[ovs-git] [openvswitch/ovs] 2ce9e7: tests: Inject ARP replies for snoop tests on diffe...

GitHub noreply at github.com
Wed Apr 18 23:43:51 UTC 2018 

  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 2ce9e71bb960e802a6040cc22ae6c4b0e21b32c4
      https://github.com/openvswitch/ovs/commit/2ce9e71bb960e802a6040cc22ae6c4b0e21b32c4
  Author: Zoltan Balogh <zoltan.balogh.eth at gmail.com>
  Date:   2018-04-18 (Wed, 18 Apr 2018)

  Changed paths:
    M tests/tunnel-push-pop-ipv6.at
    M tests/tunnel-push-pop.at

  Log Message:
  -----------
  tests: Inject ARP replies for snoop tests on different port

The ARP replies injected into the underlay bridge 'br0' to trigger
ARP snooping should be destined to the the bridges LOCAL port. So far
the tests injected them on LOCAL port 'br0' itself, which didn't matter
as OVS snooped on all ARP packets passing the bridge.

This patch injects the ARP replies on a different port in preparation for
an upcoming commit that will make OVS only snoop on ARP packets output
to the LOCAL port.

The clone() wrapper must be added to the generated datapath flows now as
the traced packets would actually be transmitted through the tunnel port.
Previously the underlay bridge dropped the packets as the learned egress
port for the tunnel nexthop was the LOCAL port, which also served as
virtual ingress port for the encapsulated traffic. The translation
end result was an expensive way to say 'drop'.

Signed-off-by: Zoltan Balogh <zoltan.balogh.eth at gmail.com>
Co-authored-by: Jan Scheurich <jan.scheurich at ericsson.com>
Signed-off-by: Jan Scheurich <jan.scheurich at ericsson.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 83c2757bd16e86f6a2d5a69e94f890087e8df294
      https://github.com/openvswitch/ovs/commit/83c2757bd16e86f6a2d5a69e94f890087e8df294
  Author: Zoltan Balogh <zoltan.balogh.eth at gmail.com>
  Date:   2018-04-18 (Wed, 18 Apr 2018)

  Changed paths:
    M include/sparse/netinet/in.h
    M ofproto/ofproto-dpif-xlate.c
    M tests/tunnel-push-pop-ipv6.at
    M tests/tunnel-push-pop.at

  Log Message:
  -----------
  xlate: Move tnl_neigh_snoop() to terminate_native_tunnel()

Currently OVS snoops any ARP or ND packets in any bridge and populates
the tunnel neighbor cache with the retreived data. For instance, when
an ARP reply originated by a tenant is received in an overlay bridge, the
ARP packet is snooped and tunnel neighbor cache is filled with tenant
address information. This is at best useless as tunnel endpoints can only
reside on an underlay bridge.

The real problem starts if different tenants on the overlay bridge have
overlapping IP addresses such that they keep overwriting each other's
pseudo tunnel neighbor entries. These frequent updates are treated as
configuration changes and trigger revalidation each time, thus causing
a lot of useless revalidation load on the system.

To keep the ARP neighbor cache clean, this patch moves tunnel neighbor
snooping from the generic function do_xlate_actions() to the specific
funtion terminate_native_tunnel() in compose_output_action(). Thus,
only ARP and Neighbor Advertisement packets addressing a local
tunnel endpoint (on the LOCAL port of the underlay bridge) are snooped.

In order to achieve this, IP addresses of the bridge ports are retrieved
and then stored in xbridge by calling xlate_xbridge_set(). The
destination address extracted from the ARP or Neighbor Advertisement
packet is then matched against the known xbridge addresses in
is_neighbor_reply_correct() to filter the snooped packets further.

Signed-off-by: Zoltan Balogh <zoltan.balogh.eth at gmail.com>
Co-authored-by: Jan Scheurich <jan.scheurich at ericsson.com>
Signed-off-by: Jan Scheurich <jan.scheurich at ericsson.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/8e4e45887ec3...83c2757bd16e

More information about the git mailing list