On 12/11/24 10:34, Lorenzo Bianconi wrote:
> Introduce ipv6_src and ipv6_dst to selection_fields column in
> Load_Balancer Logical_Router_Static_Route tables in order to properly
> load-balance IPv6 traffic if these fields are selected in group hash
> algorithm.
>
> Reported-at: https://issues.redhat.com/browse/FDP-1032
> Signed-off-by: Lorenzo Bianconi <[email protected]>
> ---
> ovn-nb.ovsschema | 9 +++++----
> ovn-nb.xml | 1 +
> tests/ovn.at | 6 +++---
> tests/system-ovn.at | 8 ++++----
> 4 files changed, 13 insertions(+), 11 deletions(-)
>
Hi, Lorenzo. Thanks for the patch!
I didn't try it, but see some comments below.
Best regards, Ilya Maximets.
> diff --git a/ovn-nb.ovsschema b/ovn-nb.ovsschema
> index c4a48183d..96d58da94 100644
> --- a/ovn-nb.ovsschema
> +++ b/ovn-nb.ovsschema
> @@ -1,7 +1,7 @@
> {
> "name": "OVN_Northbound",
> - "version": "7.7.0",
> - "cksum": "116357561 38626",
> + "version": "7.8.0",
> + "cksum": "1354114919 38707",
> "tables": {
> "NB_Global": {
> "columns": {
> @@ -247,7 +247,7 @@
> "type": {"key": {"type": "string",
> "enum": ["set",
> ["eth_src", "eth_dst", "ip_src", "ip_dst",
> - "tp_src", "tp_dst"]]},
> + "ipv6_src", "ipv6_dst", "tp_src",
> "tp_dst"]]},
> "min": 0, "max": "unlimited"}},
> "options": {
> "type": {"key": "string",
> @@ -510,7 +510,8 @@
> "type": {"key": {"type": "string",
> "enum": ["set",
> ["eth_src", "eth_dst", "ip_proto", "ip_src",
> - "ip_dst", "tp_src", "tp_dst"]]},
> + "ip_dst", "ipv6_src", "ipv6_dst", "tp_src",
> + "tp_dst"]]},
> "min": 0, "max": "unlimited"}},
> "options": {
> "type": {"key": "string", "value": "string",
> diff --git a/ovn-nb.xml b/ovn-nb.xml
> index 5114bbc2e..f8ab1437a 100644
> --- a/ovn-nb.xml
> +++ b/ovn-nb.xml
> @@ -3870,6 +3870,7 @@ or
> </p>
> <p>
> Example: <code>{ip_proto,ip_src,ip_dst}</code> for a 3-tuple match.
> + Example: <code>{ip_proto,ipv6_src,ipv6_dst}</code> for a IPv6
> match.
> Example: <code>{ip_proto,ip_src,ip_dst,tp_src,tp_dst}</code>
> for a 5-tuple match.
We should also provide an example of mixed configuration where
both v4 and v6 fields are set. And have a test that verifies
that such configuration creates correct logical flows and OF rules,
as well as actually balances load for both. Potentially can be done
by having an LB with two VIPS - one v4 and one v6.
> </p>
> diff --git a/tests/ovn.at b/tests/ovn.at
> index 2fdf1a88c..c9415a7e3 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -25649,7 +25649,7 @@ check ovn-nbctl lsp-set-options sw1-lr0
> router-port=lr0-sw1
>
> check ovn-nbctl lb-add lb1 [[2001::a]]:80 [[2001::3]]:80,[[2002::3]]:80
> OVN_LB_ID=$(ovn-nbctl --bare --column _uuid find load_balancer name=lb1)
> -check ovn-nbctl set load_balancer ${OVN_LB_ID}
> selection_fields="ip_dst,ip_src,tp_dst,tp_src"
> +check ovn-nbctl set load_balancer ${OVN_LB_ID}
> selection_fields="ipv6_dst,ipv6_src,tp_dst,tp_src"
> #
> check ovn-nbctl --wait=sb set load_balancer .
> ip_port_mappings:\"[[2001::3]]\"=\"sw0-p1:[[2001::2]]\"
> check ovn-nbctl --wait=sb set load_balancer .
> ip_port_mappings:\"[[2002::3]]\"=\"sw1-p1:[[2002::2]]\"
> @@ -25692,14 +25692,14 @@ OVS_WAIT_FOR_OUTPUT(
> ovn-sbctl dump-flows sw0 | grep ct_lb_mark | grep priority=120 | sed
> 's/table=..//'], 0,
> [dnl
> (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip6.dst ==
> 2001::a && tcp.dst == 80), action=(xxreg1 = 2001::a; reg2[[0..15]] = 80;
> ct_lb_mark;)
> - (ls_in_lb ), priority=120 , match=(ct.new && ip6.dst == 2001::a
> && tcp.dst == 80), action=(xxreg1 = 2001::a; reg2[[0..15]] = 80;
> ct_lb_mark(backends=[[2001::3]]:80,[[2002::3]]:80;
> hash_fields="ip_dst,ip_src,tcp_dst,tcp_src");)
> + (ls_in_lb ), priority=120 , match=(ct.new && ip6.dst == 2001::a
> && tcp.dst == 80), action=(xxreg1 = 2001::a; reg2[[0..15]] = 80;
> ct_lb_mark(backends=[[2001::3]]:80,[[2002::3]]:80;
> hash_fields="ipv6_dst,ipv6_src,tcp_dst,tcp_src");)
> ])
>
> AT_CAPTURE_FILE([sbflows2])
> OVS_WAIT_FOR_OUTPUT(
> [ovn-sbctl dump-flows > sbflows2
> ovn-sbctl dump-flows lr0 | grep ct_lb_mark | grep priority=120 | sed
> 's/table=..//'], 0,
> - [ (lr_in_dnat ), priority=120 , match=(ct.new && !ct.rel && ip6
> && ip6.dst == 2001::a && tcp && tcp.dst == 80 &&
> is_chassis_resident("cr-lr0-public")),
> action=(ct_lb_mark(backends=[[2001::3]]:80,[[2002::3]]:80;
> hash_fields="ip_dst,ip_src,tcp_dst,tcp_src");)
> + [ (lr_in_dnat ), priority=120 , match=(ct.new && !ct.rel && ip6
> && ip6.dst == 2001::a && tcp && tcp.dst == 80 &&
> is_chassis_resident("cr-lr0-public")),
> action=(ct_lb_mark(backends=[[2001::3]]:80,[[2002::3]]:80;
> hash_fields="ipv6_dst,ipv6_src,tcp_dst,tcp_src");)
> ])
>
> # get the svc monitor mac.
> diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> index 4452d5676..314999e37 100644
> --- a/tests/system-ovn.at
> +++ b/tests/system-ovn.at
> @@ -1755,10 +1755,10 @@
> tcp,orig=(src=fd01::2,dst=fd03::2,sport=<cleared>,dport=<cleared>),reply=(src=fd
> ])
>
> # Configure selection_fields.
> -check ovn-nbctl set load_balancer $lb2_uuid
> selection_fields="ip_src,ip_dst,tp_src,tp_dst"
> +check ovn-nbctl set load_balancer $lb2_uuid
> selection_fields="ipv6_src,ipv6_dst,tp_src,tp_dst"
> OVS_WAIT_UNTIL([
> test $(ovs-ofctl dump-groups br-int | \
> - grep "selection_method=hash,fields(ip_src,ip_dst,tcp_src,tcp_dst)" -c)
> -eq 2
> + grep "selection_method=hash,fields(ipv6_src,ipv6_dst,tcp_src,tcp_dst)"
> -c) -eq 2
> ])
>
> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
> @@ -1789,10 +1789,10 @@ done
> # there should be only one conntrack entry.
> AT_CHECK([test $(ovs-appctl dpctl/dump-conntrack | grep fd03::2 -c) -eq 1])
>
> -check ovn-nbctl set load_balancer $lb2_uuid selection_fields="eth_src,ip_src"
> +check ovn-nbctl set load_balancer $lb2_uuid
> selection_fields="eth_src,ipv6_src"
> OVS_WAIT_UNTIL([
> test $(ovs-ofctl dump-groups br-int | \
> - grep "selection_method=hash,fields(eth_src,ip_src)" -c) -eq 2
> + grep "selection_method=hash,fields(eth_src,ipv6_src)" -c) -eq 2
> ])
We need to check that load balancing on the L3 address is actualy working.
i.e. send traffic from multipe source addresses and check that it is balanced.
Either by adding multiple IPs to the same LSP, or by sending requests from
multiple LSPs (may need to remove eth_src from the selection in this case).
>
> AT_CHECK([ovs-appctl dpctl/flush-conntrack])
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
