[ovs-discuss] [OVN] [was Re: logical_flow priorities between --src-ip routes and directly connected routes]

Numan Siddique numans at ovn.org
Mon May 11 05:59:33 UTC 2020 

On Mon, May 11, 2020 at 9:56 AM Han Zhou <hzhou at ovn.org> wrote:

>
>
> On Sat, May 9, 2020 at 4:53 PM Girish Moodalbail <gmoodalbail at gmail.com>
> wrote:
> >
> > (edited the subject line.. sorry about not adding the necessary tags
> initially)
> >
> > On Fri, May 8, 2020 at 12:50 AM Girish Moodalbail <gmoodalbail at gmail.com>
> wrote:
> >>
> >> Hello all,
> >>
> >> In certain cases, the logical_flow priorities in lr_in_ip_routing will
> be such that one cannot forward the packets to the directly connected
> logical switch. Let me explain using the logical topology below:
> >>
> >> +-----------+                    +-----------+
> >> | l3gateway |                    | l3gateway |
> >> |   node1   |                    |   node2   |
> >> +----^------+                    +------^----+
> >>  100.64.0.2                        100.64.0.3
> >>      |                                  |
> >> +----+----------------------------------+-----+
> >> |                 join switch                 |
> >> +----------------------^----------------------+
> >>                        |
> >> +----------------------+----------------------+      +----------------+
> >> |               logical_router(lr1)           |      |      ls3       |
> >> |  src-ip=192.168.1.0/24 nexthop=100.64.0.2   +------+ 172.16.0.0/23  |
> >> |  src-ip=192.168.2.0/24 nexthop=100.64.0.3   |      |                |
> >> +---------^-------------------------^---------+      +----------------+
> >>           |                         |
> >>           |                         |
> >>  +--------+-------+           +-----+----------+
> >>  |      ls1       |           |      ls2       |
> >>  | 192.168.1.0/24 |           | 192.168.2.0/24 |
> >>  +----------------+           +----------------+
> >>
> >>
> >> We have 3 logical switches -- ls1, ls2, and ls3 directly connected to
> the distributed router. On this router, we have added policy-based routing
> based on the source IP. We steer all the packets from ls1 towards l3gateway
> on node1 and all the packets from ls2 towards l3gateway on node2.
> >>
> >> Note that the prefix-length of the `ls3` router is little larger than
> that for ls1 and ls2.
> >>
> >> If you look at the logical flows that represent the static routes in
> `lr_in_ip_routing` table for the distributed router, you will see that the
> packets destined to ls3 will matched last, that is after the source-ip
> based routing. As a result, packets from LS1 and LS2 destined to LS3 will
> never get forwarded to LS3 because they will hit the source-ip based routes
> first due to longest-prefix match. The order of routes will be
> >>
> >> 1. ip4.dst == 192.168.1.0/24
> >> 2. ip4.dst == 192.168.2.0/24
> >> 3. ip4.dst == 100.64.0.0/24
> >> 4. src-ip == 192.168.1.0/24
> >> 5. src-ip == 192.168.2.0/24
> >> 6. ip4.dst == 172.16.0.0/23
> >>
> >> Is this by design? One would think that the directly connected routes
> should get higher priority before we start checking the source-ip based
> routes.
> >>
> >> To workaround the problem, I am thinking of putting an another logical
> router between the lr1 and ls3, like this:
> >>   lr1 <---- peer -----> lr2 <----> ls3
> >>       (some /30 CIDR)             (172.16.0.0/23)
>

Can you use the router policies (lr-policy-add) for your use case ? rather
than creating another logical router ?

I think with policies, you can override the routing as this pipeline runs
after "lr_in_routing".

>>
> >> Regards
> >> ~Girish
> >>
> >>
> > _______________________________________________
> > discuss mailing list
> > discuss at openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
> I agree with you. I think that even dst routes should take priority over
> src routes (or the other way around). It seems not quite meaningful to
> compare prefix length between src routes and dst routes. Not sure if
> someone has different opinion with certain use cases.
>
>
Maybe we can  add a new column  'priority' in the
Logial_Router_Static_Route table and CMS can override the priority if
desired.

Thanks
Numan





> Thanks,
> Han
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200511/1aff6161/attachment-0001.html>

More information about the discuss mailing list