[ovs-git] [ovn-org/ovn] d0286b: ovn-northd: Match outport for lflows in ROUTER_IN_...

ankursha noreply at github.com
Wed Aug 11 22:48:16 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: d0286bd5a3361d5e8e047cc3a59e2ed1a12aa2fe
      https://github.com/ovn-org/ovn/commit/d0286bd5a3361d5e8e047cc3a59e2ed1a12aa2fe
  Author: Han Zhou <hzhou at ovn.org>
  Date:   2021-08-11 (Wed, 11 Aug 2021)

  Changed paths:
    M northd/ovn-northd.8.xml
    M northd/ovn-northd.c
    M northd/ovn_northd.dl
    M tests/ovn-northd.at

  Log Message:
  -----------
  ovn-northd: Match outport for lflows in ROUTER_IN_LARGER_PKTS.

The commit 1c9e46ab5 removed the outport match from the lflows, which
leads to a problem for gateway routers that have multiple ports
configured with different MTUs. For example, R0 has port P1, P2 and P3.
P2 and P3 both have gateway_mtu configured: P2 mtu = 1400, P3 mtu = 1500.
Below lflows are generated:
  table=16(lr_in_larger_pkts  ), priority=150  , match=(inport == "P1" && ip4 && reg9[[1]] && reg9[[0]] == 0), action=(icmp4_error {... icmp4.frag_mtu = 1400; next(pipeline=ingress, table=0); };)
  table=16(lr_in_larger_pkts  ), priority=150  , match=(inport == "P1" && ip4 && reg9[[1]] && reg9[[0]] == 0), action=(icmp4_error {... icmp4.frag_mtu = 1500; next(pipeline=ingress, table=0); };)

These two lflows have exact same match, but different actions (with
different MTUs). This will result in a random one gets installed by
ovn-controller and the icmp4_error message may contain incorrect mtu.
This patch fixes it by adding the outport back for these flows, so that
mtu that matches the outport setting is used in the generated icmp error
messages.

Another problem of the commit is that the ddlog part used Flow instead
of MeterFlow for the gateway router flows that generates icmp errors,
while the flows for Distributed Gateway Ports use MeterFlow. This patch
also fixes that by combining the DGP and gateway router code using
MeterFlow. The check for DGP and Gateway Router is removed to simplify
the code, because checking the gateway_mtu config should be sufficient,
which also makes it consistent with the flows in the ADMISSION and
IP_INPUT stages where we didn't check DGP and gateway router but only
the gateway_mtu settings.

Fixes: 1c9e46ab5 ("northd: add check_pkt_larger lflows for ingress traffic")
Signed-off-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numans at ovn.org>


  Commit: 15348b7b806f7a9680606c3e9348708980129949
      https://github.com/ovn-org/ovn/commit/15348b7b806f7a9680606c3e9348708980129949
  Author: Ankur Sharma <ankurmnnit2004 at gmail.com>
  Date:   2021-08-11 (Wed, 11 Aug 2021)

  Changed paths:
    M NEWS
    M northd/lrouter.dl
    M northd/ovn-northd.8.xml
    M northd/ovn-northd.c
    M northd/ovn_northd.dl
    M ovn-architecture.7.xml
    M ovn-nb.xml
    M tests/ovn-northd.at
    M tests/ovn.at

  Log Message:
  -----------
  ovn-northd: Multiple distributed gateway port support.

By default, OVN support only one DGP (distributed gateway port) per
logical router. While a single DGP port suffices for most of the North
South connectivity, there are requirements where a logical router could
be connected to multiple external networks and based on routing decision
packet could go to different ones.

This patch adds flexibility of having multiple DGPs per logical router.

Changes can classified as following:
a. Data structure changes to allow multiple DGPs per ovn_datapath.

b. Consumption of new data structure in logical flows for
   individual features.

c. Features that require changes are:
   i. Regular NS traffic flow.
  ii. Network Address Translation.
 iii. Load Balancer
  iv. Gateway_mtu.
   v. reside-on-redirect-chassis
  vi. Misc code sections that assumed a single DGP.

d. Except for reside-on-redirect-chassis all the other features
   could be extended to multiple DGPs. Reside on redirect
   chassis with its current specification could not be extended
   and hence should be used only with the logical router that
   has a single DGP.

This patch doesn't support NAT & load-balancer features for multiple
DGPs yet, but added validations that disables NAT/load-balancer
features when there are more than one DGP configured per router.

Signed-off-by: Ankur Sharma <ankurmnnit2004 at gmail.com>
Co-authored-by: Dhathri Purohith <dhathri.purohith at nutanix.com>
Signed-off-by: Dhathri Purohith <dhathri.purohith at nutanix.com>
Co-authored-by: Abhiram Sangana <sangana.abhiram at nutanix.com>
Signed-off-by: Abhiram Sangana <sangana.abhiram at nutanix.com>
Co-authored-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numans at ovn.org>


Compare: https://github.com/ovn-org/ovn/compare/d08f89e219e1...15348b7b806f


More information about the git mailing list