[ovs-dev] [PATCH v8 2/3 ovn] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis.

Numan Siddique nusiddiq at redhat.com
Wed Aug 28 16:12:09 UTC 2019


On Wed, Aug 28, 2019 at 7:27 AM Ankur Sharma <ankur.sharma at nutanix.com>
wrote:

> Background:
> With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added
> support for E-W workflow for vlan backed DVRs.
>
> This series enables N-S workflow for vlan backed DVRs.
>
> Key difference between E-W and N-S traffic flow is that
> N-S flow requires a gateway chassis. A gateway chassis
> will be respondible for following:
> a. Doing Network Address Translation (NAT).
> b. Becoming entry and exit point for North->South
>    and South->North traffic respectively.
>
> OVN by default always uses overlay encapsulation to redirect
> the packet to gateway chassis. This series will enable
> the redirection to gateway chassis in the absence of encapsulation.
>
> This patch:
> a. Make sure that ARP request for endpoint behind the gateway
>    router port is sent from gateway chassis only and not from
>    host(compute) chassis.
>
> b. This is achieved by adding a new logical flow in
>    lr_in_arp_resolve at priority=50.
>
> c. This flow run on non gateway chassis and sets the destination
>    mac to router port mac, if outport is a gateway chassis attached
>    router port and redirect-type is set as "vlan".
>    Example logical flow:
>    table=9 (lr_in_arp_resolve  ), priority=50   , match=(outport ==
> "router-to-underlay" && !is_chassis_resident("cr-router-to-underlay")),
> action=(eth.dst = 00:00:01:01:02:04; next;)
>
> d. This change is needed because other wise for non resolved ARPs,
>    we will end up doing get_arp in host chassis. Doing so will
>    have following issues:
>    i. We want all the interation with North bound endpoints via
>       gateway chassis only, doing so on host chassis will violate
>       that.
>
>   ii. With get_arp, ovn-controller will generate the ARP using router
>       port's mac as source mac, which will lead us to the same issue,
>       where router port mac will be going through continous mac moves
>       in physical network. Worst, it would affect the redirection,
>       since it uses router port mac as destination mac.
>
> Signed-off-by: Ankur Sharma <ankur.sharma at nutanix.com>
>

Hi Ankur,

I applied this patch with some commit correction in the commit message and
below changes

******************
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0daf3271a..78246506c 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -3636,16 +3636,6 @@ lsp_is_external(const struct
nbrec_logical_switch_port *nbsp)
     return !strcmp(nbsp->type, "external");
 }

-/* Returns true if lrp has either gateway chassis or ha chassis group
- * attached to it. */
-static bool
-lrp_has_gateway(const struct nbrec_logical_router_port *nbrp)
-{
-    return (nbrp->n_gateway_chassis ||
-            (nbrp->ha_chassis_group &&
nbrp->ha_chassis_group->n_ha_chassis))
-            ? true : false;
-}
-
 static bool
 build_dhcpv4_action(struct ovn_port *op, ovs_be32 offer_ip,
                     struct ds *options_action, struct ds *response_action,
@@ -7754,7 +7744,7 @@ build_lrouter_flows(struct hmap *datapaths, struct
hmap *ports,
                 }
             }

-            if (!op->derived && lrp_has_gateway(op->nbrp)) {
+            if (!op->derived && op->od->l3redirect_port) {
                 const char *redirect_type = smap_get(&op->nbrp->options,
                                                      "redirect-type");
                 if (redirect_type && !strcasecmp(redirect_type,
"bridged")) {
***********

Let me know if you think this isn't fine.

Thanks
Numan


> ---
>  northd/ovn-northd.8.xml | 12 ++++++++++++
>  northd/ovn-northd.c     | 32 ++++++++++++++++++++++++++++++++
>  2 files changed, 44 insertions(+)
>
> diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> index d45bb15..442e899 100644
> --- a/northd/ovn-northd.8.xml
> +++ b/northd/ovn-northd.8.xml
> @@ -2239,6 +2239,18 @@ next;
>            <code>get_nd(outport, xxreg0); next;</code>.
>          </p>
>        </li>
> +
> +      <li>
> +        <p>
> +          For logical router port with redirect-chassis and redirect-type
> +          being set as <code>bridged</code>, a priority-50 flow will match
> +          <code>outport == "ROUTER_PORT" and !is_chassis_resident
> +          ("cr-ROUTER_PORT")</code> has actions <code>eth.dst =
> <var>E</var>;
> +          next;</code>, where <var>E</var> is the ethernet address of the
> +          logical router port.
> +        </p>
> +      </li>
> +
>      </ul>
>
>      <h3>Ingress Table 9: Check packet length</h3>
> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> index 0a7f181..0daf327 100644
> --- a/northd/ovn-northd.c
> +++ b/northd/ovn-northd.c
> @@ -3636,6 +3636,16 @@ lsp_is_external(const struct
> nbrec_logical_switch_port *nbsp)
>      return !strcmp(nbsp->type, "external");
>  }
>
> +/* Returns true if lrp has either gateway chassis or ha chassis group
> + * attached to it. */
> +static bool
> +lrp_has_gateway(const struct nbrec_logical_router_port *nbrp)
> +{
> +    return (nbrp->n_gateway_chassis ||
> +            (nbrp->ha_chassis_group &&
> nbrp->ha_chassis_group->n_ha_chassis))
> +            ? true : false;
> +}
> +
>  static bool
>  build_dhcpv4_action(struct ovn_port *op, ovs_be32 offer_ip,
>                      struct ds *options_action, struct ds *response_action,
> @@ -7743,6 +7753,28 @@ build_lrouter_flows(struct hmap *datapaths, struct
> hmap *ports,
>                                    100, ds_cstr(&match),
> ds_cstr(&actions));
>                  }
>              }
> +
> +            if (!op->derived && lrp_has_gateway(op->nbrp)) {
> +                const char *redirect_type = smap_get(&op->nbrp->options,
> +                                                     "redirect-type");
> +                if (redirect_type && !strcasecmp(redirect_type,
> "bridged")) {
> +                    /* Packet is on a non gateway chassis and
> +                     * has an unresolved ARP on a network behind gateway
> +                     * chassis attached router port. Since, redirect type
> +                     * is set to vlan, hence instead of calling "get_arp"
> +                     * on this node, we will redirect the packet to
> gateway
> +                     * chassis, by setting destination mac router port
> mac.*/
> +                    ds_clear(&match);
> +                    ds_put_format(&match, "outport == %s && "
> +                                  "!is_chassis_resident(%s)",
> op->json_key,
> +                                  op->od->l3redirect_port->json_key);
> +                    ds_clear(&actions);
> +                    ds_put_format(&actions, "eth.dst = %s; next;",
> +                                  op->lrp_networks.ea_s);
> +                    ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ARP_RESOLVE,
> +                                  50, ds_cstr(&match), ds_cstr(&actions));
> +                }
> +            }
>          } else if (op->od->n_router_ports && strcmp(op->nbsp->type,
> "router")
>                     && strcmp(op->nbsp->type, "virtual")) {
>              /* This is a logical switch port that backs a VM or a
> container.
> --
> 1.8.3.1
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>


More information about the dev mailing list