Hi Dumitru, You're right. It was superseded.
Thanks, Lucas Em qua., 29 de out. de 2025 às 11:55, Dumitru Ceara <[email protected]> escreveu: > Hi Lucas, > > If I'm not wrong this patch has been superseded by "[ovs-dev,1/2,v1] > northd: Add disable arp and nd resolve option for logical_router_port.": > > > https://patchwork.ozlabs.org/project/ovn/patch/[email protected]/ > > I'm going to mark this v0 accordingly in patchwork and archive it. > > Thanks, > Dumitru > > On 10/2/25 2:24 PM, Lucas Vargas Dias via dev wrote: > > Hi, > > > > Thanks for the response, it's exactly the problem that I see due to > pinctrl. > > How do you define a threshold for your case? > > > > > > Best, > > Lucas > > > > Em qui., 2 de out. de 2025 às 04:23, Smirnov Aleksandr (K2 Cloud) > > <[email protected]> escreveu: > > > >> We have same problem (too many calls of pinctrl results in CPU high > >> load) but this can be solved with use copp + meter arp-resolve > >> > >> On 9/30/25 5:11 PM, Lucas Vargas Dias via dev wrote: > >>> Consider the following scenario: > >>> (192.168.10.10/24) VM1 -> LS -> LR -> TS -> LR -> LS -> VM2 ( > >> 192.168.20.20/24) > >>> > >>> Also, LSPs from LS have the addresses configured, it's not used unknown > >> addresses > >>> in this case. > >>> > >>> Ping from VM1 to VM2 works correctly, it's ok. But, if VM1 try to > flood, > >>> for example the IP 192.168.20.30 (an innexistent LSP), we'll see a high > >> CPU load in > >>> ovn-controller from the network destination due to the get_arp > function. > >>> For this case, ovn-controller have ovn-is-interconn = true. > >>> To fix it, the idea could be the following logical flow in LR: > >>> table=22(lr_in_arp_resolve ), priority=50 , match=(ip4.dst == > >> 192.168.20.0/24 && reg0 != 192.168.20.1), action=(drop;) > >>> > >>> Signed-off-by: Lucas Vargas Dias <[email protected]> > >>> --- > >>> northd/northd.c | 62 > +++++++++++++++++++++++++++++++++++-------------- > >>> 1 file changed, 45 insertions(+), 17 deletions(-) > >>> > >>> diff --git a/northd/northd.c b/northd/northd.c > >>> index fe5199a86..710ac6b6d 100644 > >>> --- a/northd/northd.c > >>> +++ b/northd/northd.c > >>> @@ -1572,6 +1572,7 @@ join_logical_ports_lsp(struct hmap *ports, > >>> if (op->has_unknown) { > >>> od->has_unknown = true; > >>> } > >>> + > >>> hmap_insert(&od->ports, &op->dp_node, > >>> hmap_node_hash(&op->key_node)); > >>> > >>> @@ -1808,6 +1809,7 @@ join_logical_ports(const struct > >> sbrec_port_binding_table *sbrec_pb_table, > >>> vector_push(&peer->od->ls_peers, &op->od); > >>> peer->peer = op; > >>> op->peer = peer; > >>> + peer->od->has_unknown = op->od->has_unknown; > >>> > >>> /* Fill op->lsp_addrs for op->nbsp->addresses[] with > >>> * contents "router", which was skipped in the loop > above. > >> */ > >>> @@ -14358,6 +14360,7 @@ build_arp_resolve_flows_for_lrouter( > >>> struct lflow_ref *lflow_ref) > >>> { > >>> ovs_assert(od->nbr); > >>> + > >>> /* Multicast packets already have the outport set so just advance > >> to > >>> * next table (priority 500). */ > >>> ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 500, > >>> @@ -14376,6 +14379,48 @@ build_arp_resolve_flows_for_lrouter( > >>> > >>> ovn_lflow_add_default_drop(lflows, od, S_ROUTER_IN_ARP_RESOLVE, > >>> lflow_ref); > >>> + > >>> + if (!od->has_unknown) { > >>> + struct ds match = DS_EMPTY_INITIALIZER; > >>> + for (int i = 0; i < od->nbr->n_ports; i++) { > >>> + const struct nbrec_logical_router_port *lrp = > >> od->nbr->ports[i]; > >>> + struct lport_addresses lrp_networks; > >>> + if (!extract_lrp_networks(lrp, &lrp_networks)) { > >>> + destroy_lport_addresses(&lrp_networks); > >>> + continue; > >>> + } > >>> + > >>> + for (int j = 0; j < lrp->n_networks; j++) { > >>> + struct in6_addr prefix; > >>> + unsigned int plen; > >>> + if (!ip46_parse_cidr(lrp->networks[j], &prefix, > &plen)) > >> { > >>> + continue; > >>> + } > >>> + > >>> + bool is_ipv4 = IN6_IS_ADDR_V4MAPPED(&prefix); > >>> + ds_clear(&match); > >>> + char *ip_prefix = build_route_prefix_s(&prefix, plen); > >>> + ds_put_format(&match, "%s.dst == %s/%u && %s != ", > >>> + is_ipv4 ? "ip4" : "ip6", ip_prefix, plen, > >>> + is_ipv4 ? REG_NEXT_HOP_IPV4 : REG_NEXT_HOP_IPV6); > >>> + if (is_ipv4) { > >>> + ds_put_format(&match, "%s", > >>> + lrp_networks.ipv4_addrs->addr_s); > >>> + } else { > >>> + ds_put_format(&match, "%s", > >>> + lrp_networks.ipv6_addrs->addr_s); > >>> + } > >>> + > >>> + ovn_lflow_add_drop_with_desc(lflows, od, > >>> + S_ROUTER_IN_ARP_RESOLVE, 50, > >>> + ds_cstr(&match), "No L2 unknown", > >>> + lflow_ref); > >>> + free(ip_prefix); > >>> + } > >>> + destroy_lport_addresses(&lrp_networks); > >>> + } > >>> + ds_destroy(&match); > >>> + } > >>> } > >>> > >>> /* Local router ingress table ARP_RESOLVE: ARP Resolution. > >>> @@ -14825,23 +14870,6 @@ build_arp_resolve_flows_for_lsp( > >>> &op->nbsp->header_, > >>> op->lflow_ref); > >>> } > >>> - > >>> - if (router_port->lrp_networks.n_ipv6_addrs) { > >>> - ds_clear(match); > >>> - ds_put_format(match, "outport == %s && " > >>> - REG_NEXT_HOP_IPV6 " == ", > >>> - peer->json_key); > >>> - op_put_v6_networks(match, router_port); > >>> - > >>> - ds_clear(actions); > >>> - ds_put_format(actions, "eth.dst = %s; next;", > >>> - router_port->lrp_networks.ea_s); > >>> - ovn_lflow_add_with_hint(lflows, peer->od, > >>> - S_ROUTER_IN_ARP_RESOLVE, 100, > >>> - ds_cstr(match), > >> ds_cstr(actions), > >>> - &op->nbsp->header_, > >>> - op->lflow_ref); > >>> - } > >>> } > >>> } > >>> } > >> > >> > >> _______________________________________________ > >> dev mailing list > >> [email protected] > >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev > >> > > > > -- _‘Esta mensagem é direcionada apenas para os endereços constantes no cabeçalho inicial. Se você não está listado nos endereços constantes no cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas estão imediatamente anuladas e proibidas’._ * **‘Apesar do Magazine Luiza tomar todas as precauções razoáveis para assegurar que nenhum vírus esteja presente nesse e-mail, a empresa não poderá aceitar a responsabilidade por quaisquer perdas ou danos causados por esse e-mail ou por seus anexos’.* _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
