[ovs-dev] 答复: [spam可疑邮件]Re: 答复: Re: [PATCH 2/2] ovn-northd: Fix ping failure of vlan networks.

wang.qianyu at zte.com.cn wang.qianyu at zte.com.cn
Thu Jun 15 08:04:18 UTC 2017


Hi Russell, I am sorry for the late reply.
The route not bound to a chassis, and have no redirect-chassis. The dumped 
northbound db is as follow.
Ip addresses of 100.0.0.148 and 200.0.0.2 locate on different chassis. The 
ping between them is not success before this patch.


[root at tecs159 ~]# 
[root at tecs159 ~]# ovsdb-client dump 
unix:/var/run/openvswitch/ovnnb_db.sock
ACL table
_uuid                                action        direction  external_ids 
                                            log   match         priority
------------------------------------ ------------- ---------- 
-------------------------------------------------------- ----- 
-------------------------------------------------------------------------------------------------------------------------------------------------- 
--------
ac2900f9-49fd-430a-b646-88d1f7c54ab8 allow         from-lport 
{"neutron:lport"="1ef52eb4-1f0e-416d-8dc2-e2fc7557979c"} false "inport == 
\"1ef52eb4-1f0e-416d-8dc2-e2fc7557979c\" && ip4 && ip4.dst == 
{255.255.255.255, 100.0.0.0/24} && udp && udp.src == 68 && udp.dst == 67" 
1002 
784a55c3-05fd-4c4d-a51e-5b9ee5cc1e8e allow         from-lport 
{"neutron:lport"="6c04e45e-ad83-4cf0-ae74-84f7720a5bc4"} false "inport == 
\"6c04e45e-ad83-4cf0-ae74-84f7720a5bc4\" && ip4 && ip4.dst == 
{255.255.255.255, 100.0.0.0/24} && udp && udp.src == 68 && udp.dst == 67" 
1002 
08be2532-f8ff-493f-83e3-085eede36e08 allow         from-lport 
{"neutron:lport"="c5ff4f7b-bd0d-4757-ac18-636f9d62b94c"} false "inport == 
\"c5ff4f7b-bd0d-4757-ac18-636f9d62b94c\" && ip4 && ip4.dst == 
{255.255.255.255, 100.0.0.0/24} && udp && udp.src == 68 && udp.dst == 67" 
1002 
bb263947-a436-4a0d-9218-5abd89546a69 allow         from-lport 
{"neutron:lport"="f8de0603-f4ec-4546-a8f3-574640f270e8"} false "inport == 
\"f8de0603-f4ec-4546-a8f3-574640f270e8\" && ip4 && ip4.dst == 
{255.255.255.255, 200.0.0.0/24} && udp && udp.src == 68 && udp.dst == 67" 
1002 
092964cc-2ce5-4a34-b747-558006bb3de1 allow-related from-lport 
{"neutron:lport"="1ef52eb4-1f0e-416d-8dc2-e2fc7557979c"} false "inport == 
\"1ef52eb4-1f0e-416d-8dc2-e2fc7557979c\" && ip4"             1002 
5f2ebb8e-edbc-40aa-ada6-2fc90fc104af allow-related from-lport 
{"neutron:lport"="1ef52eb4-1f0e-416d-8dc2-e2fc7557979c"} false "inport == 
\"1ef52eb4-1f0e-416d-8dc2-e2fc7557979c\" && ip6"             1002 
13d32fab-0ed7-4472-97c2-1e3057eaca6e allow-related from-lport 
{"neutron:lport"="6c04e45e-ad83-4cf0-ae74-84f7720a5bc4"} false "inport == 
\"6c04e45e-ad83-4cf0-ae74-84f7720a5bc4\" && ip4"             1002 
7fa4e0b0-ffce-436f-a20a-07b0584c3285 allow-related from-lport 
{"neutron:lport"="6c04e45e-ad83-4cf0-ae74-84f7720a5bc4"} false "inport == 
\"6c04e45e-ad83-4cf0-ae74-84f7720a5bc4\" && ip6"             1002 
b32cf462-a8e5-4597-9c6e-4dc02ae2e2c4 allow-related from-lport 
{"neutron:lport"="c5ff4f7b-bd0d-4757-ac18-636f9d62b94c"} false "inport == 
\"c5ff4f7b-bd0d-4757-ac18-636f9d62b94c\" && ip4"             1002 
4d003f24-f546-49fa-a33c-92384e4d3549 allow-related from-lport 
{"neutron:lport"="c5ff4f7b-bd0d-4757-ac18-636f9d62b94c"} false "inport == 
\"c5ff4f7b-bd0d-4757-ac18-636f9d62b94c\" && ip6"             1002 
7078873a-fa44-4c64-be7f-067d19361fb4 allow-related from-lport 
{"neutron:lport"="f8de0603-f4ec-4546-a8f3-574640f270e8"} false "inport == 
\"f8de0603-f4ec-4546-a8f3-574640f270e8\" && ip4"             1002 
a15bd032-9755-45a5-b7ea-9687b9d14560 allow-related from-lport 
{"neutron:lport"="f8de0603-f4ec-4546-a8f3-574640f270e8"} false "inport == 
\"f8de0603-f4ec-4546-a8f3-574640f270e8\" && ip6"             1002 
4ace5b98-e6dd-467c-a7cf-af5e76a258f5 allow-related to-lport 
{"neutron:lport"="1ef52eb4-1f0e-416d-8dc2-e2fc7557979c"} false "outport == 
\"1ef52eb4-1f0e-416d-8dc2-e2fc7557979c\" && ip4 && ip4.src == 
$as_ip4_539bd583_ca35_4ae7_9774_299fd56765ef" 1002 
6e3453ee-a717-49fe-8160-ab304daa7bd8 allow-related to-lport 
{"neutron:lport"="1ef52eb4-1f0e-416d-8dc2-e2fc7557979c"} false "outport == 
\"1ef52eb4-1f0e-416d-8dc2-e2fc7557979c\" && ip6 && ip6.src == 
$as_ip6_539bd583_ca35_4ae7_9774_299fd56765ef" 1002 
cc1b88c5-e9d7-42fe-8e17-deb2fbc7c7a2 allow-related to-lport 
{"neutron:lport"="6c04e45e-ad83-4cf0-ae74-84f7720a5bc4"} false "outport == 
\"6c04e45e-ad83-4cf0-ae74-84f7720a5bc4\" && ip4 && ip4.src == 
$as_ip4_539bd583_ca35_4ae7_9774_299fd56765ef" 1002 
ecb2798f-4a87-4260-b9a8-3cdea1eca638 allow-related to-lport 
{"neutron:lport"="6c04e45e-ad83-4cf0-ae74-84f7720a5bc4"} false "outport == 
\"6c04e45e-ad83-4cf0-ae74-84f7720a5bc4\" && ip6 && ip6.src == 
$as_ip6_539bd583_ca35_4ae7_9774_299fd56765ef" 1002 
71c56144-3b95-454a-acb4-67cd924dff08 allow-related to-lport 
{"neutron:lport"="c5ff4f7b-bd0d-4757-ac18-636f9d62b94c"} false "outport == 
\"c5ff4f7b-bd0d-4757-ac18-636f9d62b94c\" && ip4 && ip4.src == 
$as_ip4_539bd583_ca35_4ae7_9774_299fd56765ef" 1002 
15766592-aa79-465b-8935-bbc916692b75 allow-related to-lport 
{"neutron:lport"="c5ff4f7b-bd0d-4757-ac18-636f9d62b94c"} false "outport == 
\"c5ff4f7b-bd0d-4757-ac18-636f9d62b94c\" && ip6 && ip6.src == 
$as_ip6_539bd583_ca35_4ae7_9774_299fd56765ef" 1002 
5c6a9b01-ade0-4b6c-8a1e-2fe0155bdf7d allow-related to-lport 
{"neutron:lport"="f8de0603-f4ec-4546-a8f3-574640f270e8"} false "outport == 
\"f8de0603-f4ec-4546-a8f3-574640f270e8\" && ip4 && ip4.src == 
$as_ip4_539bd583_ca35_4ae7_9774_299fd56765ef" 1002 
4e0d6019-7801-4537-883b-aebeae1ab136 allow-related to-lport 
{"neutron:lport"="f8de0603-f4ec-4546-a8f3-574640f270e8"} false "outport == 
\"f8de0603-f4ec-4546-a8f3-574640f270e8\" && ip6 && ip6.src == 
$as_ip6_539bd583_ca35_4ae7_9774_299fd56765ef" 1002 
54c72e2f-26b9-433c-968e-8e9b86379dfb drop          from-lport 
{"neutron:lport"="1ef52eb4-1f0e-416d-8dc2-e2fc7557979c"} false "inport == 
\"1ef52eb4-1f0e-416d-8dc2-e2fc7557979c\" && ip"           1001 
2fc107d5-f809-4719-a84c-078add4844b0 drop          from-lport 
{"neutron:lport"="6c04e45e-ad83-4cf0-ae74-84f7720a5bc4"} false "inport == 
\"6c04e45e-ad83-4cf0-ae74-84f7720a5bc4\" && ip"           1001 
32d170f3-af0e-451a-9557-4ba1ff168fab drop          from-lport 
{"neutron:lport"="c5ff4f7b-bd0d-4757-ac18-636f9d62b94c"} false "inport == 
\"c5ff4f7b-bd0d-4757-ac18-636f9d62b94c\" && ip"           1001 
d579d231-06c9-4b14-b744-760937f824a7 drop          from-lport 
{"neutron:lport"="f8de0603-f4ec-4546-a8f3-574640f270e8"} false "inport == 
\"f8de0603-f4ec-4546-a8f3-574640f270e8\" && ip"           1001 
f7eca2db-82ca-43bd-b8cb-778ecbc6e75b drop          to-lport 
{"neutron:lport"="1ef52eb4-1f0e-416d-8dc2-e2fc7557979c"} false "outport == 
\"1ef52eb4-1f0e-416d-8dc2-e2fc7557979c\" && ip"          1001 
6bd4c9a2-15a0-498b-aa3d-29ed5c041427 drop          to-lport 
{"neutron:lport"="6c04e45e-ad83-4cf0-ae74-84f7720a5bc4"} false "outport == 
\"6c04e45e-ad83-4cf0-ae74-84f7720a5bc4\" && ip"          1001 
9d7efb59-90f2-469d-9550-1e8a906d59e8 drop          to-lport 
{"neutron:lport"="c5ff4f7b-bd0d-4757-ac18-636f9d62b94c"} false "outport == 
\"c5ff4f7b-bd0d-4757-ac18-636f9d62b94c\" && ip"          1001 
10bbc3ba-a5bb-4441-b789-d95158588d96 drop          to-lport 
{"neutron:lport"="f8de0603-f4ec-4546-a8f3-574640f270e8"} false "outport == 
\"f8de0603-f4ec-4546-a8f3-574640f270e8\" && ip"          1001 

Address_Set table
_uuid                                addresses  external_ids  name       
------------------------------------ 
---------------------------------------------------------- 
--------------------------------------- 
---------------------------------------------
dcea33b7-7313-41bb-813c-06d8b9634a7d []  
{"neutron:security_group_name"=default} 
"as_ip4_1a91f4e0_8a0f_4c18_9122_dae1179297c3"
33f542ff-ec0c-4b79-bd9f-9bf38d3721e3 []  
{"neutron:security_group_name"=default} 
"as_ip6_1a91f4e0_8a0f_4c18_9122_dae1179297c3"
062f417a-84f0-488a-947b-eb20127be8ed []  
{"neutron:security_group_name"=default} 
"as_ip6_539bd583_ca35_4ae7_9774_299fd56765ef"
7f8e253a-a937-4557-b976-a62c7b2c62c5 ["100.0.0.147", "100.0.0.148", 
"100.0.0.149", "200.0.0.2"] {"neutron:security_group_name"=default} 
"as_ip4_539bd583_ca35_4ae7_9774_299fd56765ef"

Connection table
_uuid external_ids inactivity_probe is_connected max_backoff other_config 
status target
----- ------------ ---------------- ------------ ----------- ------------ 
------ ------

DHCP_Options table
_uuid                                cidr           external_ids     
options  
------------------------------------ -------------- 
-------------------------------------------------- 
-----------------------------------------------------------------------------------------------------------
b55e7e0b-b26e-4895-a112-7ba15cfc4ebb "100.0.0.0/24" 
{subnet_id="2b218dec-7f3d-4e8b-8c3e-8761203a989f"} {lease_time="43200", 
mtu="1500", router="100.0.0.1", server_id="100.0.0.1", 
server_mac="fa:16:3e:86:32:cd"}
06c44867-2b2f-417d-8232-afab999eed1a "200.0.0.0/24" 
{subnet_id="8a50258b-cbbf-4099-9275-dccebfd23762"} {lease_time="43200", 
mtu="1500", router="200.0.0.1", server_id="200.0.0.1", 
server_mac="fa:16:3e:12:25:dc"}

Load_Balancer table
_uuid external_ids name protocol vips
----- ------------ ---- -------- ----

Logical_Router table
_uuid                                enabled external_ids  load_balancer 
name                                           nat options ports           
      static_routes
------------------------------------ ------- 
--------------------------------- ------------- 
---------------------------------------------- --- ------- 
---------------------------------------------------------------------------- 
-------------
c96ff734-590b-496c-8955-076c8ec524ab true 
{"neutron:router_name"="router1"} [] 
"neutron-5ba0b278-d35b-40d6-85a7-1e527576b085" []  {} 
[5d9b823f-a9f1-4d85-bf15-da392cecebca, 
97c1b867-1f0c-4865-a58b-21b8a84f3758] [] 

Logical_Router_Port table
_uuid                                enabled external_ids mac    name      
                  networks         options peer
------------------------------------ ------- ------------ 
------------------- ------------------------------------------ 
---------------- ------- ----
97c1b867-1f0c-4865-a58b-21b8a84f3758 []      {} "fa:16:3e:79:7b:06" 
"lrp-a794083d-c374-46ac-b246-23568235fea1" ["200.0.0.1/24"] {}      [] 
5d9b823f-a9f1-4d85-bf15-da392cecebca []      {} "fa:16:3e:d1:71:75" 
"lrp-88561050-51c2-4585-936a-05eba5dba19a" ["100.0.0.1/24"] {}      [] 

Logical_Router_Static_Route table
_uuid ip_prefix nexthop output_port policy
----- --------- ------- ----------- ------

Logical_Switch table
_uuid                                acls                                  
                                                     external_ids   
load_balancer name                                           other_config 
ports                    qos_rules
------------------------------------ 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 
----------------------------------- ------------- 
---------------------------------------------- ------------ 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 
---------
616e6c26-4dda-46de-9ceb-96008db3478a 
[10bbc3ba-a5bb-4441-b789-d95158588d96, 
4e0d6019-7801-4537-883b-aebeae1ab136, 
5c6a9b01-ade0-4b6c-8a1e-2fe0155bdf7d, 
7078873a-fa44-4c64-be7f-067d19361fb4, 
a15bd032-9755-45a5-b7ea-9687b9d14560, 
bb263947-a436-4a0d-9218-5abd89546a69, 
d579d231-06c9-4b14-b744-760937f824a7]                   
{"neutron:network_name"="vlan-200"} [] 
"neutron-f0e1df21-1a76-46d6-a92b-1ab17ba3ba68" {} 
[3a513f49-50fb-44f2-8de1-1ee063f38f52, 
7692e68e-7f37-4d25-81aa-14fbd8a6eb3c, 
c13df760-1a00-4948-848e-00f14c79b3d4]       [] 
5f7e8ce5-486b-4273-86aa-971b1cbe5e93 
[08be2532-f8ff-493f-83e3-085eede36e08, 
092964cc-2ce5-4a34-b747-558006bb3de1, 
13d32fab-0ed7-4472-97c2-1e3057eaca6e, 
15766592-aa79-465b-8935-bbc916692b75, 
2fc107d5-f809-4719-a84c-078add4844b0, 
32d170f3-af0e-451a-9557-4ba1ff168fab, 
4ace5b98-e6dd-467c-a7cf-af5e76a258f5, 
4d003f24-f546-49fa-a33c-92384e4d3549, 
54c72e2f-26b9-433c-968e-8e9b86379dfb, 
5f2ebb8e-edbc-40aa-ada6-2fc90fc104af, 
6bd4c9a2-15a0-498b-aa3d-29ed5c041427, 
6e3453ee-a717-49fe-8160-ab304daa7bd8, 
71c56144-3b95-454a-acb4-67cd924dff08, 
784a55c3-05fd-4c4d-a51e-5b9ee5cc1e8e, 
7fa4e0b0-ffce-436f-a20a-07b0584c3285, 
9d7efb59-90f2-469d-9550-1e8a906d59e8, 
ac2900f9-49fd-430a-b646-88d1f7c54ab8, 
b32cf462-a8e5-4597-9c6e-4dc02ae2e2c4, 
cc1b88c5-e9d7-42fe-8e17-deb2fbc7c7a2, 
ecb2798f-4a87-4260-b9a8-3cdea1eca638, 
f7eca2db-82ca-43bd-b8cb-778ecbc6e75b] {"neutron:network_name"="vlan100"} 
[]            "neutron-47b88d0c-71e8-4129-b091-faccd9665fd5" {} 
[1eed33cc-5599-4d11-8f33-04c3302e4719, 
34282540-5c2b-4a20-9d29-9180c15e5fc2, 
3ef7cbaa-b602-496d-8ecd-d17433b3d73d, 
87d8a014-22d7-4992-8446-749f2b3705ef, 
bd2f11ba-49ef-40f8-b576-87d0b8ec1b87, 
faf8deeb-8f05-4af1-91de-3316f9467959] [] 

Logical_Switch_Port table
_uuid                                addresses dhcpv4_options  
dhcpv6_options dynamic_addresses enabled external_ids      name     
options                                                  parent_name 
port_security tag tag_request type     up 
------------------------------------ --------------------------------- 
------------------------------------ -------------- ----------------- 
------- -------------------------------------- 
---------------------------------------------- 
-------------------------------------------------------- ----------- 
------------- --- ----------- -------- -----
3ef7cbaa-b602-496d-8ecd-d17433b3d73d ["fa:16:3e:36:41:6e 100.0.0.148"] 
b55e7e0b-b26e-4895-a112-7ba15cfc4ebb []             []                true 
   {"neutron:port_name"=""} "c5ff4f7b-bd0d-4757-ac18-636f9d62b94c" {}      
                                  []          []            []  []  ""  
true 
1eed33cc-5599-4d11-8f33-04c3302e4719 ["fa:16:3e:66:98:cd 100.0.0.147"] 
b55e7e0b-b26e-4895-a112-7ba15cfc4ebb []             []                true 
   {"neutron:port_name"="port-pci-100-1"} 
"6c04e45e-ad83-4cf0-ae74-84f7720a5bc4"         {}      []          []   [] 
 []          ""       false
87d8a014-22d7-4992-8446-749f2b3705ef ["fa:16:3e:73:c8:95 100.0.0.146"] []  
                                []             []                true 
{"neutron:port_name"=""} "ed3a389a-af88-4234-a30f-749c45d8805d"         {} 
                                                      []          []  [] 
[]          ""       false
7692e68e-7f37-4d25-81aa-14fbd8a6eb3c ["fa:16:3e:e7:1d:3c 200.0.0.2"] 
06c44867-2b2f-417d-8232-afab999eed1a []             []                true 
   {"neutron:port_name"=""} "f8de0603-f4ec-4546-a8f3-574640f270e8" {}      
                                  []          []            []  []  ""  
true 
bd2f11ba-49ef-40f8-b576-87d0b8ec1b87 ["fa:16:3e:fc:de:db 100.0.0.149"] 
b55e7e0b-b26e-4895-a112-7ba15cfc4ebb []             []                true 
   {"neutron:port_name"=""} "1ef52eb4-1f0e-416d-8dc2-e2fc7557979c" {}      
                                  []          []            []  []  ""  
true 
faf8deeb-8f05-4af1-91de-3316f9467959 [router]                          []  
                                []             []                true 
{"neutron:port_name"=""} "88561050-51c2-4585-936a-05eba5dba19a" 
{router-port="lrp-88561050-51c2-4585-936a-05eba5dba19a"} []          []    
  []  []          router   false
3a513f49-50fb-44f2-8de1-1ee063f38f52 [router]                          []  
                                []             []                true 
{"neutron:port_name"=""} "a794083d-c374-46ac-b246-23568235fea1" 
{router-port="lrp-a794083d-c374-46ac-b246-23568235fea1"} []          []    
  []  []          router   false
34282540-5c2b-4a20-9d29-9180c15e5fc2 [unknown]                         []  
                                []             []                [] {}     
                      "provnet-47b88d0c-71e8-4129-b091-faccd9665fd5" 
{network_name="physnet1"}                                []          []    
  100 []          localnet false
c13df760-1a00-4948-848e-00f14c79b3d4 [unknown]                         []  
                                []             []                [] {}     
                      "provnet-f0e1df21-1a76-46d6-a92b-1ab17ba3ba68" 
{network_name="physnet1"}                                []          []    
  200 []          localnet false

NAT table
_uuid external_ip external_mac logical_ip logical_port type
----- ----------- ------------ ---------- ------------ ----

NB_Global table
_uuid                                connections external_ids hv_cfg 
nb_cfg sb_cfg ssl
------------------------------------ ----------- ------------ ------ 
------ ------ ---
fcf4effb-eff7-4401-8727-03864c363477 []          {}           0      0  0  
   [] 

QoS table
_uuid action direction external_ids match priority
----- ------ --------- ------------ ----- --------

SSL table
_uuid bootstrap_ca_cert ca_cert certificate external_ids private_key
----- ----------------- ------- ----------- ------------ -----------
[root at tecs159 ~]# 






Russell Bryant <russell at ovn.org>
2017/06/08 03:21
 
        收件人:        wang.qianyu at zte.com.cn, 
        抄送:  Ben Pfaff <blp at ovn.org>, ovs dev <dev at openvswitch.org>, 
xurong00037997 <xu.rong at zte.com.cn>, zhou.huijing at zte.com.cn
        主题:  [spam可疑邮件]Re: 答复: Re: [ovs-dev] [PATCH 2/2] 
ovn-northd: Fix ping failure of vlan networks.


Is the router bound to a chassis by specifying a "redirect-chassis" ?

Dumping the northbound db might make it easier for me to understand and 
reproduce the issue ...

On Mon, Jun 5, 2017 at 8:58 PM, <wang.qianyu at zte.com.cn> wrote:
router is not external to OVN 




Russell Bryant <russell at ovn.org> 
2017/06/05 20:12 
        
        收件人:        wang.qianyu at zte.com.cn, 
        抄送:        Ben Pfaff <blp at ovn.org>, ovs dev <
dev at openvswitch.org>, zhou.huijing at zte.com.cn, xurong00037997 <
xu.rong at zte.com.cn> 
        主题:        Re: [ovs-dev] [PATCH 2/2] ovn-northd: Fix ping 
failure of vlan networks.



On Thu, Jun 1, 2017 at 10:09 PM,  <wang.qianyu at zte.com.cn> wrote:
> There are two computer node, each have one vm. And the two vms in
> indifferent vlan networks. The ping between the vms is not success.
>
> The reason is that, acl of to-localnet port or from-localnet port is
> signed to contrack. So the pair of icmp request and reply have different
> zone id in one ovs node. This makes the ct state not correct.
>
> This patch do the modification that localnet port do not use ct.
>
> Change-Id: Iac42ceaa3ef1d4e9b34768f802502d8326b7f507
> Signed-off-by: wangqianyu <wang.qianyu at zte.com.cn>
> ---
>  ovn/northd/ovn-northd.8.xml |  4 +++-
>  ovn/northd/ovn-northd.c     | 24 +++++++++++++++++++++++-
>  2 files changed, 26 insertions(+), 2 deletions(-)
>

Can you help clarify the scenario here used to reproduce the problem?

Is it just:

Logical Switch A
   VM 1
   localnet port - VLAN 100

Logical Switch B
   VM 2
   localnet port - VLAN 200

and pinging between VM 1 and VM 2 through a router that is external to 
OVN?


> diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
> index c0b4c5e..05f0470 100644
> --- a/ovn/northd/ovn-northd.8.xml
> +++ b/ovn/northd/ovn-northd.8.xml
> @@ -220,7 +220,9 @@
>        logical datapath, a priority-100 flow is added that sets a hint
>        (with <code>reg0[0] = 1; next;</code>) for table
>        <code>Pre-stateful</code> to send IP packets to the connection
> tracker
> -      before eventually advancing to ingress table <code>ACLs</code>.
> +      before eventually advancing to ingress table <code>ACLs</code>. 
If
> some
> +      special ports such as route ports or localnet ports can't use 
ct(),
>  a
> +      priority-110 flow is added to skip over stateful ACLs.
>      </p>
>
>      <h3>Ingress Table 4: Pre-LB</h3>
> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> index 83db753..eea12e8 100644
> --- a/ovn/northd/ovn-northd.c
> +++ b/ovn/northd/ovn-northd.c
> @@ -1,4 +1,4 @@
> -/*
> +/*
>   * Licensed under the Apache License, Version 2.0 (the "License");
>   * you may not use this file except in compliance with the License.
>   * You may obtain a copy of the License at:
> @@ -416,6 +416,7 @@ struct ovn_datapath {
>      /* The "derived" OVN port representing the instance of l3dgw_port 
on
>       * the "redirect-chassis". */
>      struct ovn_port *l3redirect_port;
> +    struct ovn_port *localnet_port;
>  };
>
>  struct macam_node {
> @@ -1351,6 +1352,10 @@ join_logical_ports(struct northd_context *ctx,
>                      ovs_list_push_back(nb_only, &op->list);
>                  }
>
> +                if (!strcmp(nbsp->type, "localnet")) {
> +                   od->localnet_port = op;
> +                }
> +
>                  op->lsp_addrs
>                      = xmalloc(sizeof *op->lsp_addrs * 
nbsp->n_addresses);
>                  for (size_t j = 0; j < nbsp->n_addresses; j++) {
> @@ -2629,6 +2634,23 @@ build_pre_acls(struct ovn_datapath *od, struct 
hmap
> *lflows)
>              ds_destroy(&match_in);
>              ds_destroy(&match_out);
>          }
> +        if (od->localnet_port) {
> +            struct ds match_in = DS_EMPTY_INITIALIZER;
> +            struct ds match_out = DS_EMPTY_INITIALIZER;
> +
> +            ds_put_format(&match_in, "ip && inport == %s",
> +                          od->localnet_port->json_key);
> +            ds_put_format(&match_out, "ip && outport == %s",
> +                          od->localnet_port->json_key);
> +            ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110,
> +                          ds_cstr(&match_in), "next;");
> +            ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110,
> +                          ds_cstr(&match_out), "next;");
> +
> +            ds_destroy(&match_in);
> +            ds_destroy(&match_out);
> +        }
> +
>          /* Ingress and Egress Pre-ACL Table (Priority 110).
>           *
>           * Not to do conntrack on ND packets. */
> --
> 2.7.2.windows.1
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev



-- 
Russell Bryant





-- 
Russell Bryant



More information about the dev mailing list