[ovs-git] [openvswitch/ovs] e16636: ovn: move load balancing flows after NAT flows

GitHub noreply at github.com
Wed Feb 1 20:39:48 UTC 2017


  Branch: refs/heads/branch-2.7
  Home:   https://github.com/openvswitch/ovs
  Commit: e166366b3d3eb7acc508eb58e891937ff15015ac
      https://github.com/openvswitch/ovs/commit/e166366b3d3eb7acc508eb58e891937ff15015ac
  Author: Mickey Spiegel <mickeys.dev at gmail.com>
  Date:   2017-02-01 (Wed, 01 Feb 2017)

  Changed paths:
    M ovn/northd/ovn-northd.c

  Log Message:
  -----------
  ovn: move load balancing flows after NAT flows

This will make it easy for distributed NAT to reuse some of the
existing code for NAT flows, while leaving load balancing and defrag
as functionality specific to gateway routers.  There is no intent to
change any functionality in this patch.

Signed-off-by: Mickey Spiegel <mickeys.dev at gmail.com>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>


  Commit: 622bc7882657d4be0584e355f345194af2604548
      https://github.com/openvswitch/ovs/commit/622bc7882657d4be0584e355f345194af2604548
  Author: Mickey Spiegel <mickeys.dev at gmail.com>
  Date:   2017-02-01 (Wed, 01 Feb 2017)

  Changed paths:
    M include/ovn/actions.h
    M ovn/controller/lflow.c
    M ovn/lib/actions.c
    M ovn/ovn-sb.xml
    M tests/ovn.at

  Log Message:
  -----------
  ovn: avoid snat recirc only on gateway routers

Currently, for performance reasons on gateway routers, ct_snat
that does not specify an IP address does not immediately trigger
recirculation.  On gateway routers, ct_snat that does not specify
an IP address happens in the UNSNAT pipeline stage, which is
followed by the DNAT pipeline stage that triggers recirculation
for all packets.  This DNAT pipeline stage recirculation takes
care of the recirculation needs of UNSNAT as well as other cases
such as UNDNAT.

On distributed routers, UNDNAT is handled in the egress pipeline
stage, separately from DNAT in the ingress pipeline stages.  The
DNAT pipeline stage only triggers recirculation for some packets.
Due to this difference in design, UNSNAT needs to trigger its own
recirculation.

This patch restricts the logic that avoids recirculation for
ct_snat, so that it only applies to datapaths representing
gateway routers.

Signed-off-by: Mickey Spiegel <mickeys.dev at gmail.com>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>


  Commit: ec29ac9c2a44cf809ddd8716d7b4f209c8970385
      https://github.com/openvswitch/ovs/commit/ec29ac9c2a44cf809ddd8716d7b4f209c8970385
  Author: Mickey Spiegel <mickeys.dev at gmail.com>
  Date:   2017-02-01 (Wed, 01 Feb 2017)

  Changed paths:
    M ovn/controller/ovn-controller.c
    M ovn/northd/ovn-northd.8.xml
    M ovn/northd/ovn-northd.c
    M ovn/ovn-architecture.7.xml
    M ovn/ovn-nb.ovsschema
    M ovn/ovn-nb.xml
    M tests/system-ovn.at

  Log Message:
  -----------
  ovn: distributed NAT flows

This patch implements the flows required in the ingress and egress
pipeline stages in order to support NAT on a distributed logical router.

NAT functionality is associated with the logical router gateway port.
The flows that carry out NAT functionality all have match conditions on
inport or outport equal to the logical router gateway port.  There are
additional flows that are used to redirect traffic when necessary,
using the tunnel key of a "chassisredirect" SB port binding in order to
redirect traffic to the instance of the logical router gateway port on
the centralized "redirect-chassis".

North/south traffic subject to one-to-one "dnat_and_snat" is handled
in a distributed manner, with south-to-north traffic going to the
local instance of the logical router gateway port.  North/south
traffic subject to (possibly one-to-many) "snat" is handled in a
centralized manner, with south-to-north traffic going to the instance
of the logical router gateway port on the "redirect-chassis".
North-to-south traffic is directed to the corresponding chassis by
limiting ARP responses to the appropriate instance of the logical
router gateway port on one chassis.  For centralized NAT rules, this
is the instance on the "redirect-chassis".  For distributed NAT rules,
this is the chassis where the corresponding logical port resides, using
an ethernet address specified in the NB NAT rule to trigger upstream
MAC learning.

East/west NAT traffic is all handled in a centralized manner.  While it
is certainly possible to handle some of this traffic in a distributed
manner, the centralized approach keeps the NAT flows simpler and
cleaner.  The expectation is that east/west NAT traffic is not as
important to optimize as north/south NAT traffic, with most east/west
traffic not requiring NAT.

Automated tests are currently limited to only a single node.  The
single node automated tests cover both north/south and east/west
traffic flows.

Signed-off-by: Mickey Spiegel <mickeys.dev at gmail.com>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>


  Commit: 91a67ab43af355e12cf63d65edaf76f89137386a
      https://github.com/openvswitch/ovs/commit/91a67ab43af355e12cf63d65edaf76f89137386a
  Author: Mickey Spiegel <mickeys.dev at gmail.com>
  Date:   2017-02-01 (Wed, 01 Feb 2017)

  Changed paths:
    M ovn/utilities/ovn-nbctl.8.xml
    M ovn/utilities/ovn-nbctl.c
    M tests/ovn-nbctl.at
    M tests/system-ovn.at

  Log Message:
  -----------
  ovn: ovn-nbctl commands for distributed NAT

This patch adds the new optional arguments "logical_port" and
"external_mac" to lr-nat-add, and displays that information in
lr-nat-list.

Signed-off-by: Mickey Spiegel <mickeys.dev at gmail.com>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>


  Commit: 1a926a51166a57f7a43b5aa85f77259c50072e07
      https://github.com/openvswitch/ovs/commit/1a926a51166a57f7a43b5aa85f77259c50072e07
  Author: Mickey Spiegel <mickeys.dev at gmail.com>
  Date:   2017-02-01 (Wed, 01 Feb 2017)

  Changed paths:
    M ovn/ovn-nb.xml

  Log Message:
  -----------
  ovn: rewrite redirect-chassis description in ovn-nb.xml

This optional patch addresses offline comments that the documentation
in ovn-nb.xml should not describe southbound constructs or flow
details, since it is user facing documentation.

Signed-off-by: Mickey Spiegel <mickeys.dev at gmail.com>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/f2cbc936f62c...1a926a51166a


More information about the git mailing list