[ovs-dev] [PATCH ovn v5] ovn-northd.c: Add proxy ARP support to OVN

Numan Siddique numans at ovn.org
Tue Jun 29 12:24:32 UTC 2021


On Tue, Jun 29, 2021 at 7:48 AM Brendan Doyle <brendan.doyle at oracle.com> wrote:
>
> Numan,
>
> Did this version apply ? I'm guessing not. This was generated with git
> mail. But I don't see
> an entry in https://patchwork.ozlabs.org/project/ovn/list/
> for it. Please let me know if this has issue, if so I'll try generate a PR.


No.  This didn't apply either.   Since the patch was straightforward,
I just applied
the diff manually and applied the patch to the main branch.  I'm not
sure how you
generated the patch.  I presume using git-format-patch.

You can refer this if you haven't already -
https://github.com/ovn-org/ovn/blob/master/Documentation/internals/contributing/submitting-patches.rst

I did a few changes in the code and in the test before applying.

The commit is missing the ddlog part unfortunately.  I tried to add
it, but I probably need some
help from Ben.

The added test case fails for ddlog now.

Thanks
Numan

>
> Thanks
>
> Brendan
>
>
> On 28/06/2021 12:16, Brendan Doyle wrote:
> > This patch provides the ability to configure proxy ARP IPs on a Logical
> > Switch Router port. The IPs are added as Options for router ports. This
> > provides a useful feature where traffic for a service must be sent to an
> > address in a logical network address space, but the service is provided
> > in a different network. For example an NFS service is provide to Logical
> > networks at an address in their Logical network space, but the NFS
> > server resides in a physical network. A Logical switch Router port can
> > be configured to respond to ARP requests sent to the service "Logical
> > address", the Logical Router/Gateway can then be configured to forward
> > the traffic to the underlay/physical network.
> >
> > Signed-off-by: Brendan Doyle <brendan.doyle at oracle.com>
> > ---
> >   northd/ovn-northd.c |  48 ++++++++++++++++++++++++
> >   ovn-nb.xml          |   9 +++++
> >   tests/ovn.at        | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> >   3 files changed, 160 insertions(+)
> >
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index fcd6167..258b5db 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -6969,6 +6969,8 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
> >                                            struct ds *match)
> >   {
> >       if (op->nbsp) {
> > +        const char *arp_proxy;
> > +
> >           if (!strcmp(op->nbsp->type, "virtual")) {
> >               /* Handle
> >                *  - GARPs for virtual ip which belongs to a logical port
> > @@ -7126,6 +7128,52 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
> >                   }
> >               }
> >           }
> > +
> > +        /*
> > +         * Add responses for ARP proxies.
> > +         */
> > +        arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
> > +
> > +        if (arp_proxy && op->peer) {
> > +            struct lport_addresses proxy_arp_addrs;
> > +            int i = 0;
> > +
> > +            if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
> > +                /*
> > +                 * Match rule on all proxy ARP IPs.
> > +                 */
> > +                ds_clear(match);
> > +                ds_put_cstr(match, "arp.op == 1 && (");
> > +
> > +                for (i = 0; i < proxy_arp_addrs.n_ipv4_addrs; i++) {
> > +                    if (i > 0) {
> > +                        ds_put_cstr(match, " || ");
> > +                    }
> > +                    ds_put_format(match, "arp.tpa == %s",
> > +                        proxy_arp_addrs.ipv4_addrs[i].addr_s);
> > +                }
> > +
> > +                ds_put_cstr(match, ")");
> > +                destroy_lport_addresses(&proxy_arp_addrs);
> > +
> > +                ds_clear(actions);
> > +                ds_put_format(actions,
> > +                    "eth.dst = eth.src; "
> > +                    "eth.src = %s; "
> > +                    "arp.op = 2; /* ARP reply */ "
> > +                    "arp.tha = arp.sha; "
> > +                    "arp.sha = %s; "
> > +                    "arp.tpa <-> arp.spa; "
> > +                    "outport = inport; "
> > +                    "flags.loopback = 1; "
> > +                    "output;",
> > +                    op->peer->lrp_networks.ea_s,
> > +                    op->peer->lrp_networks.ea_s);
> > +
> > +                ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP,
> > +                    50, ds_cstr(match), ds_cstr(actions), &op->nbsp->header_);
> > +            }
> > +        }
> >       }
> >   }
> >
> > diff --git a/ovn-nb.xml b/ovn-nb.xml
> > index 406bc85..077a2d8 100644
> > --- a/ovn-nb.xml
> > +++ b/ovn-nb.xml
> > @@ -848,6 +848,15 @@
> >               </dd>
> >             </dl>
> >           </column>
> > +
> > +        <column name="options" key="arp_proxy">
> > +          Optional. A list IPv4 addresses that this
> > +          logical switch <code>router</code> port will reply to ARP requests.
> > +          Example: <code>169.254.239.254 169.254.239.2</code>. The
> > +          <ref column="options" key="router-port"/>'s logical router should
> > +          have a route to forward packets sent to configured proxy ARP IPs to
> > +          an appropriate destination.
> > +        </column>
> >         </group>
> >
> >         <group title="Options for localnet ports">
> > diff --git a/tests/ovn.at b/tests/ovn.at
> > index 5926350..1e0065d 100644
> > --- a/tests/ovn.at
> > +++ b/tests/ovn.at
> > @@ -26899,3 +26899,106 @@ AT_CHECK([ovs-ofctl dump-flows br-int "nw_src=10.0.0.0/24" | \
> >   OVN_CLEANUP([hv1])
> >   AT_CLEANUP
> >   ])
> > +
> > +OVN_FOR_EACH_NORTHD([
> > +AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
> > +AT_KEYWORDS([proxy-arp])
> > +ovn_start
> > +
> > +# Logical network:
> > +# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
> > +# and and one HV with IP 192.16.1.6.
> > +
> > +ovn-nbctl lr-add lr1
> > +ovn-nbctl ls-add ls1
> > +
> > +# Connect ls1 to lr1
> > +ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
> > +ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
> > +    type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
> > +
> > +# Create logical port ls1-lp1 in ls1
> > +ovn-nbctl lsp-add ls1 ls1-lp1 \
> > +-- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.16.1.6"
> > +
> > +
> > +# Create one hypervisor and create OVS ports corresponding to logical ports.
> > +net_add n1
> > +
> > +sim_add pa-hv
> > +as pa-hv
> > +ovs-vsctl add-br br-phys
> > +ovn_attach n1 br-phys 192.16.0.1
> > +
> > +# Note: tx/rx are with respect to the LS port, so
> > +# tx on switch port is HV rx, etc.
> > +ovs-vsctl -- add-port br-int vif1 -- \
> > +    set interface vif1 external-ids:iface-id=ls1-lp1 \
> > +    options:tx_pcap=pa-hv/vif1-tx.pcap \
> > +    options:rxq_pcap=pa-hv/vif1-rx.pcap \
> > +    ofport-request=1
> > +
> > +# And proxy ARP flows for 69.254.239.254 and 169.254.239.2
> > +# and check that SB flows have been added.
> > +ovn-nbctl --wait=hv add Logical_Switch_Port rp-ls1 \
> > +options arp_proxy='"169.254.239.254 169.254.239.2"'
> > +ovn-sbctl dump-flows > sbflows
> > +AT_CAPTURE_FILE([sbflows])
> > +
> > +AT_CHECK([ovn-sbctl dump-flows | grep ls_in_arp_rsp | grep "169.254.239.2" | wc -l], [0], [dnl
> > +1
> > +])
> > +
> > +# Remove and check that the flows have been removed
> > +ovn-nbctl --wait=hv remove Logical_Switch_Port rp-ls1 options arp_proxy='"169.254.239.254 169.254.239.2"'
> > +
> > +AT_CHECK([ovn-sbctl dump-flows | grep ls_in_arp_rsp | grep "169.254.239.2" | wc -l], [0], [dnl
> > +0
> > +])
> > +
> > +# Add the flows back send arp request and check we see an ARP response
> > +ovn-nbctl --wait=hv add Logical_Switch_Port rp-ls1 \
> > +options arp_proxy='"169.254.239.254 169.254.239.2"'
> > +
> > +ls1_p1_mac=00:00:00:01:02:03
> > +ls1_p1_ip=192.16.1.6
> > +
> > +ls1_ro_mac=00:00:00:01:02:f1
> > +ls1_ro_ip=192.168.1.1
> > +
> > +proxy_ip1=169.254.239.254
> > +proxy_ip2=169.254.239.2
> > +
> > +bcast_mac=ff:ff:ff:ff:ff:ff
> > +
> > +# Send ARP request for 169.254.239.254
> > +packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac && eth.dst==$bcast_mac &&
> > +       arp.op==1 && arp.sha==$ls1_p1_mac && arp.spa==$ls1_p1_ip &&
> > +       arp.tha==$bcast_mac && arp.tpa==$proxy_ip1"
> > +
> > +as pa-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
> > +
> > +ovs-ofctl dump-flows br-int| grep 169.254.239.254 | grep priority=50 > debug1
> > +AT_CAPTURE_FILE([debug1])
> > +
> > +
> > +# Check if packet hit the ARP reply ovs flow
> > +AT_CHECK([ovs-ofctl dump-flows br-int | \
> > +    grep "169.254.239.254" | \
> > +    grep "priority=50" | \
> > +    grep "arp_op=1" | \
> > +    grep "n_packets=1" | wc -l], [0], [dnl
> > +1
> > +])
> > +
> > +# Check that the HV gets an ARP reply
> > +expected="eth.src==$ls1_ro_mac && eth.dst==$ls1_p1_mac &&
> > +       arp.op==2 && arp.sha==$ls1_ro_mac && arp.spa==$proxy_ip1 &&
> > +       arp.tha==$ls1_p1_mac && arp.tpa==$ls1_p1_ip"
> > +echo $expected | ovstest test-ovn expr-to-packets > expected
> > +
> > +OVN_CHECK_PACKETS([pa-hv/vif1-tx.pcap], [expected])
> > +
> > +OVN_CLEANUP([pa-hv])
> > +AT_CLEANUP
> > +])
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>


More information about the dev mailing list