[ovs-build] Passed: dceara/ovn#140 (lb-hairpin - 5db9551)

Travis CI builds at travis-ci.org
Thu Jan 16 15:31:46 UTC 2020 

Build Update for dceara/ovn
-------------------------------------

Build: #140
Status: Passed

Duration: 16 mins and 10 secs
Commit: 5db9551 (lb-hairpin)
Author: Dumitru Ceara
Message: ovn-northd: Support hairpinning for logical switch load balancing.

In case a VIF is trying to connect to a load balancer VIP that includes in
its backends the VIF itself, traffic would get DNAT-ed, ct_lb(VIP), but
when it reaches the VIF, the VIF will try to reply locally as the source IP
is known to be local. For this kind of hairpinning to work properly, reply
traffic must be sent back through OVN and the way to enforce that is to
perform SNAT (VIF source IP -> VIP) on hairpinned packets.

For load balancers configured on gateway logical routers we already have the
possibility of using 'lb_force_snat_ip' but for load balancers configured
on logical switches there's no such configuration.

For this second case we can take an automatic approach which determines if
load balanced traffic needs to be hairpinned and execute the SNAT. To achieve
this, two new stages are added to the logical switch ingress pipeline:
- Ingress Table 11: Pre-Hairpin: which matches on load balanced traffic
  coming from VIFs that needs to be hairpinned and sets REGBIT_HAIRPIN
  (reg0[6]) to 1. If the traffic is in the direction that initiated the
  connection then 'ct_snat(VIP)' is performed, otherwise 'ct_snat' is
  used to unSNAT replies.
- Ingress Table 12: Hairpin: which hairpins packets at L2 (swaps Ethernet
  addresses and loops traffic back on the ingress port) if REGBIT_HAIRPIN
  is 1.

Also, update all references to logical switch ingress pipeline tables to use
the correct indices.

Reported-at: https://github.com/ovn-org/ovn-kubernetes/issues/817
Signed-off-by: Dumitru Ceara <dceara at redhat.com>

View the changeset: https://github.com/dceara/ovn/compare/4238beaa3538^...5db95518c9b5

View the full build log and details: https://travis-ci.org/dceara/ovn/builds/637999404?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the dceara/ovn repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=25507942&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-build/attachments/20200116/00e37e97/attachment-0001.html>

More information about the build mailing list