[ovs-dev] [PATCH v4 ovn 2/2] northd: add logical flows for dhcpv6 pfd parsing

Fri Dec 20 11:32:25 UTC 2019

Introduce logical flows in ovn router pipeline in order to parse dhcpv6
advertise/reply from IPv6 prefix delegation router.
Do not overwrite ipv6_ra_pd_list info in options column of SB port_binding
table written by ovn-controller

Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
---
 northd/ovn-northd.c |  69 +++++++++++++++++++++++-
 ovn-nb.xml          |  17 ++++++
 tests/atlocal.in    |   5 +-
 tests/system-ovn.at | 124 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 213 insertions(+), 2 deletions(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 3a5cb7c91..cc3d950bc 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -2653,6 +2653,8 @@ ovn_port_update_sbrec(struct northd_context *ctx,
                       struct sset *active_ha_chassis_grps)
 {
     sbrec_port_binding_set_datapath(op->sb, op->od->sb);
+    const char *ipv6_pd_list = NULL;
+
     if (op->nbrp) {
         /* If the router is for l3 gateway, it resides on a chassis
          * and its port type is "l3gateway". */
@@ -2775,6 +2777,12 @@ ovn_port_update_sbrec(struct northd_context *ctx,
                 smap_add(&new, "l3gateway-chassis", chassis_name);
             }
         }
+
+        ipv6_pd_list = smap_get(&op->sb->options, "ipv6_ra_pd_list");
+        if (ipv6_pd_list) {
+            smap_add(&new, "ipv6_ra_pd_list", ipv6_pd_list);
+        }
+
         sbrec_port_binding_set_options(op->sb, &new);
         smap_destroy(&new);
 
@@ -2824,6 +2832,12 @@ ovn_port_update_sbrec(struct northd_context *ctx,
                 smap_add_format(&options,
                                 "qdisc_queue_id", "%d", queue_id);
             }
+
+            ipv6_pd_list = smap_get(&op->sb->options, "ipv6_ra_pd_list");
+            if (ipv6_pd_list) {
+                smap_add(&options, "ipv6_ra_pd_list", ipv6_pd_list);
+            }
+
             sbrec_port_binding_set_options(op->sb, &options);
             smap_destroy(&options);
             if (ovn_is_known_nb_lsp_type(op->nbsp->type)) {
@@ -2873,6 +2887,12 @@ ovn_port_update_sbrec(struct northd_context *ctx,
                 if (chassis) {
                     smap_add(&new, "l3gateway-chassis", chassis);
                 }
+
+                ipv6_pd_list = smap_get(&op->sb->options, "ipv6_ra_pd_list");
+                if (ipv6_pd_list) {
+                    smap_add(&new, "ipv6_ra_pd_list", ipv6_pd_list);
+                }
+
                 sbrec_port_binding_set_options(op->sb, &new);
                 smap_destroy(&new);
             } else {
@@ -7842,7 +7862,36 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
         free(snat_ips);
     }
 
-    /* Logical router ingress table 3: IP Input for IPv6. */
+    /* DHCPv6 reply handling */
+    HMAP_FOR_EACH (op, key_node, ports) {
+        if (!op->nbrp) {
+            continue;
+        }
+
+        if (op->derived) {
+            continue;
+        }
+
+        struct lport_addresses lrp_networks;
+        if (!extract_lrp_networks(op->nbrp, &lrp_networks)) {
+            continue;
+        }
+
+        for (size_t i = 0; i < lrp_networks.n_ipv6_addrs; i++) {
+            ds_clear(&actions);
+            ds_clear(&match);
+            ds_put_format(&match, "ip6.dst == %s && udp.src == 547 &&"
+                          " udp.dst == 546",
+                          lrp_networks.ipv6_addrs[i].addr_s);
+            ds_put_format(&actions, "reg0 = 0; handle_dhcpv6_reply { "
+                          "eth.dst <-> eth.src; ip6.dst <-> ip6.src; "
+                          "outport <-> inport; output; };");
+            ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100,
+                          ds_cstr(&match), ds_cstr(&actions));
+        }
+    }
+
+    /* Logical router ingress table 1: IP Input for IPv6. */
     HMAP_FOR_EACH (op, key_node, ports) {
         if (!op->nbrp) {
             continue;
@@ -8643,6 +8692,24 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
             continue;
         }
 
+        struct smap options;
+        /* enable IPv6 prefix delegation */
+        bool prefix_delegation = smap_get_bool(&op->nbrp->options,
+                                               "prefix_delegation", false);
+        if (prefix_delegation) {
+            smap_clone(&options, &op->sb->options);
+            smap_add(&options, "ipv6_prefix_delegation", "true");
+            sbrec_port_binding_set_options(op->sb, &options);
+            smap_destroy(&options);
+        }
+
+        if (smap_get_bool(&op->nbrp->options, "prefix", false)) {
+            smap_clone(&options, &op->sb->options);
+            smap_add(&options, "ipv6_prefix", "true");
+            sbrec_port_binding_set_options(op->sb, &options);
+            smap_destroy(&options);
+        }
+
         const char *address_mode = smap_get(
             &op->nbrp->ipv6_ra_configs, "address_mode");
 
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 5ae52bbde..d7fddcae2 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -2142,6 +2142,23 @@
           to <code>true</code>.
         </p>
       </column>
+
+      <column name="options" key="prefix_delegation"
+              type='{"type": "boolean"}'>
+        <p>
+          If set to <code>true</code>, enable IPv6 prefix delegation state
+          machine on this logical router port (RFC3633). IPv6 prefix
+          delegation is available just on a gateway router or on a gateway
+          router port.
+        </p>
+      </column>
+
+      <column name="options" key="prefix" type='{"type": "boolean"}'>
+        <p>
+          If set to <code>true</code>, this interface will receive an IPv6
+          prefix according to RFC3663
+        </p>
+      </column>
     </group>
 
     <group title="Attachment">
diff --git a/tests/atlocal.in b/tests/atlocal.in
index 5f14c3da0..8f3ff03b9 100644
--- a/tests/atlocal.in
+++ b/tests/atlocal.in
@@ -157,7 +157,7 @@ find_command()
 {
     which $1 > /dev/null 2>&1
     status=$?
-    var=HAVE_`echo "$1" | tr '[a-z]' '[A-Z]'`
+    var=HAVE_`echo "$1" | tr '-' '_' | tr '[a-z]' '[A-Z]'`
     if test "$status" = "0"; then
         eval ${var}="yes"
     else
@@ -192,6 +192,9 @@ else
     DIFF_SUPPORTS_NORMAL_FORMAT=no
 fi
 
+# Set HAVE_DIBBLER-SERVER
+find_command dibbler-server
+
 # Turn off proxies.
 unset http_proxy
 unset https_proxy
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index a56d358ea..b6a0aac6f 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -3426,3 +3426,127 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
 /connection dropped.*/d"])
 
 AT_CLEANUP
+
+AT_SETUP([ovn -- IPv6 prefix delegation])
+AT_SKIP_IF([test $HAVE_DIBBLER_SERVER = no])
+AT_SKIP_IF([test $HAVE_TCPDUMP = no])
+AT_KEYWORDS([ovn-ipv6-prefix_d])
+
+ovn_start
+OVS_TRAFFIC_VSWITCHD_START()
+
+ADD_BR([br-int])
+ADD_BR([br-ext])
+
+ovs-ofctl add-flow br-ext action=normal
+# Set external-ids in br-int needed for ovn-controller
+ovs-vsctl \
+        -- set Open_vSwitch . external-ids:system-id=hv1 \
+        -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
+        -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
+        -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
+        -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
+
+# Start ovn-controller
+start_daemon ovn-controller
+
+# Logical network:
+# One LR R1 with switches foo (192.168.1.0/24), bar (192.168.2.0/24),
+# and alice (172.16.1.0/24) connected to it.  The port between R1 and
+# alice is the router gateway port where the R1 NAT rules are applied.
+#
+#    R1 -- join -- dibbler-server
+#     |
+#    bar
+
+ovn-nbctl lr-add R1
+
+ovn-nbctl ls-add bar
+ovn-nbctl ls-add join
+
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:03 192.168.1.1/24
+ovn-nbctl lrp-add R1 join 00:00:02:01:02:03 172.16.1.1/24 2001:db8:3333::1/64 \
+    -- set Logical_Router_Port join options:redirect-chassis=hv1
+
+# Connect bar to R1
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
+    type=router options:router-port=bar \
+    -- lsp-set-addresses rp-bar router
+
+# Connect join to R1
+ovn-nbctl lsp-add join rp-join -- set Logical_Switch_Port rp-join \
+    type=router options:router-port=join \
+    -- lsp-set-addresses rp-join router
+
+# Logical port 'bar1' in switch 'bar'.
+ADD_NAMESPACES(bar1)
+ADD_VETH(bar1, bar1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
+         "192.168.1.1")
+ovn-nbctl lsp-add bar bar1 \
+-- lsp-set-addresses bar1 "f0:00:00:01:02:03 192.168.1.2"
+
+# Logical port 'join1' in switch 'join'.
+ADD_NAMESPACES(join1)
+ADD_VETH(join1, join1, br-ext, "2001:db8:3333::2/64", "f0:00:00:01:02:05", \
+         "2001:db8:3333::1")
+
+NS_CHECK_EXEC([join1], [tcpdump -ni join1 > dhcp.pcap &])
+
+OVS_WAIT_UNTIL([test "$(ip netns exec join1 ip a | grep 2001:db8:3333::2 | grep tentative)" = ""])
+OVS_WAIT_UNTIL([test "$(ip netns exec join1 ip a | grep fe80 | grep tentative)" = ""])
+
+AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=phynet:br-ext])
+ovn-nbctl lsp-add join join1 \
+        -- lsp-set-addresses join1 unknown \
+        -- lsp-set-type join1 localnet \
+        -- lsp-set-options join1 network_name=phynet
+
+ovn-nbctl set logical_router_port join options:prefix_delegation=true
+ovn-nbctl set logical_router_port join options:prefix=true
+ovn-nbctl set logical_router_port bar options:prefix=true
+
+# reset dibbler state
+sed s/eth0/join1/g -i /etc/dibbler/server.conf
+cat > /var/lib/dibbler/server-AddrMgr.xml <<EOF
+<AddrMgr>
+  <timestamp>1575481348</timestamp>
+  <replayDetection>0</replayDetection>
+</AddrMgr>
+EOF
+cat > /var/lib/dibbler/server-CfgMgr.xml <<EOF
+<SrvCfgMgr>
+  <workDir>/var/lib/dibbler</workDir>
+  <LogName>Server</LogName>
+  <LogLevel>8</LogLevel>
+  <InactiveMode>0</InactiveMode>
+  <GuessMode>0</GuessMode>
+</SrvCfgMgr>
+EOF
+
+NS_CHECK_EXEC([join1], [dibbler-server run > dibbler.log &])
+ovn-nbctl --wait=hv sync
+
+sleep 10
+kill $(pidof tcpdump)
+kill $(pidof dibbler-server)
+
+OVS_WAIT_UNTIL([
+    total_reply=`grep -c "dhcp6 reply" dhcp.pcap`
+    test ${total_reply} -gt 1
+])
+
+kill $(pidof ovn-controller)
+
+as ovn-sb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as ovn-nb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as northd
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
+
+as
+OVS_TRAFFIC_VSWITCHD_STOP(["/.*error receiving.*/d
+/.*terminating with signal 15.*/d"])
+AT_CLEANUP
-- 
2.21.0

