[ovs-git] [ovn-org/ovn] ff2b6f: ovn-controller: Add 'local_ip' option to tunnel po...

Mark Gray noreply at github.com
Wed Mar 24 11:12:01 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: ff2b6ff697406d3ec31ea480ccd24ca1f3356999
      https://github.com/ovn-org/ovn/commit/ff2b6ff697406d3ec31ea480ccd24ca1f3356999
  Author: Mark Gray <mark.d.gray at redhat.com>
  Date:   2021-03-24 (Wed, 24 Mar 2021)

  Changed paths:
    M controller/chassis.c
    M controller/encaps.c
    M tests/automake.mk
    A tests/ovn-ipsec.at
    M tests/testsuite.at

  Log Message:
  -----------
  ovn-controller: Add 'local_ip' option to tunnel ports for IPsec case

If a chassis has multiple interfaces, 'ovn-encap-ip' can be used
to specify the IP address of the interface that is used for tunnel
traffic. OVN uses that IP address to configure the 'remote_ip' of
a tunnel port. OVS tunnel ports also accept 'options:local_ip', which,
according to the OVS documentation specifies "the tunnel destination
IP that received packets must match. Default is to match all addresses".
OVN does not set 'local_ip'.

'ovs-monitor-ipsec' is an OVS daemon that is used to configure and IPsec
IKE daemon on the host. In order to correctly specify an IPsec
connection, it requires the source and destination IP address of
that connection. In the OVN case, as 'local_ip' is not specified, it
is unable to infer the IP address of both sides of a tunnel and, therefore,
cannot setup an IPsec connection.

This patch configures 'local_ip' on tunnel ports when IPsec has
been enabled. This allows for OVS/OVN IPsec to work when 'ovn-encap-ip'
is not specified as the chassis default gateway interface.

This patch also adds some unit tests. The OVS daemon 'ovs-monitor-ipsec'
requires a number of options to be configured on OVS tunnel ports in order
to function correctly. These unit tests ensure that these options are
configured correctly when IPsec has been enabled through the northbound
database.

Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1924041
Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
Acked-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Numan Siddique <numans at ovn.org>




More information about the git mailing list