[ovs-build] Passed: ovsrobot/ovn#126 (series_130289 - e8147bb)
Travis CI
builds at travis-ci.com
Thu Sep 12 01:12:42 UTC 2019
Build Update for ovsrobot/ovn
-------------------------------------
Build: #126
Status: Passed
Duration: 49 mins and 54 secs
Commit: e8147bb (series_130289)
Author: Numan Siddique
Message: Learn the mac binding only if required
OVN has the actions - put_arp and put_nd to learn the mac bindings from the
ARP/ND packets. These actions update the Southbound MAC_Binding table.
These actions translates to controller actions. Whenever pinctrl thread
receives such packets, it wakes up the main ovn-controller thread.
If the MAC_Binding table is already upto date, this results
in unnecessary CPU cyles. There are some security implications as well.
A rogue VM can flood broadcast ARP request/reply packets and this
could cause DoS issues. A physical switch may send periodic GARPs
and these packets hit ovn-controllers.
This patch solves these problems by learning the mac bindings only if
required. There is no need to apply the put_arp/put_nd action if the
Southbound MAC_Binding row is upto date.
A new action - lookup_arp and lookup_nd is added which looks up the
IP, MAC pair in the mac_binding table and updates the eth.dst if
the entry is present, else eth.dst is set to 00:00:00:00:00:00.
ovn-northd adds 2 new stages - lookup_arp and put_arp before ip_input
in the router ingress pipeline.
The logical flows looks something like:
table=1 (lr_in_lookup_arp), priority=100 , match=(arp),
action=(xxreg1[0..47] = eth.dst;
lookup_arp(inport, arp.spa, arp.sha);
xxreg0[0..47] = eth.dst; eth.dst = xxreg1[0..47]; next;)
table=1 (lr_in_lookup_arp), priority=0 , match=(1), action=(next;)
...
table=2 (lr_in_put_arp ), priority=100 ,
match=(arp.op == 2 && xxreg0[0..47] == 00:00:00:00:00:00),
action=(put_arp(inport, arp.spa, arp.sha);)
table=2 (lr_in_put_arp ), priority=90 , match=(arp.op == 2), action=(drop;)
table=2 (lr_in_put_arp ), priority=0 , match=(1), action=(next;)
The lflow module of ovn-controller adds OF flows in table 31 (OFTABLE_MAC_LOOKUP)
for each mac_binding entry with the match reg0 = ip && eth.src = mac with
the action - eth.dst = mac
Eg:
table=31, priority=100,arp,reg0=0xaca8006f,reg14=0x3,metadata=0x3,dl_src=00:44:00:00:00:04
actions=mod_dl_dst:00:44:00:00:00:04
This patch should also address the issue reported in 'Reported-at'
Reported-at: https://bugzilla.redhat.com/1729846
Reported-by: Haidong Li <haili at redhat.com>
CC: Han ZHou <hzhou8 at ebay.com>
CC: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: 0-day Robot <robot at bytheb.org>
View the changeset: https://github.com/ovsrobot/ovn/compare/ab568488db21^...e8147bbc9b35
View the full build log and details: https://travis-ci.com/ovsrobot/ovn/builds/127096598?utm_medium=notification&utm_source=email
--
You can unsubscribe from build emails from the ovsrobot/ovn repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=9136199&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-build/attachments/20190912/74220746/attachment.html>
More information about the build
mailing list