[ovs-git] [ovn-org/ovn] 53f60c: Clear port binding flows when datapath CT zone cha...

Mark Michelson noreply at github.com
Tue Nov 24 07:02:39 UTC 2020

  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: 53f60c7ab742cba0b3dd84b73658e0bbd44ec145
  Author: Mark Michelson <mmichels at redhat.com>
  Date:   2020-11-24 (Tue, 24 Nov 2020)

  Changed paths:
    M controller/ovn-controller.c
    M controller/physical.c
    M controller/physical.h

  Log Message:
  Clear port binding flows when datapath CT zone changes.

In commit f9cab11d5fabe2ae321a3b4bad5972b61df958c0, a LOG_TO_PHY flow
was changed so that it was no longer associated with a particular port
binding. The logic there was that the particular flow contains data
pertaining to the port binding's peer's datapath, so it didn't make
sense to associate the flow with the port binding. This change was
necessary in order for flows to be recalculated properly if the
requested SNAT CT zone on a gateway router was changed. Since the
datapath was changed but no port bindings were changed, that particular
flow needed to be cleared so it could be recalculated with the new CT
zones put in place.

Unfortunately, that change broke some other behavior. Specifically, if a
router was changed from a distributed router to a gateway router, then
its port bindings and its port bindings' peers would be updated so that
they were no longer type "patch" but instead type "l3gateway". They
would attempt to remove all associated physical flows and then install
the newly relevant ones. Since the LOG_TO_PHY flow was no longer
associated with a port binding, that flow would remain. The result was
that traffic could be sent to the gateway router on chassis where the
gateway router was not pinned.

This commit seeks to fix both behaviors. Now if CT zones are changed on
a particular datapath, then all port bindings on that datapath, as well
as all of those port bindings' peers will have their physical flows
removed. When physical flows are recomputed, all of the appropriate
flows will be added.

Fixes: f9cab11d5fab("Allow explicit setting of the SNAT zone on a gateway router.")
Signed-off-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Numan Siddique <numans at ovn.org>

More information about the git mailing list