[ovs-git] [ovn-org/ovn] ff2b6f: ovn-controller: Add 'local_ip' option to tunnel po...
noreply at github.com
Wed Mar 24 11:12:01 UTC 2021
Author: Mark Gray <mark.d.gray at redhat.com>
Date: 2021-03-24 (Wed, 24 Mar 2021)
ovn-controller: Add 'local_ip' option to tunnel ports for IPsec case
If a chassis has multiple interfaces, 'ovn-encap-ip' can be used
to specify the IP address of the interface that is used for tunnel
traffic. OVN uses that IP address to configure the 'remote_ip' of
a tunnel port. OVS tunnel ports also accept 'options:local_ip', which,
according to the OVS documentation specifies "the tunnel destination
IP that received packets must match. Default is to match all addresses".
OVN does not set 'local_ip'.
'ovs-monitor-ipsec' is an OVS daemon that is used to configure and IPsec
IKE daemon on the host. In order to correctly specify an IPsec
connection, it requires the source and destination IP address of
that connection. In the OVN case, as 'local_ip' is not specified, it
is unable to infer the IP address of both sides of a tunnel and, therefore,
cannot setup an IPsec connection.
This patch configures 'local_ip' on tunnel ports when IPsec has
been enabled. This allows for OVS/OVN IPsec to work when 'ovn-encap-ip'
is not specified as the chassis default gateway interface.
This patch also adds some unit tests. The OVS daemon 'ovs-monitor-ipsec'
requires a number of options to be configured on OVS tunnel ports in order
to function correctly. These unit tests ensure that these options are
configured correctly when IPsec has been enabled through the northbound
Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
Acked-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Numan Siddique <numans at ovn.org>
More information about the git