If there wasn't any dnat_and_snat configuration for LS that was
connected to GW LR and DGP we would actually drop the ARP requests
coming into GW router from localnet network. Add flows for GW LR ports
that should ensure we will not drop legitimate requests.
Fixes: 1b4058b9162c ("northd: Process external arps on ha chassis.")
Signed-off-by: Ales Musil <[email protected]>
---
northd/northd.c | 4 +++-
tests/ovn.at | 20 +++++++++++++-------
2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index 734efea65..685f6900c 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -10122,6 +10122,8 @@ build_lswitch_arp_chassis_resident(const struct
ovn_datapath *od,
struct ovn_port *op_r = op->peer;
if (lrp_is_l3dgw(op_r)) {
+ hmapx_add(&resident_ports, op_r->cr_port);
+ } else if (op_r->od->is_gw_router) {
hmapx_add(&resident_ports, op_r);
}
}
@@ -10160,7 +10162,7 @@ build_lswitch_arp_chassis_resident(const struct
ovn_datapath *od,
ds_put_format(&match, REGBIT_EXT_ARP" == 1");
if (od_is_centralized(op->od)) {
ds_put_format(&match, " && is_chassis_resident(%s)",
- op->cr_port->json_key);
+ op->json_key);
}
ovn_lflow_add(lflows, od, S_SWITCH_IN_APPLY_PORT_SEC, 75,
ds_cstr(&match), "next;", ar->lflow_ref);
diff --git a/tests/ovn.at b/tests/ovn.at
index 6580de6c2..7ffc3df9c 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -31334,13 +31334,6 @@ check ovn-nbctl lrp-set-gateway-chassis lr0-public hv1
20
# Create NAT entries for the ports
-# sw0-port1
-check ovn-nbctl lr-nat-add lr0 dnat_and_snat 172.16.0.110 10.0.0.3 sw0-port1
30:54:00:00:00:03
-check ovn-nbctl lr-nat-add lr0 dnat_and_snat 3000::c 1000::3 sw0-port1
40:54:00:00:00:03
-# sw1-port1
-check ovn-nbctl lr-nat-add lr0 dnat_and_snat 172.16.0.120 20.0.0.3 sw1-port1
30:54:00:00:00:04
-check ovn-nbctl lr-nat-add lr0 dnat_and_snat 3000::d 2000::3 sw1-port1
40:54:00:00:00:04
-
# Add snat entriess
check ovn-nbctl lr-nat-add lr0 snat 172.16.0.100 10.0.0.0/24
check ovn-nbctl lr-nat-add lr0 snat 172.16.0.101 10.0.0.10
@@ -31449,6 +31442,19 @@ test_arp_response 000020201213 $(ip_to_hex 172 16 0
102) hv1 hv2 hv3
test_arp_response 000030303233 $(ip_to_hex 172 16 0 200) hv3 hv1 hv2
test_arp_response 000030303233 $(ip_to_hex 172 16 0 201) hv3 hv1 hv2
+# Add some extra dnat_and_snat, that should generate extra flows for external
ARPs.
+# sw0-port1
+check ovn-nbctl lr-nat-add lr0 dnat_and_snat 172.16.0.110 10.0.0.3 sw0-port1
30:54:00:00:00:03
+check ovn-nbctl lr-nat-add lr0 dnat_and_snat 3000::c 1000::3 sw0-port1
40:54:00:00:00:03
+# sw1-port1
+check ovn-nbctl lr-nat-add lr0 dnat_and_snat 172.16.0.120 20.0.0.3 sw1-port1
30:54:00:00:00:04
+check ovn-nbctl lr-nat-add lr0 dnat_and_snat 3000::d 2000::3 sw1-port1
40:54:00:00:00:04
+check ovn-nbctl --wait=hv sync
+
+# Send ARP request for the IP which belongs to gw_router
+test_arp_response 000030303233 $(ip_to_hex 172 16 0 200) hv3 hv1 hv2
+test_arp_response 000030303233 $(ip_to_hex 172 16 0 201) hv3 hv1 hv2
+
# Make hv3 claim the cr-lr0-public
check ovn-nbctl lrp-set-gateway-chassis lr0-public hv1 20
check ovn-nbctl lrp-set-gateway-chassis lr0-public hv2 30
--
2.53.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
