[ovs-build] Passed: ovsrobot/ovn#407 (series_156296 - b5b7c1a)

Travis CI builds at travis-ci.com
Sat Feb 1 15:28:06 UTC 2020 

Build Update for ovsrobot/ovn
-------------------------------------

Build: #407
Status: Passed

Duration: 28 mins and 1 sec
Commit: b5b7c1a (series_156296)
Author: Numan Siddique
Message: ovn-northd: Address scale issues with DNAT flows.

When the commit [1] added Distributed NAT support in OVN, it didn't address
the requirement of making East/West NAT traffic distributed. The E/W NAT
traffic was still centralized. Later a couple of patches [2], addressed this
requirement. But the approach taken in [2] resulted in a lot of logical flows
as number of dnat_and_snat entries increase, as reported in @Reported-at.

This patch
  - reverts the approch taken in [2].
  - removing the flows which does the NAT direct (REGBIT_NAT_REDIRECT) to
    the gateway chassis.
  - and to solve the E/W centralized NAT it does the following:
     * Since for each NAT entry we know the MAC binding to be used for the
       external_ip - either the external_mac if set or the MAC of the
       distributed gateway router port, this patch adds the flows in the
       S_ROUTER_IN_ARP_RESOLVE stage to set the eth.dst to the MAC if the
       IP destination is external_ip.
     * The existing flows in the S_ROUTER_OUT_EGR_LOOP are now added by additional
       match -  is_chassis_resident('P') - where 'P' is logical_port of the NAT entry
       if set, otherwise it is the chassis resident port of distributed router port.
       With this additional match, the packet will be loopbacked to apply the unSNAT/DNAT
       rules on the relevant chassis.

Suppose if a logical port 'P' with IP 'A' has a dnat_and_snat entry with external_mac/logical_port
set, and if the packet's IP destination is one of the DNAT IP - then the packet will be sent out
of the local chassis, since eth.dst is resolved in the S_ROUTER_IN_ARP_RESOLVE stage.
If the external_mac/logical_port is not in NAT entry, then the packet will be redirected to
the gateway chassis.

With this patch, for the logical resource reported in @Reported-at, the number of logical
flows come down to around 45k from 650k.

[1] - ceacd9d49316("ovn: distributed NAT flows")

[2] - 551e3d989557("OVN: fix DVR Floating IP support")
      8244c6b6bd88("OVN: do not distribute traffic for local FIP")

Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2020-January/049714.html
Reported-by: Daniel Alvarez Sanchez <dalvarez at redhat.com>
Signed-off-by: Numan Siddique <numans at ovn.org>
Signed-off-by: 0-day Robot <robot at bytheb.org>

View the changeset: https://github.com/ovsrobot/ovn/compare/17f8e25e9213^...b5b7c1a0e550

View the full build log and details: https://travis-ci.com/ovsrobot/ovn/builds/147035104?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the ovsrobot/ovn repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=9136199&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-build/attachments/20200201/5f05a3dd/attachment.html>

More information about the build mailing list