[ovs-discuss] [OVN] [was Re: logical_flow priorities between --src-ip routes and directly connected routes]

Girish Moodalbail gmoodalbail at gmail.com
Sat May 9 23:53:03 UTC 2020 

(edited the subject line.. sorry about not adding the necessary tags
initially)

On Fri, May 8, 2020 at 12:50 AM Girish Moodalbail <gmoodalbail at gmail.com>
wrote:

> Hello all,
>
> In certain cases, the logical_flow priorities in lr_in_ip_routing will be
> such that one cannot forward the packets to the directly connected logical
> switch. Let me explain using the logical topology below:
>
> +-----------+                    +-----------+
> | l3gateway |                    | l3gateway |
> |   node1   |                    |   node2   |
> +----^------+                    +------^----+
>  100.64.0.2                        100.64.0.3
>      |                                  |
> +----+----------------------------------+-----+
> |                 join switch                 |
> +----------------------^----------------------+
>                        |
> +----------------------+----------------------+      +----------------+
> |               logical_router(lr1)           |      |      ls3       |
> |  src-ip=192.168.1.0/24 nexthop=100.64.0.2   +------+ 172.16.0.0/23  |
> |  src-ip=192.168.2.0/24 nexthop=100.64.0.3   |      |                |
> +---------^-------------------------^---------+      +----------------+
>           |                         |
>           |                         |
>  +--------+-------+           +-----+----------+
>  |      ls1       |           |      ls2       |
>  | 192.168.1.0/24 |           | 192.168.2.0/24 |
>  +----------------+           +----------------+
>
>
> We have 3 logical switches -- ls1, ls2, and ls3 directly connected to the
> distributed router. On this router, we have added policy-based routing
> based on the source IP. We steer all the packets from ls1 towards l3gateway
> on node1 and all the packets from ls2 towards l3gateway on node2.
>
> Note that the prefix-length of the `ls3` router is little larger than that
> for ls1 and ls2.
>
> If you look at the logical flows that represent the static routes in
> `lr_in_ip_routing` table for the distributed router, you will see that the
> packets destined to ls3 will matched last, that is after the source-ip
> based routing. As a result, packets from LS1 and LS2 destined to LS3 will
> never get forwarded to LS3 because they will hit the source-ip based routes
> first due to longest-prefix match. The order of routes will be
>
> 1. ip4.dst == 192.168.1.0/24
> 2. ip4.dst == 192.168.2.0/24
> 3. ip4.dst == 100.64.0.0/24
> 4. src-ip == 192.168.1.0/24
> 5. src-ip == 192.168.2.0/24
> 6. ip4.dst == 172.16.0.0/23
>
> Is this by design? One would think that the directly connected routes
> should get higher priority before we start checking the source-ip based
> routes.
>
> To workaround the problem, I am thinking of putting an another logical
> router between the lr1 and ls3, like this:
>   lr1 <---- peer -----> lr2 <----> ls3
>       (some /30 CIDR)             (172.16.0.0/23)
>
> Regards
> ~Girish
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200509/8cf932a8/attachment-0001.html>

More information about the discuss mailing list