[ovs-dev] [PATCH v1 3/4] OVN: Vlan backed DVR N-S, avoid get_arp on non redirect chassis.

Ankur Sharma ankur.sharma at nutanix.com
Wed Jul 31 05:53:04 UTC 2019

With c0974331b7a19a87ab8f1f2cec8fbe366af92fa2, we have added
support for E-W workflow for vlan backed DVRs.

This series enables N-S workflow for vlan backed DVRs.

Key difference between E-W and N-S traffic flow is that
N-S flow requires a gateway chassis. A gateway chassis
will be respondible for following:
a. Doing Network Address Translation (NAT).
b. Becoming entry and exit point for North->South
   and South->North traffic respectively.

OVN by default always uses overlay encapsulation to redirect
the packet to gateway chassis. This series will enable
the redirection to gateway chassis in the absence of encapsulation.

This patch:
a. Make sure that ARP request for endpoint behind the gateway
   router port is sent from gateway chassis only and not from
   host(compute) chassis.

b. This is achieved by adding a new logical flow in
   lr_in_arp_resolve at priority=50.

c. This flow run on non gateway chassis and sets the destination
   mac to router port mac, if outport is a gateway chassis attached
   router port and redirect-type is set as "vlan".
   Example logical flow:
   table=9 (lr_in_arp_resolve  ), priority=50   , match=(outport == "router-to-underlay" && !is_chassis_resident("cr-router-to-underlay")), action=(eth.dst = 00:00:01:01:02:04; next;)

d. This change is needed because other wise for non resolved ARPs,
   we will end up doing get_arp in host chassis. Doing so will
   have following issues:
   i. We want all the interation with North bound endpoints via
      gateway chassis only, doing so on host chassis will violate

  ii. With get_arp, ovn-controller will generate the ARP using router
      port's mac as source mac, which will lead us to the same issue,
      where router port mac will be going through continous mac moves
      in physical network. Worst, it would affect the redirection,
      since it uses router port mac as destination mac.

Signed-off-by: Ankur Sharma <ankur.sharma at nutanix.com>
 northd/ovn-northd.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 25c58e8..cbfbb2c 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -7510,6 +7510,28 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                                   100, ds_cstr(&match), ds_cstr(&actions));
+            if (op->nbrp->n_gateway_chassis && !op->derived) {
+                const char *redirect_type = smap_get(&op->nbrp->options,
+                                                     "redirect-type");
+                if (redirect_type && !strcasecmp(redirect_type, "vlan")) {
+                    /* Packet is on a non gateway chassis and
+                     * has an unresolved ARP on a network behind gateway
+                     * chassis attached router port. Since, redirect type
+                     * is set to vlan, hence instead of calling "get_arp"
+                     * on this node, we will redirect the packet to gateway
+                     * chassis, by setting destination mac router port mac.*/
+                    ds_clear(&match);
+                    ds_put_format(&match, "outport == %s && "
+                                  "!is_chassis_resident(%s)", op->json_key,
+                                  op->od->l3redirect_port->json_key);
+                    ds_clear(&actions);
+                    ds_put_format(&actions, "eth.dst = %s; next;",
+                                  op->lrp_networks.ea_s);
+                    ovn_lflow_add(lflows, op->od, S_ROUTER_IN_ARP_RESOLVE,
+                                  50, ds_cstr(&match), ds_cstr(&actions));
+                }
+            }
         } else if (op->od->n_router_ports && strcmp(op->nbsp->type, "router")) {
             /* This is a logical switch port that backs a VM or a container.
              * Extract its addresses. For each of the address, go through all

More information about the dev mailing list