If OVN creates static routes with bfd option, we should keep forwarding
BFD packets to router ingress pipeline.
Fixes: 370527673c2b ("northd: Routing protocol port redirection.")
Signed-off-by: Lorenzo Bianconi <[email protected]>
---
northd/northd.c | 32 +++++++++++++++++++++++---------
tests/ovn-northd.at | 10 ++++++++++
tests/system-ovn.at | 5 +++++
3 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index b49c6d693..8cfc6f34e 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -14545,11 +14545,19 @@ build_routing_protocols_redirect_rule__(
const char *s_addr, const char *redirect_port_name, int protocol_port,
const char *proto, bool is_ipv6, struct ovn_port *ls_peer,
struct lflow_table *lflows, struct ds *match, struct ds *actions,
- struct lflow_ref *lflow_ref)
+ struct lflow_ref *lflow_ref, bool clone)
{
int ip_ver = is_ipv6 ? 6 : 4;
ds_clear(actions);
- ds_put_format(actions, "outport = \"%s\"; output;", redirect_port_name);
+ if (clone) {
+ ds_put_format(actions,
+ "clone { outport = \"%s\"; output; }; "
+ "outport = %s; output;",
+ redirect_port_name, ls_peer->json_key);
+ } else {
+ ds_put_format(actions, "outport = \"%s\"; output;",
+ redirect_port_name);
+ }
/* Redirect packets in the input pipeline destined for LR's IP
* and the routing protocol's port to the LSP specified in
@@ -14577,20 +14585,21 @@ static void
apply_routing_protocols_redirect__(
const char *s_addr, const char *redirect_port_name, int protocol_flags,
bool is_ipv6, struct ovn_port *ls_peer, struct lflow_table *lflows,
- struct ds *match, struct ds *actions, struct lflow_ref *lflow_ref)
+ struct ds *match, struct ds *actions, struct lflow_ref *lflow_ref,
+ bool clone_bfd_traffic)
{
if (protocol_flags & REDIRECT_BGP) {
build_routing_protocols_redirect_rule__(s_addr, redirect_port_name,
179, "tcp", is_ipv6, ls_peer,
lflows, match, actions,
- lflow_ref);
+ lflow_ref, false);
}
if (protocol_flags & REDIRECT_BFD) {
build_routing_protocols_redirect_rule__(s_addr, redirect_port_name,
3784, "udp", is_ipv6, ls_peer,
lflows, match, actions,
- lflow_ref);
+ lflow_ref, clone_bfd_traffic);
}
/* Because the redirected port shares IP and MAC addresses with the LRP,
@@ -14658,7 +14667,7 @@ static void
build_lrouter_routing_protocol_redirect(
struct ovn_port *op, struct lflow_table *lflows, struct ds *match,
struct ds *actions, struct lflow_ref *lflow_ref,
- const struct hmap *ls_ports)
+ const struct hmap *ls_ports, const struct sset *bfd_ports)
{
/* LRP has to have a peer.*/
if (!op->peer) {
@@ -14714,6 +14723,11 @@ build_lrouter_routing_protocol_redirect(
return;
}
+ /* If BFD support is enabled in OVN we need to forward it to router
+ * pipeline.
+ */
+ bool clone_bfd_traffic = (redirected_protocols & REDIRECT_BFD) &&
+ bfd_is_port_running(bfd_ports, op->key);
/* Redirect traffic destined for LRP's IPs and the specified routing
* protocol ports to the port defined in 'routing-protocol-redirect'
* option.*/
@@ -14722,14 +14736,14 @@ build_lrouter_routing_protocol_redirect(
apply_routing_protocols_redirect__(ip_s, redirect_port_name,
redirected_protocols, false,
op->peer, lflows, match, actions,
- lflow_ref);
+ lflow_ref, clone_bfd_traffic);
}
for (size_t i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
const char *ip_s = op->lrp_networks.ipv6_addrs[i].addr_s;
apply_routing_protocols_redirect__(ip_s, redirect_port_name,
redirected_protocols, true,
op->peer, lflows, match, actions,
- lflow_ref);
+ lflow_ref, clone_bfd_traffic);
}
/* Drop ARP replies and IPv6 RA/NA packets originating from
@@ -17956,7 +17970,7 @@ build_lswitch_and_lrouter_iterate_by_lrp(struct
ovn_port *op,
&lsi->actions, op->lflow_ref);
build_lrouter_routing_protocol_redirect(op, lsi->lflows, &lsi->match,
&lsi->actions, op->lflow_ref,
- lsi->ls_ports);
+ lsi->ls_ports, lsi->bfd_ports);
}
static void *
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index 47e8817ea..a5c2bc6c4 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -14307,6 +14307,16 @@ AT_CHECK([ovn-sbctl dump-flows ls | grep
ls_in_check_port_sec | grep "priority=8
table=??(ls_in_check_port_sec), priority=80 , match=(inport == "lsp-bgp"
&& nd_ra), action=(reg0[[15]] = 1; next;)
])
+# Add OVN BFD static routes and check the BFD control packets are properly
+# cloned and redirected to "lsp-bgp".
+check ovn-nbctl --wait=sb --bfd lr-route-add lr 100.0.0.0/8 172.16.1.2 lr-ls
+AT_CHECK([ovn-sbctl dump-flows ls | grep ls_in_l2_lkup | grep -E "udp.dst ==
3784|udp.src == 3784" | ovn_strip_lflows], [0], [dnl
+ table=??(ls_in_l2_lkup ), priority=100 , match=(ip4.dst == 172.16.1.1
&& udp.dst == 3784), action=(clone { outport = "lsp-bgp"; output; }; outport =
"ls-lr"; output;)
+ table=??(ls_in_l2_lkup ), priority=100 , match=(ip4.dst == 172.16.1.1
&& udp.src == 3784), action=(clone { outport = "lsp-bgp"; output; }; outport =
"ls-lr"; output;)
+ table=??(ls_in_l2_lkup ), priority=100 , match=(ip6.dst ==
fe80::ac:10ff:fe01:1 && udp.dst == 3784), action=(clone { outport = "lsp-bgp";
output; }; outport = "ls-lr"; output;)
+ table=??(ls_in_l2_lkup ), priority=100 , match=(ip6.dst ==
fe80::ac:10ff:fe01:1 && udp.src == 3784), action=(clone { outport = "lsp-bgp";
output; }; outport = "ls-lr"; output;)
+])
+
# Remove 'bgp-redirect' option from LRP and check that rules are removed
check ovn-nbctl --wait=sb remove logical_router_port lr-ls options
routing-protocol-redirect
check ovn-nbctl --wait=sb remove logical_router_port lr-ls options
routing-protocols
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 5f67b6997..4f1cc0422 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -7360,6 +7360,11 @@ check ovn-nbctl set logical_router R1 options:chassis=hv1
check ovn-nbctl set logical_router R1 options:dynamic-routing=true
check ovn-nbctl set Logical_Router_Port rp-public
options:dynamic-routing-redistribute="connected,static"
check ovn-nbctl set logical_router_static_route $route_uuid bfd=$uuid
+# set option that redirects BGP and BFD traffic to a LSP "bgp-daemon".
+# OVN should continue to keep BFD static route state.
+check ovn-nbctl lsp-add public bgp-daemon -- lsp-set-addresses bgp-daemon
unknown
+check ovn-nbctl --wait=sb set logical_router_port rp-public
options:routing-protocol-redirect=bgp-daemon
+check ovn-nbctl --wait=sb set logical_router_port rp-public
options:routing-protocols=BGP,BFD
# restart bfdd
NETNS_DAEMONIZE([server], [bfdd-beacon --nofork --tee --listen=172.16.1.50
>beacon.stdout 2>&1], [beacon.pid])
--
2.51.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
