Thanks for the feedback Felix
On Wed, 2025-01-29 at 17:17 +0100, Felix Huettner wrote:
> Hi Martin,
>
> i took a look now at the actual patch. Please find some comments
> below.
>
> On Thu, Jan 23, 2025 at 02:59:30PM +0100, Martin Kalcok wrote:
> > This change builds on top of the new "dynamic routing" OVN feature
> > that allows advertising routes to the fabric network. When LR
> > option
> > "dynamic-routing" is set on the router, following two new LRP
> > options
> > become available:
> >
> > * redistribute-nat - When set to "true", ovn-controller will
> > advertise
> > routes for external NAT IPs valid for the LRP.
> > * redistribute-lb-vips - When set to "true", ovn-controller will
> > advertise
> > host routes to LB VIPs via the LRP.
> >
> > Co-authored-by: Frode Nordahl <[email protected]>
> > Signed-off-by: Frode Nordahl <[email protected]>
> > Signed-off-by: Martin Kalcok <[email protected]>
> > ---
> > NEWS | 4 +
> > northd/en-advertised-route-sync.c | 11 +
> > northd/inc-proc-northd.c | 4 +
> > northd/northd.c | 98 +++++++-
> > northd/northd.h | 4 +
> > ovn-nb.xml | 31 +++
> > tests/system-ovn.at | 379
> > ++++++++++++++++++++++++++++++
> > 7 files changed, 530 insertions(+), 1 deletion(-)
> >
> > diff --git a/NEWS b/NEWS
> > index f526013f1..ad5b74b2e 100644
> > --- a/NEWS
> > +++ b/NEWS
> > @@ -24,6 +24,10 @@ Post v24.09.0
> > a lower priority than static routes.
> > - Add the option "dynamic-routing-connected-as-host-routes" to
> > LRPs. If set
> > to true then connected routes are announced as individual
> > host routes.
> > + - Add 'redistribute-lb-vips' LRP option. If set to true, the
> > LRP can be used
> > + to advertise host paths to the Load Balancer VIPs associated
> > with the LR.
> > + - Add 'redistribute-nat' LRP option. If set to true, the LRP
> > can be used
> > + to advertise external NAT IPs associated with it.
> >
> > OVN v24.09.0 - 13 Sep 2024
> > --------------------------
> > diff --git a/northd/en-advertised-route-sync.c b/northd/en-
> > advertised-route-sync.c
> > index 065c73861..b6786b3af 100644
> > --- a/northd/en-advertised-route-sync.c
> > +++ b/northd/en-advertised-route-sync.c
> > @@ -421,9 +421,20 @@ advertised_route_table_sync(
> > "dynamic-routing-static"))
> > {
> > continue;
> > }
> > + if (route->source == ROUTE_SOURCE_NAT &&
> > + !smap_get_bool(&route->out_port->nbrp->options,
> > + "redistribute-nat", false)) {
> > + continue;
> > + }
>
> For the ROUTE_SOURCE_NAT you could probably also set tracked_port if
> you
> want. You would however need to find the LSP that the NAT points to.
> This would allow you to have different priorities on the advertised
> routes depending on locality.
Yeah, as you discussed in the other thread with fnordahl, getting the
backing LSP might be tricky since there may be none at the time of
LB/NAT rule creation. but I'm looking into it.
>
> > + if (route->source == ROUTE_SOURCE_LB &&
> > + !smap_get_bool(&route->out_port->nbrp->options,
> > + "redistribute-lb-vips", false)) {
> > + continue;
> > + }
> >
> > char *ip_prefix = normalize_v46_prefix(&route->prefix,
> > route->plen);
> > +
> > ar_sync_to_sb(ovnsb_txn, &sync_routes,
> > route->od->sb,
> > route->out_port->sb,
> > diff --git a/northd/inc-proc-northd.c b/northd/inc-proc-northd.c
> > index ab500a86a..36e1d9993 100644
> > --- a/northd/inc-proc-northd.c
> > +++ b/northd/inc-proc-northd.c
> > @@ -262,6 +262,10 @@ void inc_proc_northd_init(struct
> > ovsdb_idl_loop *nb,
> > engine_add_input(&en_routes, &en_bfd, NULL);
> > engine_add_input(&en_routes, &en_northd,
> > routes_northd_change_handler);
> > + engine_add_input(&en_routes, &en_lr_nat,
> > + NULL);
> > + engine_add_input(&en_routes, &en_lb_data,
> > + NULL);
> >
> > engine_add_input(&en_bfd_sync, &en_bfd, NULL);
> > engine_add_input(&en_bfd_sync, &en_nb_bfd, NULL);
> > diff --git a/northd/northd.c b/northd/northd.c
> > index 23b0769fe..e86208ef8 100644
> > --- a/northd/northd.c
> > +++ b/northd/northd.c
> > @@ -11435,6 +11435,96 @@ parsed_routes_add_connected(const struct
> > ovn_datapath *od,
> > }
> > }
> >
> > +static void
> > +parsed_routes_add_nat(const struct ovn_datapath *od,
> > + const struct ovn_port *op,
> > + struct hmap *routes)
> > +{
> > + if (!op->nbrp || !smap_get_bool(&op->nbrp->options,
> > + "redistribute-nat", false)) {
> > + return;
> > + }
> > +
> > + size_t n_nats = 0;
> > + char **nats = NULL;
> > + nats = get_nat_addresses(op, &n_nats, false, false, NULL,
> > true);
> > +
> > + for (size_t i = 0; i < n_nats; i++) {
> > + struct lport_addresses *laddrs = xzalloc(sizeof *laddrs);
> > + int ofs = 0;
> > + extract_addresses(nats[i], laddrs, &ofs);
> > + for (int j = 0; j < laddrs->n_ipv4_addrs; j++) {
> > + struct ipv4_netaddr *addr = &laddrs->ipv4_addrs[j];
> > + struct in6_addr prefix;
> > + ip46_parse(addr->network_s, &prefix);
> > +
> > + parsed_route_add(od, NULL, &prefix, addr->plen,
> > + false, addr->addr_s, op,
> > + 0, false,
> > + false, NULL, ROUTE_SOURCE_NAT,
> > + &op->nbrp->header_, routes);
> > + }
> > + for (int j = 0; j < laddrs->n_ipv6_addrs; j++) {
> > + struct ipv6_netaddr *addr = &laddrs->ipv6_addrs[j];
> > + parsed_route_add(od, NULL, &addr->addr, addr->plen,
> > + false, addr->addr_s, op,
> > + 0, false,
> > + false, NULL, ROUTE_SOURCE_NAT,
> > + &op->nbrp->header_, routes);
> > + }
> > + destroy_lport_addresses(laddrs);
> > + free(nats[i]);
> > + }
> > + free(nats);
> > +}
> > +
> > +static void
> > +parsed_routes_add_lb(const struct ovn_datapath *od,
> > + const struct ovn_port *op,
> > + struct hmap *routes)
> > +{
> > + if (!op->nbrp || !smap_get_bool(&op->nbrp->options,
> > + "redistribute-lb-vips",
> > false)) {
> > + return;
> > + }
> > +
> > + for (size_t i = 0; i < od->nbr->n_load_balancer; i++) {
> > + struct ovn_northd_lb *lb = ovn_northd_lb_create(
> > + od->nbr-
> > >load_balancer[i]);
> > + for (size_t j = 0; j < lb->n_vips; j++) {
> > + const struct ovn_lb_vip *lb_vip = &lb->vips[j];
> > + if (find_lport_address(&op->lrp_networks, lb_vip-
> > >vip_str)) {
> > + int plen = lb_vip->address_family == AF_INET ? 32
> > : 128;
> > + parsed_route_add(od, NULL, &lb_vip->vip, plen,
> > + false, lb_vip->vip_str, op,
> > + 0, false,
> > + false, NULL, ROUTE_SOURCE_LB,
> > + &op->nbrp->header_, routes);
> > + }
> > + }
> > + }
> > +
> > + for (size_t i = 0; i < od->nbr->n_load_balancer_group; i++) {
> > + struct nbrec_load_balancer_group *lb_group =
> > + od->nbr->load_balancer_group[i];
> > + for (size_t j = 0; j < lb_group->n_load_balancer; j++) {
> > + struct ovn_northd_lb *lb =
> > + ovn_northd_lb_create(lb_group->load_balancer[j]);
> > + for (size_t k = 0; k < lb->n_vips; k++) {
> > + const struct ovn_lb_vip *lb_vip = &lb->vips[k];
> > + if (find_lport_address(&op->lrp_networks, lb_vip-
> > >vip_str)) {
> > + int plen = lb_vip->address_family == AF_INET ?
> > 32 : 128;
> > + parsed_route_add(od, NULL, &lb_vip->vip, plen,
> > + false, lb_vip->vip_str, op,
> > + 0, false,
> > + false, NULL, ROUTE_SOURCE_LB,
> > + &op->nbrp->header_, routes);
> > + }
> > + }
> > + }
> > + }
> > +}
> > +
> > void
> > build_parsed_routes(const struct ovn_datapath *od, const struct
> > hmap *lr_ports,
> > const struct hmap *bfd_connections, struct
> > hmap *routes,
> > @@ -11457,6 +11547,8 @@ build_parsed_routes(const struct
> > ovn_datapath *od, const struct hmap *lr_ports,
> > const struct ovn_port *op;
> > HMAP_FOR_EACH (op, dp_node, &od->ports) {
> > parsed_routes_add_connected(od, op, routes);
> > + parsed_routes_add_nat(od, op, routes);
> > + parsed_routes_add_lb(od, op, routes);
>
> If i get this correctly then this results in two things:
> 1. We write the routes you added here to Advertised_Route
> 2. We install these routes as logical flows in the LR datapath
>
> I am unsure if the second one is intended and i am not sure if it
> would
> result in any behaviour change. But at least i would expect
> additional
> lflows for a logical router affected by this.
>
> If you just wanted to have the first effect you could add a second
> hmap
> containing just the routes that should be advertised and not
> installed.
>
> I would use a second hmap instead of filtering later on as that
> should
> make the change tracking in the future easer.
>
> Thanks a lot,
> Felix
You are right that I didn't intend to install lflows. Do I understand
correctly that the flows are generated in
"build_route_flows_for_lrouter"?
I'm not sure I understand the suggestion about the second hmap, did you
mean that a new hmap would be added to the "struct routes_data"?
Alternatively, I was thinking, maybe we can just skip ROUTE_SOURCE_NAT
|| ROUTE_SOURCE_LB altogether in the "build_route_flows_for_lrouter"
function. What do you think?
Thanks for the review,
Martin.
>
> > }
> >
> > HMAP_FOR_EACH_SAFE (pr, key_node, routes) {
> > @@ -11638,6 +11730,8 @@ route_source_to_offset(enum route_source
> > source)
> > {
> > switch (source) {
> > case ROUTE_SOURCE_CONNECTED:
> > + case ROUTE_SOURCE_NAT:
> > + case ROUTE_SOURCE_LB:
> > return ROUTE_PRIO_OFFSET_CONNECTED;
> > case ROUTE_SOURCE_STATIC:
> > return ROUTE_PRIO_OFFSET_STATIC;
> > @@ -13915,7 +14009,9 @@ build_route_flows_for_lrouter(
> > struct parsed_route *route;
> > HMAP_FOR_EACH_WITH_HASH (route, key_node, uuid_hash(&od->key),
> > parsed_routes) {
> > - if (route->source == ROUTE_SOURCE_CONNECTED) {
> > + if (route->source == ROUTE_SOURCE_CONNECTED ||
> > + route->source == ROUTE_SOURCE_NAT ||
> > + route->source == ROUTE_SOURCE_LB) {
> > unique_routes_add(&unique_routes, route);
> > continue;
> > }
> > diff --git a/northd/northd.h b/northd/northd.h
> > index 3bc6f6f04..117b7421f 100644
> > --- a/northd/northd.h
> > +++ b/northd/northd.h
> > @@ -702,6 +702,10 @@ enum route_source {
> > ROUTE_SOURCE_CONNECTED,
> > /* The route is derived from a northbound static route entry.
> > */
> > ROUTE_SOURCE_STATIC,
> > + /* Host route generated from NAT's external IP. */
> > + ROUTE_SOURCE_NAT,
> > + /* Host route generated from LB's external IP. */
> > + ROUTE_SOURCE_LB,
> > /* the route is learned by an ovn-controller */
> > ROUTE_SOURCE_LEARNED,
> > };
> > diff --git a/ovn-nb.xml b/ovn-nb.xml
> > index c5f182f24..417088a3a 100644
> > --- a/ovn-nb.xml
> > +++ b/ovn-nb.xml
> > @@ -2961,6 +2961,10 @@ or
> > table="Logical_Router_Port"/>
> > * <ref column="options" key="dynamic-routing-static"
> > table="Logical_Router_Port"/>
> > + * <ref column="options" key="redistribute-lb-vips"
> > + table="Logical_Router_Port"/>
> > + * <ref column="options" key="redistribute-nat"
> > + table="Logical_Router_Port"/>
> > </column>
> >
> > <column name="options" key="dynamic-routing-connected"
> > @@ -3798,6 +3802,33 @@ or
> > This allows a single chassis to learn different routes
> > on separate
> > LRPs bound to this chassis.
> > </column>
> > +
> > + <column name="options" key="redistribute-lb-vips"
> > + type='{"type": "boolean"}'>
> > + <p>
> > + Only relevant if <ref column="options" key="dynamic-
> > routing"
> > + table="Logical_Router"/> on the respective
> > Logical_Router is set
> > + to <code>true</code>.
> > +
> > + If this option is <code>true</code>, northd will create
> > host route
> > + entries in the southbound <ref table="Advertised_Route"
> > + db="OVN_Southbound"/> table, associated with this LRP,
> > for each LB
> > + VIP.
> > + </p>
> > + </column>
> > +
> > + <column name="options" key="redistribute-nat" type='{"type":
> > "boolean"}'>
> > + <p>
> > + Only relevant if <ref column="options" key="dynamic-
> > routing"
> > + table="Logical_Router"/> on the respective
> > Logical_Router is set
> > + to <code>true</code>.
> > +
> > + If this option is <code>true</code>, northd will create
> > host route
> > + entries in the southbound <ref table="Advertised_Route"
> > + db="OVN_Southbound"/> table, for external IP addresses
> > of NAT rules
> > + associated with this LRP.
> > + </p>
> > + </column>
> > </group>
> >
> > <group title="Attachment">
> > diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> > index 9dddfc399..1bcab802f 100644
> > --- a/tests/system-ovn.at
> > +++ b/tests/system-ovn.at
> > @@ -15283,3 +15283,382 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/.*error
> > receiving.*/d
> > AT_CLEANUP
> > ])
> >
> > +OVN_FOR_EACH_NORTHD([
> > +AT_SETUP([route-exchange for LB VIPs with gateway router IPv4])
> > +AT_KEYWORDS([route-exchange])
> > +
> > +CHECK_VRF()
> > +CHECK_CONNTRACK()
> > +CHECK_CONNTRACK_NAT()
> > +ovn_start
> > +OVS_TRAFFIC_VSWITCHD_START()
> > +ADD_BR([br-int])
> > +ADD_BR([br-ext], [set Bridge br-ext fail-mode=standalone])
> > +
> > +# Set external-ids in br-int needed for ovn-controller
> > +ovs-vsctl \
> > + -- set Open_vSwitch . external-ids:system-id=hv1 \
> > + -- set Open_vSwitch . external-ids:ovn-
> > remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
> > + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
> > + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1
> > \
> > + -- set bridge br-int fail-mode=secure other-
> > config:disable-in-band=true
> > +
> > +# Start ovn-controller
> > +start_daemon ovn-controller
> > +
> > +ovn-appctl vlog/set route_exchange
> > +check ovn-nbctl -- lr-add R1 \
> > + -- set Logical_Router R1 options:requested-tnl-
> > key=1000 options:dynamic-routing=true
> > +
> > +check ovn-nbctl ls-add sw0
> > +check ovn-nbctl ls-add public
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([ip link | grep -q ovnvrf1000:.*UP], [1])
> > +
> > +check ovn-nbctl lrp-add R1 rp-sw0 00:00:01:01:02:03 192.168.1.1/24
> > +check ovn-nbctl -- lrp-add R1 rp-public 00:00:02:01:02:03
> > 172.16.1.1/24 \
> > + -- lrp-set-options rp-public \
> > + maintain-vrf=true \
> > + redistribute-lb-vips=true
> > +
> > +check ovn-nbctl set logical_router R1 options:chassis=hv1
> > +
> > +check ovn-nbctl lsp-add sw0 sw0-rp -- set Logical_Switch_Port sw0-
> > rp \
> > + type=router options:router-port=rp-sw0 \
> > + -- lsp-set-addresses sw0-rp router
> > +
> > +check ovn-nbctl lsp-add public public-rp -- set
> > Logical_Switch_Port public-rp \
> > + type=router options:router-port=rp-public \
> > + -- lsp-set-addresses public-rp router
> > +
> > +check ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-
> > mappings=phynet:br-ext
> > +
> > +check ovn-nbctl lsp-add public public1 \
> > + -- lsp-set-addresses public1 unknown \
> > + -- lsp-set-type public1 localnet \
> > + -- lsp-set-options public1 network_name=phynet
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([test `ip route show table 1000 | wc -l` -eq 1], [1])
> > +
> > +
> > +# Create a load balancer and associate to R1
> > +check ovn-nbctl lb-add lb1 172.16.1.150:80 172.16.1.100:80
> > +check ovn-nbctl lr-lb-add R1 lb1
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([ip link | grep -q ovnvrf1000:.*UP])
> > +AT_CHECK([test `ip route show table 1000 | wc -l` -eq 1])
> > +AT_CHECK([ip route show table 1000 | grep -q 172.16.1.150])
> > +
> > +OVS_APP_EXIT_AND_WAIT([ovn-controller])
> > +
> > +# Ensure system resources are cleaned up
> > +AT_CHECK([ip link | grep -q ovnvrf1000:.*UP], [1])
> > +AT_CHECK([test `ip route show table 1000 | wc -l` -eq 1], [1])
> > +
> > +as ovn-sb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as ovn-nb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as northd
> > +OVS_APP_EXIT_AND_WAIT([ovn-northd])
> > +
> > +as
> > +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
> > +/Failed to acquire.*/d
> > +/connection dropped.*/d"])
> > +AT_CLEANUP
> > +])
> > +
> > +OVN_FOR_EACH_NORTHD([
> > +AT_SETUP([route-exchange for LB VIPs with gateway router IPv6])
> > +AT_KEYWORDS([route-exchange])
> > +
> > +CHECK_VRF()
> > +CHECK_CONNTRACK()
> > +CHECK_CONNTRACK_NAT()
> > +ovn_start
> > +OVS_TRAFFIC_VSWITCHD_START()
> > +ADD_BR([br-int])
> > +ADD_BR([br-ext], [set Bridge br-ext fail-mode=standalone])
> > +
> > +# Set external-ids in br-int needed for ovn-controller
> > +ovs-vsctl \
> > + -- set Open_vSwitch . external-ids:system-id=hv1 \
> > + -- set Open_vSwitch . external-ids:ovn-
> > remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
> > + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
> > + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1
> > \
> > + -- set bridge br-int fail-mode=secure other-
> > config:disable-in-band=true
> > +
> > +# Start ovn-controller
> > +start_daemon ovn-controller
> > +
> > +ovn-appctl vlog/set route_exchange
> > +check ovn-nbctl -- lr-add R1 \
> > + -- set Logical_Router R1 options:requested-tnl-
> > key=1001 options:dynamic-routing=true
> > +
> > +check ovn-nbctl ls-add sw0
> > +check ovn-nbctl ls-add public
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([ip link | grep -q ovnvrf1001:.*UP], [1])
> > +
> > +check ovn-nbctl lrp-add R1 rp-sw0 00:00:01:01:02:03
> > 2001:db8:100::1/64
> > +check ovn-nbctl -- lrp-add R1 rp-public 00:00:02:01:02:03
> > 2001:db8:1001::1/64 \
> > + -- lrp-set-options rp-public \
> > + maintain-vrf=true \
> > + redistribute-lb-vips=true
> > +
> > +check ovn-nbctl set logical_router R1 options:chassis=hv1
> > +
> > +check ovn-nbctl lsp-add sw0 sw0-rp -- set Logical_Switch_Port sw0-
> > rp \
> > + type=router options:router-port=rp-sw0 \
> > + -- lsp-set-addresses sw0-rp router
> > +
> > +check ovn-nbctl lsp-add public public-rp -- set
> > Logical_Switch_Port public-rp \
> > + type=router options:router-port=rp-public \
> > + -- lsp-set-addresses public-rp router
> > +
> > +check ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-
> > mappings=phynet:br-ext
> > +
> > +check ovn-nbctl lsp-add public public1 \
> > + -- lsp-set-addresses public1 unknown \
> > + -- lsp-set-type public1 localnet \
> > + -- lsp-set-options public1 network_name=phynet
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([test `ip -6 route show table 1001 | wc -l` -eq 1], [1])
> > +
> > +# Create a load balancer and associate to R1
> > +check ovn-nbctl lb-add lb1 [[2001:db8:1001::150]]:80
> > [[2001:db8:1001::100]]:80
> > +check ovn-nbctl lr-lb-add R1 lb1
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([ip link | grep -q ovnvrf1001:.*UP])
> > +AT_CHECK([test `ip -6 route show table 1001 | wc -l` -eq 1])
> > +AT_CHECK([ip -6 route show table 1001 | grep -q
> > 2001:db8:1001::150])
> > +
> > +
> > +OVS_APP_EXIT_AND_WAIT([ovn-controller])
> > +
> > +# Ensure system resources are cleaned up
> > +AT_CHECK([ip link | grep -q ovnvrf1001:.*UP], [1])
> > +AT_CHECK([test `ip -6 route show table 1001 | wc -l` -eq 1], [1])
> > +
> > +as ovn-sb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as ovn-nb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as northd
> > +OVS_APP_EXIT_AND_WAIT([ovn-northd])
> > +
> > +as
> > +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
> > +/Failed to acquire.*/d
> > +/connection dropped.*/d"])
> > +AT_CLEANUP
> > +])
> > +
> > +OVN_FOR_EACH_NORTHD([
> > +AT_SETUP([route-exchange for DNAT and DNAT_AND_SNAT with gateway
> > router IPv4])
> > +AT_KEYWORDS([route-exchange])
> > +
> > +CHECK_VRF()
> > +CHECK_CONNTRACK()
> > +CHECK_CONNTRACK_NAT()
> > +ovn_start
> > +OVS_TRAFFIC_VSWITCHD_START()
> > +ADD_BR([br-int])
> > +ADD_BR([br-ext], [set Bridge br-ext fail-mode=standalone])
> > +
> > +# Set external-ids in br-int needed for ovn-controller
> > +ovs-vsctl \
> > + -- set Open_vSwitch . external-ids:system-id=hv1 \
> > + -- set Open_vSwitch . external-ids:ovn-
> > remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
> > + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
> > + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1
> > \
> > + -- set bridge br-int fail-mode=secure other-
> > config:disable-in-band=true
> > +
> > +# Start ovn-controller
> > +start_daemon ovn-controller
> > +
> > +ovn-appctl vlog/set route_exchange
> > +check ovn-nbctl -- lr-add R1 \
> > + -- set Logical_Router R1 options:requested-tnl-
> > key=1002 options:dynamic-routing=true
> > +
> > +check ovn-nbctl ls-add sw0
> > +check ovn-nbctl ls-add public
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([ip link | grep -q ovnvrf1002:.*UP], [1])
> > +
> > +check ovn-nbctl lrp-add R1 rp-sw0 00:00:01:01:02:03 192.168.1.1/24
> > +check ovn-nbctl -- lrp-add R1 rp-public 00:00:02:01:02:03
> > 172.16.1.1/24 \
> > + -- lrp-set-options rp-public \
> > + maintain-vrf=true \
> > + redistribute-nat=true
> > +
> > +check ovn-nbctl set logical_router R1 options:chassis=hv1
> > +
> > +check ovn-nbctl lsp-add sw0 sw0-rp -- set Logical_Switch_Port sw0-
> > rp \
> > + type=router options:router-port=rp-sw0 \
> > + -- lsp-set-addresses sw0-rp router
> > +
> > +check ovn-nbctl lsp-add public public-rp -- set
> > Logical_Switch_Port public-rp \
> > + type=router options:router-port=rp-public \
> > + -- lsp-set-addresses public-rp router
> > +
> > +check ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-
> > mappings=phynet:br-ext
> > +
> > +check ovn-nbctl lsp-add public public1 \
> > + -- lsp-set-addresses public1 unknown \
> > + -- lsp-set-type public1 localnet \
> > + -- lsp-set-options public1 network_name=phynet
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([test `ip route show table 1002 | wc -l` -eq 2], [1])
> > +
> > +# Create dnat_and_snat, dnat rules in R1
> > +check ovn-nbctl lr-nat-add R1 dnat_and_snat 172.16.1.10
> > 192.168.1.10
> > +check ovn-nbctl lr-nat-add R1 dnat 172.16.1.11 192.168.1.11
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([ip link | grep -q ovnvrf1002:.*UP])
> > +AT_CHECK([test `ip route show table 1002 | wc -l` -eq 2])
> > +AT_CHECK([ip route show table 1002 | grep -q 172.16.1.10])
> > +AT_CHECK([ip route show table 1002 | grep -q 172.16.1.11])
> > +
> > +
> > +OVS_APP_EXIT_AND_WAIT([ovn-controller])
> > +
> > +# Ensure system resources are cleaned up
> > +AT_CHECK([ip link | grep -q ovnvrf1000:.*UP], [1])
> > +AT_CHECK([test `ip route show table 1002 | wc -l` -eq 1], [1])
> > +
> > +as ovn-sb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as ovn-nb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as northd
> > +OVS_APP_EXIT_AND_WAIT([ovn-northd])
> > +
> > +as
> > +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
> > +/Failed to acquire.*/d
> > +/connection dropped.*/d"])
> > +AT_CLEANUP
> > +])
> > +
> > +OVN_FOR_EACH_NORTHD([
> > +AT_SETUP([route-exchange for DNAT and DNAT_AND_SNAT with gateway
> > router IPv6])
> > +AT_KEYWORDS([route-exchange])
> > +
> > +CHECK_VRF()
> > +CHECK_CONNTRACK()
> > +CHECK_CONNTRACK_NAT()
> > +ovn_start
> > +OVS_TRAFFIC_VSWITCHD_START()
> > +ADD_BR([br-int])
> > +ADD_BR([br-ext], [set Bridge br-ext fail-mode=standalone])
> > +
> > +# Set external-ids in br-int needed for ovn-controller
> > +ovs-vsctl \
> > + -- set Open_vSwitch . external-ids:system-id=hv1 \
> > + -- set Open_vSwitch . external-ids:ovn-
> > remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
> > + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
> > + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1
> > \
> > + -- set bridge br-int fail-mode=secure other-
> > config:disable-in-band=true
> > +
> > +# Start ovn-controller
> > +start_daemon ovn-controller
> > +
> > +ovn-appctl vlog/set route_exchange
> > +check ovn-nbctl -- lr-add R1 \
> > + -- set Logical_Router R1 options:requested-tnl-
> > key=1003 options:dynamic-routing=true
> > +
> > +check ovn-nbctl ls-add sw0
> > +check ovn-nbctl ls-add public
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([ip link | grep -q ovnvrf1003:.*UP], [1])
> > +
> > +check ovn-nbctl lrp-add R1 rp-sw0 00:00:01:01:02:03
> > 2001:db8:100::1/64
> > +check ovn-nbctl -- lrp-add R1 rp-public 00:00:02:01:02:03
> > 2001:db8:1003::1/64 \
> > + -- lrp-set-options rp-public \
> > + maintain-vrf=true \
> > + redistribute-nat=true
> > +
> > +check ovn-nbctl set logical_router R1 options:chassis=hv1
> > +
> > +check ovn-nbctl lsp-add sw0 sw0-rp -- set Logical_Switch_Port sw0-
> > rp \
> > + type=router options:router-port=rp-sw0 \
> > + -- lsp-set-addresses sw0-rp router
> > +
> > +check ovn-nbctl lsp-add public public-rp -- set
> > Logical_Switch_Port public-rp \
> > + type=router options:router-port=rp-public \
> > + -- lsp-set-addresses public-rp router
> > +
> > +check ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-
> > mappings=phynet:br-ext
> > +
> > +check ovn-nbctl lsp-add public public1 \
> > + -- lsp-set-addresses public1 unknown \
> > + -- lsp-set-type public1 localnet \
> > + -- lsp-set-options public1 network_name=phynet
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([test `ip -6 route show table 1003 | wc -l` -eq 2], [1])
> > +
> > +# Create dnat_and_snat, dnat rules in R1
> > +check ovn-nbctl lr-nat-add R1 \
> > + dnat_and_snat 2001:db8:1003::150 2001:db8:100::100
> > +check ovn-nbctl lr-nat-add R1 \
> > + dnat 2001:db8:1003::151 2001:db8:100::100
> > +
> > +check ovn-nbctl --wait=hv sync
> > +
> > +AT_CHECK([ip link | grep -q ovnvrf1003:.*UP])
> > +AT_CHECK([test `ip -6 route show table 1003 | wc -l` -eq 2])
> > +AT_CHECK([ip -6 route show table 1003 | grep -q
> > 2001:db8:1003::150])
> > +AT_CHECK([ip -6 route show table 1003 | grep -q
> > 2001:db8:1003::151])
> > +
> > +OVS_APP_EXIT_AND_WAIT([ovn-controller])
> > +
> > +# Ensure system resources are cleaned up
> > +AT_CHECK([ip link | grep -q ovnvrf1003:.*UP], [1])
> > +AT_CHECK([test `ip -6 route show table 1003 | wc -l` -eq 2], [1])
> > +
> > +as ovn-sb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as ovn-nb
> > +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> > +
> > +as northd
> > +OVS_APP_EXIT_AND_WAIT([ovn-northd])
> > +
> > +as
> > +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
> > +/Failed to acquire.*/d
> > +/connection dropped.*/d"])
> > +AT_CLEANUP
> > +])
> > +
> > --
> > 2.43.0
> >
> > _______________________________________________
> > dev mailing list
> > [email protected]
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
