Introduce the capability to actively refresh mac_binding entries available in OFTABLE_MAC_BINDING table when they are inactive for more than the configured threshold. Add the OFTABLE_MAC_BINDING table stats monitoring. This feature avoids possible unnecessary mac_entry removals if the destination is still alive but inactive for more than the configured value. Reduce threshold dump_period and cooldown_period to 3/16 of threshold value in order to not miss any re-arping time slot.
Acked-by: Ales Musil <amu...@redhat.com> Acked-by: Mark Michelson <mmich...@redhat.com> Reported-at: https://issues.redhat.com/browse/FDP-1135 Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com> --- controller/mac-cache.c | 138 ++++++++++++++++++++-- controller/mac-cache.h | 21 +++- controller/ovn-controller.c | 3 +- controller/pinctrl.h | 1 + controller/statctrl.c | 29 ++++- controller/statctrl.h | 1 + tests/ovn.at | 225 ++++++++++++++++++++++++++++++++++++ tests/system-ovn.at | 108 +++++++++++++++++ 8 files changed, 509 insertions(+), 17 deletions(-) diff --git a/controller/mac-cache.c b/controller/mac-cache.c index 1a7a43bae..bb226b349 100644 --- a/controller/mac-cache.c +++ b/controller/mac-cache.c @@ -16,6 +16,7 @@ #include <config.h> #include <stdbool.h> +#include "lflow.h" #include "local_data.h" #include "lport.h" #include "mac-cache.h" @@ -23,6 +24,7 @@ #include "openvswitch/vlog.h" #include "ovn/logical-fields.h" #include "ovn-sb-idl.h" +#include "pinctrl.h" VLOG_DEFINE_THIS_MODULE(mac_cache); @@ -89,15 +91,20 @@ mac_cache_threshold_add(struct mac_cache_data *data, threshold = xmalloc(sizeof *threshold); threshold->dp_key = dp->tunnel_key; threshold->value = value; - threshold->dump_period = value / 2; - threshold->cooldown_period = value / 4; + threshold->dump_period = (3 * value) / 16; + threshold->cooldown_period = (3 * value) / 16; /* (cooldown_period + dump_period) is the maximum time the timestamp may - * be not updated. So, the sum of those times must be lower than the - * threshold, otherwise we may fail to update an active MAC binding in + * be not updated for an entry with IP + MAC combination from which we see + * incoming traffic. For the entry that is used only in Tx direction + * (e.g., an entry for a default gateway of the chassis) this time is + * doubled, because an ARP/ND probe will need to be sent first and the + * (cooldown_period + dump_period) will be the maximum time between such + * probes. Hence, 2 * (cooldown_period + dump_period) should be less than + * a threshold, otherwise we may fail to update an active MAC binding in * time and risk it being removed. Giving it an extra 1/10 of the time * for all the processing that needs to happen. */ - ovs_assert(threshold->cooldown_period + threshold->dump_period + ovs_assert(2 * (threshold->cooldown_period + threshold->dump_period) < (9 * value) / 10); hmap_insert(&data->thresholds, &threshold->hmap_node, dp->tunnel_key); @@ -414,8 +421,10 @@ mac_binding_update_log(const char *action, } void -mac_binding_stats_run(struct ovs_list *stats_list, uint64_t *req_delay, - void *data) +mac_binding_stats_run( + struct rconn *swconn OVS_UNUSED, + struct ovsdb_idl_index *sbrec_port_binding_by_name OVS_UNUSED, + struct ovs_list *stats_list, uint64_t *req_delay, void *data) { struct mac_cache_data *cache_data = data; long long timewall_now = time_wall_msec(); @@ -510,8 +519,10 @@ fdb_update_log(const char *action, } void -fdb_stats_run(struct ovs_list *stats_list, uint64_t *req_delay, - void *data) +fdb_stats_run(struct rconn *swconn OVS_UNUSED, + struct ovsdb_idl_index *sbrec_port_binding_by_name OVS_UNUSED, + struct ovs_list *stats_list, + uint64_t *req_delay, void *data) { struct mac_cache_data *cache_data = data; long long timewall_now = time_wall_msec(); @@ -862,3 +873,112 @@ buffered_packets_db_lookup(struct buffered_packets *bp, struct ds *ip, eth_addr_from_string(smb->mac, mac); } + +void +mac_binding_probe_stats_process_flow_stats( + struct ovs_list *stats_list, + struct ofputil_flow_stats *ofp_stats) +{ + struct mac_cache_stats *stats = xmalloc(sizeof *stats); + + stats->idle_age_ms = ofp_stats->idle_age * 1000; + stats->data.mb = (struct mac_binding_data) { + .cookie = ntohll(ofp_stats->cookie), + /* The port_key must be zero to match mac_binding_data_from_sbrec. */ + .port_key = 0, + .dp_key = ntohll(ofp_stats->match.flow.metadata), + }; + + if (ofp_stats->match.flow.regs[0]) { + stats->data.mb.ip = + in6_addr_mapped_ipv4(htonl(ofp_stats->match.flow.regs[0])); + } else { + ovs_be128 ip6 = hton128(flow_get_xxreg(&ofp_stats->match.flow, 1)); + memcpy(&stats->data.mb.ip, &ip6, sizeof stats->data.mb.ip); + } + + ovs_list_push_back(stats_list, &stats->list_node); +} + +void +mac_binding_probe_stats_run( + struct rconn *swconn, + struct ovsdb_idl_index *sbrec_port_binding_by_name, + struct ovs_list *stats_list, + uint64_t *req_delay, void *data) +{ + long long timewall_now = time_wall_msec(); + struct mac_cache_data *cache_data = data; + + struct mac_cache_stats *stats; + LIST_FOR_EACH_POP (stats, list_node, stats_list) { + struct mac_binding *mb = mac_binding_find(&cache_data->mac_bindings, + &stats->data.mb); + if (!mb) { + mac_binding_update_log("Probe: not found in the cache:", + &stats->data.mb, false, NULL, 0, 0); + free(stats); + continue; + } + + struct mac_cache_threshold *threshold = + mac_cache_threshold_find(cache_data, mb->data.dp_key); + uint64_t since_updated_ms = timewall_now - mb->sbrec->timestamp; + const struct sbrec_mac_binding *sbrec = mb->sbrec; + + if (stats->idle_age_ms > threshold->value) { + mac_binding_update_log("Not sending ARP/ND request for non-active", + &mb->data, true, threshold, + stats->idle_age_ms, since_updated_ms); + free(stats); + continue; + } + + if (since_updated_ms < threshold->cooldown_period) { + mac_binding_update_log( + "Not sending ARP/ND request for recently updated", + &mb->data, true, threshold, stats->idle_age_ms, + since_updated_ms); + free(stats); + continue; + } + + const struct sbrec_port_binding *pb = + lport_lookup_by_name(sbrec_port_binding_by_name, + sbrec->logical_port); + if (!pb) { + free(stats); + continue; + } + + struct lport_addresses laddr; + if (!extract_lsp_addresses(pb->mac[0], &laddr)) { + free(stats); + continue; + } + + if (laddr.n_ipv4_addrs || laddr.n_ipv6_addrs) { + struct in6_addr local = laddr.n_ipv4_addrs + ? in6_addr_mapped_ipv4(laddr.ipv4_addrs[0].addr) + : laddr.ipv6_addrs[0].addr; + + mac_binding_update_log("Sending ARP/ND request for active", + &mb->data, true, threshold, + stats->idle_age_ms, since_updated_ms); + + send_self_originated_neigh_packet(swconn, + sbrec->datapath->tunnel_key, + pb->tunnel_key, laddr.ea, + &local, &mb->data.ip, + OFTABLE_LOCAL_OUTPUT); + } + + free(stats); + destroy_lport_addresses(&laddr); + } + + mac_cache_update_req_delay(&cache_data->thresholds, req_delay); + if (*req_delay) { + VLOG_DBG("MAC probe binding statistics delay: %"PRIu64, *req_delay); + } +} diff --git a/controller/mac-cache.h b/controller/mac-cache.h index 70fa21525..d0a0b6867 100644 --- a/controller/mac-cache.h +++ b/controller/mac-cache.h @@ -184,15 +184,19 @@ void mac_binding_stats_process_flow_stats(struct ovs_list *stats_list, struct ofputil_flow_stats *ofp_stats); -void mac_binding_stats_run(struct ovs_list *stats_list, uint64_t *req_delay, - void *data); +void mac_binding_stats_run( + struct rconn *swconn OVS_UNUSED, + struct ovsdb_idl_index *sbrec_port_binding_by_name OVS_UNUSED, + struct ovs_list *stats_list, uint64_t *req_delay, void *data); /* FDB stat processing. */ void fdb_stats_process_flow_stats(struct ovs_list *stats_list, struct ofputil_flow_stats *ofp_stats); -void fdb_stats_run(struct ovs_list *stats_list, uint64_t *req_delay, - void *data); +void fdb_stats_run( + struct rconn *swconn OVS_UNUSED, + struct ovsdb_idl_index *sbrec_port_binding_by_name OVS_UNUSED, + struct ovs_list *stats_list, uint64_t *req_delay, void *data); void mac_cache_stats_destroy(struct ovs_list *stats_list); @@ -225,4 +229,13 @@ bool buffered_packets_ctx_is_ready_to_send(struct buffered_packets_ctx *ctx); bool buffered_packets_ctx_has_packets(struct buffered_packets_ctx *ctx); +void mac_binding_probe_stats_process_flow_stats( + struct ovs_list *stats_list, + struct ofputil_flow_stats *ofp_stats); + +void mac_binding_probe_stats_run( + struct rconn *swconn, + struct ovsdb_idl_index *sbrec_port_binding_by_name, + struct ovs_list *stats_list, uint64_t *req_delay, void *data); + #endif /* controller/mac-cache.h */ diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index 40f22adc3..a8d080123 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -5802,7 +5802,8 @@ main(int argc, char *argv[]) mac_cache_data = engine_get_data(&en_mac_cache); if (mac_cache_data) { - statctrl_run(ovnsb_idl_txn, mac_cache_data); + statctrl_run(ovnsb_idl_txn, sbrec_port_binding_by_name, + mac_cache_data); } ofctrl_seqno_update_create( diff --git a/controller/pinctrl.h b/controller/pinctrl.h index 79cb2bc31..4e7b75fb9 100644 --- a/controller/pinctrl.h +++ b/controller/pinctrl.h @@ -31,6 +31,7 @@ struct ovsdb_idl_index; struct ovsdb_idl_txn; struct ovsrec_bridge; struct ovsrec_open_vswitch_table; +struct rconn; struct sbrec_chassis; struct sbrec_dns_table; struct sbrec_controller_event_table; diff --git a/controller/statctrl.c b/controller/statctrl.c index d3c70ccba..0ad679d05 100644 --- a/controller/statctrl.c +++ b/controller/statctrl.c @@ -39,6 +39,7 @@ VLOG_DEFINE_THIS_MODULE(statctrl); enum stat_type { STATS_MAC_BINDING = 0, STATS_FDB, + STATS_MAC_BINDING_PROBE, STATS_MAX, }; @@ -62,7 +63,10 @@ struct stats_node { struct ofputil_flow_stats *ofp_stats); /* Function to process the parsed stats. * This function runs in main thread locked behind mutex. */ - void (*run)(struct ovs_list *stats_list, uint64_t *req_delay, void *data); + void (*run)(struct rconn *swconn, + struct ovsdb_idl_index *sbrec_port_binding_by_name, + struct ovs_list *stats_list, + uint64_t *req_delay, void *data); }; #define STATS_NODE(NAME, REQUEST, DESTROY, PROCESS, RUN) \ @@ -145,6 +149,18 @@ statctrl_init(void) STATS_NODE(FDB, fdb_request, mac_cache_stats_destroy, fdb_stats_process_flow_stats, fdb_stats_run); + struct ofputil_flow_stats_request mac_binding_probe_request = { + .cookie = htonll(0), + .cookie_mask = htonll(0), + .out_port = OFPP_ANY, + .out_group = OFPG_ANY, + .table_id = OFTABLE_MAC_BINDING, + }; + STATS_NODE(MAC_BINDING_PROBE, mac_binding_probe_request, + mac_cache_stats_destroy, + mac_binding_probe_stats_process_flow_stats, + mac_binding_probe_stats_run); + statctrl_ctx.thread = ovs_thread_create("ovn_statctrl", statctrl_thread_handler, &statctrl_ctx); @@ -152,13 +168,18 @@ statctrl_init(void) void statctrl_run(struct ovsdb_idl_txn *ovnsb_idl_txn, + struct ovsdb_idl_index *sbrec_port_binding_by_name, struct mac_cache_data *mac_cache_data) { if (!ovnsb_idl_txn) { return; } - void *node_data[STATS_MAX] = {mac_cache_data, mac_cache_data}; + void *node_data[STATS_MAX] = { + mac_cache_data, + mac_cache_data, + mac_cache_data + }; bool schedule_updated = false; long long now = time_msec(); @@ -168,7 +189,9 @@ statctrl_run(struct ovsdb_idl_txn *ovnsb_idl_txn, struct stats_node *node = &statctrl_ctx.nodes[i]; uint64_t prev_delay = node->request_delay; - node->run(&node->stats_list, &node->request_delay, node_data[i]); + node->run(statctrl_ctx.swconn, + sbrec_port_binding_by_name, &node->stats_list, + &node->request_delay, node_data[i]); schedule_updated |= statctrl_update_next_request_timestamp(node, now, prev_delay); diff --git a/controller/statctrl.h b/controller/statctrl.h index d36c42e14..69a0b6f35 100644 --- a/controller/statctrl.h +++ b/controller/statctrl.h @@ -20,6 +20,7 @@ void statctrl_init(void); void statctrl_run(struct ovsdb_idl_txn *ovnsb_idl_txn, + struct ovsdb_idl_index *sbrec_port_binding_by_name, struct mac_cache_data *mac_cache_data); void statctrl_update_swconn(const char *target, int probe_interval); diff --git a/tests/ovn.at b/tests/ovn.at index 5132c64ea..692c5e365 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -35494,6 +35494,231 @@ OVN_CLEANUP([hv1]) AT_CLEANUP ]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([MAC binding aging - probing]) +AT_SKIP_IF([test $HAVE_SCAPY = no]) +ovn_start + +send_udp() { + local hv=$1 dev=$2 hdst=$3 hsrc=$4 idst=$5 isrc=$6 + local packet=$(fmt_pkt "Ether(dst='${hdst}', src='${hsrc}')/ \ + IP(dst='${idst}', src='${isrc}')/UDP()") + as $hv ovs-appctl netdev-dummy/receive $dev $packet +} + +dump_arp() { + local op=$1 eth_src=$2 eth_dst=$3 spa=$4 tpa=$5 hwdst=$6 + + local packet=$(fmt_pkt "Ether(dst='${eth_dst}', src='${eth_src}')/ \ + ARP(op=$op, hwsrc='${eth_src}', hwdst='${hwdst}', \ + psrc='${spa}', pdst='${tpa}')") + echo $packet +} + +aging_th=10 +net_add n1 +sim_add hv1 +as hv1 +check ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.1 +ovn-appctl -t ovn-controller vlog/set mac_cache:file:dbg pinctrl:file:dbg + +check ovn-nbctl \ + -- ls-add ls1 \ + -- ls-add ls2 \ + -- lr-add lr \ + -- set logical_router lr options:mac_binding_age_threshold=$aging_th \ + -- lrp-add lr lr-ls1 00:00:00:00:10:00 192.168.10.1/24 \ + -- lrp-add lr lr-ls2 00:00:00:00:20:00 192.168.20.1/24 \ + -- lsp-add ls1 ls1-lr \ + -- lsp-set-type ls1-lr router \ + -- lsp-set-addresses ls1-lr router \ + -- lsp-set-options ls1-lr router-port=lr-ls1 \ + -- lsp-add ls1 vif1 \ + -- lsp-set-addresses vif1 "unknown" \ + -- lsp-add ls2 ls2-lr \ + -- lsp-set-type ls2-lr router \ + -- lsp-set-addresses ls2-lr router \ + -- lsp-set-options ls2-lr router-port=lr-ls2 \ + -- lsp-add ls2 vif2 \ + -- lsp-set-addresses vif2 "unknown" + +check ovs-vsctl \ + -- add-port br-int vif1 \ + -- set interface vif1 external-ids:iface-id=vif1 \ + options:tx_pcap=hv1/vif1-tx.pcap options:rxq_pcap=hv1/vif1-rx.pcap \ + -- add-port br-int vif2 \ + -- set interface vif2 external-ids:iface-id=vif2 \ + options:tx_pcap=hv1/vif2-tx.pcap options:rxq_pcap=hv1/vif2-rx.pcap + +OVN_POPULATE_ARP +wait_for_ports_up +check ovn-nbctl --wait=hv sync + +# Wait for pinctrl thread to be connected. +OVS_WAIT_UNTIL([grep pinctrl hv1/ovn-controller.log | grep -q connected]) + +send_garp hv1 vif1 2 00:00:00:00:10:1a ff:ff:ff:ff:ff:ff 192.168.10.100 192.168.10.100 +wait_row_count mac_binding 1 ip="192.168.10.100" logical_port="lr-ls1" + +send_garp hv1 vif2 2 00:00:00:00:10:1b ff:ff:ff:ff:ff:ff 192.168.20.100 192.168.20.100 +wait_row_count mac_binding 1 ip="192.168.20.100" logical_port="lr-ls2" + +# Send UDP traffic to refresh entries in OFTABLE_MAC_BINDING. +# Please note we are using a different src mac address with respect to the GARP +# one. +send_udp hv1 vif1 00:00:00:00:10:00 00:00:00:00:10:2a 192.168.20.100 192.168.10.100 +send_udp hv1 vif2 00:00:00:00:20:00 00:00:00:00:10:2b 192.168.10.100 192.168.20.100 + +OVS_WAIT_UNTIL([$(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | \ + sed 's/reg15=0x.,metadata=0x./reg15=<cleared>,metadata=<cleared>/g' | \ + grep -q "reg0=0xc0a80a64,reg15=<cleared>,metadata=<cleared> actions=mod_dl_dst:00:00:00:00:10:1a")]) +OVS_WAIT_UNTIL([$(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | \ + sed 's/reg15=0x.,metadata=0x./reg15=<cleared>,metadata=<cleared>/g' | \ + grep -q "reg0=0xc0a81464,reg15=<cleared>,metadata=<cleared> actions=mod_dl_dst:00:00:00:00:10:1b")]) + +wait_row_count mac_binding 1 ip="192.168.10.100" logical_port="lr-ls1" +ts0=$(fetch_column Mac_Binding timestamp ip=192.168.10.100) + +# Wait until entries in OFTABLE_MAC_CACHE_USE are stale. +OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE | \ + awk '/nw_src=192.168.10.100/{print substr($6,10,1)}') -ge $((aging_th/2))]) + +# Send UDP traffic to refresh entries in OFTABLE_MAC_BINDING. +send_udp hv1 vif1 00:00:00:00:10:00 00:00:00:00:10:2a 192.168.20.100 192.168.10.100 +send_udp hv1 vif2 00:00:00:00:20:00 00:00:00:00:10:2b 192.168.10.100 192.168.20.100 +# Wait for ARP requests to be generated. +dump_arp 1 00:00:00:00:20:00 ff:ff:ff:ff:ff:ff 192.168.20.1 192.168.20.100 00:00:00:00:00:00 > expected1 +dump_arp 1 00:00:00:00:10:00 ff:ff:ff:ff:ff:ff 192.168.10.1 192.168.10.100 00:00:00:00:00:00 > expected2 +OVN_CHECK_PACKETS_CONTAIN([hv1/vif1-tx.pcap], [expected2]) + +# Check MAC_Binding timestamp is updated receiving the ARP replay. +send_garp hv1 vif1 2 00:00:00:00:10:1a 00:00:00:00:10:00 192.168.10.100 192.168.10.1 +send_garp hv1 vif2 2 00:00:00:00:10:1b 00:00:00:00:20:00 192.168.20.100 192.168.20.1 +OVS_WAIT_UNTIL([test $(fetch_column Mac_Binding timestamp ip=192.168.10.100) -gt $ts0]) + +# Refresh OFTABLE_MAC_BINDING entires. +dump_arp 1 00:00:00:00:20:00 ff:ff:ff:ff:ff:ff 192.168.20.1 192.168.20.100 00:00:00:00:00:00 >> expected1 +dump_arp 1 00:00:00:00:10:00 ff:ff:ff:ff:ff:ff 192.168.10.1 192.168.10.100 00:00:00:00:00:00 >> expected2 +OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE | \ + awk '/arp_spa=192.168.20.100/{print substr($6,10,1)}') -ge $((aging_th/2))]) +send_udp hv1 vif1 00:00:00:00:10:00 00:00:00:00:10:2a 192.168.20.100 192.168.10.100 +send_udp hv1 vif2 00:00:00:00:20:00 00:00:00:00:10:2b 192.168.10.100 192.168.20.100 +# Check OVN tries to refresh MAC Binding entries. +OVN_CHECK_PACKETS_CONTAIN([hv1/vif2-tx.pcap], [expected1]) +OVN_CHECK_PACKETS_CONTAIN([hv1/vif1-tx.pcap], [expected2]) + +OVN_CLEANUP([hv1]) +AT_CLEANUP +]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([MAC binding aging - probing GW router Dynamic Neigh]) +AT_SKIP_IF([test $HAVE_SCAPY = no]) +ovn_start + +send_imcp_echo_req() { + local hv=$1 dev=$2 hdst=$3 hsrc=$4 idst=$5 isrc=$6 + local packet=$(fmt_pkt "Ether(dst='${hdst}', src='${hsrc}')/ \ + IP(dst='${idst}', src='${isrc}')/ICMP()") + as $hv ovs-appctl netdev-dummy/receive $dev $packet +} + +dump_icmp() { + local hdst=$1 hsrc=$2 idst=$3 isrc=$4 ttl=$5 type=$6 chksum=$7 + local packet=$(fmt_pkt "Ether(dst='${hdst}', src='${hsrc}')/ \ + IP(dst='${idst}', src='${isrc}', ttl=${ttl})/\ + ICMP(type=${type}, chksum=${chksum})") + + echo $packet +} + +aging_th=10 +net_add n1 +sim_add hv1 +as hv1 +check ovs-vsctl add-br br-phys +ovn_attach n1 br-phys 192.168.0.1 +ovn-appctl -t ovn-controller vlog/set mac_cache:file:dbg pinctrl:file:dbg + +check ovn-nbctl \ + -- ls-add public \ + -- ls-add join \ + -- lr-add lr \ + -- lr-add gw \ + -- set Logical_Router gw options:chassis="hv1" \ + -- set logical_router gw options:mac_binding_age_threshold=$aging_th \ + -- set logical_router gw options:dynamic_neigh_routers=true \ + -- lrp-add gw gw-public 00:00:00:00:10:00 192.168.10.1/24 \ + -- lrp-add gw gw-join 00:00:00:00:20:00 192.168.20.1/24 \ + -- lsp-add public public-gw \ + -- lsp-set-type public-gw router \ + -- lsp-set-addresses public-gw router \ + -- lsp-set-options public-gw router-port=gw-public \ + -- lsp-add public public \ + -- lsp-set-addresses public "unknown" \ + -- lsp-add join join-gw \ + -- lsp-set-type join-gw router \ + -- lsp-set-addresses join-gw router \ + -- lsp-set-options join-gw router-port=gw-join \ + -- lrp-add lr lr-join 00:00:00:00:30:00 192.168.20.2/24 \ + -- lsp-add join join-lr \ + -- lsp-set-type join-lr router \ + -- lsp-set-addresses join-lr router \ + -- lsp-set-options join-lr router-port=lr-join \ + -- lr-route-add lr 0.0.0.0/0 192.168.20.1 + +check ovs-vsctl \ + -- add-port br-int public \ + -- set interface public external-ids:iface-id=public \ + options:tx_pcap=hv1/public-tx.pcap options:rxq_pcap=hv1/public-rx.pcap + +OVN_POPULATE_ARP +wait_for_ports_up +check ovn-nbctl --wait=hv sync + +dnl Wait for pinctrl thread to be connected. +OVS_WAIT_UNTIL([grep pinctrl hv1/ovn-controller.log | grep -q connected]) + +# Send a GARP for an external device to populate MAC Binding table. +send_garp hv1 public 2 00:00:00:00:10:1a ff:ff:ff:ff:ff:ff 192.168.10.100 192.168.10.100 +wait_row_count mac_binding 1 ip="192.168.10.100" logical_port="gw-public" + +# Send ICMP echo request to create entries in OFTABLE_MAC_BINDING. +send_imcp_echo_req hv1 public 00:00:00:00:10:00 00:00:00:00:10:1a 192.168.20.2 192.168.10.100 +dump_icmp 00:00:00:00:10:1a 00:00:00:00:10:00 192.168.10.100 192.168.20.2 253 0 0 > expected +OVN_CHECK_PACKETS_CONTAIN([hv1/public-tx.pcap], [expected]) + +wait_row_count mac_binding 1 ip="192.168.20.2" logical_port="gw-join" +n_arp=$(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE |awk '/arp_spa=192.168.20.2/{print substr($4,11,1)}') + +OVS_WAIT_UNTIL([$(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | \ + sed 's/reg15=0x.,metadata=0x./reg15=<cleared>,metadata=<cleared>/g' | \ + grep -q "reg0=0xc0a80a64,reg15=<cleared>,metadata=<cleared> actions=mod_dl_dst:00:00:00:00:10:1a")]) +OVS_WAIT_UNTIL([$(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | \ + sed 's/reg15=0x.,metadata=0x./reg15=<cleared>,metadata=<cleared>/g' | \ + grep -q "reg0=0xc0a81402,reg15=<cleared>,metadata=<cleared> actions=mod_dl_dst:00:00:00:00:30:00")]) + +# Check GW router does not send any ARP requests in this case. +OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE | \ + awk '/nw_src=192.168.10.100/{print substr($6,10,1)}') -ge $((aging_th/2))]) +n_arp=$(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE |awk '/arp_spa=192.168.20.2/{print substr($4,11,1)}') +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE |awk '/arp_spa=192.168.20.2/{print substr($4,11,1)}') -eq $n_arp]) + +send_imcp_echo_req hv1 public 00:00:00:00:10:00 00:00:00:00:10:1a 192.168.20.2 192.168.10.100 +# Now drop ICMP echo reply in order to force OVN to arp the mac binding entry +# for the distributed router lr. +check ovn-nbctl --wait=hv acl-add join from-lport 1000 'inport == "join-lr" && icmp' drop +n_arp=$(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE |awk '/arp_spa=192.168.20.2/{print substr($4,11,1)}') +OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE | \ + awk '/nw_src=192.168.10.100/{print substr($6,10,1)}') -ge $((aging_th/2))]) +send_imcp_echo_req hv1 public 00:00:00:00:10:00 00:00:00:00:10:1a 192.168.20.2 192.168.10.100 +OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE |awk '/arp_spa=192.168.20.2/{print substr($4,11,1)}') -ge $((n_arp+1))]) + +OVN_CLEANUP([hv1]) +AT_CLEANUP +]) + OVN_FOR_EACH_NORTHD([ AT_SETUP([router port type update and then remove]) ovn_start diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 0389aeaf9..b5cb7b54c 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -14308,3 +14308,111 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d /connection dropped.*/d"]) AT_CLEANUP ]) + +OVN_FOR_EACH_NORTHD([ +AT_SETUP([Mac binding aging - Probing]) +AT_KEYWORDS([mac_binding_probing]) +ovn_start +OVS_TRAFFIC_VSWITCHD_START() + +ADD_BR([br-int]) +ADD_BR([br-ext]) +ADD_BR([br-gw]) + +check ovs-ofctl add-flow br-ext action=normal +check ovs-ofctl add-flow br-gw action=normal +# Set external-ids in br-int needed for ovn-controller +check ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +check ovn-appctl -t ovn-controller vlog/set mac_cache:file:dbg pinctrl:file:dbg +check ovn-nbctl lr-add lr +check ovn-nbctl set logical_router lr options:chassis=hv1 +check ovn-nbctl set logical_router lr options:mac_binding_age_threshold=5 + +check ovn-nbctl ls-add sw +check ovn-nbctl ls-add public + +check ovn-nbctl lrp-add lr rp-sw 00:00:01:01:02:03 192.168.1.1/24 +check ovn-nbctl lrp-add lr rp-public 00:00:02:01:02:03 172.16.1.1/24 + +check ovn-nbctl lsp-add sw sw-rp -- set Logical_Switch_Port sw-rp \ + type=router options:router-port=rp-sw \ + -- lsp-set-addresses sw-rp router + +check ovn-nbctl lsp-add public public-rp -- set Logical_Switch_Port public-rp \ + type=router options:router-port=rp-public \ + -- lsp-set-addresses public-rp router + +ADD_NAMESPACES(alice) +ADD_VETH(alice, alice, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", "192.168.1.1") +check ovn-nbctl lsp-add sw alice -- lsp-set-addresses alice "f0:00:00:01:02:03 192.168.1.2" + +check ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=phynet:br-ext +check ovn-nbctl lsp-add public public \ + -- lsp-set-addresses public unknown \ + -- lsp-set-type public localnet \ + -- lsp-set-options public network_name=phynet + +ADD_NAMESPACES(gw) +ADD_VETH(gw0, gw, br-ext, "172.16.1.2/24", "f0:00:00:01:02:04", "172.16.1.1") +ADD_VETH(gw1, gw, br-gw, "172.16.2.2/24", "f0:00:00:01:03:04") + +NS_CHECK_EXEC([gw], [sysctl -w net.ipv4.conf.all.forwarding=1],[0], [dnl +net.ipv4.conf.all.forwarding = 1 +]) + +ADD_NAMESPACES(bob) +ADD_VETH(bob, bob, br-gw, "172.16.2.10/24", "f0:00:00:01:02:06", "172.16.2.2") + +check ovn-nbctl lr-route-add lr 0.0.0.0/0 172.16.1.2 +check ovn-nbctl --wait=hv sync + +NS_CHECK_EXEC([alice], [ping -q -c 3 -i 0.3 -w 2 172.16.2.10 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +check_row_count mac_binding 1 mac=\"f0:00:00:01:02:04\" +mac_binding_uuid=$(fetch_column mac_binding _uuid logical_port=rp-public ip=172.16.1.2) + +NETNS_START_TCPDUMP([gw], [-n -c 2 -i gw0 arp[[6:2]] == 0x1 and arp[[24:4]] == 0xac100102], [gw]) +NS_CHECK_EXEC([alice], [ping -q -c 30 -i 0.5 172.16.2.10 | FORMAT_PING], \ +[0], [dnl +30 packets transmitted, 30 received, 0% packet loss, time 0ms +]) + +# Check mac binding entry is still active. +check_row_count mac_binding 1 mac=\"f0:00:00:01:02:04\" +# Check mac binding entry has not been removed. +AT_CHECK([test "$(fetch_column mac_binding _uuid logical_port=rp-public ip=172.16.1.2)" = "$mac_binding_uuid"]) +OVS_WAIT_UNTIL([ + n_arp=$(cat gw.tcpdump | wc -l) + test ${n_arp} -ge 2 +]) + +# Wait for the mac binding entry to expire. +wait_row_count MAC_Binding 0 + +OVS_APP_EXIT_AND_WAIT([ovn-controller]) + +as ovn-sb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as ovn-nb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as northd +OVS_APP_EXIT_AND_WAIT([ovn-northd]) + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d +/connection dropped.*/d"]) +AT_CLEANUP +]) -- 2.48.1 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
