[ovs-build] Failed: numansiddique/ovn#64 (arp_handling - 3f6adb8)

Travis CI builds at travis-ci.org
Wed Sep 4 19:47:19 UTC 2019


Build Update for numansiddique/ovn
-------------------------------------

Build: #64
Status: Failed

Duration: 25 mins and 30 secs
Commit: 3f6adb8 (arp_handling)
Author: Numan Siddique
Message: Learn the mac binding only if required

OVN has the actions - put_arp and put_nd to learn the mac bindings from the
ARP/ND packets. These actions update the Southbound MAC_Binding table.

ovn-northd adds the logical flows in the router pipeline to update the learn
the macs for arp request and reply packets.

One such example is
  -  table=1 (lr_in_ip_input), priority=90, match=(arp.op == 2),
     action=(put_arp(inport, arp.spa, arp.sha);)

We have similar flows for arp.op == 1.

The actions put_arp/put_nd translates to controller action. Whenever
pinctrl thread receives such packets, it wakes up the main ovn-controller
thread. If the MAC_Binding table is already upto date, this results
in unnecessary CPU cyles. There are some security implications as well.
A rogue VM can flood broadcast ARP request/reply packets and this
could cause DoS issues. A physical switch may send periodic GARPs
and these packets hit ovn-controllers.

This patch solves these problems by learning the mac bindings only if
required. There is no need to apply the put_arp action if the Southbound
MAC_Binding row is update to date for the ARPs.

A new action - lookup_arp and lookup_nd is added which looks up the
IP, MAC pair in the mac_binding table and updates the eth.dst if
the entry is present. If there is no entry, then eth.dst is not modified.

ovn-northd adds 2 new stages - lookup_arp and put_arp before ip_input
in the router ingress pipeline.

The logical flows looks like:

table=1 (lr_in_lookup_arp), priority=100  , match=(arp),
         action=(xxreg1[0..47] = eth.dst;
         lookup_arp(inport, arp.spa, arp.sha);
         xxreg0[0..47] = eth.dst; eth.dst = xxreg1[0..47]; next;)

table=1 (lr_in_lookup_arp), priority=0    , match=(1), action=(next;)
table=2 (lr_in_put_arp   ), priority=100  ,
         match=(arp.op == 1 && xxreg0[0..47] == 00:00:00:00:00:00),
         action=(put_arp(inport, arp.spa, arp.sha); next; )
table=2 (lr_in_put_arp   ), priority=100  ,
         match=(arp.op == 2 && xxreg0[0..47] == 00:00:00:00:00:00),
         action=(put_arp(inport, arp.spa, arp.sha);)

table=2 (lr_in_put_arp   ), priority=90   , match=(arp.op == 2), action=(drop;)
table=2 (lr_in_put_arp   ), priority=0    , match=(1), action=(next;)

The lflow module of ovn-controller adds OF flows in table 31 (OFTABLE_MAC_LOOKUP)
for each mac_binding entry with the match reg0 = ip && arp.spa = mac with
the action - eth.dst = mac

Eg:
table=31, priority=100,arp,reg0=0xaca8006f,reg14=0x3,metadata=0x3,arp_sha=00:44:00:00:00:04
          actions=mod_dl_dst:00:44:00:00:00:04

TODO: IPv6 needs to be handled.

Signed-off-by: Numan Siddique <nusiddiq at redhat.com>

View the changeset: https://github.com/numansiddique/ovn/compare/9e2dc4502553...3f6adb858e73

View the full build log and details: https://travis-ci.org/numansiddique/ovn/builds/580878578?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the numansiddique/ovn repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=24622661&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-build/attachments/20190904/2da35ec9/attachment-0001.html>


More information about the build mailing list