[ovs-dev] [PATCH ovn v2] Restrict ARP/IPv6 ND replies for LB VIP only on chassis redirect port

numans at ovn.org numans at ovn.org
Thu Jan 9 12:17:56 UTC 2020


From: Numan Siddique <numans at ovn.org>

Presently when ARP/ND request for the load balance VIP is received
from the provider network, all the ovn-controllers' reply to the ARP/ND
request which have ovn-bridge-mappings configured.

This patch restricts these ARP/ND replies only on the chassis where the
chassis redirect port of the distributed router port is resident.

Signed-off-by: Numan Siddique <numans at ovn.org>
---
v1 -> v2
-----
 * Added the lflow for IPv6 LB VIPs.

 northd/ovn-northd.8.xml | 14 ++++++++++++++
 northd/ovn-northd.c     |  8 ++++++++
 2 files changed, 22 insertions(+)

diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index c6d5d96b9..4b227ca71 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -1680,6 +1680,13 @@ flags.loopback = 1;
 output;
         </pre>
 
+        <p>
+          If the router port <var>P</var> is a distributed gateway router
+          port, then the <code>is_chassis_resident(<var>P</var>)</code> is
+          also added in the match condition for the load balancer IPv4
+          VIP <var>A</var>.
+        </p>
+
         <p>
           IPv6: For a configured DNAT IP address or a load balancer
           IPv6 VIP <var>A</var>, solicited node address <var>S</var>,
@@ -1704,6 +1711,13 @@ nd_na {
 }
         </pre>
 
+        <p>
+          If the router port <var>P</var> is a distributed gateway router
+          port, then the <code>is_chassis_resident(<var>P</var>)</code>
+          is also added in the match condition for the load balancer IPv6
+          VIP <var>A</var>.
+        </p>
+
         <p>
           For the gateway port on a distributed logical router with NAT
           (where one of the logical router ports specifies a
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index d91a008b7..b6dc809d7 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -7511,6 +7511,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           "inport == %s && arp.tpa == %s && arp.op == 1",
                           op->json_key, ip_address);
 
+            if (op == op->od->l3dgw_port) {
+                ds_put_format(&match, " && is_chassis_resident(%s)",
+                              op->od->l3redirect_port->json_key);
+            }
             ds_clear(&actions);
             ds_put_format(&actions,
                           "eth.dst = eth.src; "
@@ -7538,6 +7542,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           "inport == %s && nd_ns && nd.target == %s",
                           op->json_key, ip_address);
 
+            if (op == op->od->l3dgw_port) {
+                ds_put_format(&match, " && is_chassis_resident(%s)",
+                              op->od->l3redirect_port->json_key);
+            }
             ds_clear(&actions);
             ds_put_format(&actions,
                           "nd_na { "
-- 
2.24.1



More information about the dev mailing list