HI Lorenzo, This looks good but could you add a check for the new flows in the tests/ northd.at "Routing protocol control plane redirect". if you add an entry to the BFD table you should be able to check if the flow with the new action is generated
Jacob On Mon, Sep 29, 2025 at 8:45 AM Lorenzo Bianconi via dev < [email protected]> wrote: > If OVN creates static routes with bfd option, we should keep forwarding > BFD packets to router ingress pipeline. > > Fixes: 370527673c2b ("northd: Routing protocol port redirection.") > Signed-off-by: Lorenzo Bianconi <[email protected]> > --- > northd/northd.c | 32 +++++++++++++++++++++++--------- > tests/system-ovn.at | 5 +++++ > 2 files changed, 28 insertions(+), 9 deletions(-) > > diff --git a/northd/northd.c b/northd/northd.c > index b49c6d693..8cfc6f34e 100644 > --- a/northd/northd.c > +++ b/northd/northd.c > @@ -14545,11 +14545,19 @@ build_routing_protocols_redirect_rule__( > const char *s_addr, const char *redirect_port_name, int > protocol_port, > const char *proto, bool is_ipv6, struct ovn_port *ls_peer, > struct lflow_table *lflows, struct ds *match, struct ds *actions, > - struct lflow_ref *lflow_ref) > + struct lflow_ref *lflow_ref, bool clone) > { > int ip_ver = is_ipv6 ? 6 : 4; > ds_clear(actions); > - ds_put_format(actions, "outport = \"%s\"; output;", > redirect_port_name); > + if (clone) { > + ds_put_format(actions, > + "clone { outport = \"%s\"; output; }; " > + "outport = %s; output;", > + redirect_port_name, ls_peer->json_key); > + } else { > + ds_put_format(actions, "outport = \"%s\"; output;", > + redirect_port_name); > + } > > /* Redirect packets in the input pipeline destined for LR's IP > * and the routing protocol's port to the LSP specified in > @@ -14577,20 +14585,21 @@ static void > apply_routing_protocols_redirect__( > const char *s_addr, const char *redirect_port_name, int > protocol_flags, > bool is_ipv6, struct ovn_port *ls_peer, struct lflow_table > *lflows, > - struct ds *match, struct ds *actions, struct lflow_ref *lflow_ref) > + struct ds *match, struct ds *actions, struct lflow_ref *lflow_ref, > + bool clone_bfd_traffic) > { > if (protocol_flags & REDIRECT_BGP) { > build_routing_protocols_redirect_rule__(s_addr, > redirect_port_name, > 179, "tcp", is_ipv6, > ls_peer, > lflows, match, actions, > - lflow_ref); > + lflow_ref, false); > } > > if (protocol_flags & REDIRECT_BFD) { > build_routing_protocols_redirect_rule__(s_addr, > redirect_port_name, > 3784, "udp", is_ipv6, > ls_peer, > lflows, match, actions, > - lflow_ref); > + lflow_ref, > clone_bfd_traffic); > } > > /* Because the redirected port shares IP and MAC addresses with the > LRP, > @@ -14658,7 +14667,7 @@ static void > build_lrouter_routing_protocol_redirect( > struct ovn_port *op, struct lflow_table *lflows, struct ds *match, > struct ds *actions, struct lflow_ref *lflow_ref, > - const struct hmap *ls_ports) > + const struct hmap *ls_ports, const struct sset *bfd_ports) > { > /* LRP has to have a peer.*/ > if (!op->peer) { > @@ -14714,6 +14723,11 @@ build_lrouter_routing_protocol_redirect( > return; > } > > + /* If BFD support is enabled in OVN we need to forward it to router > + * pipeline. > + */ > + bool clone_bfd_traffic = (redirected_protocols & REDIRECT_BFD) && > + bfd_is_port_running(bfd_ports, op->key); > /* Redirect traffic destined for LRP's IPs and the specified routing > * protocol ports to the port defined in 'routing-protocol-redirect' > * option.*/ > @@ -14722,14 +14736,14 @@ build_lrouter_routing_protocol_redirect( > apply_routing_protocols_redirect__(ip_s, redirect_port_name, > redirected_protocols, false, > op->peer, lflows, match, > actions, > - lflow_ref); > + lflow_ref, clone_bfd_traffic); > } > for (size_t i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { > const char *ip_s = op->lrp_networks.ipv6_addrs[i].addr_s; > apply_routing_protocols_redirect__(ip_s, redirect_port_name, > redirected_protocols, true, > op->peer, lflows, match, > actions, > - lflow_ref); > + lflow_ref, clone_bfd_traffic); > } > > /* Drop ARP replies and IPv6 RA/NA packets originating from > @@ -17956,7 +17970,7 @@ build_lswitch_and_lrouter_iterate_by_lrp(struct > ovn_port *op, > &lsi->actions, > op->lflow_ref); > build_lrouter_routing_protocol_redirect(op, lsi->lflows, &lsi->match, > &lsi->actions, op->lflow_ref, > - lsi->ls_ports); > + lsi->ls_ports, > lsi->bfd_ports); > } > > static void * > diff --git a/tests/system-ovn.at b/tests/system-ovn.at > index 14fb86553..2e4d88738 100644 > --- a/tests/system-ovn.at > +++ b/tests/system-ovn.at > @@ -7360,6 +7360,11 @@ check ovn-nbctl set logical_router R1 > options:chassis=hv1 > check ovn-nbctl set logical_router R1 options:dynamic-routing=true > check ovn-nbctl set Logical_Router_Port rp-public > options:dynamic-routing-redistribute="connected,static" > check ovn-nbctl set logical_router_static_route $route_uuid bfd=$uuid > +# set option that redirects BGP and BFD traffic to a LSP "bgp-daemon". > +# OVN should continue to keep BFD static route state. > +check ovn-nbctl lsp-add public bgp-daemon -- lsp-set-addresses bgp-daemon > unknown > +check ovn-nbctl --wait=sb set logical_router_port rp-public > options:routing-protocol-redirect=bgp-daemon > +check ovn-nbctl --wait=sb set logical_router_port rp-public > options:routing-protocols=BGP,BFD > > # restart bfdd > NETNS_DAEMONIZE([server], [bfdd-beacon --nofork --tee > --listen=172.16.1.50 >beacon.stdout 2>&1], [beacon.pid]) > -- > 2.51.0 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
