[ovs-dev] [External] : Re: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
Brendan Doyle
brendan.doyle at oracle.com
Wed Jun 2 15:43:29 UTC 2021
On 02/06/2021 15:42, Dan Williams wrote:
> On Wed, 2021-06-02 at 09:26 +0100, Brendan Doyle wrote:
>> Hi,
>>
>> Just wondering what the process is here, I submitted this patch a while
>> ago, and I see quite a few
>> other patches have been submitted since. So wondering what happens
>> after
>> a patch is submitted,
>> how do I know if it has been accepted/rejected/need more work, and how
>> does it make it into the
>> repo if accepted. This does not seem to be documented in:
> Thanks for the patch; now that it's posted the patch is waiting for
> review. You can track overall status here:
>
>
> https://urldefense.com/v3/__http://patchwork.ozlabs.org/project/ovn/list/?series=246447__;!!GqivPVa7Brio!NAT2CA0Mr3YQ0gASU9iSe8-ql0xQnnn3q7gvr8E25QYgrAvVWAE0QvPelMH9KXmj-pM$
Great, thanks
>
> but you'll also get replies to the patch with review comments. Reviews
> may take a bit of time as the patch volume is fairly large, and
> everyone is busy. But don't worry! It's on the list.
NP - I know the feeling :)
>
>> Submitting Patches — Open Virtual Network (OVN) 21.03.0 documentation
>> <
>> https://urldefense.com/v3/__https://docs.ovn.org/en/stable/internals/contributing/submitting-patches.html__;!!GqivPVa7Brio!NAT2CA0Mr3YQ0gASU9iSe8-ql0xQnnn3q7gvr8E25QYgrAvVWAE0QvPelMH9OLJt62c$
> Good point, there should probably be a "What's next?" section.
>
> ---
>
> One thing though, the patch seems to be linewrapped and won't apply
> cleanly. Any chance you could fix that up by setting your email client
> to "preformatted" before pasting the patch into the mail, or using git-
> send-email?
Oh, sorry I did run the patch checker before pasting into email, I'll
see what I can do.
Then just resubmit?
> Thanks,
> Dan
>
>> Thanks
>>
>> Brendan
>>
>> On 31/05/2021 10:06, Brendan Doyle wrote:
>>> From a9d3140845175edb7644b2d0d82a95bd6cf94662 Mon Sep 17 00:00:00
>>> 2001
>>> From: Brendan Doyle <brendan.doyle at oracle.com>
>>> Date: Fri, 28 May 2021 10:01:17 -0700
>>> Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
>>>
>>> This patch provides the ability to configure proxy ARP IPs on a
>>> Logical
>>> Switch Router port. The IPs are added as Options for router ports.
>>> This
>>> provides a useful feature where traffic for a service must be sent
>>> to an
>>> address in a logical network address space, but the service is
>>> provided
>>> in a different network. For example an NFS service is provide to
>>> Logical
>>> networks at an address in their Logical network space, but the NFS
>>> server resides in a physical network. A Logical switch Router port
>>> can
>>> be configured to respond to ARP requests sent to the service
>>> "Logical
>>> address", the Logical Router/Gateway can then be configured to
>>> forward
>>> the traffic to the underlay/physical network.
>>>
>>> Signed-off-by: Brendan Doyle <brendan.doyle at oracle.com>
>>> ---
>>> northd/ovn-northd.c | 38 +++++++++++++++++++
>>> ovn-nb.xml | 9 +++++
>>> tests/ovn.at | 103
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> 3 files changed, 150 insertions(+)
>>>
>>> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
>>> index 0e5092a..a377e83 100644
>>> --- a/northd/ovn-northd.c
>>> +++ b/northd/ovn-northd.c
>>> @@ -6943,6 +6943,7 @@
>>> build_lswitch_arp_nd_responder_known_ips(struct
>>> ovn_port *op,
>>> struct ds *match)
>>> {
>>> if (op->nbsp) {
>>> + const char *arp_proxy;
>>> if (!strcmp(op->nbsp->type, "virtual")) {
>>> /* Handle
>>> * - GARPs for virtual ip which belongs to a logical
>>> port
>>> @@ -7096,6 +7097,43 @@
>>> build_lswitch_arp_nd_responder_known_ips(struct
>>> ovn_port *op,
>>> }
>>> }
>>> }
>>> +
>>> + /*
>>> + * Add responses for ARP proxies.
>>> + */
>>> + arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
>>> + if (arp_proxy && op->peer) {
>>> + char *ips, *ip, *rest;
>>> +
>>> + ips = xstrdup(arp_proxy);
>>> + rest = ips;
>>> +
>>> + while ((ip = strtok_r(rest,",", &rest))) {
>>> + ds_clear(match);
>>> + ds_put_format(match, "arp.tpa == %s && arp.op ==
>>> 1",
>>> ip);
>>> +
>>> + ds_clear(actions);
>>> + ds_put_format(actions,
>>> + "eth.dst = eth.src; "
>>> + "eth.src = %s; "
>>> + "arp.op = 2; /* ARP reply */ "
>>> + "arp.tha = arp.sha; "
>>> + "arp.sha = %s; "
>>> + "arp.tpa = arp.spa; "
>>> + "arp.spa = %s; "
>>> + "outport = inport; "
>>> + "flags.loopback = 1; "
>>> + "output;",
>>> + op->peer->lrp_networks.ea_s,
>>> + op->peer->lrp_networks.ea_s,
>>> + ip);
>>> +
>>> + ovn_lflow_add_with_hint(lflows, op->od,
>>> S_SWITCH_IN_ARP_ND_RSP,
>>> + 50, ds_cstr(match), ds_cstr(actions),
>>> + &op->nbsp->header_);
>>> + }
>>> + free(ips);
>>> + }
>>> }
>>> }
>>>
>>> diff --git a/ovn-nb.xml b/ovn-nb.xml
>>> index 02fd216..4b6c183 100644
>>> --- a/ovn-nb.xml
>>> +++ b/ovn-nb.xml
>>> @@ -848,6 +848,15 @@
>>> </dd>
>>> </dl>
>>> </column>
>>> +
>>> + <column name="options" key="arp_proxy">
>>> + Optional. A comma separated list IPv4 addresses that
>>> this
>>> + logical switch <code>router</code> port will reply to
>>> ARP
>>> requests.
>>> + Example: <code>169.254.239.254,169.254.239.2</code>. The
>>> + <ref column="options" key="router-port"/>'s logical
>>> router
>>> should
>>> + have a route to forward packets sent to configured proxy
>>> ARP IPs to
>>> + an appropriate destination.
>>> + </column>
>>> </group>
>>>
>>> <group title="Options for localnet ports">
>>> diff --git a/tests/ovn.at b/tests/ovn.at
>>> index 2c3c36d..c675cc9 100644
>>> --- a/tests/ovn.at
>>> +++ b/tests/ovn.at
>>> @@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t
>>> ovn-controller coverage/read-counter lflow_run) =
>>> OVN_CLEANUP([hv1])
>>> AT_CLEANUP
>>> ])
>>> +
>>> +OVN_FOR_EACH_NORTHD([
>>> +AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
>>> +AT_KEYWORDS([proxy-arp])
>>> +ovn_start
>>> +
>>> +# Logical network:
>>> +# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
>>> +# and and one HV with IP 192.16.1.6.
>>> +
>>> +ovn-nbctl lr-add lr1
>>> +ovn-nbctl ls-add ls1
>>> +
>>> +# Connect ls1 to lr1
>>> +ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
>>> +ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
>>> + type=router options:router-port=ls1
>>> addresses=\"00:00:00:01:02:f1\"
>>> +
>>> +# Create logical port ls1-lp1 in ls1
>>> +ovn-nbctl lsp-add ls1 ls1-lp1 \
>>> +-- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.16.1.6"
>>> +
>>> +
>>> +# Create one hypervisor and create OVS ports corresponding to
>>> logical
>>> ports.
>>> +net_add n1
>>> +
>>> +sim_add pa-hv
>>> +as pa-hv
>>> +ovs-vsctl add-br br-phys
>>> +ovn_attach n1 br-phys 192.16.0.1
>>> +
>>> +# Note: tx/rx are with respect to the LS port, so
>>> +# tx on switch port is HV rx, etc.
>>> +ovs-vsctl -- add-port br-int vif1 -- \
>>> + set interface vif1 external-ids:iface-id=ls1-lp1 \
>>> + options:tx_pcap=pa-hv/vif1-tx.pcap \
>>> + options:rxq_pcap=pa-hv/vif1-rx.pcap \
>>> + ofport-request=1
>>> +
>>> +# And proxy ARP flows for 69.254.239.254 and 169.254.239.2
>>> +# and check that SB flows have been added.
>>> +ovn-nbctl --wait=hv add Logical_Switch_Port rp-ls1 \
>>> +options arp_proxy='"169.254.239.254,169.254.239.2"'
>>> +ovn-sbctl dump-flows > sbflows
>>> +AT_CAPTURE_FILE([sbflows])
>>> +
>>> +AT_CHECK([ovn-sbctl dump-flows | grep ls_in_arp_rsp | grep
>>> "169.254.239.2" | wc -l], [0], [dnl
>>> +2
>>> +])
>>> +
>>> +# Remove and check that the flows have been removed
>>> +ovn-nbctl --wait=hv remove Logical_Switch_Port rp-ls1 options
>>> arp_proxy='"169.254.239.254,169.254.239.2"'
>>> +
>>> +AT_CHECK([ovn-sbctl dump-flows | grep ls_in_arp_rsp | grep
>>> "169.254.239.2" | wc -l], [0], [dnl
>>> +0
>>> +])
>>> +
>>> +# Add the flows back send arp request and check we see an ARP
>>> response
>>> +ovn-nbctl --wait=hv add Logical_Switch_Port rp-ls1 \
>>> +options arp_proxy='"169.254.239.254,169.254.239.2"'
>>> +
>>> +ls1_p1_mac=00:00:00:01:02:03
>>> +ls1_p1_ip=192.16.1.6
>>> +
>>> +ls1_ro_mac=00:00:00:01:02:f1
>>> +ls1_ro_ip=192.168.1.1
>>> +
>>> +proxy_ip1=169.254.239.254
>>> +proxy_ip2=169.254.239.2
>>> +
>>> +bcast_mac=ff:ff:ff:ff:ff:ff
>>> +
>>> +# Send ARP request for 169.254.239.254
>>> +packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac &&
>>> eth.dst==$bcast_mac &&
>>> + arp.op==1 && arp.sha==$ls1_p1_mac && arp.spa==$ls1_p1_ip &&
>>> + arp.tha==$bcast_mac && arp.tpa==$proxy_ip1"
>>> +
>>> +as pa-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
>>> +
>>> +ovs-ofctl dump-flows br-int| grep 169.254.239.254 | grep
>>> priority=50
>>>> debug1
>>> +AT_CAPTURE_FILE([debug1])
>>> +
>>> +
>>> +# Check if packet hit the ARP reply ovs flow
>>> +AT_CHECK([ovs-ofctl dump-flows br-int | \
>>> + grep "169.254.239.254" | \
>>> + grep "priority=50" | \
>>> + grep "arp_op=1" | \
>>> + grep "n_packets=1" | wc -l], [0], [dnl
>>> +1
>>> +])
>>> +
>>> +# Check that the HV gets an ARP reply
>>> +expected="eth.src==$ls1_ro_mac && eth.dst==$ls1_p1_mac &&
>>> + arp.op==2 && arp.sha==$ls1_ro_mac && arp.spa==$proxy_ip1 &&
>>> + arp.tha==$ls1_p1_mac && arp.tpa==$ls1_p1_ip"
>>> +echo $expected | ovstest test-ovn expr-to-packets > expected
>>> +
>>> +OVN_CHECK_PACKETS([pa-hv/vif1-tx.pcap], [expected])
>>> +
>>> +OVN_CLEANUP([pa-hv])
>>> +AT_CLEANUP
>>> +])
>>> --
>>> 1.8.3.1
>>>
>> _______________________________________________
>> dev mailing list
>> dev at openvswitch.org
>> https://urldefense.com/v3/__https://mail.openvswitch.org/mailman/listinfo/ovs-dev__;!!GqivPVa7Brio!NAT2CA0Mr3YQ0gASU9iSe8-ql0xQnnn3q7gvr8E25QYgrAvVWAE0QvPelMH9-EMNduE$
>
More information about the dev
mailing list