[ovs-dev] [PATCH ovn v7 0/5] ARP and Floating IP Fixes

Mark Michelson mmichels at redhat.com
Wed May 5 15:38:06 UTC 2021


This patch series aims to fix issues seen in OpenStack deployments when
floating IPs were assigned to routers, and those floating IPs were not
part of any subnet configured on that router.

Originally, this was a two patch series but it has bloomed into a 5
patch series.

Patch 1 fixes the scenario where a VM attempts to reach a floating IP on
the directly connected router. This has been part of this patch series
since v1.

Patch 2 is an incidental fix that removes a redundant paragraph from
documentation.

Patches 3 and 4 work towards pre-allocating MAC_Bindings for known
router addresses. Patch 3 is the northd side, placing all
router_addresses in the connected logical switch port's Port_Binding
record. Patch 4 is the ovn-controller side, adding the MAC_Bindings
based on the Port_Binding's router_addresses.

And Patch 5 addresses the situation for when the pre-allocated
MAC_Bindings cannot be used. For this situation, we will flood the ARP
request if the TPA is for a configured IP address that is outside the
connected routers' subnets.
---
v6 -> v7:
* Patch 3 has been further refined to ensure that router addresses are
  only saved to a switch that is connected to a gateway router port. In
  v6, we ensured the switch was connected to a router that had a gateway
  port. But in v7, we now ensure that the switch is directly connected to
  the gateway port.
* Patch 4 has added a new whitelisted warning message for system tests.
  This is because we can potentially insert the same MAC_Binding record
  twice before we have been notified by the server that the first was
  added.

v5 -> v6:
* Patch 3 now only saves gateway router addresses to the connected
  switch's router_addresses column. Previous versions saved all router
  addresses to all connected switches' columns.
* Patch 5 has two new tests added. One ensures that the priority 90
  flows that flood ARP for unreachable addresses are present. The other
  is a restored system test that ensures that a ping to a floating IP
  outside of the router's subnet succeeds.
* Patch 4 has a small change of types from int to size_t for a loop
  index.

v4 -> v5:
Fixed memory leaks in patch 3 and patch 4. Patches 1, 2,  and 5 are the
same as in v4.
---

Mark Michelson (5):
  northd: Swap src and dst eth addresses in router egress loop.
  ovn-sb: Remove redundant "nat-addresses" information from
    Port_Binding.
  northd: Save all router addresses in Port_Bindings
  pinctrl: Add Chassis MAC_Bindings for all router addresses.
  northd: Flood ARPs to routers for "unreachable" addresses.

 controller/ovn-controller.c |   4 +
 controller/pinctrl.c        | 300 +++++++++++++++++++++-------
 controller/pinctrl.h        |   1 +
 northd/ovn-northd.8.xml     |   8 +
 northd/ovn-northd.c         | 378 ++++++++++++++++++++++++------------
 northd/ovn_northd.dl        | 153 +++++++++++----
 ovn-sb.ovsschema            |   8 +-
 ovn-sb.xml                  |  37 +++-
 tests/ofproto-macros.at     |   5 +
 tests/ovn-controller.at     | 179 +++++++++++++++++
 tests/ovn-northd.at         | 352 +++++++++++++++++++++++++++++++++
 tests/system-ovn.at         | 218 +++++++++++++++++++++
 12 files changed, 1408 insertions(+), 235 deletions(-)

-- 
2.29.2



More information about the dev mailing list