lsi->match, &lsi->actions,
> lsi->meter_groups);
> build_lrouter_force_snat_flows_op(op, lsi->lflows, &lsi->match,
> &lsi->actions);
> + build_lrouter_icmp_packet_toobig_admin_flows(op, lsi->lflows,
> &lsi->match,
> + &lsi->actions);
> }
>
> static void *
> diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> index f1eb9ecb1..068d47e1a 100644
> --- a/northd/ovn-northd.8.xml
> +++ b/northd/ovn-northd.8.xml
> @@ -287,7 +287,7 @@
> <li>
> For each (enabled) vtep logical port, a priority 70 flow is added
> which
> matches on all packets and applies the action
> - <code>next(pipeline=ingress, table=S_SWITCH_IN_L2_LKUP) = 1;</code>
> + <code>next(pipeline=ingress, table=S_SWITCH_IN_L3_LKUP) = 1;</code>
> to skip most stages of ingress pipeline and go directly to ingress L2
> lookup table to determine the output port. Packets from VTEP (RAMP)
> switch should not be subjected to any ACL checks. Egress pipeline
> will
> @@ -318,6 +318,30 @@
>
> <h3>Ingress Table 1: Ingress Port Security - Apply</h3>
>
> + <p>
> + For each logical switch port <var>P</var> of type router connected to a
> + gw router a priority-120 flow that matches 'recirculated' icmp{4,6}
> error
> + 'packet too big' and <code>eth.src == <var>D</var> &&
> + outport == <var>P</var> && flags.tunnel_rx == 1</code> where
> + <var>D</var> is the peer logical router port <var>RP</var> mac address,
> + swaps inport and outport and applies the action <code>
> + next(pipeline=S_SWITCH_IN_L2_LKUP)</code>.
> + </p>
> +
> + <p>
> + For each logical switch port <var>P</var> of type router connected to a
> + distributed router a priority-120 flow that matches 'recirculated'
> + icmp{4,6} error 'packet too big' and <code>eth.dst == <var>D</var>
> + && flags.tunnel_rx == 1</code> where <var>D</var> is the peer
> + logical router port <var>RP</var> mac address, swaps inport and outport
> + and applies the action <code>
> next(pipeline=S_SWITCH_IN_L2_LKUP)</code>.
> + </p>
> +
> + <p>
> + This table adds a priority-110 flow that matches 'recirculated'
> icmp{4,6}
> + error 'packet too big' to drop the packet.
> + </p>
> +
> <p>
> This table drops the packets if the port security check failed
> in the previous stage i.e the register bit
> @@ -2414,6 +2438,21 @@ output;
> (LBs, NAT).
> </p>
>
> + <p>
> + For each gateway port <var>GW</var> on a distributed logical router
> + a priority-120 flow that matches 'recirculated' icmp{4,6} error
> + 'packet too big' and <code>eth.dst == <var>D</var> &&
> + !is_chassis_resident(<var> cr-GW</var>)</code> where <var>D</var>
> + is the gateway port mac address and <var>cr-GW</var> is the chassis
> + resident port of <var>GW</var>, swap inport and outport and stores
> + <var>GW</var> as inport.
> + </p>
> +
> + <p>
> + This table adds a priority-110 flow that matches 'recirculated'
> + icmp{4,6} error 'packet too big' to drop the packet.
> + </p>
> +
> <p>
> For a distributed logical router or for gateway router where
> the port is configured with <code>options:gateway_mtu</code>
> diff --git a/tests/multinode.at b/tests/multinode.at
> index 2b199b4bc..0187382be 100644
> --- a/tests/multinode.at
> +++ b/tests/multinode.at
> @@ -42,7 +42,6 @@ M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i
> 0.3 -w 2 10.0.0.4 | F
> 3 packets transmitted, 3 received, 0% packet loss, time 0ms
> ])
>
> -
> # Create the second logical switch with one port
> check multinode_nbctl ls-add sw1
> check multinode_nbctl lsp-add sw1 sw1-port1
> @@ -72,3 +71,815 @@ M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3
> -i 0.3 -w 2 20.0.0.3 | F
> ])
>
> AT_CLEANUP
> +
> +AT_SETUP([ovn multinode pmtu - distributed router - geneve])
> +
> +# Check that ovn-fake-multinode setup is up and running
> +check_fake_multinode_setup
> +
> +# Delete the multinode NB and OVS resources before starting the test.
> +cleanup_multinode_resources
> +
> +m_as ovn-chassis-1 ip link del sw0p1-p
> +m_as ovn-chassis-2 ip link del sw0p2-p
> +m_as ovn-chassis-2 ip link del sw1p1-p
> +
> +# Reset geneve tunnels
> +for c in ovn-chassis-1 ovn-chassis-2 ovn-gw-1
> +do
> + m_as $c ovs-vsctl set open . external-ids:ovn-encap-type=geneve
> +done
> +
> +OVS_WAIT_UNTIL([m_as ovn-chassis-1 ip link show | grep -q genev_sys])
> +OVS_WAIT_UNTIL([m_as ovn-chassis-2 ip link show | grep -q genev_sys])
> +OVS_WAIT_UNTIL([m_as ovn-gw-1 ip link show | grep -q genev_sys])
> +
> +# Test East-West switching
> +check multinode_nbctl ls-add sw0
> +check multinode_nbctl lsp-add sw0 sw0-port1
> +check multinode_nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:03
> 10.0.0.3 1000::3"
> +check multinode_nbctl lsp-add sw0 sw0-port2
> +check multinode_nbctl lsp-set-addresses sw0-port2 "50:54:00:00:00:04
> 10.0.0.4 1000::4"
> +
> +m_as ovn-chassis-1 /data/create_fake_vm.sh sw0-port1 sw0p1 50:54:00:00:00:03
> 10.0.0.3 24 10.0.0.1 1000::3/64 1000::a
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw0-port2 sw0p2 50:54:00:00:00:04
> 10.0.0.4 24 10.0.0.1 1000::4/64 1000::a
> +
> +m_wait_for_ports_up
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.4
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Create the second logical switch with one port
> +check multinode_nbctl ls-add sw1
> +check multinode_nbctl lsp-add sw1 sw1-port1
> +check multinode_nbctl lsp-set-addresses sw1-port1 "40:54:00:00:00:03
> 20.0.0.3 2000::3"
> +
> +# Create a logical router and attach both logical switches
> +check multinode_nbctl lr-add lr0
> +check multinode_nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24
> 1000::a/64
> +check multinode_nbctl lsp-add sw0 sw0-lr0
> +check multinode_nbctl lsp-set-type sw0-lr0 router
> +check multinode_nbctl lsp-set-addresses sw0-lr0 router
> +check multinode_nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
> +
> +check multinode_nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24
> 2000::a/64
> +check multinode_nbctl lsp-add sw1 sw1-lr0
> +check multinode_nbctl lsp-set-type sw1-lr0 router
> +check multinode_nbctl lsp-set-addresses sw1-lr0 router
> +check multinode_nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1
> +
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw1-port1 sw1p1 40:54:00:00:00:03
> 20.0.0.3 24 20.0.0.1 2000::3/64 2000::a
> +
> +# create exteranl connection for N/S traffic
> +check multinode_nbctl ls-add public
> +check multinode_nbctl lsp-add public ln-lublic
> +check multinode_nbctl lsp-set-type ln-lublic localnet
> +check multinode_nbctl lsp-set-addresses ln-lublic unknown
> +check multinode_nbctl lsp-set-options ln-lublic network_name=public
> +
> +check multinode_nbctl lrp-add lr0 lr0-public 00:11:22:00:ff:01
> 172.20.0.100/24
> +check multinode_nbctl lsp-add public public-lr0
> +check multinode_nbctl lsp-set-type public-lr0 router
> +check multinode_nbctl lsp-set-addresses public-lr0 router
> +check multinode_nbctl lsp-set-options public-lr0 router-port=lr0-public
> +check multinode_nbctl lrp-set-gateway-chassis lr0-public ovn-gw-1 10
> +check multinode_nbctl lr-route-add lr0 0.0.0.0/0 172.20.0.1
> +
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 10.0.0.0/24
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 20.0.0.0/24
> +
> +# create some ACLs
> +check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> +check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
> +
> +m_as ovn-gw-1 ip netns add ovn-ext0
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> +m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext0 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.0.1/24 dev ext0
> +
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext1 -- set interface ext1
> type=internal
> +m_as ovn-gw-1 ip link set ext1 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext1 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.1.1/24 dev ext1
> +
> +m_as ovn-gw-1 ip netns add ovn-ext2
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext2 -- set interface ext2
> type=internal
> +m_as ovn-gw-1 ip link set ext2 netns ovn-ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip link set ext2 up
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip addr add 172.20.1.2/24 dev ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip route add default via 172.20.1.1 dev
> ext2
> +
> +m_as ovn-gw-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-2 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +
> +m_wait_for_ports_up sw1-port1
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.3
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Change ptmu for the geneve tunnel
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1200 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 5 -s 1300 -M do 20.0.0.3
> 2>&1 |grep -q "message too long, mtu=1142"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1400 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping6 -c 5 -s 1450 -M do 2000::3
> 2>&1 |grep -q "message too long, mtu: 1342"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2
> 172.20.1.2 | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-gw-1], [ovn-ext0], [ip link set dev ext1 mtu 1000])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 10 -s 1300 -M do
> 172.20.1.2 2>&1 |grep -q "mtu = 1000"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2
> 172.20.1.2 | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +AT_CLEANUP
> +
> +AT_SETUP([ovn multinode pmtu - distributed router - vxlan])
> +
> +# Check that ovn-fake-multinode setup is up and running
> +check_fake_multinode_setup
> +
> +# Delete the multinode NB and OVS resources before starting the test.
> +cleanup_multinode_resources
> +
> +m_as ovn-chassis-1 ip link del sw0p1-p
> +m_as ovn-chassis-2 ip link del sw0p2-p
> +m_as ovn-chassis-2 ip link del sw1p1-p
> +
> +# Reset vxlan tunnels
> +for c in ovn-chassis-1 ovn-chassis-2 ovn-gw-1
> +do
> + m_as $c ovs-vsctl set open . external-ids:ovn-encap-type=vxlan
> +done
> +
> +OVS_WAIT_UNTIL([m_as ovn-chassis-1 ip link show | grep -q vxlan_sys])
> +OVS_WAIT_UNTIL([m_as ovn-chassis-2 ip link show | grep -q vxlan_sys])
> +OVS_WAIT_UNTIL([m_as ovn-gw-1 ip link show | grep -q vxlan_sys])
> +
> +# Test East-West switching
> +check multinode_nbctl ls-add sw0
> +check multinode_nbctl lsp-add sw0 sw0-port1
> +check multinode_nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:03
> 10.0.0.3 1000::3"
> +check multinode_nbctl lsp-add sw0 sw0-port2
> +check multinode_nbctl lsp-set-addresses sw0-port2 "50:54:00:00:00:04
> 10.0.0.4 1000::4"
> +
> +m_as ovn-chassis-1 /data/create_fake_vm.sh sw0-port1 sw0p1 50:54:00:00:00:03
> 10.0.0.3 24 10.0.0.1 1000::3/64 1000::a
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw0-port2 sw0p2 50:54:00:00:00:04
> 10.0.0.4 24 10.0.0.1 1000::4/64 1000::a
> +
> +m_wait_for_ports_up
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.4
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Create the second logical switch with one port
> +check multinode_nbctl ls-add sw1
> +check multinode_nbctl lsp-add sw1 sw1-port1
> +check multinode_nbctl lsp-set-addresses sw1-port1 "40:54:00:00:00:03
> 20.0.0.3 2000::3"
> +
> +# Create a logical router and attach both logical switches
> +check multinode_nbctl lr-add lr0
> +check multinode_nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24
> 1000::a/64
> +check multinode_nbctl lsp-add sw0 sw0-lr0
> +check multinode_nbctl lsp-set-type sw0-lr0 router
> +check multinode_nbctl lsp-set-addresses sw0-lr0 router
> +check multinode_nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
> +
> +check multinode_nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24
> 2000::a/64
> +check multinode_nbctl lsp-add sw1 sw1-lr0
> +check multinode_nbctl lsp-set-type sw1-lr0 router
> +check multinode_nbctl lsp-set-addresses sw1-lr0 router
> +check multinode_nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1
> +
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw1-port1 sw1p1 40:54:00:00:00:03
> 20.0.0.3 24 20.0.0.1 2000::3/64 2000::a
> +
> +# create exteranl connection for N/S traffic
> +check multinode_nbctl ls-add public
> +check multinode_nbctl lsp-add public ln-lublic
> +check multinode_nbctl lsp-set-type ln-lublic localnet
> +check multinode_nbctl lsp-set-addresses ln-lublic unknown
> +check multinode_nbctl lsp-set-options ln-lublic network_name=public
> +
> +check multinode_nbctl lrp-add lr0 lr0-public 00:11:22:00:ff:01
> 172.20.0.100/24
> +check multinode_nbctl lsp-add public public-lr0
> +check multinode_nbctl lsp-set-type public-lr0 router
> +check multinode_nbctl lsp-set-addresses public-lr0 router
> +check multinode_nbctl lsp-set-options public-lr0 router-port=lr0-public
> +check multinode_nbctl lrp-set-gateway-chassis lr0-public ovn-gw-1 10
> +check multinode_nbctl lr-route-add lr0 0.0.0.0/0 172.20.0.1
> +
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 10.0.0.0/24
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 20.0.0.0/24
> +
> +# create some ACLs
> +check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> +check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
> +
> +m_as ovn-gw-1 ip netns add ovn-ext0
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> +m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext0 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.0.1/24 dev ext0
> +
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext1 -- set interface ext1
> type=internal
> +m_as ovn-gw-1 ip link set ext1 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext1 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.1.1/24 dev ext1
> +
> +m_as ovn-gw-1 ip netns add ovn-ext2
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext2 -- set interface ext2
> type=internal
> +m_as ovn-gw-1 ip link set ext2 netns ovn-ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip link set ext2 up
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip addr add 172.20.1.2/24 dev ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip route add default via 172.20.1.1 dev
> ext2
> +
> +m_as ovn-gw-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-2 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +
> +m_wait_for_ports_up sw1-port1
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.3
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Change ptmu for the vxlan tunnel
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1200 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 5 -s 1300 -M do 20.0.0.3
> 2>&1 |grep -q "message too long, mtu=1150"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +M_NS_CHECK_EXEC([ovn-gw-1], [ovn-ext0], [ip link set dev ext1 mtu 1100])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2
> 172.20.1.2 | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 20 -i 0.5 -s 1300 -M do
> 172.20.1.2 2>&1 |grep -q "mtu = 1150"])
> +
> +AT_CLEANUP
> +
> +AT_SETUP([ovn multinode pmtu - gw_router_port - geneve])
> +
> +# Check that ovn-fake-multinode setup is up and running
> +check_fake_multinode_setup
> +
> +# Delete the multinode NB and OVS resources before starting the test.
> +cleanup_multinode_resources
> +
> +m_as ovn-chassis-1 ip link del sw0p1-p
> +m_as ovn-chassis-2 ip link del sw0p2-p
> +m_as ovn-chassis-2 ip link del sw1p1-p
> +
> +# Reset geneve tunnels
> +for c in ovn-chassis-1 ovn-chassis-2 ovn-gw-1
> +do
> + m_as $c ovs-vsctl set open . external-ids:ovn-encap-type=geneve
> +done
> +
> +OVS_WAIT_UNTIL([m_as ovn-chassis-1 ip link show | grep -q genev_sys])
> +OVS_WAIT_UNTIL([m_as ovn-chassis-2 ip link show | grep -q genev_sys])
> +OVS_WAIT_UNTIL([m_as ovn-gw-1 ip link show | grep -q genev_sys])
> +
> +# Test East-West switching
> +check multinode_nbctl ls-add sw0
> +check multinode_nbctl lsp-add sw0 sw0-port1
> +check multinode_nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:03
> 10.0.0.3 1000::3"
> +check multinode_nbctl lsp-add sw0 sw0-port2
> +check multinode_nbctl lsp-set-addresses sw0-port2 "50:54:00:00:00:04
> 10.0.0.4 1000::4"
> +
> +m_as ovn-chassis-1 /data/create_fake_vm.sh sw0-port1 sw0p1 50:54:00:00:00:03
> 10.0.0.3 24 10.0.0.1 1000::3/64 1000::a
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw0-port2 sw0p2 50:54:00:00:00:04
> 10.0.0.4 24 10.0.0.1 1000::4/64 1000::a
> +
> +m_wait_for_ports_up
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.4
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Create the second logical switch with one port
> +check multinode_nbctl ls-add sw1
> +check multinode_nbctl lsp-add sw1 sw1-port1
> +check multinode_nbctl lsp-set-addresses sw1-port1 "40:54:00:00:00:03
> 20.0.0.3 2000::3"
> +
> +# Create a logical router and attach both logical switches
> +check multinode_nbctl lr-add lr0
> +check multinode_nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24
> 1000::a/64
> +check multinode_nbctl lsp-add sw0 sw0-lr0
> +check multinode_nbctl lsp-set-type sw0-lr0 router
> +check multinode_nbctl lsp-set-addresses sw0-lr0 router
> +check multinode_nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
> +
> +check multinode_nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24
> 2000::a/64
> +check multinode_nbctl lsp-add sw1 sw1-lr0
> +check multinode_nbctl lsp-set-type sw1-lr0 router
> +check multinode_nbctl lsp-set-addresses sw1-lr0 router
> +check multinode_nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1
> +
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw1-port1 sw1p1 40:54:00:00:00:03
> 20.0.0.3 24 20.0.0.1 2000::3/64 2000::a
> +
> +# create exteranl connection for N/S traffic
> +check multinode_nbctl ls-add public
> +check multinode_nbctl lsp-add public ln-lublic
> +check multinode_nbctl lsp-set-type ln-lublic localnet
> +check multinode_nbctl lsp-set-addresses ln-lublic unknown
> +check multinode_nbctl lsp-set-options ln-lublic network_name=public
> +
> +check multinode_nbctl lrp-add lr0 lr0-public 00:11:22:00:ff:01
> 172.20.0.100/24
> +check multinode_nbctl lsp-add public public-lr0
> +check multinode_nbctl lsp-set-type public-lr0 router
> +check multinode_nbctl lsp-set-addresses public-lr0 router
> +check multinode_nbctl lsp-set-options public-lr0 router-port=lr0-public
> +check multinode_nbctl lrp-set-gateway-chassis lr0-public ovn-gw-1 10
> +check multinode_nbctl lr-route-add lr0 0.0.0.0/0 172.20.0.1
> +
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 10.0.0.0/24
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 20.0.0.0/24
> +
> +check multinode_nbctl lrp-set-gateway-chassis lr0-sw0 ovn-chassis-1 10
> +check multinode_nbctl lrp-set-gateway-chassis lr0-sw1 ovn-chassis-2 10
> +
> +# create some ACLs
> +check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> +check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
> +
> +m_as ovn-gw-1 ip netns add ovn-ext0
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> +m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext0 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.0.1/24 dev ext0
> +
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext1 -- set interface ext1
> type=internal
> +m_as ovn-gw-1 ip link set ext1 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext1 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.1.1/24 dev ext1
> +
> +m_as ovn-gw-1 ip netns add ovn-ext2
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext2 -- set interface ext2
> type=internal
> +m_as ovn-gw-1 ip link set ext2 netns ovn-ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip link set ext2 up
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip addr add 172.20.1.2/24 dev ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip route add default via 172.20.1.1 dev
> ext2
> +
> +m_as ovn-gw-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-2 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +
> +m_wait_for_ports_up sw1-port1
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.3
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1200 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 5 -s 1300 -M do 20.0.0.3
> 2>&1 |grep -q "message too long, mtu=1142"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1400 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping6 -c 5 -s 1450 -M do 2000::3
> 2>&1 |grep -q "message too long, mtu: 1342"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2
> 172.20.1.2 | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-gw-1], [ovn-ext0], [ip link set dev ext1 mtu 1100])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 20 -i 0.5 -s 1300 -M do
> 172.20.1.2 2>&1 |grep -q "mtu = 1100"])
> +
> +AT_CLEANUP
> +
> +AT_SETUP([ovn multinode pmtu - gw_router_port - vxlan])
> +
> +# Check that ovn-fake-multinode setup is up and running
> +check_fake_multinode_setup
> +
> +# Delete the multinode NB and OVS resources before starting the test.
> +cleanup_multinode_resources
> +
> +m_as ovn-chassis-1 ip link del sw0p1-p
> +m_as ovn-chassis-2 ip link del sw0p2-p
> +m_as ovn-chassis-2 ip link del sw1p1-p
> +
> +# Reset geneve tunnels
> +for c in ovn-chassis-1 ovn-chassis-2 ovn-gw-1
> +do
> + m_as $c ovs-vsctl set open . external-ids:ovn-encap-type=vxlan
> +done
> +
> +OVS_WAIT_UNTIL([m_as ovn-chassis-1 ip link show | grep -q vxlan_sys])
> +OVS_WAIT_UNTIL([m_as ovn-chassis-2 ip link show | grep -q vxlan_sys])
> +OVS_WAIT_UNTIL([m_as ovn-gw-1 ip link show | grep -q vxlan_sys])
> +
> +# Test East-West switching
> +check multinode_nbctl ls-add sw0
> +check multinode_nbctl lsp-add sw0 sw0-port1
> +check multinode_nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:03
> 10.0.0.3 1000::3"
> +check multinode_nbctl lsp-add sw0 sw0-port2
> +check multinode_nbctl lsp-set-addresses sw0-port2 "50:54:00:00:00:04
> 10.0.0.4 1000::4"
> +
> +m_as ovn-chassis-1 /data/create_fake_vm.sh sw0-port1 sw0p1 50:54:00:00:00:03
> 10.0.0.3 24 10.0.0.1 1000::3/64 1000::a
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw0-port2 sw0p2 50:54:00:00:00:04
> 10.0.0.4 24 10.0.0.1 1000::4/64 1000::a
> +
> +m_wait_for_ports_up
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.4
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Create the second logical switch with one port
> +check multinode_nbctl ls-add sw1
> +check multinode_nbctl lsp-add sw1 sw1-port1
> +check multinode_nbctl lsp-set-addresses sw1-port1 "40:54:00:00:00:03
> 20.0.0.3 2000::3"
> +
> +# Create a logical router and attach both logical switches
> +check multinode_nbctl lr-add lr0
> +check multinode_nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24
> 1000::a/64
> +check multinode_nbctl lsp-add sw0 sw0-lr0
> +check multinode_nbctl lsp-set-type sw0-lr0 router
> +check multinode_nbctl lsp-set-addresses sw0-lr0 router
> +check multinode_nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
> +
> +check multinode_nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24
> 2000::a/64
> +check multinode_nbctl lsp-add sw1 sw1-lr0
> +check multinode_nbctl lsp-set-type sw1-lr0 router
> +check multinode_nbctl lsp-set-addresses sw1-lr0 router
> +check multinode_nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1
> +
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw1-port1 sw1p1 40:54:00:00:00:03
> 20.0.0.3 24 20.0.0.1 2000::3/64 2000::a
> +
> +# create exteranl connection for N/S traffic
> +check multinode_nbctl ls-add public
> +check multinode_nbctl lsp-add public ln-lublic
> +check multinode_nbctl lsp-set-type ln-lublic localnet
> +check multinode_nbctl lsp-set-addresses ln-lublic unknown
> +check multinode_nbctl lsp-set-options ln-lublic network_name=public
> +
> +check multinode_nbctl lrp-add lr0 lr0-public 00:11:22:00:ff:01
> 172.20.0.100/24
> +check multinode_nbctl lsp-add public public-lr0
> +check multinode_nbctl lsp-set-type public-lr0 router
> +check multinode_nbctl lsp-set-addresses public-lr0 router
> +check multinode_nbctl lsp-set-options public-lr0 router-port=lr0-public
> +check multinode_nbctl lrp-set-gateway-chassis lr0-public ovn-gw-1 10
> +check multinode_nbctl lr-route-add lr0 0.0.0.0/0 172.20.0.1
> +
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 10.0.0.0/24
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 20.0.0.0/24
> +
> +check multinode_nbctl lrp-set-gateway-chassis lr0-sw0 ovn-chassis-1 10
> +check multinode_nbctl lrp-set-gateway-chassis lr0-sw1 ovn-chassis-2 10
> +
> +# create some ACLs
> +check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> +check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
> +
> +m_as ovn-gw-1 ip netns add ovn-ext0
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> +m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext0 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.0.1/24 dev ext0
> +
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext1 -- set interface ext1
> type=internal
> +m_as ovn-gw-1 ip link set ext1 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext1 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.1.1/24 dev ext1
> +
> +m_as ovn-gw-1 ip netns add ovn-ext2
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext2 -- set interface ext2
> type=internal
> +m_as ovn-gw-1 ip link set ext2 netns ovn-ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip link set ext2 up
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip addr add 172.20.1.2/24 dev ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip route add default via 172.20.1.1 dev
> ext2
> +
> +m_as ovn-gw-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-2 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +
> +m_wait_for_ports_up sw1-port1
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.3
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1200 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 5 -s 1300 -M do 20.0.0.3
> 2>&1 |grep -q "message too long, mtu=1150"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +M_NS_CHECK_EXEC([ovn-gw-1], [ovn-ext0], [ip link set dev ext1 mtu 1100])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2
> 172.20.1.2 | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 20 -i 0.5 -s 1300 -M do
> 172.20.1.2 2>&1 |grep -q "mtu = 1150"])
> +
> +AT_CLEANUP
> +
> +AT_SETUP([ovn multinode pmtu - gw router - geneve])
> +
> +# Check that ovn-fake-multinode setup is up and running
> +check_fake_multinode_setup
> +
> +# Delete the multinode NB and OVS resources before starting the test.
> +cleanup_multinode_resources
> +
> +m_as ovn-chassis-1 ip link del sw0p1-p
> +m_as ovn-chassis-2 ip link del sw0p2-p
> +m_as ovn-chassis-2 ip link del sw1p1-p
> +
> +# Reset geneve tunnels
> +for c in ovn-chassis-1 ovn-chassis-2 ovn-gw-1
> +do
> + m_as $c ovs-vsctl set open . external-ids:ovn-encap-type=geneve
> +done
> +
> +OVS_WAIT_UNTIL([m_as ovn-chassis-1 ip link show | grep -q genev_sys])
> +OVS_WAIT_UNTIL([m_as ovn-chassis-2 ip link show | grep -q genev_sys])
> +OVS_WAIT_UNTIL([m_as ovn-gw-1 ip link show | grep -q genev_sys])
> +
> +# Test East-West switching
> +check multinode_nbctl ls-add sw0
> +check multinode_nbctl lsp-add sw0 sw0-port1
> +check multinode_nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:03
> 10.0.0.3 1000::3"
> +check multinode_nbctl lsp-add sw0 sw0-port2
> +check multinode_nbctl lsp-set-addresses sw0-port2 "50:54:00:00:00:04
> 10.0.0.4 1000::4"
> +
> +m_as ovn-chassis-1 /data/create_fake_vm.sh sw0-port1 sw0p1 50:54:00:00:00:03
> 10.0.0.3 24 10.0.0.1 1000::3/64 1000::a
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw0-port2 sw0p2 50:54:00:00:00:04
> 10.0.0.4 24 10.0.0.1 1000::4/64 1000::a
> +
> +m_wait_for_ports_up
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.4
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Create the second logical switch with one port
> +check multinode_nbctl ls-add sw1
> +check multinode_nbctl lsp-add sw1 sw1-port1
> +check multinode_nbctl lsp-set-addresses sw1-port1 "40:54:00:00:00:03
> 20.0.0.3 2000::3"
> +
> +# Create a logical router and attach both logical switches
> +check multinode_nbctl lr-add lr0 -- set Logical_Router lr0
> options:chassis=ovn-gw-1
> +check multinode_nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24
> 1000::a/64
> +check multinode_nbctl lsp-add sw0 sw0-lr0
> +check multinode_nbctl lsp-set-type sw0-lr0 router
> +check multinode_nbctl lsp-set-addresses sw0-lr0 router
> +check multinode_nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
> +
> +check multinode_nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24
> 2000::a/64
> +check multinode_nbctl lsp-add sw1 sw1-lr0
> +check multinode_nbctl lsp-set-type sw1-lr0 router
> +check multinode_nbctl lsp-set-addresses sw1-lr0 router
> +check multinode_nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1
> +
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw1-port1 sw1p1 40:54:00:00:00:03
> 20.0.0.3 24 20.0.0.1 2000::3/64 2000::a
> +
> +# create exteranl connection for N/S traffic
> +check multinode_nbctl ls-add public
> +check multinode_nbctl lsp-add public ln-lublic
> +check multinode_nbctl lsp-set-type ln-lublic localnet
> +check multinode_nbctl lsp-set-addresses ln-lublic unknown
> +check multinode_nbctl lsp-set-options ln-lublic network_name=public
> +
> +check multinode_nbctl lrp-add lr0 lr0-public 00:11:22:00:ff:01
> 172.20.0.100/24
> +check multinode_nbctl lsp-add public public-lr0
> +check multinode_nbctl lsp-set-type public-lr0 router
> +check multinode_nbctl lsp-set-addresses public-lr0 router
> +check multinode_nbctl lsp-set-options public-lr0 router-port=lr0-public
> +check multinode_nbctl lr-route-add lr0 0.0.0.0/0 172.20.0.1
> +
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 10.0.0.0/24
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 20.0.0.0/24
> +
> +# create some ACLs
> +check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> +check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
> +
> +m_as ovn-gw-1 ip netns add ovn-ext0
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> +m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext0 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.0.1/24 dev ext0
> +
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext1 -- set interface ext1
> type=internal
> +m_as ovn-gw-1 ip link set ext1 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext1 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.1.1/24 dev ext1
> +
> +m_as ovn-gw-1 ip netns add ovn-ext2
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext2 -- set interface ext2
> type=internal
> +m_as ovn-gw-1 ip link set ext2 netns ovn-ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip link set ext2 up
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip addr add 172.20.1.2/24 dev ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip route add default via 172.20.1.1 dev
> ext2
> +
> +m_as ovn-gw-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-2 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +
> +m_wait_for_ports_up sw1-port1
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.3
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1200 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 5 -s 1300 -M do 20.0.0.3
> 2>&1 |grep -q "message too long, mtu=1142"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1400 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping6 -c 5 -s 1450 -M do 2000::3
> 2>&1 |grep -q "message too long, mtu: 1342"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2
> 172.20.1.2 | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-gw-1], [ovn-ext0], [ip link set dev ext1 mtu 1100])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 20 -i 0.5 -s 1300 -M do
> 172.20.1.2 2>&1 |grep -q "mtu = 1100"])
> +
> +AT_CLEANUP
> +
> +AT_SETUP([ovn multinode pmtu - gw router - vxlan])
> +
> +# Check that ovn-fake-multinode setup is up and running
> +check_fake_multinode_setup
> +
> +# Delete the multinode NB and OVS resources before starting the test.
> +cleanup_multinode_resources
> +
> +m_as ovn-chassis-1 ip link del sw0p1-p
> +m_as ovn-chassis-2 ip link del sw0p2-p
> +m_as ovn-chassis-2 ip link del sw1p1-p
> +
> +# Reset geneve tunnels
> +for c in ovn-chassis-1 ovn-chassis-2 ovn-gw-1
> +do
> + m_as $c ovs-vsctl set open . external-ids:ovn-encap-type=vxlan
> +done
> +
> +OVS_WAIT_UNTIL([m_as ovn-chassis-1 ip link show | grep -q vxlan_sys])
> +OVS_WAIT_UNTIL([m_as ovn-chassis-2 ip link show | grep -q vxlan_sys])
> +OVS_WAIT_UNTIL([m_as ovn-gw-1 ip link show | grep -q vxlan_sys])
> +
> +# Test East-West switching
> +check multinode_nbctl ls-add sw0
> +check multinode_nbctl lsp-add sw0 sw0-port1
> +check multinode_nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:03
> 10.0.0.3 1000::3"
> +check multinode_nbctl lsp-add sw0 sw0-port2
> +check multinode_nbctl lsp-set-addresses sw0-port2 "50:54:00:00:00:04
> 10.0.0.4 1000::4"
> +
> +m_as ovn-chassis-1 /data/create_fake_vm.sh sw0-port1 sw0p1 50:54:00:00:00:03
> 10.0.0.3 24 10.0.0.1 1000::3/64 1000::a
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw0-port2 sw0p2 50:54:00:00:00:04
> 10.0.0.4 24 10.0.0.1 1000::4/64 1000::a
> +
> +m_wait_for_ports_up
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.4
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Create the second logical switch with one port
> +check multinode_nbctl ls-add sw1
> +check multinode_nbctl lsp-add sw1 sw1-port1
> +check multinode_nbctl lsp-set-addresses sw1-port1 "40:54:00:00:00:03
> 20.0.0.3 2000::3"
> +
> +# Create a logical router and attach both logical switches
> +check multinode_nbctl lr-add lr0 -- set Logical_Router lr0
> options:chassis=ovn-gw-1
> +check multinode_nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24
> 1000::a/64
> +check multinode_nbctl lsp-add sw0 sw0-lr0
> +check multinode_nbctl lsp-set-type sw0-lr0 router
> +check multinode_nbctl lsp-set-addresses sw0-lr0 router
> +check multinode_nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
> +
> +check multinode_nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24
> 2000::a/64
> +check multinode_nbctl lsp-add sw1 sw1-lr0
> +check multinode_nbctl lsp-set-type sw1-lr0 router
> +check multinode_nbctl lsp-set-addresses sw1-lr0 router
> +check multinode_nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1
> +
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw1-port1 sw1p1 40:54:00:00:00:03
> 20.0.0.3 24 20.0.0.1 2000::3/64 2000::a
> +
> +# create exteranl connection for N/S traffic
> +check multinode_nbctl ls-add public
> +check multinode_nbctl lsp-add public ln-lublic
> +check multinode_nbctl lsp-set-type ln-lublic localnet
> +check multinode_nbctl lsp-set-addresses ln-lublic unknown
> +check multinode_nbctl lsp-set-options ln-lublic network_name=public
> +
> +check multinode_nbctl lrp-add lr0 lr0-public 00:11:22:00:ff:01
> 172.20.0.100/24
> +check multinode_nbctl lsp-add public public-lr0
> +check multinode_nbctl lsp-set-type public-lr0 router
> +check multinode_nbctl lsp-set-addresses public-lr0 router
> +check multinode_nbctl lsp-set-options public-lr0 router-port=lr0-public
> +check multinode_nbctl lr-route-add lr0 0.0.0.0/0 172.20.0.1
> +
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 10.0.0.0/24
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 20.0.0.0/24
> +
> +# create some ACLs
> +check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> +check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
> +
> +m_as ovn-gw-1 ip netns add ovn-ext0
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> +m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext0 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.0.1/24 dev ext0
> +
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext1 -- set interface ext1
> type=internal
> +m_as ovn-gw-1 ip link set ext1 netns ovn-ext0
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip link set ext1 up
> +m_as ovn-gw-1 ip netns exec ovn-ext0 ip addr add 172.20.1.1/24 dev ext1
> +
> +m_as ovn-gw-1 ip netns add ovn-ext2
> +m_as ovn-gw-1 ovs-vsctl add-port br-ex ext2 -- set interface ext2
> type=internal
> +m_as ovn-gw-1 ip link set ext2 netns ovn-ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip link set ext2 up
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip addr add 172.20.1.2/24 dev ext2
> +m_as ovn-gw-1 ip netns exec ovn-ext2 ip route add default via 172.20.1.1 dev
> ext2
> +
> +m_as ovn-gw-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-1 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +m_as ovn-chassis-2 ovs-vsctl set open .
> external-ids:ovn-bridge-mappings=public:br-ex
> +
> +m_wait_for_ports_up sw1-port1
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.3
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1200 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 5 -s 1300 -M do 20.0.0.3
> 2>&1 |grep -q "message too long, mtu=1150"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +M_NS_CHECK_EXEC([ovn-gw-1], [ovn-ext0], [ip link set dev ext1 mtu 1100])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2
> 172.20.1.2 | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 20 -i 0.5 -s 1300 -M do
> 172.20.1.2 2>&1 |grep -q "mtu = 1150"])
> +
> +AT_CLEANUP
> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> index 9a0d418e4..25efacccc 100644
> --- a/tests/ovn-northd.at
> +++ b/tests/ovn-northd.at
> @@ -6492,6 +6492,9 @@ AT_CAPTURE_FILE([lrflows])
>
> # Check the flows in lr_in_admission stage
> AT_CHECK([grep lr_in_admission lrflows | grep cr-DR | sort], [0], [dnl
> + table=0 (lr_in_admission ), priority=120 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.dst == 02:ac:10:01:00:01 && !is_chassis_resident("cr-DR-S1") &&
> flags.tunnel_rx == 1), action=(outport <-> inport; inport = "DR-S1"; next;)
> + table=0 (lr_in_admission ), priority=120 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.dst == 03:ac:10:01:00:01 && !is_chassis_resident("cr-DR-S2") &&
> flags.tunnel_rx == 1), action=(outport <-> inport; inport = "DR-S2"; next;)
> + table=0 (lr_in_admission ), priority=120 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.dst == 04:ac:10:01:00:01 && !is_chassis_resident("cr-DR-S3") &&
> flags.tunnel_rx == 1), action=(outport <-> inport; inport = "DR-S3"; next;)
> table=0 (lr_in_admission ), priority=50 , match=(eth.dst ==
> 02:ac:10:01:00:01 && inport == "DR-S1" && is_chassis_resident("cr-DR-S1")),
> action=(xreg0[[0..47]] = 02:ac:10:01:00:01; next;)
> table=0 (lr_in_admission ), priority=50 , match=(eth.dst ==
> 03:ac:10:01:00:01 && inport == "DR-S2" && is_chassis_resident("cr-DR-S2")),
> action=(xreg0[[0..47]] = 03:ac:10:01:00:01; next;)
> table=0 (lr_in_admission ), priority=50 , match=(eth.dst ==
> 04:ac:10:01:00:01 && inport == "DR-S3" && is_chassis_resident("cr-DR-S3")),
> action=(xreg0[[0..47]] = 04:ac:10:01:00:01; next;)
> @@ -6551,6 +6554,7 @@ AT_CAPTURE_FILE([lrflows])
>
> # Check the flows in lr_in_admission stage
> AT_CHECK([grep lr_in_admission lrflows | grep lrp1 | sed
> 's/table=../table=??/' | sort], [0], [dnl
> + table=??(lr_in_admission ), priority=120 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.dst == 00:00:00:00:00:01 && !is_chassis_resident("cr-lrp1") &&
> flags.tunnel_rx == 1), action=(outport <-> inport; inport = "lrp1"; next;)
> table=??(lr_in_admission ), priority=50 , match=(eth.dst ==
> 00:00:00:00:00:01 && inport == "lrp1" && is_chassis_resident("cr-lrp1")),
> action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;)
> table=??(lr_in_admission ), priority=50 , match=(eth.mcast && inport
> == "lrp1"), action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;)
> ])
> @@ -6572,6 +6576,7 @@ AT_CAPTURE_FILE([lrflows])
>
> # Check the flows in lr_in_admission stage
> AT_CHECK([grep lr_in_admission lrflows | grep lrp1 | sed
> 's/table=../table=??/' | sort], [0], [dnl
> + table=??(lr_in_admission ), priority=120 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.dst == 00:00:00:00:00:01 && !is_chassis_resident("cr-lrp1") &&
> flags.tunnel_rx == 1), action=(outport <-> inport; inport = "lrp1"; next;)
> table=??(lr_in_admission ), priority=50 , match=(eth.dst ==
> 00:00:00:00:00:01 && inport == "lrp1"), action=(xreg0[[0..47]] =
> 00:00:00:00:00:01; next;)
> table=??(lr_in_admission ), priority=50 , match=(eth.mcast && inport
> == "lrp1"), action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;)
> ])
> @@ -6590,6 +6595,7 @@ AT_CAPTURE_FILE([lrflows])
>
> # Check the flows in lr_in_admission stage
> AT_CHECK([grep lr_in_admission lrflows | grep lrp1 | sed
> 's/table=../table=??/' | sort], [0], [dnl
> + table=??(lr_in_admission ), priority=120 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.dst == 00:00:00:00:00:01 && !is_chassis_resident("cr-lrp1") &&
> flags.tunnel_rx == 1), action=(outport <-> inport; inport = "lrp1"; next;)
> table=??(lr_in_admission ), priority=50 , match=(eth.dst ==
> 00:00:00:00:00:01 && inport == "lrp1" && is_chassis_resident("cr-lrp1")),
> action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;)
> table=??(lr_in_admission ), priority=50 , match=(eth.mcast && inport
> == "lrp1"), action=(xreg0[[0..47]] = 00:00:00:00:00:01; next;)
> ])
> @@ -8318,6 +8324,7 @@ AT_CHECK([cat sw0flows | grep -e port_sec -e
> ls_in_l2_lkup -e ls_in_l2_unknown |
> sort | sed 's/table=../table=??/' ], [0], [dnl
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_apply_port_sec), priority=0 , match=(1), action=(next;)
> table=??(ls_in_apply_port_sec), priority=50 , match=(reg0[[15]] == 1),
> action=(drop;)
> @@ -8343,6 +8350,7 @@ AT_CHECK([cat sw0flows | grep -e port_sec -e
> ls_in_l2_lkup -e ls_in_l2_unknown |
> sort | sed 's/table=../table=??/' ], [0], [dnl
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_apply_port_sec), priority=0 , match=(1), action=(next;)
> table=??(ls_in_apply_port_sec), priority=50 , match=(reg0[[15]] == 1),
> action=(drop;)
> @@ -8369,6 +8377,7 @@ AT_CHECK([cat sw0flows | grep -e port_sec -e
> ls_in_l2_lkup -e ls_in_l2_unknown |
> sort | sed 's/table=../table=??/' ], [0], [dnl
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_apply_port_sec), priority=0 , match=(1), action=(next;)
> table=??(ls_in_apply_port_sec), priority=50 , match=(reg0[[15]] == 1),
> action=(drop;)
> @@ -8396,6 +8405,7 @@ sort | sed 's/table=../table=??/' ], [0], [dnl
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(inport == "sw0p1"),
> action=(reg0[[15]] = 1; next;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_apply_port_sec), priority=0 , match=(1), action=(next;)
> table=??(ls_in_apply_port_sec), priority=50 , match=(reg0[[15]] == 1),
> action=(drop;)
> @@ -8422,6 +8432,7 @@ sort | sed 's/table=../table=??/' ], [0], [dnl
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(inport == "sw0p1"),
> action=(reg0[[15]] = 1; next;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_check_port_sec), priority=70 , match=(inport == "sw0p2"),
> action=(set_queue(10); reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_apply_port_sec), priority=0 , match=(1), action=(next;)
> @@ -8451,6 +8462,7 @@ AT_CHECK([cat sw0flows | grep -e port_sec -e
> ls_in_l2_lkup -e ls_in_l2_unknown |
> sort | sed 's/table=../table=??/' ], [0], [dnl
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_check_port_sec), priority=70 , match=(inport ==
> "localnetport"), action=(set_queue(10); reg0[[15]] = check_in_port_sec();
> next;)
> table=??(ls_in_check_port_sec), priority=70 , match=(inport == "sw0p1"),
> action=(reg0[[14]] = 1; next(pipeline=ingress, table=17);)
> --
> 2.43.0
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
