On 4/3/24 12:29, Lorenzo Bianconi wrote:
> Similar to what is already implemented for routed e/w traffic,
> introduce pmtud support for e/w traffic between two logical switch ports
> connected to the same logical switch, but running on two different
> hypervisors.
>
> Acked-by: Mark Michelson <[email protected]>
> Reported-at: https://issues.redhat.com/browse/FDP-362
> Signed-off-by: Lorenzo Bianconi <[email protected]>
> ---
> Changes since v1:
> - move logic in consider_port_binding
> - add more self-test
> - fix typos
> ---
Hi Lorenzo,
I have a few comments below. Overall the rest looks OK to me.
> controller/lflow.h | 1 +
> controller/physical.c | 30 +++++++-
> northd/northd.c | 35 +++++++---
> northd/ovn-northd.8.xml | 16 +++--
> tests/multinode.at | 151 ++++++++++++++++++++++++++++++++++++++++
> tests/ovn-controller.at | 63 +++++++++++++++++
> tests/ovn-macros.at | 1 +
> tests/ovn-northd.at | 22 ++++--
> tests/ovn.at | 5 +-
> 9 files changed, 304 insertions(+), 20 deletions(-)
>
> diff --git a/controller/lflow.h b/controller/lflow.h
> index 9b7ffa19c..906a26280 100644
> --- a/controller/lflow.h
> +++ b/controller/lflow.h
> @@ -94,6 +94,7 @@ struct uuid;
> #define OFTABLE_ECMP_NH 77
> #define OFTABLE_CHK_LB_AFFINITY 78
> #define OFTABLE_MAC_CACHE_USE 79
> +#define OFTABLE_CT_ZONE_LOOKUP 80
>
> struct lflow_ctx_in {
> struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath;
> diff --git a/controller/physical.c b/controller/physical.c
> index 7ee308694..25da789f0 100644
> --- a/controller/physical.c
> +++ b/controller/physical.c
> @@ -1498,6 +1498,26 @@ consider_port_binding(struct ovsdb_idl_index
> *sbrec_port_binding_by_name,
> return;
> }
>
> + if (get_lport_type(binding) == LP_VIF) {
> + /* Table 80, priority 100.
> + * =======================
> + *
> + * Process ICMP{4,6} error packets too big locally generated from the
> + * kernel in order to lookup proper ct_zone. */
> + struct match match = MATCH_CATCHALL_INITIALIZER;
> + match_set_metadata(&match, htonll(dp_key));
> + match_set_reg(&match, MFF_LOG_INPORT - MFF_REG0, port_key);
> +
> + struct zone_ids icmp_zone_ids = get_zone_ids(binding, ct_zones);
> + ofpbuf_clear(ofpacts_p);
> + put_zones_ofpacts(&icmp_zone_ids, ofpacts_p);
> + put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, ofpacts_p);
> + ofctrl_add_flow(flow_table, OFTABLE_CT_ZONE_LOOKUP, 100,
> + binding->header_.uuid.parts[0], &match,
> + ofpacts_p, &binding->header_.uuid);
> + ofpbuf_clear(ofpacts_p);
> + }
> +
> struct match match;
> if (!strcmp(binding->type, "patch")
> || (!strcmp(binding->type, "l3gateway")
> @@ -2464,6 +2484,14 @@ physical_run(struct physical_ctx *p_ctx,
> flow_table, &ofpacts);
> }
>
> + /* Default flow for CT_ZONE_LOOKUP Table. */
> + struct match ct_look_def_match;
> + match_init_catchall(&ct_look_def_match);
> + ofpbuf_clear(&ofpacts);
> + put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, &ofpacts);
> + ofctrl_add_flow(flow_table, OFTABLE_CT_ZONE_LOOKUP, 0, 0,
> + &ct_look_def_match, &ofpacts, hc_uuid);
> +
> /* Handle output to multicast groups, in tables 40 and 41. */
> const struct sbrec_multicast_group *mc;
> SBREC_MULTICAST_GROUP_TABLE_FOR_EACH (mc, p_ctx->mc_group_table) {
> @@ -2522,7 +2550,7 @@ physical_run(struct physical_ctx *p_ctx,
> /* Add specif flows for E/W ICMPv{4,6} packets if tunnelled packets
> * do not fit path MTU.
> */
> - put_resubmit(OFTABLE_LOG_INGRESS_PIPELINE, &ofpacts);
> + put_resubmit(OFTABLE_CT_ZONE_LOOKUP, &ofpacts);
>
> /* IPv4 */
> match_init_catchall(&match);
> diff --git a/northd/northd.c b/northd/northd.c
> index c568f6360..ddd960d19 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -8678,7 +8678,7 @@ build_lswitch_lflows_admission_control(struct
> ovn_datapath *od,
> ovs_assert(od->nbs);
>
> /* Default action for recirculated ICMP error 'packet too big'. */
> - ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 110,
> + ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 105,
> "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> " flags.tunnel_rx == 1", debug_drop_action(), lflow_ref);
> @@ -11863,7 +11863,24 @@ build_lswitch_icmp_packet_toobig_admin_flows(
> {
> ovs_assert(op->nbsp);
>
> + ds_clear(match);
> if (!lsp_is_router(op->nbsp)) {
> + struct eth_addr mac;
> + if (!op->nbsp->n_addresses ||
> + !ovs_scan(op->nbsp->addresses[0], ETH_ADDR_SCAN_FMT,
> + ETH_ADDR_SCAN_ARGS(mac))) {
We already store the parsed addresses in op->lsp_addresses why do we
need to reparse here?
> + return;
> + }
> +
> + ds_put_format(match,
> + "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> + " (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&"
> + " eth.src == "ETH_ADDR_FMT" && outport == %s &&"
> + " !is_chassis_resident(%s) && flags.tunnel_rx == 1",
> + ETH_ADDR_ARGS(mac), op->json_key, op->json_key);
> + ovn_lflow_add(lflows, op->od, S_SWITCH_IN_CHECK_PORT_SEC, 110,
> + ds_cstr(match), "outport <-> inport; next;",
> + op->lflow_ref);
> return;
> }
>
> @@ -11872,26 +11889,28 @@ build_lswitch_icmp_packet_toobig_admin_flows(
> return;
> }
>
> - ds_clear(match);
> if (peer->od->is_gw_router) {
> ds_put_format(match,
> "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> " (ip6 && icmp6.type == 2 && icmp6.code == 0)) && "
> "eth.src == %s && outport == %s && flags.tunnel_rx ==
> 1",
> peer->nbrp->mac, op->json_key);
> + ovn_lflow_add(lflows, op->od, S_SWITCH_IN_CHECK_PORT_SEC, 120,
> + ds_cstr(match), "outport <-> inport; next;",
> + op->lflow_ref);
> } else {
> ds_put_format(match,
> "((ip4 && icmp4.type == 3 && icmp4.code == 4) ||"
> " (ip6 && icmp6.type == 2 && icmp6.code == 0)) && "
> "eth.dst == %s && flags.tunnel_rx == 1",
> peer->nbrp->mac);
> + ds_clear(actions);
> + ds_put_format(actions,
> + "outport <-> inport; next(pipeline=ingress,table=%d);",
> + ovn_stage_get_table(S_SWITCH_IN_L2_LKUP));
> + ovn_lflow_add(lflows, op->od, S_SWITCH_IN_CHECK_PORT_SEC, 120,
> + ds_cstr(match), ds_cstr(actions), op->lflow_ref);
> }
> - ds_clear(actions);
> - ds_put_format(actions,
> - "outport <-> inport; next(pipeline=ingress,table=%d);",
> - ovn_stage_get_table(S_SWITCH_IN_L2_LKUP));
> - ovn_lflow_add(lflows, op->od, S_SWITCH_IN_CHECK_PORT_SEC, 120,
> - ds_cstr(match), ds_cstr(actions), op->lflow_ref);
> }
>
> static void
> diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> index 90ce0de3f..82effb1b1 100644
> --- a/northd/ovn-northd.8.xml
> +++ b/northd/ovn-northd.8.xml
> @@ -324,8 +324,7 @@
> 'packet too big' and <code>eth.src == <var>D</var> &&
> outport == <var>P</var> && flags.tunnel_rx == 1</code> where
> <var>D</var> is the peer logical router port <var>RP</var> mac address,
> - swaps inport and outport and applies the action <code>
> - next(pipeline=S_SWITCH_IN_L2_LKUP)</code>.
> + swaps inport and outport and applies the action <code>next</code>.
> </p>
>
> <p>
> @@ -338,7 +337,16 @@
> </p>
>
> <p>
> - This table adds a priority-110 flow that matches 'recirculated'
> icmp{4,6}
> + For each logical switch port <var>P</var> a priority-110 flow that
> + matches 'recirculated' icmp{4,6} error 'packet too big' and <code>
> + eth.src == <var>D</var> && outport == <var>P</var> &&
> + !is_chassis_resident("<var>P</var>") && flags.tunnel_rx == 1
> + </code> where <var>D</var> is the logical switch port mac address,
> + swaps inport and outport and applies the action <code>next</code>.
> + </p>
> +
> + <p>
> + This table adds a priority-105 flow that matches 'recirculated'
> icmp{4,6}
> error 'packet too big' to drop the packet.
> </p>
>
> @@ -2466,7 +2474,7 @@ output;
> </p>
>
> <p>
> - This table adds a priority-110 flow that matches 'recirculated'
> + This table adds a priority-105 flow that matches 'recirculated'
> icmp{4,6} error 'packet too big' to drop the packet.
> </p>
>
> diff --git a/tests/multinode.at b/tests/multinode.at
> index 0187382be..ef40db9b7 100644
> --- a/tests/multinode.at
> +++ b/tests/multinode.at
> @@ -154,6 +154,11 @@ check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100
> 20.0.0.0/24
> check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
>
> +# create LB
> +check multinode_nbctl lb-add lb0 10.0.0.1:8080 10.0.0.4:8080 udp
> +check multinode_nbctl ls-lb-add sw0 lb0
> +M_NS_CHECK_EXEC([ovn-chassis-2], [sw0p2], [nc -u -l 8080 >/dev/null 2>&1 &])
> +
> m_as ovn-gw-1 ip netns add ovn-ext0
> m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> @@ -207,6 +212,14 @@ M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3
> -i 0.3 -w 2 172.20.1.2 |
> 3 packets transmitted, 3 received, 0% packet loss, time 0ms
> ])
>
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1000 dev eth1
> +for i in $(seq 30); do
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [sh -c 'dd bs=512 count=2
> if=/dev/urandom |nc -u 10.0.0.1 8080'], [ignore], [ignore], [ignore])
> +done
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route get 10.0.0.1 dev sw0p1 |
> grep -q 'mtu 942'])
> +
> +killall nc
I don't think it's OK to use killall. Who else what other nc instances
are running on the host where these tests are executed.
We probably need to add a NETNS_DAEMONIZE()-like version to
multinode-macros.at and use it here.
The same applies for the rest of killall invocations.
> +
> AT_CLEANUP
>
> AT_SETUP([ovn multinode pmtu - distributed router - vxlan])
> @@ -696,6 +709,11 @@ check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100
> 20.0.0.0/24
> check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
>
> +# create LB
> +check multinode_nbctl lb-add lb0 10.0.0.1:8080 20.0.0.3:8080 udp
> +check multinode_nbctl lr-lb-add lr0 lb0
> +M_NS_CHECK_EXEC([ovn-chassis-2], [sw1p1], [nc -u -l 8080 >/dev/null 2>&1 &])
> +
> m_as ovn-gw-1 ip netns add ovn-ext0
> m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> @@ -751,6 +769,18 @@ M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3
> -i 0.3 -w 2 172.20.1.2 |
> M_NS_CHECK_EXEC([ovn-gw-1], [ovn-ext0], [ip link set dev ext1 mtu 1100])
> M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 20 -i 0.5 -s 1300 -M do
> 172.20.1.2 2>&1 |grep -q "mtu = 1100"])
>
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1000 dev eth1
> +for i in $(seq 30); do
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [sh -c 'dd bs=512 count=2
> if=/dev/urandom |nc -u 10.0.0.1 8080'], [ignore], [ignore], [ignore])
> +done
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route get 10.0.0.1 dev sw0p1 |
> grep -q 'mtu 942'])
> +
> +killall nc
> +
> AT_CLEANUP
>
> AT_SETUP([ovn multinode pmtu - gw router - vxlan])
> @@ -834,6 +864,11 @@ check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100
> 20.0.0.0/24
> check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
>
> +# create LB
> +check multinode_nbctl lb-add lb0 10.0.0.1:8080 20.0.0.3:8080 udp
> +check multinode_nbctl lr-lb-add lr0 lb0
> +M_NS_CHECK_EXEC([ovn-chassis-2], [sw1p1], [nc -u -l 8080 >/dev/null 2>&1 &])
> +
> m_as ovn-gw-1 ip netns add ovn-ext0
> m_as ovn-gw-1 ovs-vsctl add-port br-ex ext0 -- set interface ext0
> type=internal
> m_as ovn-gw-1 ip link set ext0 netns ovn-ext0
> @@ -882,4 +917,120 @@ M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3
> -i 0.3 -w 2 172.20.1.2 |
>
> M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 20 -i 0.5 -s 1300 -M do
> 172.20.1.2 2>&1 |grep -q "mtu = 1150"])
>
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1000 dev eth1
> +for i in $(seq 30); do
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [sh -c 'dd bs=512 count=2
> if=/dev/urandom |nc -u 10.0.0.1 8080'], [ignore], [ignore], [ignore])
> +done
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route get 10.0.0.1 dev sw0p1 |
> grep -q 'mtu 950'])
> +
> +killall nc
> +
> +AT_CLEANUP
> +
> +AT_SETUP([ovn multinode pmtu - logical switch - geneve])
> +
> +# Check that ovn-fake-multinode setup is up and running
> +check_fake_multinode_setup
> +
> +# Delete the multinode NB and OVS resources before starting the test.
> +cleanup_multinode_resources
> +
> +m_as ovn-chassis-1 ip link del sw0p1-p
> +m_as ovn-chassis-2 ip link del sw0p2-p
> +
> +# Reset geneve tunnels
> +for c in ovn-chassis-1 ovn-chassis-2 ovn-gw-1
> +do
> + m_as $c ovs-vsctl set open . external-ids:ovn-encap-type=geneve
> +done
> +
> +OVS_WAIT_UNTIL([m_as ovn-chassis-1 ip link show | grep -q genev_sys])
> +OVS_WAIT_UNTIL([m_as ovn-chassis-2 ip link show | grep -q genev_sys])
> +OVS_WAIT_UNTIL([m_as ovn-gw-1 ip link show | grep -q genev_sys])
> +
> +# Test East-West switching
> +check multinode_nbctl ls-add sw0
> +check multinode_nbctl lsp-add sw0 sw0-port1
> +check multinode_nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:03
> 10.0.0.3 1000::3"
> +check multinode_nbctl lsp-add sw0 sw0-port2
> +check multinode_nbctl lsp-set-addresses sw0-port2 "50:54:00:00:00:04
> 10.0.0.4 1000::4"
> +
> +m_as ovn-chassis-1 /data/create_fake_vm.sh sw0-port1 sw0p1 50:54:00:00:00:03
> 10.0.0.3 24 10.0.0.1 1000::3/64 1000::a
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw0-port2 sw0p2 50:54:00:00:00:04
> 10.0.0.4 24 10.0.0.1 1000::4/64 1000::a
> +
> +# Create the second logical switch with one port
> +check multinode_nbctl ls-add sw1
> +check multinode_nbctl lsp-add sw1 sw1-port1
> +check multinode_nbctl lsp-set-addresses sw1-port1 "40:54:00:00:00:03
> 20.0.0.3 2000::3"
> +
> +# Create a logical router and attach both logical switches
> +check multinode_nbctl lr-add lr0
> +check multinode_nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24
> 1000::a/64
> +check multinode_nbctl lsp-add sw0 sw0-lr0
> +check multinode_nbctl lsp-set-type sw0-lr0 router
> +check multinode_nbctl lsp-set-addresses sw0-lr0 router
> +check multinode_nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0
> +
> +check multinode_nbctl lrp-add lr0 lr0-sw1 00:00:00:00:ff:02 20.0.0.1/24
> 2000::a/64
> +check multinode_nbctl lsp-add sw1 sw1-lr0
> +check multinode_nbctl lsp-set-type sw1-lr0 router
> +check multinode_nbctl lsp-set-addresses sw1-lr0 router
> +check multinode_nbctl lsp-set-options sw1-lr0 router-port=lr0-sw1
> +
> +m_as ovn-chassis-2 /data/create_fake_vm.sh sw1-port1 sw1p1 40:54:00:00:00:03
> 20.0.0.3 24 20.0.0.1 2000::3/64 2000::a
> +
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 10.0.0.0/24
> +check multinode_nbctl lr-nat-add lr0 snat 172.20.0.100 20.0.0.0/24
> +
> +check multinode_nbctl lrp-set-gateway-chassis lr0-sw0 ovn-chassis-1 10
> +check multinode_nbctl lrp-set-gateway-chassis lr0-sw1 ovn-chassis-2 10
> +
> +# create some ACLs
> +check multinode_nbctl acl-add sw0 from-lport 1002 'ip4 || ip6' allow-related
> +check multinode_nbctl acl-add sw1 from-lport 1002 'ip4 || ip6' allow-related
> +
> +check multinode_nbctl lb-add lb0 10.0.0.1:8080 10.0.0.4:8080 udp
> +check multinode_nbctl ls-lb-add sw0 lb0
> +M_NS_CHECK_EXEC([ovn-chassis-2], [sw0p2], [nc -u -l 8080 >/dev/null 2>&1 &])
> +
> +m_wait_for_ports_up
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.4
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Change ptmu for the geneve tunnel
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1200 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 5 -s 1300 -M do 10.0.0.4
> 2>&1 |grep -q "message too long, mtu=1142"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -q -c 3 -i 0.3 -w 2 20.0.0.3
> | FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +# Change ptmu for the geneve tunnel
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1100 dev eth1
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ping -c 5 -s 1300 -M do 20.0.0.3
> 2>&1 |grep -q "message too long, mtu=1042"])
> +
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route flush dev sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add 10.0.0.0/24 dev
> sw0p1])
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route add default via 10.0.0.1
> dev sw0p1])
> +
> +m_as ovn-chassis-1 ip route change 170.168.0.0/16 mtu 1000 dev eth1
> +for i in $(seq 30); do
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [sh -c 'dd bs=512 count=2
> if=/dev/urandom |nc -u 10.0.0.1 8080'], [ignore], [ignore], [ignore])
> +done
> +M_NS_CHECK_EXEC([ovn-chassis-1], [sw0p1], [ip route get 10.0.0.1 dev sw0p1 |
> grep -q 'mtu 942'])
> +
> +killall nc
> +
> AT_CLEANUP
> diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
> index 3202f0bef..7e256f7b0 100644
> --- a/tests/ovn-controller.at
> +++ b/tests/ovn-controller.at
> @@ -2879,3 +2879,66 @@ AT_CHECK([test x"$port_uuid"=$(ovs-vsctl get port
> $fakech_tunnel _uuid)])
> OVN_CLEANUP([hv1])
> AT_CLEANUP
> ])
> +
> +OVN_FOR_EACH_NORTHD([
> +AT_SETUP([ovn-controller - pmtud flows])
> +AT_KEYWORDS([pmtud])
> +
> +ovn_start
> +
> +net_add n1
> +sim_add hv1
> +ovs-vsctl add-br br-phys
> +ovn_attach n1 br-phys 192.168.0.1
> +
> +check ovn-nbctl ls-add ls1 \
> + -- lsp-add ls1 lsp1 \
> + -- lsp-set-addresses lsp1 "00:00:00:00:00:01 192.168.1.1" \
> + -- lsp-add ls1 lsp2 \
> + -- lsp-set-addresses lsp2 "00:00:00:00:00:02 192.168.1.2"
> +
> +as hv1
> +check ovs-vsctl \
> + -- add-port br-int vif1 \
> + -- set Interface vif1 external_ids:iface-id=lsp1 \
> + -- add-port br-int vif2 \
> + -- set Interface vif2 external_ids:iface-id=lsp2
> +
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CT_ZONE_LOOKUP | \
> + sed -e 's/cookie=0x.*, duration=.*, table/cookie=??, duration=??,
> table/' | \
> + sed -e
> 's/actions=load:0x.*->NXM_NX_REG13/actions=load:0x?->NXM_NX_REG13/' | \
> + grep -v NXST_FLOW |sort], [0], [dnl
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=0
> actions=resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=100,reg14=0x1,metadata=0x1
> actions=load:0x?->NXM_NX_REG13[[0..15]],load:0x2->NXM_NX_REG11[[]],load:0x1->NXM_NX_REG12[[]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=100,reg14=0x2,metadata=0x1
> actions=load:0x?->NXM_NX_REG13[[0..15]],load:0x2->NXM_NX_REG11[[]],load:0x1->NXM_NX_REG12[[]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> +])
> +
> +check ovn-nbctl lsp-add ls1 lsp3 \
> + -- lsp-set-addresses lsp3 "00:00:00:00:00:03 192.168.1.3"
> +check ovs-vsctl \
> + -- add-port br-int vif3 \
> + -- set Interface vif3 external_ids:iface-id=lsp3
> +
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CT_ZONE_LOOKUP | \
> + sed -e 's/cookie=0x.*, duration=.*, table/cookie=??, duration=??,
> table/' | \
> + sed -e
> 's/actions=load:0x.*->NXM_NX_REG13/actions=load:0x?->NXM_NX_REG13/' | \
> + grep -v NXST_FLOW |sort], [0], [dnl
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=0
> actions=resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=100,reg14=0x1,metadata=0x1
> actions=load:0x?->NXM_NX_REG13[[0..15]],load:0x2->NXM_NX_REG11[[]],load:0x1->NXM_NX_REG12[[]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=100,reg14=0x2,metadata=0x1
> actions=load:0x?->NXM_NX_REG13[[0..15]],load:0x2->NXM_NX_REG11[[]],load:0x1->NXM_NX_REG12[[]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=100,reg14=0x3,metadata=0x1
> actions=load:0x?->NXM_NX_REG13[[0..15]],load:0x2->NXM_NX_REG11[[]],load:0x1->NXM_NX_REG12[[]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> +])
> +
> +check ovn-nbctl lsp-del lsp3
> +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_CT_ZONE_LOOKUP | \
> + sed -e 's/cookie=0x.*, duration=.*, table/cookie=??, duration=??,
> table/' | \
> + sed -e
> 's/actions=load:0x.*->NXM_NX_REG13/actions=load:0x?->NXM_NX_REG13/' |
> + grep -v NXST_FLOW |sort], [0], [dnl
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=0
> actions=resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=100,reg14=0x1,metadata=0x1
> actions=load:0x?->NXM_NX_REG13[[0..15]],load:0x2->NXM_NX_REG11[[]],load:0x1->NXM_NX_REG12[[]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> + cookie=??, duration=??, table=OFTABLE_CT_ZONE_LOOKUP, n_packets=0,
> n_bytes=0, idle_age=0, priority=100,reg14=0x2,metadata=0x1
> actions=load:0x?->NXM_NX_REG13[[0..15]],load:0x2->NXM_NX_REG11[[]],load:0x1->NXM_NX_REG12[[]],resubmit(,OFTABLE_LOG_INGRESS_PIPELINE)
> +])
> +
> +OVN_CLEANUP([hv1])
> +AT_CLEANUP
> +])
> diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at
> index ed93764d3..cc37f12f3 100644
> --- a/tests/ovn-macros.at
> +++ b/tests/ovn-macros.at
> @@ -1062,5 +1062,6 @@ m4_define([OFTABLE_ECMP_NH_MAC], [76])
> m4_define([OFTABLE_ECMP_NH], [77])
> m4_define([OFTABLE_CHK_LB_AFFINITY], [78])
> m4_define([OFTABLE_MAC_CACHE_USE], [79])
> +m4_define([OFTABLE_CT_ZONE_LOOKUP], [80])
>
> m4_define([OFTABLE_SAVE_INPORT_HEX], [m4_eval(OFTABLE_SAVE_INPORT, 16)])
> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> index cd53755b2..e3ac8da45 100644
> --- a/tests/ovn-northd.at
> +++ b/tests/ovn-northd.at
> @@ -8571,7 +8571,7 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_apply_port_sec), priority=50 , match=(reg0[[15]] == 1),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> - table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=105 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_l2_lkup ), priority=0 , match=(1), action=(outport
> = get_fdb(eth.dst); next;)
> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> $svc_monitor_mac && (tcp || icmp || icmp6)),
> action=(handle_svc_check(inport);)
> @@ -8597,7 +8597,9 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_apply_port_sec), priority=50 , match=(reg0[[15]] == 1),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> - table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=105 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:01 && outport == "sw0p1" &&
> !is_chassis_resident("sw0p1") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:02 && outport == "sw0p2" &&
> !is_chassis_resident("sw0p2") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_l2_lkup ), priority=0 , match=(1), action=(outport
> = get_fdb(eth.dst); next;)
> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> $svc_monitor_mac && (tcp || icmp || icmp6)),
> action=(handle_svc_check(inport);)
> @@ -8624,7 +8626,9 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_apply_port_sec), priority=50 , match=(reg0[[15]] == 1),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> - table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=105 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:01 && outport == "sw0p1" &&
> !is_chassis_resident("sw0p1") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:02 && outport == "sw0p2" &&
> !is_chassis_resident("sw0p2") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_l2_lkup ), priority=0 , match=(1), action=(outport
> = get_fdb(eth.dst); next;)
> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> $svc_monitor_mac && (tcp || icmp || icmp6)),
> action=(handle_svc_check(inport);)
> @@ -8652,7 +8656,9 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(inport == "sw0p1"),
> action=(reg0[[15]] = 1; next;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> - table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=105 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:01 && outport == "sw0p1" &&
> !is_chassis_resident("sw0p1") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:02 && outport == "sw0p2" &&
> !is_chassis_resident("sw0p2") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_l2_lkup ), priority=0 , match=(1), action=(outport
> = get_fdb(eth.dst); next;)
> table=??(ls_in_l2_lkup ), priority=110 , match=(eth.dst ==
> $svc_monitor_mac && (tcp || icmp || icmp6)),
> action=(handle_svc_check(inport);)
> @@ -8679,7 +8685,9 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(inport == "sw0p1"),
> action=(reg0[[15]] = 1; next;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> - table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=105 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:01 && outport == "sw0p1" &&
> !is_chassis_resident("sw0p1") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:02 && outport == "sw0p2" &&
> !is_chassis_resident("sw0p2") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_check_port_sec), priority=70 , match=(inport == "sw0p2"),
> action=(set_queue(10); reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_l2_lkup ), priority=0 , match=(1), action=(outport
> = get_fdb(eth.dst); next;)
> @@ -8709,7 +8717,9 @@ ovn_strip_lflows ], [0], [dnl
> table=??(ls_in_apply_port_sec), priority=50 , match=(reg0[[15]] == 1),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(eth.src[[40]]),
> action=(drop;)
> table=??(ls_in_check_port_sec), priority=100 , match=(vlan.present),
> action=(drop;)
> - table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=105 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> flags.tunnel_rx == 1), action=(drop;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:01 && outport == "sw0p1" &&
> !is_chassis_resident("sw0p1") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> + table=??(ls_in_check_port_sec), priority=110 , match=(((ip4 && icmp4.type
> == 3 && icmp4.code == 4) || (ip6 && icmp6.type == 2 && icmp6.code == 0)) &&
> eth.src == 00:00:00:00:00:02 && outport == "sw0p2" &&
> !is_chassis_resident("sw0p2") && flags.tunnel_rx == 1), action=(outport <->
> inport; next;)
> table=??(ls_in_check_port_sec), priority=50 , match=(1),
> action=(reg0[[15]] = check_in_port_sec(); next;)
> table=??(ls_in_check_port_sec), priority=70 , match=(inport ==
> "localnetport"), action=(set_queue(10); reg0[[15]] = check_in_port_sec();
> next;)
> table=??(ls_in_check_port_sec), priority=70 , match=(inport == "sw0p1"),
> action=(reg0[[14]] = 1; next(pipeline=ingress, table=??);)
> diff --git a/tests/ovn.at b/tests/ovn.at
> index dd2ebce98..6151fcdda 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -34917,6 +34917,9 @@ m4_define([MULTIPLE_OVS_INT],
> check ovn-nbctl lsp-add ls lp
> if test X$1 != X; then
> check ovn-nbctl lsp-set-type lp $1
> + nb_flows_ref=0
> + else
> + nb_flows_ref=1
> fi
> check ovn-nbctl lsp-set-addresses lp "00:00:00:01:01:02 192.168.1.2"
>
> @@ -34998,7 +35001,7 @@ m4_define([MULTIPLE_OVS_INT],
> check ovs-vsctl del-port br-int lpnew
> OVS_WAIT_UNTIL([
> nb_flows=`ovs-ofctl dump-flows br-int | grep $COOKIE | wc -l`
> - test "${nb_flows}" = 0
> + test "${nb_flows}" = $nb_flows_ref
> ])
>
> echo ======================================================
Regards,
Dumitru
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
