[ovs-dev] [patch v1] ovn: Fix gateway load balancing.
Darrell Ball
dlu998 at gmail.com
Thu Jun 28 05:18:14 UTC 2018
I sent a more complete V2.
Darrell
On Wed, Jun 27, 2018 at 6:49 PM, Darrell Ball <dlu998 at gmail.com> wrote:
> Non-distributed and distributed gateway load balancing is broken.
> Recent changes for port unreachable handling broke the associated
> unsnat functionality.
>
> Fixes: 86558ac2e476 ("OVN: add UDP port unreachable support to OVN
> logical router.")
> Fixes: 159932c9e4ea ("OVN: add TCP port unreachable support to OVN
> logical router.")
> Fixes: 0e858e05f76b ("OVN: add protocol unreachable support to OVN router
> ports.")
> CC: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
> Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> ---
> ovn/northd/ovn-northd.c | 106 ++++++++++++++++++++++++------
> ------------------
> 1 file changed, 54 insertions(+), 52 deletions(-)
>
> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> index 72fe4e7..7648bce 100644
> --- a/ovn/northd/ovn-northd.c
> +++ b/ovn/northd/ovn-northd.c
> @@ -5141,48 +5141,49 @@ build_lrouter_flows(struct hmap *datapaths, struct
> hmap *ports,
> ds_cstr(&match), ds_cstr(&actions));
> }
>
> - /* UDP/TCP port unreachable */
> - for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
> - const char *action;
> -
> - ds_clear(&match);
> - ds_put_format(&match,
> - "ip4 && ip4.dst == %s && !ip.later_frag && udp",
> - op->lrp_networks.ipv4_addrs[i].addr_s);
> - action = "icmp4 {"
> - "eth.dst <-> eth.src; "
> - "ip4.dst <-> ip4.src; "
> - "ip.ttl = 255; "
> - "icmp4.type = 3; "
> - "icmp4.code = 3; "
> - "next; };";
> - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
> - ds_cstr(&match), action);
> + if (!smap_get(&op->od->nbr->options, "chassis")
> + && !op->od->l3dgw_port) {
> + /* UDP/TCP port unreachable. */
> + for (int i = 0; i < op->lrp_networks.n_ipv4_addrs; i++) {
> + ds_clear(&match);
> + ds_put_format(&match,
> + "ip4 && ip4.dst == %s && !ip.later_frag &&
> udp",
> + op->lrp_networks.ipv4_addrs[i].addr_s);
> + const char *action = "icmp4 {"
> + "eth.dst <-> eth.src; "
> + "ip4.dst <-> ip4.src; "
> + "ip.ttl = 255; "
> + "icmp4.type = 3; "
> + "icmp4.code = 3; "
> + "next; };";
> + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
> + ds_cstr(&match), action);
>
> - ds_clear(&match);
> - ds_put_format(&match,
> - "ip4 && ip4.dst == %s && !ip.later_frag && tcp",
> - op->lrp_networks.ipv4_addrs[i].addr_s);
> - action = "tcp_reset {"
> - "eth.dst <-> eth.src; "
> - "ip4.dst <-> ip4.src; "
> - "next; };";
> - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
> - ds_cstr(&match), action);
> + ds_clear(&match);
> + ds_put_format(&match,
> + "ip4 && ip4.dst == %s && !ip.later_frag &&
> tcp",
> + op->lrp_networks.ipv4_addrs[i].addr_s);
> + action = "tcp_reset {"
> + "eth.dst <-> eth.src; "
> + "ip4.dst <-> ip4.src; "
> + "next; };";
> + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
> + ds_cstr(&match), action);
>
> - ds_clear(&match);
> - ds_put_format(&match,
> - "ip4 && ip4.dst == %s && !ip.later_frag",
> - op->lrp_networks.ipv4_addrs[i].addr_s);
> - action = "icmp4 {"
> - "eth.dst <-> eth.src; "
> - "ip4.dst <-> ip4.src; "
> - "ip.ttl = 255; "
> - "icmp4.type = 3; "
> - "icmp4.code = 2; "
> - "next; };";
> - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70,
> - ds_cstr(&match), action);
> + ds_clear(&match);
> + ds_put_format(&match,
> + "ip4 && ip4.dst == %s && !ip.later_frag",
> + op->lrp_networks.ipv4_addrs[i].addr_s);
> + action = "icmp4 {"
> + "eth.dst <-> eth.src; "
> + "ip4.dst <-> ip4.src; "
> + "ip.ttl = 255; "
> + "icmp4.type = 3; "
> + "icmp4.code = 2; "
> + "next; };";
> + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 70,
> + ds_cstr(&match), action);
> + }
> }
>
> ds_clear(&match);
> @@ -5306,19 +5307,20 @@ build_lrouter_flows(struct hmap *datapaths, struct
> hmap *ports,
> }
>
> /* TCP port unreachable */
> - for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
> - const char *action;
> -
> - ds_clear(&match);
> - ds_put_format(&match,
> - "ip6 && ip6.dst == %s && !ip.later_frag && tcp",
> - op->lrp_networks.ipv6_addrs[i].addr_s);
> - action = "tcp_reset {"
> - "eth.dst <-> eth.src; "
> - "ip6.dst <-> ip6.src; "
> - "next; };";
> - ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
> + if (!smap_get(&op->od->nbr->options, "chassis")
> + && !op->od->l3dgw_port) {
> + for (int i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
> + ds_clear(&match);
> + ds_put_format(&match,
> + "ip6 && ip6.dst == %s && !ip.later_frag &&
> tcp",
> + op->lrp_networks.ipv6_addrs[i].addr_s);
> + const char *action = "tcp_reset {"
> + "eth.dst <-> eth.src; "
> + "ip6.dst <-> ip6.src; "
> + "next; };";
> + ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 80,
> ds_cstr(&match), action);
> + }
> }
> }
>
> --
> 1.9.1
>
>
More information about the dev
mailing list