[ovs-dev] [patch v1] ovn: Fix gateway load balancing.

Darrell Ball dlu998 at gmail.com
Thu Jun 28 01:49:08 UTC 2018


Non-distributed and distributed gateway load balancing is broken.
Recent changes for port unreachable handling broke the associated
unsnat functionality.

Fixes:  86558ac2e476 ("OVN: add UDP port unreachable support to OVN logical router.")
Fixes:  159932c9e4ea ("OVN: add TCP port unreachable support to OVN logical router.")
Fixes:  0e858e05f76b ("OVN: add protocol unreachable support to OVN router ports.")
CC: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
---
 ovn/northd/ovn-northd.c | 106 ++++++++++++++++++++++++------------------------
 1 file changed, 54 insertions(+), 52 deletions(-)

diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 72fe4e7..7648bce 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -5141,48 +5141,49 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           ds_cstr(&match), ds_cstr(&actions));
         }
 
-        /* UDP/TCP port unreachable */
-        for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
-            const char *action;
-
-            ds_clear(&match);
-            ds_put_format(&match,
-                          "ip4 && ip4.dst == %s && !ip.later_frag && udp",
-                          op->lrp_networks.ipv4_addrs[i].addr_s);
-            action = "icmp4 {"
-                        "eth.dst <-> eth.src; "
-                        "ip4.dst <-> ip4.src; "
-                        "ip.ttl = 255; "
-                        "icmp4.type = 3; "
-                        "icmp4.code = 3; "
-                        "next; };";
-            ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
-                          ds_cstr(&match), action);
+        if (!smap_get(&op->od->nbr->options, "chassis")
+            && !op->od->l3dgw_port) {
+            /* UDP/TCP port unreachable. */
+            for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
+                ds_clear(&match);
+                ds_put_format(&match,
+                              "ip4 && ip4.dst == %s && !ip.later_frag && udp",
+                              op->lrp_networks.ipv4_addrs[i].addr_s);
+                const char *action = "icmp4 {"
+                                     "eth.dst <-> eth.src; "
+                                     "ip4.dst <-> ip4.src; "
+                                     "ip.ttl = 255; "
+                                     "icmp4.type = 3; "
+                                     "icmp4.code = 3; "
+                                     "next; };";
+                ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
+                              ds_cstr(&match), action);
 
-            ds_clear(&match);
-            ds_put_format(&match,
-                          "ip4 && ip4.dst == %s && !ip.later_frag && tcp",
-                          op->lrp_networks.ipv4_addrs[i].addr_s);
-            action = "tcp_reset {"
-                        "eth.dst <-> eth.src; "
-                        "ip4.dst <-> ip4.src; "
-                        "next; };";
-            ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
-                          ds_cstr(&match), action);
+                ds_clear(&match);
+                ds_put_format(&match,
+                              "ip4 && ip4.dst == %s && !ip.later_frag && tcp",
+                              op->lrp_networks.ipv4_addrs[i].addr_s);
+                action = "tcp_reset {"
+                         "eth.dst <-> eth.src; "
+                         "ip4.dst <-> ip4.src; "
+                         "next; };";
+                ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
+                              ds_cstr(&match), action);
 
-            ds_clear(&match);
-            ds_put_format(&match,
-                          "ip4 && ip4.dst == %s && !ip.later_frag",
-                          op->lrp_networks.ipv4_addrs[i].addr_s);
-            action = "icmp4 {"
-                        "eth.dst <-> eth.src; "
-                        "ip4.dst <-> ip4.src; "
-                        "ip.ttl = 255; "
-                        "icmp4.type = 3; "
-                        "icmp4.code = 2; "
-                        "next; };";
-            ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70,
-                          ds_cstr(&match), action);
+                ds_clear(&match);
+                ds_put_format(&match,
+                              "ip4 && ip4.dst == %s && !ip.later_frag",
+                              op->lrp_networks.ipv4_addrs[i].addr_s);
+                action = "icmp4 {"
+                         "eth.dst <-> eth.src; "
+                         "ip4.dst <-> ip4.src; "
+                         "ip.ttl = 255; "
+                         "icmp4.type = 3; "
+                         "icmp4.code = 2; "
+                         "next; };";
+                ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70,
+                              ds_cstr(&match), action);
+            }
         }
 
         ds_clear(&match);
@@ -5306,19 +5307,20 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
         }
 
         /* TCP port unreachable */
-        for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
-            const char *action;
-
-            ds_clear(&match);
-            ds_put_format(&match,
-                          "ip6 && ip6.dst == %s && !ip.later_frag && tcp",
-                          op->lrp_networks.ipv6_addrs[i].addr_s);
-            action = "tcp_reset {"
-                        "eth.dst <-> eth.src; "
-                        "ip6.dst <-> ip6.src; "
-                        "next; };";
-            ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
+        if (!smap_get(&op->od->nbr->options, "chassis")
+            && !op->od->l3dgw_port) {
+            for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
+                ds_clear(&match);
+                ds_put_format(&match,
+                              "ip6 && ip6.dst == %s && !ip.later_frag && tcp",
+                              op->lrp_networks.ipv6_addrs[i].addr_s);
+                const char *action = "tcp_reset {"
+                                     "eth.dst <-> eth.src; "
+                                     "ip6.dst <-> ip6.src; "
+                                     "next; };";
+                ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
                           ds_cstr(&match), action);
+            }
         }
     }
 
-- 
1.9.1



More information about the dev mailing list