[ovs-dev] [PATCH ovn v2] Restrict ARP/IPv6 ND replies for LB VIP only on chassis redirect port
Numan Siddique
nusiddiq at redhat.com
Thu Jan 9 16:41:34 UTC 2020
On Thu, Jan 9, 2020 at 7:35 PM Dumitru Ceara <dceara at redhat.com> wrote:
>
> On Thu, Jan 9, 2020 at 1:18 PM <numans at ovn.org> wrote:
> >
> > From: Numan Siddique <numans at ovn.org>
> >
> > Presently when ARP/ND request for the load balance VIP is received
> > from the provider network, all the ovn-controllers' reply to the ARP/ND
> > request which have ovn-bridge-mappings configured.
> >
> > This patch restricts these ARP/ND replies only on the chassis where the
> > chassis redirect port of the distributed router port is resident.
> >
> > Signed-off-by: Numan Siddique <numans at ovn.org>
>
> Acked-by: Dumitru Ceara <dceara at redhat.com>
Thanks Dumitru. I applied this patch to master.
Numan
>
> Thanks,
> Dumitru
>
> > ---
> > v1 -> v2
> > -----
> > * Added the lflow for IPv6 LB VIPs.
> >
> > northd/ovn-northd.8.xml | 14 ++++++++++++++
> > northd/ovn-northd.c | 8 ++++++++
> > 2 files changed, 22 insertions(+)
> >
> > diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
> > index c6d5d96b9..4b227ca71 100644
> > --- a/northd/ovn-northd.8.xml
> > +++ b/northd/ovn-northd.8.xml
> > @@ -1680,6 +1680,13 @@ flags.loopback = 1;
> > output;
> > </pre>
> >
> > + <p>
> > + If the router port <var>P</var> is a distributed gateway router
> > + port, then the <code>is_chassis_resident(<var>P</var>)</code> is
> > + also added in the match condition for the load balancer IPv4
> > + VIP <var>A</var>.
> > + </p>
> > +
> > <p>
> > IPv6: For a configured DNAT IP address or a load balancer
> > IPv6 VIP <var>A</var>, solicited node address <var>S</var>,
> > @@ -1704,6 +1711,13 @@ nd_na {
> > }
> > </pre>
> >
> > + <p>
> > + If the router port <var>P</var> is a distributed gateway router
> > + port, then the <code>is_chassis_resident(<var>P</var>)</code>
> > + is also added in the match condition for the load balancer IPv6
> > + VIP <var>A</var>.
> > + </p>
> > +
> > <p>
> > For the gateway port on a distributed logical router with NAT
> > (where one of the logical router ports specifies a
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index d91a008b7..b6dc809d7 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -7511,6 +7511,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
> > "inport == %s && arp.tpa == %s && arp.op == 1",
> > op->json_key, ip_address);
> >
> > + if (op == op->od->l3dgw_port) {
> > + ds_put_format(&match, " && is_chassis_resident(%s)",
> > + op->od->l3redirect_port->json_key);
> > + }
> > ds_clear(&actions);
> > ds_put_format(&actions,
> > "eth.dst = eth.src; "
> > @@ -7538,6 +7542,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
> > "inport == %s && nd_ns && nd.target == %s",
> > op->json_key, ip_address);
> >
> > + if (op == op->od->l3dgw_port) {
> > + ds_put_format(&match, " && is_chassis_resident(%s)",
> > + op->od->l3redirect_port->json_key);
> > + }
> > ds_clear(&actions);
> > ds_put_format(&actions,
> > "nd_na { "
> > --
> > 2.24.1
> >
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
More information about the dev
mailing list