On 11/17/20 3:28 PM, num...@ovn.org wrote:
> From: Numan Siddique <num...@ovn.org>
>
> Presently to handle the load balancer hairpin traffic (the traffic destined
> to the
> load balancer VIP is dnatted to the backend which originated the traffic),
> ovn-northd
> adds a lot of logical flows to check this scenario. This patch attempts to
> reduce the
> these logical flows. Each ovn-controller will read the load balancers from
> the newly added southbound Load_Balancer table and adds the load balancer
> hairpin OF
> flows in the table 68, 69 and 70. If suppose a below load balancer is
> configured
>
> 10.0.0.10:80 = 10.0.0.4:8080, 10.0.0.5:8090, then the below flows are added
>
> table=68, ip.src = 10.0.0.4,ip.dst=10.0.0.4,tcp.dst=8080
> actions=load:1->NXM_NX_REG10[7]
> table=68, ip.src = 10.0.0.5,ip.dst=10.0.0.5,tcp.dst=8090
> actions=load:1->NXM_NX_REG10[7]
> table=69, ip.src = 10.0.0.4,ip.dst=10.0.0.10,tcp.src=8080
> actions=load:1->NXM_NX_REG10[7]
> table=69, ip.src = 10.0.0.5,ip.dst=10.0.0.10,tcp.src=8090
> actions=load:1->NXM_NX_REG10[7]
> table=70, ct.trk && ct.dnat && ct.nw_dst == 10.0.0.10. actions=ct(commit,
> zone=reg12, nat(src=10.0.0.5))
>
> Upcoming patch will add OVN actions which does the lookup in these tables to
> handle the
> hairpin traffic.
>
> Signed-off-by: Numan Siddique <num...@ovn.org>
> ---
> controller/lflow.c | 231 +++++++++++++++++
> controller/lflow.h | 6 +-
> controller/ovn-controller.c | 27 +-
> include/ovn/logical-fields.h | 3 +
> tests/ovn.at | 469 +++++++++++++++++++++++++++++++++++
> 5 files changed, 734 insertions(+), 2 deletions(-)
>
> diff --git a/controller/lflow.c b/controller/lflow.c
> index f631679c3f..5469860e1f 100644
> --- a/controller/lflow.c
> +++ b/controller/lflow.c
> @@ -26,6 +26,7 @@
> #include "ovn-controller.h"
> #include "ovn/actions.h"
> #include "ovn/expr.h"
> +#include "lib/lb.h"
> #include "lib/ovn-l7.h"
> #include "lib/ovn-sb-idl.h"
> #include "lib/extend-table.h"
> @@ -1138,6 +1139,191 @@ add_neighbor_flows(struct ovsdb_idl_index
> *sbrec_port_binding_by_name,
> }
> }
>
> +static void
> +add_lb_vip_hairpin_flows(struct ovn_controller_lb *lb,
> + struct ovn_lb_vip *lb_vip,
> + struct ovn_lb_backend *lb_backend,
> + uint8_t lb_proto,
> + struct ovn_desired_flow_table *flow_table)
> +{
> + uint64_t stub[1024 / 8];
> + struct ofpbuf ofpacts = OFPBUF_STUB_INITIALIZER(stub);
> +
> + uint8_t value = 1;
> + put_load(&value, sizeof value, MFF_LOG_FLAGS,
> + MLF_LOOKUP_LB_HAIRPIN_BIT, 1, &ofpacts);
> +
> + struct match hairpin_match = MATCH_CATCHALL_INITIALIZER;
> + struct match hairpin_reply_match = MATCH_CATCHALL_INITIALIZER;
> +
> + if (IN6_IS_ADDR_V4MAPPED(&lb_vip->vip)) {
> + ovs_be32 ip4 = in6_addr_get_mapped_ipv4(&lb_backend->ip);
> +
> + match_set_dl_type(&hairpin_match, htons(ETH_TYPE_IP));
> + match_set_nw_src(&hairpin_match, ip4);
> + match_set_nw_dst(&hairpin_match, ip4);
> +
> + match_set_dl_type(&hairpin_reply_match,
> + htons(ETH_TYPE_IP));
> + match_set_nw_src(&hairpin_reply_match, ip4);
> + match_set_nw_dst(&hairpin_reply_match,
> + in6_addr_get_mapped_ipv4(&lb_vip->vip));
> + } else {
> + match_set_dl_type(&hairpin_match, htons(ETH_TYPE_IPV6));
> + match_set_ipv6_src(&hairpin_match, &lb_backend->ip);
> + match_set_ipv6_dst(&hairpin_match, &lb_backend->ip);
> +
> + match_set_dl_type(&hairpin_reply_match,
> + htons(ETH_TYPE_IPV6));
> + match_set_ipv6_src(&hairpin_reply_match, &lb_backend->ip);
> + match_set_ipv6_dst(&hairpin_reply_match, &lb_vip->vip);
> + }
> +
> + if (lb_backend->port) {
> + match_set_nw_proto(&hairpin_match, lb_proto);
> + match_set_tp_dst(&hairpin_match, htons(lb_backend->port));
> +
> + match_set_nw_proto(&hairpin_reply_match, lb_proto);
> + match_set_tp_src(&hairpin_reply_match,
> + htons(lb_backend->port));
Nit: indent.
Otherwise, this patch looks good to me, thanks!
Acked-by: Dumitru Ceara <dce...@redhat.com>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
