On 5/30/24 20:17, Ilya Maximets wrote:
> On 5/30/24 01:27, William Tu wrote:
>> Add route-table support for ipv4 dst via ipv6. One use case is BGP
>> unnumbered, a mechanism that establishes peering sessions without the
>> need to explicitly configure IPv4 addresses on the interfaces involved
>> in the peering. Without using IPv4 address assignments, it uses
>> link-local IPv6 addresses of the directly connected neighbors for
>> peering purposes. For example, BGP might install the following route:
>> $ ip route get 100.87.18.3
>> 100.87.18.3 via inet6 fe80::920a:84ff:fe9e:9570 \
>> dev br-phy src 100.87.18.6
>>
>> Note that the v6 addr fe80::920a:84ff:fe9e:9570 is not being used in
>> the packet header, but only used for lookup the out dev br-phy.
>> Currently OVS can only support either all-ipv4 or all-ipv6, the patch
>> adds support for such use case.
>>
>> Reported-at:
>> https://mail.openvswitch.org/pipermail/ovs-discuss/2024-January/052908.html
>> Acked-by: Simon Horman <ho...@ovn.org>
>> Signed-off-by: William Tu <w...@nvidia.com>
>> ---
>> v5: fix minor CI failure
>> v4: feedback from Ilya
>> - add route del test case, wrap around test width
>> - not set neighbor cache manually
>> - on br-phy, use /32 on address in steead of /24
>> compare v3 and v4
>> https://github.com/williamtu/ovs/compare/router..router-v4
>> v3: add vxlan test, remove rfc
>> v2: fix CI error
>> ---
>
> <snip>
>
>> diff --git a/tests/tunnel-push-pop.at b/tests/tunnel-push-pop.at
>> index 508737c53ec6..7266f0990570 100644
>> --- a/tests/tunnel-push-pop.at
>> +++ b/tests/tunnel-push-pop.at
>> @@ -196,6 +196,69 @@ OVS_WAIT_UNTIL([test `ovs-pcap p0.pcap | grep
>> 100022eb0000000120000237 | wc -l`
>> OVS_VSWITCHD_STOP
>> AT_CLEANUP
>>
>> +AT_SETUP([tunnel_push_pop - v4 via v6 route])
>> +
>> +OVS_VSWITCHD_START([add-port br0 p0 -- set Interface p0 type=dummy
>> ofport_request=1 other-config:hwaddr=aa:55:aa:55:00:00])
>> +AT_CHECK([ovs-vsctl add-br int-br -- set bridge int-br
>> datapath_type=dummy], [0])
>> +AT_CHECK([ovs-vsctl add-port int-br t1 -- set Interface t1 type=vxlan \
>> + options:remote_ip=1.1.2.92 options:key=123
>> ofport_request=1\
>> + ], [0])
>> +
>> +AT_CHECK([ovs-appctl dpif/show], [0], [dnl
>> +dummy@ovs-dummy: hit:0 missed:0
>> + br0:
>> + br0 65534/100: (dummy-internal)
>> + p0 1/1: (dummy)
>> + int-br:
>> + int-br 65534/2: (dummy-internal)
>> + t1 1/4789: (vxlan: key=123, remote_ip=1.1.2.92)
>> +])
>> +
>> +AT_CHECK([ovs-ofctl add-flow br0 action=normal])
>> +
>> +dnl Setup dummy interface IP addresses.
>> +AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/32], [0], [OK
>> +])
>> +AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/64], [0], [OK
>> +])
>> +dnl Add a static v4 via v6 route
>> +AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/32 br0 2001:cafe::10
>> src=1.1.2.89], [0], [OK
>> +])
>> +
>> +AT_CHECK([ovs-appctl ovs/route/show | grep br0 | sort], [0], [dnl
>> +Cached: 1.1.2.88/32 dev br0 SRC 1.1.2.88 local
>> +Cached: 2001:cafe::/64 dev br0 SRC 2001:cafe::88 local
>> +User: 1.1.2.92/32 dev br0 GW 2001:cafe::10 SRC 1.1.2.89
>> +])
>> +
>> +dnl Check ARP Snoop
>> +AT_CHECK([ovs-appctl netdev-dummy/receive p0 'recirc_id(0),in_port(100),dnl
>> +eth(src=f8:bc:12:44:34:b6,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),dnl
>> +arp(sip=1.1.2.92,tip=1.1.2.88,op=2,sha=f8:bc:12:44:34:b6,tha=00:00:00:00:00:00)'])
>
> This is still not a correct test, we would never receive an ARP
> from an IPv6-only network. This must be an IPv6 NA packet instead.
>
> All in all, I'd expect the following test to work without modifications
> (unless I mistyped something):
>
> ---
> AT_SETUP([tunnel_push_pop - v4 via v6 route])
>
> OVS_VSWITCHD_START(
> [add-port br0 p0 \
> -- set Interface p0 type=dummy ofport_request=1 \
> other-config:hwaddr=aa:55:aa:55:00:00])
> AT_CHECK([ovs-appctl vlog/set dpif_netdev:dbg])
> AT_CHECK([ovs-vsctl add-br int-br -- set bridge int-br datapath_type=dummy])
> AT_CHECK([ovs-vsctl add-port int-br t2 \
> -- set Interface t2 type=geneve \
> options:remote_ip=1.1.2.92 \
> options:key=123 ofport_request=2])
>
> dnl Setup IP addresses.
> AT_CHECK([ovs-appctl netdev-dummy/ip4addr br0 1.1.2.88/32], [0], [OK
> ])
> AT_CHECK([ovs-appctl netdev-dummy/ip6addr br0 2001:cafe::88/64], [0], [OK
> ])
> dnl Adding a static v4 via v6 route.
> AT_CHECK([ovs-appctl ovs/route/add 1.1.2.92/32 br0 2001:cafe::10
> src=1.1.2.88], [0], [OK
> ])
>
> dnl Checking that a local route for added IP was successfully installed.
> AT_CHECK([ovs-appctl ovs/route/show | grep br0 | sort], [0], [dnl
> Cached: 1.1.2.88/32 dev br0 SRC 1.1.2.88 local
> Cached: 2001:cafe::/64 dev br0 SRC 2001:cafe::88 local
> User: 1.1.2.92/32 dev br0 GW 2001:cafe::10 SRC 1.1.2.88
> ])
>
> AT_CHECK([ovs-ofctl add-flow br0 action=normal])
> AT_CHECK([ovs-ofctl add-flow int-br action=normal])
>
> AT_CHECK([ovs-vsctl -- set Interface p0 options:tx_pcap=p0.pcap])
>
> dnl Check that v4-over-v6 route is used in the trace and that a tunnel
> neighbor
> dnl lookup miss generates ND and not an ARP.
> AT_CHECK([ovs-appctl ofproto/trace int-br in_port=LOCAL \
> | grep -E 'tunnel|neighbor|actions'], [0], [dnl
> -> output to native tunnel
> -> tunneling to 2001:cafe::10 via br0
> -> neighbor cache miss for 2001:cafe::10 on bridge br0, sending ND
> request
> Datapath actions: drop
> ])
>
> dnl Check that the correct Neighbor Solicitation was sent out via p0.
> m4_define([ND_NS_PACKET], [m4_joinall([,],
> [eth_src=aa:55:aa:55:00:00,eth_dst=33:33:ff:00:00:10,eth_type=0x86dd],
> [ipv6_src=2001:cafe::88,ipv6_dst=ff02::1:ff00:10],
> [nw_proto=58,nw_ttl=255,nw_frag=no],
> [icmpv6_type=135,icmpv6_code=0],
> [nd_target=2001:cafe::10,nd_options_type=1,nd_sll=aa:55:aa:55:00:00])])
>
> OVS_WAIT_UNTIL([test $(ovs-pcap p0.pcap \
> | grep -c "$(ovs-ofctl compose-packet --bare 'ND_NS_PACKET')") -eq 1])
>
> dnl Now send a Neighbor Advertisement from p0 which has two effects:
> dnl 1. The neighbor cache will learn that 2001:cafe::10 is at
> f8:bc:12:44:34:b6.
> dnl 2. The br0 mac learning will learn that f8:bc:12:44:34:b6 is on p0.
> AT_CHECK([ovs-appctl netdev-dummy/receive p0 dnl
> 'recirc_id(0),in_port(1),dnl
> eth(src=f8:bc:12:44:34:b6,dst=aa:55:aa:55:00:00),eth_type(0x86dd),dnl
>
> ipv6(src=2001:cafe::10,dst=2001:cafe::88,label=0,proto=58,tclass=0,hlimit=255,frag=no),dnl
> icmpv6(type=136,code=0),dnl
> nd(target=2001:cafe::10,sll=00:00:00:00:00:00,tll=f8:bc:12:44:34:b6)'
> ])
>
> dnl Check that v4-over-v6 route is used in the trace and the tunnel is
> working.
> AT_CHECK([ovs-appctl ofproto/trace int-br in_port=LOCAL \
> | grep -E 'tunnel|neighbor|actions'], [0], [dnl
> -> output to native tunnel
> -> tunneling to 2001:cafe::10 via br0
> -> tunneling from aa:55:aa:55:00:00 1.1.2.88 to f8:bc:12:44:34:b6
> 2001:cafe::10
Though, I think, we should make this output less confusing, e.g.
-> tunneling from aa:55:aa:55:00:00 1.1.2.88 to 1.1.2.92 via
f8:bc:12:44:34:b6 2001:cafe::10
Or something like that. Otherwise it's lacking the actual destination
IP information and may be hard to understand.
> Datapath actions: tnl_push(tnl_port(6081),header(size=50,type=5,dnl
> eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x0800),dnl
> ipv4(src=1.1.2.88,dst=1.1.2.92,proto=17,tos=0,ttl=64,frag=0x4000),dnl
> udp(src=0,dst=6081,csum=0x0),geneve(vni=0x7b)),out_port(100)),1
> ])
>
> dnl Now check that the packet is actually encapsulated and delivered.
> packet=50540000000a5054000000091234
> eth=f8bc124434b6aa55aa5500000800
> ip4=450000320000400040113406010102580101025c
> dnl Source port is based on a packet hash, so it may differ depending on the
> dnl compiler flags and CPU type. Masked with '....'.
> udp=....17c1001e0000
> geneve=0000655800007b00
> encap=${eth}${ip4}${udp}${geneve}
> dnl Output to the tunnel from the int-br internal port.
> dnl Checking that the packet arrived and it was correctly encapsulated.
> AT_CHECK([ovs-appctl netdev-dummy/receive int-br "${packet}"])
> OVS_WAIT_UNTIL([test $(ovs-pcap p0.pcap | grep -c "${encap}${packet}") -eq 1])
>
> dnl Sending again to exercise the non-miss upcall path.
> AT_CHECK([ovs-appctl netdev-dummy/receive int-br "${packet}"])
> OVS_WAIT_UNTIL([test $(ovs-pcap p0.pcap | grep -c "${encap}${packet}") -eq 2])
>
> dnl Finally, checking that the datapath flow is also correct.
> AT_CHECK([ovs-appctl dpctl/dump-flows | grep tnl_push \
> | strip_ufid | strip_used], [0], [dnl
> recirc_id(0),in_port(2),packet_type(ns=0,id=0),dnl
> eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),eth_type(0x1234), dnl
> packets:1, bytes:14, used:0.0s, dnl
> actions:tnl_push(tnl_port(6081),header(size=50,type=5,dnl
> eth(dst=f8:bc:12:44:34:b6,src=aa:55:aa:55:00:00,dl_type=0x0800),dnl
> ipv4(src=1.1.2.88,dst=1.1.2.92,proto=17,tos=0,ttl=64,frag=0x4000),dnl
> udp(src=0,dst=6081,csum=0x0),geneve(vni=0x7b)),out_port(100)),1
> ])
>
> OVS_VSWITCHD_STOP
> AT_CLEANUP
> ---
>
> With the current version of a patch it fails on the tunnel neighbor
> lookup because it looks for IPv4 neighbor and there are no IPv4
> neighbors in this setup, all the neighbors are IPv6-only.
>
> Best regards, Ilya Maximets.
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
