On Tue, Nov 10, 2020 at 8:06 AM Ihar Hrachyshka <ihrac...@redhat.com> wrote:
>
> A new other_config:vlan-passthru knob is added to Logical-Switches. When
> true, VLAN tagged incoming traffic is allowed. This option can be used
> to implement OpenStack Network VLAN transparency API extension [1].
>
> [1]
> https://docs.openstack.org/api-ref/network/v2/index.html#vlan-transparency-extension
>
> Signed-off-by: Ihar Hrachyshka <ihrac...@redhat.com>
Thanks for the patch.
I applied this patch to master with the changes below in the test file
which adds "check" before
the ovn-nbctl commands.
****
diff --git a/tests/ovn.at b/tests/ovn.at
index 1d11ba812..ce62fa231 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -2987,12 +2987,11 @@ AT_CLEANUP
AT_SETUP([ovn -- VLAN transparency, passthru=true])
ovn_start
-ovn-nbctl ls-add ls
-ovn-nbctl --wait=sb add Logical-Switch ls other_config vlan-passthru=true
+check ovn-nbctl ls-add ls
+check ovn-nbctl --wait=sb add Logical-Switch ls other_config vlan-passthru=true
for i in 1 2; do
- ovn-nbctl lsp-add ls lsp$i
- ovn-nbctl lsp-set-addresses lsp$i f0:00:00:00:00:0$i
- #ovn-nbctl lsp-set-port-security lsp$i f0:00:00:00:00:0$i
+ check ovn-nbctl lsp-add ls lsp$i
+ check ovn-nbctl lsp-set-addresses lsp$i f0:00:00:00:00:0$i
done
net_add physnet
@@ -3035,11 +3034,11 @@ AT_CLEANUP
AT_SETUP([ovn -- VLAN transparency, passthru=false])
ovn_start
-ovn-nbctl ls-add ls
-ovn-nbctl --wait=sb add Logical-Switch ls other_config vlan-passthru=false
+check ovn-nbctl ls-add ls
+check ovn-nbctl --wait=sb add Logical-Switch ls other_config
vlan-passthru=false
for i in 1 2; do
- ovn-nbctl lsp-add ls lsp$i
- ovn-nbctl lsp-set-addresses lsp$i f0:00:00:00:00:0$i
+ check ovn-nbctl lsp-add ls lsp$i
+ check ovn-nbctl lsp-set-addresses lsp$i f0:00:00:00:00:0$i
done
net_add physnet
****
Numan
> ---
> NEWS | 2 +
> northd/ovn-northd.c | 14 +++++--
> ovn-nb.xml | 7 ++++
> tests/ovn.at | 93 +++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 113 insertions(+), 3 deletions(-)
>
> diff --git a/NEWS b/NEWS
> index 47ffc27b8..601023067 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -6,6 +6,8 @@ Post-v20.09.0
> removed. See ovn-nb(5) for advice on how to update your config if
> needed.
> - Add IPv4 iPXE support introducing "bootfile_name_alt" option to ovn dhcp
> server.
> + - Support other_config:vlan-passthru=true to allow VLAN tagged incoming
> + traffic.
>
> OVN v20.09.0 - 28 Sep 2020
> --------------------------
> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> index dbe5fa676..8f134a048 100644
> --- a/northd/ovn-northd.c
> +++ b/northd/ovn-northd.c
> @@ -6803,6 +6803,12 @@
> build_drop_arp_nd_flows_for_unbound_router_ports(struct ovn_port *op,
> ds_destroy(&match);
> }
>
> +static bool
> +is_vlan_transparent(const struct ovn_datapath *od)
> +{
> + return smap_get_bool(&od->nbs->other_config, "vlan-passthru", false);
> +}
> +
> static void
> build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
> struct hmap *port_groups, struct hmap *lflows,
> @@ -6850,9 +6856,11 @@ build_lswitch_flows(struct hmap *datapaths, struct
> hmap *ports,
> continue;
> }
>
> - /* Logical VLANs not supported. */
> - ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100,
> "vlan.present",
> - "drop;");
> + if (!is_vlan_transparent(od)) {
> + /* Block logical VLANs. */
> + ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100,
> + "vlan.present", "drop;");
> + }
>
> /* Broadcast/multicast source address is invalid. */
> ovn_lflow_add(lflows, od, S_SWITCH_IN_PORT_SEC_L2, 100,
> "eth.src[40]",
> diff --git a/ovn-nb.xml b/ovn-nb.xml
> index 5e8635992..5704eabea 100644
> --- a/ovn-nb.xml
> +++ b/ovn-nb.xml
> @@ -525,6 +525,13 @@
> </column>
> </group>
>
> + <group title="Other options">
> + <column name="other_config" key="vlan-passthru"
> + type='{"type": "boolean"}'>
> + Determines whether VLAN tagged incoming traffic should be allowed.
> + </column>
> + </group>
> +
> <group title="Common Columns">
> <column name="external_ids">
> See <em>External IDs</em> at the beginning of this document.
> diff --git a/tests/ovn.at b/tests/ovn.at
> index 1c29cdf26..3d3811888 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -2984,6 +2984,99 @@ OVN_CLEANUP([hv-1],[hv-2])
>
> AT_CLEANUP
>
> +AT_SETUP([ovn -- VLAN transparency, passthru=true])
> +ovn_start
> +
> +ovn-nbctl ls-add ls
> +ovn-nbctl --wait=sb add Logical-Switch ls other_config vlan-passthru=true
> +for i in 1 2; do
> + ovn-nbctl lsp-add ls lsp$i
> + ovn-nbctl lsp-set-addresses lsp$i f0:00:00:00:00:0$i
> + #ovn-nbctl lsp-set-port-security lsp$i f0:00:00:00:00:0$i
> +done
> +
> +net_add physnet
> +ovs-vsctl add-br br-phys
> +ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet:br-phys
> +ovn_attach physnet br-phys 192.168.0.1
> +
> +for i in 1 2; do
> + ovs-vsctl add-port br-int vif$i -- set Interface vif$i
> external-ids:iface-id=lsp$i \
> + options:tx_pcap=vif$i-tx.pcap \
> + options:rxq_pcap=vif$i-rx.pcap \
> + ofport-request=$i
> + OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lsp$i` = xup])
> +done
> +
> +test_packet() {
> + local inport=$1 dst=$2 src=$3 eth=$4 eout=$5 lout=$6
> +
> + # First try tracing the packet.
> + uflow="inport==\"lsp$inport\" && eth.dst==$dst && eth.src==$src &&
> eth.type==0x$eth && vlan.present==1"
> + echo "output(\"$lout\");" > expout
> + AT_CAPTURE_FILE([trace])
> + AT_CHECK([ovn-trace --all ls "$uflow" | tee trace | sed '1,/Minimal
> trace/d'], [0], [expout])
> +
> + # Then actually send a packet, for an end-to-end test.
> + local packet=$(echo $dst$src | sed 's/://g')${eth}fefefefe
> + vif=vif$inport
> + ovs-appctl netdev-dummy/receive $vif $packet
> + echo $packet >> ${eout#lsp}.expected
> +}
> +
> +test_packet 1 f0:00:00:00:00:02 f0:00:00:00:00:01 8100 lsp2 lsp2
> +test_packet 2 f0:00:00:00:00:01 f0:00:00:00:00:02 8100 lsp1 lsp1
> +for i in 1 2; do
> + OVN_CHECK_PACKETS_REMOVE_BROADCAST([vif$i-tx.pcap], [$i.expected])
> +done
> +
> +AT_CLEANUP
> +
> +AT_SETUP([ovn -- VLAN transparency, passthru=false])
> +ovn_start
> +
> +ovn-nbctl ls-add ls
> +ovn-nbctl --wait=sb add Logical-Switch ls other_config vlan-passthru=false
> +for i in 1 2; do
> + ovn-nbctl lsp-add ls lsp$i
> + ovn-nbctl lsp-set-addresses lsp$i f0:00:00:00:00:0$i
> +done
> +
> +net_add physnet
> +ovs-vsctl add-br br-phys
> +ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet:br-phys
> +ovn_attach physnet br-phys 192.168.0.1
> +
> +for i in 1 2; do
> + ovs-vsctl add-port br-int vif$i -- set Interface vif$i
> external-ids:iface-id=lsp$i \
> + options:tx_pcap=vif$i-tx.pcap \
> + options:rxq_pcap=vif$i-rx.pcap \
> + ofport-request=$i
> + OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lsp$i` = xup])
> +
> + : > $i.expected
> +done
> +
> +test_packet() {
> + local inport=$1 dst=$2 src=$3 eth=$4 eout=$5 lout=$6
> +
> + # First try tracing the packet.
> + uflow="inport==\"lsp$inport\" && eth.dst==$dst && eth.src==$src &&
> eth.type==0x$eth && vlan.present==1"
> + AT_CHECK([ovn-trace --all ls "$uflow" | grep drop], [0], [ignore])
> +
> + # Then actually send a packet, for an end-to-end test.
> + local packet=$(echo $dst$src | sed 's/://g')${eth}fefefefe
> + ovs-appctl netdev-dummy/receive vif$inport $packet
> +}
> +
> +test_packet 1 f0:00:00:00:00:02 f0:00:00:00:00:01 8100 lsp2 lsp2
> +test_packet 2 f0:00:00:00:00:01 f0:00:00:00:00:02 8100 lsp1 lsp1
> +for i in 1 2; do
> + OVN_CHECK_PACKETS_REMOVE_BROADCAST([vif$i-tx.pcap], [$i.expected])
> +done
> +
> +AT_CLEANUP
> +
> AT_SETUP([ovn -- 2 HVs, 1 LS, no switching between multiple localnet ports
> with different tags])
> ovn_start
>
> --
> 2.28.0
>
> _______________________________________________
> dev mailing list
> d...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
