This commit removes the restriction of support LB for router with only <= 1 Distributed gateway ports. Added datapath and logical flows validation cases.
Signed-off-by: Priyankar Jain <[email protected]> --- northd/en-lr-stateful.c | 12 --- northd/northd.c | 12 +-- tests/ovn-northd.at | 86 +++++++++++++++++++++ tests/ovn.at | 167 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 260 insertions(+), 17 deletions(-) diff --git a/northd/en-lr-stateful.c b/northd/en-lr-stateful.c index baf1bd2f8..f09691af6 100644 --- a/northd/en-lr-stateful.c +++ b/northd/en-lr-stateful.c @@ -516,18 +516,6 @@ lr_stateful_record_create(struct lr_stateful_table *table, table->array[od->index] = lr_stateful_rec; - /* Load balancers are not supported (yet) if a logical router has multiple - * distributed gateway port. Log a warning. */ - if (lr_stateful_rec->has_lb_vip && lr_has_multiple_gw_ports(od)) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); - VLOG_WARN_RL(&rl, "Load-balancers are configured on logical " - "router %s, which has %"PRIuSIZE" distributed " - "gateway ports. Load-balancer is not supported " - "yet when there is more than one distributed " - "gateway port on the router.", - od->nbr->name, od->n_l3dgw_ports); - } - return lr_stateful_rec; } diff --git a/northd/northd.c b/northd/northd.c index 6898daa00..e6f53f361 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -11026,10 +11026,9 @@ static void build_distr_lrouter_nat_flows_for_lb(struct lrouter_nat_lb_flows_ctx *ctx, enum lrouter_nat_lb_flow_type type, struct ovn_datapath *od, + struct ovn_port *dgp, struct lflow_ref *lflow_ref) { - struct ovn_port *dgp = od->l3dgw_ports[0]; - const char *undnat_action; switch (type) { @@ -11060,7 +11059,7 @@ build_distr_lrouter_nat_flows_for_lb(struct lrouter_nat_lb_flows_ctx *ctx, if (ctx->lb_vip->n_backends || !ctx->lb_vip->empty_backend_rej) { ds_put_format(ctx->new_match, " && is_chassis_resident(%s)", - od->l3dgw_ports[0]->cr_port->json_key); + dgp->cr_port->json_key); } ovn_lflow_add_with_hint__(ctx->lflows, od, S_ROUTER_IN_DNAT, ctx->prio, @@ -11263,8 +11262,11 @@ build_lrouter_nat_flows_for_lb( if (!od->n_l3dgw_ports) { bitmap_set1(gw_dp_bitmap[type], index); } else { - build_distr_lrouter_nat_flows_for_lb(&ctx, type, od, - lb_dps->lflow_ref); + for (int i = 0; i < od->n_l3dgw_ports; i++) { + struct ovn_port *dgp = od->l3dgw_ports[i]; + build_distr_lrouter_nat_flows_for_lb(&ctx, type, od, dgp, + lb_dps->lflow_ref); + } } if (lb->affinity_timeout) { diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index a389d1988..5be48f49e 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -12721,3 +12721,89 @@ AT_CHECK([ovn-sbctl dump-flows lr | grep lr_in_dnat | ovn_strip_lflows], [0], [d AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD_NO_HV([ +AT_SETUP([ovn-northd -- LB on Lr with multiple gw ports]) +AT_KEYWORDS([lb-multiple-l3dgw-ports]) +ovn_start + +# Logical network: +# 1 Logical Router, 3 bridged Logical Switches, +# 1 gateway chassis attached to each corresponding LRP. +# LB added attached to DR +# +# | S1 (gw1) +# | +# ls ---- DR -- S3 (gw3) +# (20.0.0.0/24) | +# | S2 (gw2) +# +# Validate basic LB logical flows. + +check ovn-sbctl chassis-add gw1 geneve 127.0.0.1 +check ovn-sbctl chassis-add gw2 geneve 128.0.0.1 +check ovn-sbctl chassis-add gw3 geneve 129.0.0.1 + +check ovn-nbctl lr-add DR +check ovn-nbctl lrp-add DR DR-S1 02:ac:10:01:00:01 172.16.1.1/24 +check ovn-nbctl lrp-add DR DR-S2 03:ac:10:01:00:01 172.16.2.1/24 +check ovn-nbctl lrp-add DR DR-S3 04:ac:10:01:00:01 172.16.3.1/24 +check ovn-nbctl lrp-add DR DR-ls 05:ac:10:01:00:01 20.0.0.1/24 + +check ovn-nbctl ls-add S1 +check ovn-nbctl lsp-add S1 S1-DR +check ovn-nbctl lsp-set-type S1-DR router +check ovn-nbctl lsp-set-addresses S1-DR router +check ovn-nbctl --wait=sb lsp-set-options S1-DR router-port=DR-S1 + +check ovn-nbctl ls-add S2 +check ovn-nbctl lsp-add S2 S2-DR +check ovn-nbctl lsp-set-type S2-DR router +check ovn-nbctl lsp-set-addresses S2-DR router +check ovn-nbctl --wait=sb lsp-set-options S2-DR router-port=DR-S2 + +check ovn-nbctl ls-add S3 +check ovn-nbctl lsp-add S3 S3-DR +check ovn-nbctl lsp-set-type S3-DR router +check ovn-nbctl lsp-set-addresses S3-DR router +check ovn-nbctl --wait=sb lsp-set-options S3-DR router-port=DR-S3 + +check ovn-nbctl ls-add ls +check ovn-nbctl lsp-add ls ls-DR +check ovn-nbctl lsp-set-type ls-DR router +check ovn-nbctl lsp-set-addresses ls-DR router +check ovn-nbctl --wait=sb lsp-set-options ls-DR router-port=DR-ls + +check ovn-nbctl lrp-set-gateway-chassis DR-S1 gw1 +check ovn-nbctl lrp-set-gateway-chassis DR-S2 gw2 +check ovn-nbctl lrp-set-gateway-chassis DR-S3 gw3 + +check ovn-nbctl lb-add lb-1 20.0.0.10:80 20.0.0.8:80,20.0.0.9:80 tcp +check ovn-nbctl lr-lb-add DR lb-1 + +check ovn-nbctl --wait=sb sync + +ovn-sbctl dump-flows DR > lrflows +AT_CAPTURE_FILE([lrflows]) + +# Check the flows in lr_in_dnat stage +AT_CHECK([grep lr_in_dnat lrflows | grep priority=120 | grep cr-DR | ovn_strip_lflows], [0], [dnl + table=??(lr_in_dnat ), priority=120 , match=(ct.new && !ct.rel && ip4 && ip4.dst == 20.0.0.10 && tcp && tcp.dst == 80 && is_chassis_resident("cr-DR-S1")), action=(ct_lb(backends=20.0.0.8:80,20.0.0.9:80);) + table=??(lr_in_dnat ), priority=120 , match=(ct.new && !ct.rel && ip4 && ip4.dst == 20.0.0.10 && tcp && tcp.dst == 80 && is_chassis_resident("cr-DR-S2")), action=(ct_lb(backends=20.0.0.8:80,20.0.0.9:80);) + table=??(lr_in_dnat ), priority=120 , match=(ct.new && !ct.rel && ip4 && ip4.dst == 20.0.0.10 && tcp && tcp.dst == 80 && is_chassis_resident("cr-DR-S3")), action=(ct_lb(backends=20.0.0.8:80,20.0.0.9:80);) +]) +# Check the flows in lr_in_gw_redirect stage +AT_CHECK([grep lr_in_gw_redirect lrflows | grep priority=200 | grep cr-DR | ovn_strip_lflows], [0], [dnl + table=??(lr_in_gw_redirect ), priority=200 , match=(ip4 && ((ip4.src == 20.0.0.8 && tcp.src == 80) || (ip4.src == 20.0.0.9 && tcp.src == 80)) && outport == "DR-S1"), action=(outport = "cr-DR-S1"; next;) + table=??(lr_in_gw_redirect ), priority=200 , match=(ip4 && ((ip4.src == 20.0.0.8 && tcp.src == 80) || (ip4.src == 20.0.0.9 && tcp.src == 80)) && outport == "DR-S2"), action=(outport = "cr-DR-S2"; next;) + table=??(lr_in_gw_redirect ), priority=200 , match=(ip4 && ((ip4.src == 20.0.0.8 && tcp.src == 80) || (ip4.src == 20.0.0.9 && tcp.src == 80)) && outport == "DR-S3"), action=(outport = "cr-DR-S3"; next;) +]) +# Check the flows in lr_out_undnat stage +AT_CHECK([grep lr_out_undnat lrflows | grep priority=120 | grep cr-DR | ovn_strip_lflows], [0], [dnl + table=??(lr_out_undnat ), priority=120 , match=(ip4 && ((ip4.src == 20.0.0.8 && tcp.src == 80) || (ip4.src == 20.0.0.9 && tcp.src == 80)) && (inport == "DR-S1" || outport == "DR-S1") && is_chassis_resident("cr-DR-S1")), action=(ct_dnat;) + table=??(lr_out_undnat ), priority=120 , match=(ip4 && ((ip4.src == 20.0.0.8 && tcp.src == 80) || (ip4.src == 20.0.0.9 && tcp.src == 80)) && (inport == "DR-S2" || outport == "DR-S2") && is_chassis_resident("cr-DR-S2")), action=(ct_dnat;) + table=??(lr_out_undnat ), priority=120 , match=(ip4 && ((ip4.src == 20.0.0.8 && tcp.src == 80) || (ip4.src == 20.0.0.9 && tcp.src == 80)) && (inport == "DR-S3" || outport == "DR-S3") && is_chassis_resident("cr-DR-S3")), action=(ct_dnat;) +]) + +AT_CLEANUP +]) diff --git a/tests/ovn.at b/tests/ovn.at index 185ba4a21..8e8c102c0 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -38426,3 +38426,170 @@ OVN_CLEANUP([hv1],[hv2]) AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([Multiple DGP and LB traffic]) +AT_KEYWORDS([dgp-lb]) +AT_SKIP_IF([test $HAVE_SCAPY = no]) +ovn_start + +# Logical network: +# 1 Logical Router, 2 bridged Logical Switches, 1 Logical switch +# 1 gateway chassis attached to each corresponding LRP. +# LB added attached to DR +# +# | public (gw1) (172.168.0.0/24) +# | +# sw0 --- lr0 --- public2 (gw2) (173.168.0.0./24) +# (10.0.0.0/24) +# +# Routes (lr0): +# +# 173.0.0.0/24 ----> 173.168.0.1 (public2) +# default ----> 172.168.0.1 (public) +# +# +# Validate Traffic from public to LB and its response. +# Validate traffic from public2 to LB and its response. + +test_ip_req_packet() { + local src_mac="$1" + local dst_mac="$2" + local src_ip="$3" + local dst_ip="$4" + local sport=$5 + local iface=$6 + + local packet=$(fmt_pkt "Ether(dst='${dst_mac}', src='${src_mac}')/ + IP(dst='${dst_ip}', src='${src_ip}')/ \ + UDP(sport=${sport}, dport=4369)") + + as hv1 reset_pcap_file hv1-vif1 hv1/vif1 + as hv2 reset_pcap_file hv2-vif1 hv2/vif1 + as hv2 reset_pcap_file hv2-vif2 hv2/vif2 + check as hv2 ovs-appctl netdev-dummy/receive $iface $packet +} + +test_ip_rep_packet() { + local src_mac="$1" + local dst_mac="$2" + local src_ip="$3" + local dst_ip="$4" + local dport=$5 + + local packet=$(fmt_pkt "Ether(dst='${dst_mac}', src='${src_mac}')/ + IP(dst='${dst_ip}', src='${src_ip}')/ \ + UDP(sport=4369, dport=${dport})") + + check as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet +} + +net_add n + +sim_add hv1 +as hv1 +check ovs-vsctl add-br br-phys +ovn_attach n br-phys 192.168.0.1 +check ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys +check ovs-vsctl -- add-port br-int hv1-vif1 -- \ + set interface hv1-vif1 external-ids:iface-id=sw0-port1 \ + options:tx_pcap=hv1/vif1-tx.pcap \ + options:rxq_pcap=hv1/vif1-rx.pcap + +sim_add hv2 +as hv2 +check ovs-vsctl add-br br-phys +ovn_attach n br-phys 192.168.0.2 +check ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys +check ovs-vsctl -- add-port br-int hv2-vif1 -- \ + set interface hv2-vif1 external-ids:iface-id=public-port1 \ + options:tx_pcap=hv2/vif1-tx.pcap \ + options:rxq_pcap=hv2/vif1-rx.pcap +check ovs-vsctl -- add-port br-int hv2-vif2 -- \ + set interface hv2-vif2 external-ids:iface-id=public2-port1 \ + options:tx_pcap=hv2/vif2-tx.pcap \ + options:rxq_pcap=hv2/vif2-rx.pcap + +check ovn-nbctl ls-add sw0 +check ovn-nbctl lsp-add sw0 sw0-port1 +check ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 10.0.0.2" + +check ovn-nbctl ls-add public +check ovn-nbctl lsp-add public ln-public +check ovn-nbctl lsp-set-type ln-public localnet +check ovn-nbctl lsp-set-addresses ln-public unknown +check ovn-nbctl lsp-set-options ln-public network_name=phys +check ovn-nbctl lsp-add public public-port1 +check ovn-nbctl lsp-set-addresses public-port1 "50:54:00:00:00:88 172.168.0.200" + +check ovn-nbctl ls-add public2 +check ovn-nbctl lsp-add public2 ln-public2 +check ovn-nbctl lsp-set-type ln-public2 localnet +check ovn-nbctl lsp-set-addresses ln-public2 unknown +check ovn-nbctl lsp-set-options ln-public2 network_name=phys +check ovn-nbctl lsp-add public2 public2-port1 +check ovn-nbctl lsp-set-addresses public2-port1 "50:54:00:00:00:99 173.168.0.200" + +check ovn-nbctl lr-add lr0 +check ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24 +check ovn-nbctl lsp-add sw0 sw0-lr0 +check ovn-nbctl lsp-set-type sw0-lr0 router +check ovn-nbctl lsp-set-addresses sw0-lr0 router +check ovn-nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0 + +check ovn-nbctl lrp-add lr0 lr0-public 00:00:20:20:12:13 172.168.0.1/24 +check ovn-nbctl lsp-add public public-lr0 +check ovn-nbctl lsp-set-type public-lr0 router +check ovn-nbctl lsp-set-addresses public-lr0 router +check ovn-nbctl lsp-set-options public-lr0 router-port=lr0-public + +check ovn-nbctl lrp-add lr0 lr0-public2 00:00:20:20:12:14 173.168.0.1/24 +check ovn-nbctl lsp-add public2 public2-lr0 +check ovn-nbctl lsp-set-type public2-lr0 router +check ovn-nbctl lsp-set-addresses public2-lr0 router +check ovn-nbctl lsp-set-options public2-lr0 router-port=lr0-public2 + + +check ovn-nbctl lrp-set-gateway-chassis lr0-public hv2 20 +check ovn-nbctl lrp-set-gateway-chassis lr0-public2 hv2 20 + +check ovn-nbctl lr-route-add lr0 173.168.0.0/24 173.168.0.1 +check ovn-nbctl lr-route-add lr0 0.0.0.0/0 172.168.0.1 + +wait_for_ports_up +OVN_POPULATE_ARP + + +check ovn-nbctl lb-add lb0 172.168.0.10:4369 10.0.0.2:4369 udp +check ovn-nbctl lr-lb-add lr0 lb0 + +ovn-sbctl lflow-list lr0 + +# send UDP request to the load-balancer VIP from public switch 1 +test_ip_req_packet "50:54:00:00:00:88" "00:00:20:20:12:13" "172.168.0.200" "172.168.0.10" 53 hv2-vif1 +OVS_WAIT_UNTIL([test $($PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap | wc -l) -ge 1]) +# send UDP reply from sw0-port1 +test_ip_rep_packet "50:54:00:00:00:01" "00:00:00:00:ff:01" "10.0.0.2" "172.168.0.200" 53 +# packet sent by the load balancer VIP +packet=$(fmt_pkt "Ether(dst='50:54:00:00:00:88', src='00:00:20:20:12:13')/ + IP(dst='172.168.0.200', src='172.168.0.10', ttl=63)/ \ + UDP(sport=4369, dport=53)") +echo $packet > expected +OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv2/vif1-tx.pcap], [expected]) + +# send UDP request to the load-balancer VIP from public switch 2 +test_ip_req_packet "50:54:00:00:00:99" "00:00:20:20:12:14" "173.168.0.200" "172.168.0.10" 54 hv2-vif2 +OVS_WAIT_UNTIL([test $($PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap | wc -l) -ge 1]) +# send UDP reply from sw0-port1 +test_ip_rep_packet "50:54:00:00:00:01" "00:00:00:00:ff:01" "10.0.0.2" "173.168.0.200" 54 +# packet sent by the load balancer VIP +packet=$(fmt_pkt "Ether(dst='50:54:00:00:00:99', src='00:00:20:20:12:14')/ + IP(dst='173.168.0.200', src='172.168.0.10', ttl=63)/ \ + UDP(sport=4369, dport=54)") +echo $packet > expected +OVN_CHECK_PACKETS_REMOVE_BROADCAST([hv2/vif2-tx.pcap], [expected]) + + +OVN_CLEANUP([hv1],[hv2]) +AT_CLEANUP +]) -- 2.39.2 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
