Re: [ovs-dev] [PATCH v2] ovn: Avoid tunneling for VLAN packets redirected to a gateway chassis
On Tue, Nov 27, 2018 at 12:48 AM Guru Shetty wrote:
>
>
> On Mon, 19 Nov 2018 at 08:18, wrote:
>
>> From: Numan Siddique
>>
>> An OVN deployment can have multiple logical switches each with a
>> localnet port connected to a distributed logical router in which one
>> logical switch may provide external connectivity and the rest of
>> the localnet logical switches use VLAN tagging in the physical
>> network.
>>
>> As reported in [1], external traffic from these localnet VLAN tagged
>> logical switches are tunnelled to the gateway chassis (chassis hosting
>> a distributed gateway port which applies NAT rules). As part of the
>> discussion in [1], there are few possible solutions proposed by
>> Russell [2]. This patch implements the first option in [2].
>>
>> With this patch, a new option 'reside-on-redirect-chassis' in 'options'
>> column of Logical_Router_Port table is added. If the value of this
>> option is set to 'true' and if the logical router also have a
>> distributed gateway port, then routing for this logical router port
>> is centralized in the chassis hosting the distributed gateway port.
>>
>> If a logical switch 'sw0' is connected to a router 'lr0' with the
>> router port - 'lr0-sw0' with the address - "00:00:00:00:af:12 192.168.1.1"
>> , and it has a distributed logical port - 'lr0-public', then the
>> below logical flow is added in the logical switch pipeline
>> of 'sw0' if the 'reside-on-redirect-chassis' option is set on 'lr-sw0' -
>>
>> table=16(ls_in_l2_lkup), priority=50,
>> match=(eth.dst == 00:00:00:00:af:12 &&
>> is_chassis_resident("cr-lr0-public")),
>> action=(outport = "sw0-lr0"; output;)
>>
>> "cr-lr0-public" is an internal port binding created by ovn-northd of type
>> 'chassisredirect' for lr0-public in SB DB. Please see "man ovn-sb" for
>> more details.
>>
>> With the above flow, the packet doesn't enter the router pipeline in
>> the source chassis. Instead the packet is sent out via the localnet
>> port of 'sw0'. The gateway chassis upon receiving this packet, runs
>> the logical router pipeline applying NAT rules and sends the traffic
>> out via the localnet port of the logical switch providing external
>> connectivity.
>> The gateway chassis will also reply to the ARP requests for the router
>> port IPs.
>>
>> With this approach, we avoid redirecting the external traffic to the
>> gateway chassis via the tunnel port. There are a couple of drawbacks
>> with this approach:
>>
>> - East - West routing is no more distributed for the VLAN tagged
>> localnet logical switches if 'reside-on-redirect-chassis' option is
>> defined
>>
>> - 'dnat_and_snat' NAT rules with 'logical_mac' and 'logical_port'
>> columns defined will not work for these logical switches.
>>
>> This approach is taken for now as it is simple. If there is a requirement
>> to support distributed routing for these VLAN tenant networks, we
>> can explore other possible solutions.
>>
>> [1] -
>> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
>> [2] -
>> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046557.html
>>
>> Reported-at:
>> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
>> Reported-by: venkata anil
>> Acked-by: Gurucharan Shetty
>> Co-authored-by: venkata anil
>> Signed-off-by: Numan Siddique
>> Signed-off-by: venkata anil
>>
>
> Since no one else looks to have any further comments, I applied this to
> master.
>
>
Thanks Guru for the review and applying the patch.
Numan
> ---
>>
>> v1 -> v2
>>
>> * Addressed the review comments from Guru.
>> * Removed the patch 2 'ovn: Support a new Logical_Switch_Port.type -
>>'external' from this series as it is an independent patch.
>>
>> ovn/northd/ovn-northd.8.xml | 30
>> ovn/northd/ovn-northd.c | 71 +++---
>> ovn/ovn-architecture.7.xml | 211
>> ovn/ovn-nb.xml | 43 ++
>> tests/ovn.at| 273
>> 5 files changed, 612 insertions(+), 16 deletions(-)
>>
>> diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
>> index 7352c6764..f52699bd3 100644
>> --- a/ovn/northd/ovn-northd.8.xml
>> +++ b/ovn/northd/ovn-northd.8.xml
>> @@ -874,6 +874,25 @@ output;
>> resident.
>>
>>
>> +
>> +
>> + For the Ethernet address on a logical switch port of type
>> + router, when that logical switch port's
>> + > + db="OVN_Northbound"/> column is set to router and
>> + the connected logical router port specifies a
>> + reside-on-redirect-chassis and the logical router
>> + to which the connected logical router port belongs to has a
>> + redirect-chassis distributed gateway logical
>> router
>> + port:
>> +
>> +
>> +
>> +
>> +The flow for the connected logical router port's Ethernet
>> +
Re: [ovs-dev] [PATCH v2] ovn: Avoid tunneling for VLAN packets redirected to a gateway chassis
On Mon, 19 Nov 2018 at 08:18, wrote:
> From: Numan Siddique
>
> An OVN deployment can have multiple logical switches each with a
> localnet port connected to a distributed logical router in which one
> logical switch may provide external connectivity and the rest of
> the localnet logical switches use VLAN tagging in the physical
> network.
>
> As reported in [1], external traffic from these localnet VLAN tagged
> logical switches are tunnelled to the gateway chassis (chassis hosting
> a distributed gateway port which applies NAT rules). As part of the
> discussion in [1], there are few possible solutions proposed by
> Russell [2]. This patch implements the first option in [2].
>
> With this patch, a new option 'reside-on-redirect-chassis' in 'options'
> column of Logical_Router_Port table is added. If the value of this
> option is set to 'true' and if the logical router also have a
> distributed gateway port, then routing for this logical router port
> is centralized in the chassis hosting the distributed gateway port.
>
> If a logical switch 'sw0' is connected to a router 'lr0' with the
> router port - 'lr0-sw0' with the address - "00:00:00:00:af:12 192.168.1.1"
> , and it has a distributed logical port - 'lr0-public', then the
> below logical flow is added in the logical switch pipeline
> of 'sw0' if the 'reside-on-redirect-chassis' option is set on 'lr-sw0' -
>
> table=16(ls_in_l2_lkup), priority=50,
> match=(eth.dst == 00:00:00:00:af:12 &&
> is_chassis_resident("cr-lr0-public")),
> action=(outport = "sw0-lr0"; output;)
>
> "cr-lr0-public" is an internal port binding created by ovn-northd of type
> 'chassisredirect' for lr0-public in SB DB. Please see "man ovn-sb" for
> more details.
>
> With the above flow, the packet doesn't enter the router pipeline in
> the source chassis. Instead the packet is sent out via the localnet
> port of 'sw0'. The gateway chassis upon receiving this packet, runs
> the logical router pipeline applying NAT rules and sends the traffic
> out via the localnet port of the logical switch providing external
> connectivity.
> The gateway chassis will also reply to the ARP requests for the router
> port IPs.
>
> With this approach, we avoid redirecting the external traffic to the
> gateway chassis via the tunnel port. There are a couple of drawbacks
> with this approach:
>
> - East - West routing is no more distributed for the VLAN tagged
> localnet logical switches if 'reside-on-redirect-chassis' option is
> defined
>
> - 'dnat_and_snat' NAT rules with 'logical_mac' and 'logical_port'
> columns defined will not work for these logical switches.
>
> This approach is taken for now as it is simple. If there is a requirement
> to support distributed routing for these VLAN tenant networks, we
> can explore other possible solutions.
>
> [1] -
> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
> [2] -
> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046557.html
>
> Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
> Reported-by: venkata anil
> Acked-by: Gurucharan Shetty
> Co-authored-by: venkata anil
> Signed-off-by: Numan Siddique
> Signed-off-by: venkata anil
>
Since no one else looks to have any further comments, I applied this to
master.
> ---
>
> v1 -> v2
>
> * Addressed the review comments from Guru.
> * Removed the patch 2 'ovn: Support a new Logical_Switch_Port.type -
>'external' from this series as it is an independent patch.
>
> ovn/northd/ovn-northd.8.xml | 30
> ovn/northd/ovn-northd.c | 71 +++---
> ovn/ovn-architecture.7.xml | 211
> ovn/ovn-nb.xml | 43 ++
> tests/ovn.at| 273
> 5 files changed, 612 insertions(+), 16 deletions(-)
>
> diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
> index 7352c6764..f52699bd3 100644
> --- a/ovn/northd/ovn-northd.8.xml
> +++ b/ovn/northd/ovn-northd.8.xml
> @@ -874,6 +874,25 @@ output;
> resident.
>
>
> +
> +
> + For the Ethernet address on a logical switch port of type
> + router, when that logical switch port's
> + + db="OVN_Northbound"/> column is set to router and
> + the connected logical router port specifies a
> + reside-on-redirect-chassis and the logical router
> + to which the connected logical router port belongs to has a
> + redirect-chassis distributed gateway logical router
> + port:
> +
> +
> +
> +
> +The flow for the connected logical router port's Ethernet
> +address is only programmed on the
> redirect-chassis.
> +
> +
>
>
>
> @@ -1179,6 +1198,17 @@ output;
>upstream MAC learning to point to the
>redirect-chassis.
>
> +
> +
[ovs-dev] [PATCH v2] ovn: Avoid tunneling for VLAN packets redirected to a gateway chassis
From: Numan Siddique
An OVN deployment can have multiple logical switches each with a
localnet port connected to a distributed logical router in which one
logical switch may provide external connectivity and the rest of
the localnet logical switches use VLAN tagging in the physical
network.
As reported in [1], external traffic from these localnet VLAN tagged
logical switches are tunnelled to the gateway chassis (chassis hosting
a distributed gateway port which applies NAT rules). As part of the
discussion in [1], there are few possible solutions proposed by
Russell [2]. This patch implements the first option in [2].
With this patch, a new option 'reside-on-redirect-chassis' in 'options'
column of Logical_Router_Port table is added. If the value of this
option is set to 'true' and if the logical router also have a
distributed gateway port, then routing for this logical router port
is centralized in the chassis hosting the distributed gateway port.
If a logical switch 'sw0' is connected to a router 'lr0' with the
router port - 'lr0-sw0' with the address - "00:00:00:00:af:12 192.168.1.1"
, and it has a distributed logical port - 'lr0-public', then the
below logical flow is added in the logical switch pipeline
of 'sw0' if the 'reside-on-redirect-chassis' option is set on 'lr-sw0' -
table=16(ls_in_l2_lkup), priority=50,
match=(eth.dst == 00:00:00:00:af:12 && is_chassis_resident("cr-lr0-public")),
action=(outport = "sw0-lr0"; output;)
"cr-lr0-public" is an internal port binding created by ovn-northd of type
'chassisredirect' for lr0-public in SB DB. Please see "man ovn-sb" for more
details.
With the above flow, the packet doesn't enter the router pipeline in
the source chassis. Instead the packet is sent out via the localnet
port of 'sw0'. The gateway chassis upon receiving this packet, runs
the logical router pipeline applying NAT rules and sends the traffic
out via the localnet port of the logical switch providing external connectivity.
The gateway chassis will also reply to the ARP requests for the router port IPs.
With this approach, we avoid redirecting the external traffic to the
gateway chassis via the tunnel port. There are a couple of drawbacks
with this approach:
- East - West routing is no more distributed for the VLAN tagged
localnet logical switches if 'reside-on-redirect-chassis' option is defined
- 'dnat_and_snat' NAT rules with 'logical_mac' and 'logical_port'
columns defined will not work for these logical switches.
This approach is taken for now as it is simple. If there is a requirement
to support distributed routing for these VLAN tenant networks, we
can explore other possible solutions.
[1] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
[2] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046557.html
Reported-at:
https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
Reported-by: venkata anil
Acked-by: Gurucharan Shetty
Co-authored-by: venkata anil
Signed-off-by: Numan Siddique
Signed-off-by: venkata anil
---
v1 -> v2
* Addressed the review comments from Guru.
* Removed the patch 2 'ovn: Support a new Logical_Switch_Port.type -
'external' from this series as it is an independent patch.
ovn/northd/ovn-northd.8.xml | 30
ovn/northd/ovn-northd.c | 71 +++---
ovn/ovn-architecture.7.xml | 211
ovn/ovn-nb.xml | 43 ++
tests/ovn.at| 273
5 files changed, 612 insertions(+), 16 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index 7352c6764..f52699bd3 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -874,6 +874,25 @@ output;
resident.
+
+
+ For the Ethernet address on a logical switch port of type
+ router, when that logical switch port's
+ column is set to router and
+ the connected logical router port specifies a
+ reside-on-redirect-chassis and the logical router
+ to which the connected logical router port belongs to has a
+ redirect-chassis distributed gateway logical router
+ port:
+
+
+
+
+The flow for the connected logical router port's Ethernet
+address is only programmed on the redirect-chassis.
+
+
@@ -1179,6 +1198,17 @@ output;
upstream MAC learning to point to the
redirect-chassis.
+
+
+ For the logical router port with the option
+ reside-on-redirect-chassis set (which is centralized),
+ the above flows are only programmed on the gateway port instance on
+ the redirect-chassis (if the logical router has a
+ distributed gateway port). This behavior avoids generation
+ of multiple ARP responses from
