[ovs-dev] [PATCH v3] OVN: run local logical flows first in S_ROUTER_OUT_SNAT table

Darrell Ball dlu998 at gmail.com
Fri Jul 19 17:50:07 UTC 2019 

The following tests consistently fail for kernel and userspace datapaths

136: ovn -- DNAT and SNAT on distributed router - N/S FAILED (
system-ovn.at:1337)
137: ovn -- DNAT and SNAT on distributed router - E/W FAILED (
system-ovn.at:1510)

after this commit

commit a6ee09882283426553e1a475e8b396af9bb378d0

Author: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>

Date:   Sat Jul 6 12:45:00 2019 +0200



    OVN: run local logical flows first in S_ROUTER_OUT_SNAT table



    Run local logical flows first if the gw router port is scheduled

    on the local chassis in order to properly manage snat traffic



    Tested-by: Eran Kuris <ekuris at redhat.com>

    Acked-by: Numan Siddique <nusiddiq at redhat.com>

    Acked-by: Mark Michelson <mmichels at redhat.com>

    Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>

    Signed-off-by: Ben Pfaff blp at ovn.org




*136: ovn -- DNAT and SNAT on distributed router - N/S FAILED
(system-ovn.at:1337 <http://system-ovn.at:1337>)*



Missing conntrack entry:



@@ -1,2 +1 @@

-icmp,orig=(src=192.168.1.3,dst=172.16.1.2,id=<cleared>,type=8,code=0),reply=(src=172.16.1.2,dst=172.16.1.4,id=<cleared>,type=0,code=0),zone=<cleared>



*137: ovn -- DNAT and SNAT on distributed router - E/W FAILED
(system-ovn.at:1510 <http://system-ovn.at:1510>)*



Missing conntrack entries:



+++
/home/dball/openvswitch/ovs/_gcc/tests/system-kmod-testsuite.dir/at-groups/137/stdout
2019-07-19
10:14:39.821883399 -0700

@@ -1,3 +1 @@

-icmp,orig=(src=172.16.1.3,dst=172.16.1.4,id=<cleared>,type=8,code=0),reply=(src=192.168.2.2,dst=172.16.1.3,id=<cleared>,type=0,code=0),zone=<cleared>

-icmp,orig=(src=192.168.1.2,dst=172.16.1.4,id=<cleared>,type=8,code=0),reply=(src=172.16.1.4,dst=172.16.1.3,id=<cleared>,type=0,code=0),zone=<cleared>




On Sat, Jul 6, 2019 at 3:48 AM Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
wrote:

> Run local logical flows first if the gw router port is scheduled
> on the local chassis in order to properly manage snat traffic
>
> Tested-by: Eran Kuris <ekuris at redhat.com>
> Acked-by: Numan Siddique <nusiddiq at redhat.com>
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
> ---
> Changes since v2:
> - fix compilation error
> Changes since v1:
> - add priority change in ovn-northd.8.xml
> ---
>  ovn/northd/ovn-northd.8.xml | 3 ++-
>  ovn/northd/ovn-northd.c     | 7 +++++--
>  2 files changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
> index 193aa210f..d2267de0e 100644
> --- a/ovn/northd/ovn-northd.8.xml
> +++ b/ovn/northd/ovn-northd.8.xml
> @@ -2428,7 +2428,8 @@ nd_ns {
>          <p>
>            If the NAT rule cannot be handled in a distributed manner, then
>            the flow above is only programmed on the
> -          <code>redirect-chassis</code>.
> +          <code>redirect-chassis</code> increasing flow priority by 128 in
> +          order to be run first
>          </p>
>
>          <p>
> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> index ba2719321..ce382ac89 100644
> --- a/ovn/northd/ovn-northd.c
> +++ b/ovn/northd/ovn-northd.c
> @@ -6634,6 +6634,8 @@ build_lrouter_flows(struct hmap *datapaths, struct
> hmap *ports,
>                                    count_1bits(ntohl(mask)) + 1,
>                                    ds_cstr(&match), ds_cstr(&actions));
>                  } else {
> +                    uint16_t priority = count_1bits(ntohl(mask)) + 1;
> +
>                      /* Distributed router. */
>                      ds_clear(&match);
>                      ds_put_format(&match, "ip && ip4.src == %s"
> @@ -6643,6 +6645,7 @@ build_lrouter_flows(struct hmap *datapaths, struct
> hmap *ports,
>                      if (!distributed && od->l3redirect_port) {
>                          /* Flows for NAT rules that are centralized are
> only
>                           * programmed on the "redirect-chassis". */
> +                        priority += 128;
>                          ds_put_format(&match, " &&
> is_chassis_resident(%s)",
>                                        od->l3redirect_port->json_key);
>                      }
> @@ -6657,8 +6660,8 @@ build_lrouter_flows(struct hmap *datapaths, struct
> hmap *ports,
>                       * nat->logical_ip with the longest mask gets a higher
>                       * priority. */
>                      ovn_lflow_add(lflows, od, S_ROUTER_OUT_SNAT,
> -                                  count_1bits(ntohl(mask)) + 1,
> -                                  ds_cstr(&match), ds_cstr(&actions));
> +                                  priority, ds_cstr(&match),
> +                                  ds_cstr(&actions));
>                  }
>              }
>
> --
> 2.21.0
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>

More information about the dev mailing list