[ovs-dev] 答复: Re: [PATCH 2/2] ovn-northd: Fix ping failure of vlan networks.

Russell Bryant russell at ovn.org
Wed Jun 7 19:21:44 UTC 2017 

Is the router bound to a chassis by specifying a "redirect-chassis" ?

Dumping the northbound db might make it easier for me to understand and
reproduce the issue ...

On Mon, Jun 5, 2017 at 8:58 PM, <wang.qianyu at zte.com.cn> wrote:

> router is not external to OVN
>
>
> *Russell Bryant <russell at ovn.org <russell at ovn.org>>*
>
> 2017/06/05 20:12
>
>         收件人:        wang.qianyu at zte.com.cn,
>         抄送:        Ben Pfaff <blp at ovn.org>, ovs dev <dev at openvswitch.org>,
> zhou.huijing at zte.com.cn, xurong00037997 <xu.rong at zte.com.cn>
>         主题:        Re: [ovs-dev] [PATCH 2/2] ovn-northd: Fix ping failure
> of vlan networks.
>
>
>
> On Thu, Jun 1, 2017 at 10:09 PM,  <wang.qianyu at zte.com.cn> wrote:
> > There are two computer node, each have one vm. And the two vms in
> > indifferent vlan networks. The ping between the vms is not success.
> >
> > The reason is that, acl of to-localnet port or from-localnet port is
> > signed to contrack. So the pair of icmp request and reply have different
> > zone id in one ovs node. This makes the ct state not correct.
> >
> > This patch do the modification that localnet port do not use ct.
> >
> > Change-Id: Iac42ceaa3ef1d4e9b34768f802502d8326b7f507
> > Signed-off-by: wangqianyu <wang.qianyu at zte.com.cn>
> > ---
> >  ovn/northd/ovn-northd.8.xml |  4 +++-
> >  ovn/northd/ovn-northd.c     | 24 +++++++++++++++++++++++-
> >  2 files changed, 26 insertions(+), 2 deletions(-)
> >
>
> Can you help clarify the scenario here used to reproduce the problem?
>
> Is it just:
>
> Logical Switch A
>    VM 1
>    localnet port - VLAN 100
>
> Logical Switch B
>    VM 2
>    localnet port - VLAN 200
>
> and pinging between VM 1 and VM 2 through a router that is external to OVN?
>
>
> > diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
> > index c0b4c5e..05f0470 100644
> > --- a/ovn/northd/ovn-northd.8.xml
> > +++ b/ovn/northd/ovn-northd.8.xml
> > @@ -220,7 +220,9 @@
> >        logical datapath, a priority-100 flow is added that sets a hint
> >        (with <code>reg0[0] = 1; next;</code>) for table
> >        <code>Pre-stateful</code> to send IP packets to the connection
> > tracker
> > -      before eventually advancing to ingress table <code>ACLs</code>.
> > +      before eventually advancing to ingress table <code>ACLs</code>. If
> > some
> > +      special ports such as route ports or localnet ports can't use
> ct(),
> >  a
> > +      priority-110 flow is added to skip over stateful ACLs.
> >      </p>
> >
> >      <h3>Ingress Table 4: Pre-LB</h3>
> > diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> > index 83db753..eea12e8 100644
> > --- a/ovn/northd/ovn-northd.c
> > +++ b/ovn/northd/ovn-northd.c
> > @@ -1,4 +1,4 @@
> > -/*
> > +/*
> >   * Licensed under the Apache License, Version 2.0 (the "License");
> >   * you may not use this file except in compliance with the License.
> >   * You may obtain a copy of the License at:
> > @@ -416,6 +416,7 @@ struct ovn_datapath {
> >      /* The "derived" OVN port representing the instance of l3dgw_port on
> >       * the "redirect-chassis". */
> >      struct ovn_port *l3redirect_port;
> > +    struct ovn_port *localnet_port;
> >  };
> >
> >  struct macam_node {
> > @@ -1351,6 +1352,10 @@ join_logical_ports(struct northd_context *ctx,
> >                      ovs_list_push_back(nb_only, &op->list);
> >                  }
> >
> > +                if (!strcmp(nbsp->type, "localnet")) {
> > +                   od->localnet_port = op;
> > +                }
> > +
> >                  op->lsp_addrs
> >                      = xmalloc(sizeof *op->lsp_addrs *
> nbsp->n_addresses);
> >                  for (size_t j = 0; j < nbsp->n_addresses; j++) {
> > @@ -2629,6 +2634,23 @@ build_pre_acls(struct ovn_datapath *od, struct
> hmap
> > *lflows)
> >              ds_destroy(&match_in);
> >              ds_destroy(&match_out);
> >          }
> > +        if (od->localnet_port) {
> > +            struct ds match_in = DS_EMPTY_INITIALIZER;
> > +            struct ds match_out = DS_EMPTY_INITIALIZER;
> > +
> > +            ds_put_format(&match_in, "ip && inport == %s",
> > +                          od->localnet_port->json_key);
> > +            ds_put_format(&match_out, "ip && outport == %s",
> > +                          od->localnet_port->json_key);
> > +            ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110,
> > +                          ds_cstr(&match_in), "next;");
> > +            ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110,
> > +                          ds_cstr(&match_out), "next;");
> > +
> > +            ds_destroy(&match_in);
> > +            ds_destroy(&match_out);
> > +        }
> > +
> >          /* Ingress and Egress Pre-ACL Table (Priority 110).
> >           *
> >           * Not to do conntrack on ND packets. */
> > --
> > 2.7.2.windows.1
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
>
> --
> Russell Bryant
>
>
>


-- 
Russell Bryant

More information about the dev mailing list