Introduce the capability to specify multiple ips for ovn-evpn-local-ip option in order to enable dual-stack for EVPN vxlan tunnels. The IPs used for vxlan tunnel can be specified using the following syntax in the external_ids column of Open_vSwitch table:
external_ids:ovn-evpn-local-ip=10:1.1.1.1,20:[2::2],30:3.3.3.3,40:[4::4],30:[3::3] Reported-at: https://issues.redhat.com/browse/FDP-2768 Signed-off-by: Lorenzo Bianconi <[email protected]> --- controller/physical.c | 155 +++++++++--- tests/system-ovn.at | 534 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 651 insertions(+), 38 deletions(-) diff --git a/controller/physical.c b/controller/physical.c index b9c60c8ab..8f66f1774 100644 --- a/controller/physical.c +++ b/controller/physical.c @@ -3178,13 +3178,87 @@ physical_eval_remote_chassis_flows(const struct physical_ctx *ctx, ofpbuf_uninit(&ingress_ofpacts); } +#define DEFAULT_VNI (1 << 24) /* VNI used for the default local IP. */ +struct vni_local_ip { + struct in6_addr ip; + uint32_t vni; +}; + +static struct in6_addr * +evpn_local_ip_lookup_by_vni(const struct vector *map, + uint32_t vni, bool ipv4) +{ + struct vni_local_ip *e, *def_e = NULL; + VECTOR_FOR_EACH_PTR (map, e) { + if (e->vni == vni && IN6_IS_ADDR_V4MAPPED(&e->ip) == ipv4) { + return &e->ip; + } + if (e->vni == DEFAULT_VNI) { + def_e = e; + } + } + + return def_e ? &def_e->ip : NULL; +} + +static void +evpn_vni_local_ip_map_parse(struct vector *map, const char *local_ip_str) +{ + char *tokstr = xstrdup(local_ip_str); + char *token, *ptr0 = NULL; + + for (token = strtok_r(tokstr, ",", &ptr0); token; + token = strtok_r(NULL, ",", &ptr0)) { + char *ptr1 = NULL, *vni_str = strtok_r(token, ":", &ptr1); + char *ip_str = strtok_r(NULL, "", &ptr1); + char *ip_address = NULL; + struct vni_local_ip e = { + .vni = DEFAULT_VNI, + }; + int addr_family; + uint16_t port; + + if (!ip_str) { + /* Default local IP. */ + ip_str = vni_str; + vni_str = NULL; + } + + if (!ip_address_and_port_from_lb_key(ip_str, &ip_address, &e.ip, &port, + &addr_family)) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); + VLOG_WARN_RL(&rl, "EVPN enabled, but required 'evpn-local-ip' is " + "missing or invalid %s ", local_ip_str); + continue; + } + free(ip_address); + + if (vni_str) { + if (!ovs_scan(vni_str, "%u", &e.vni) || !ovn_is_valid_vni(e.vni)) { + continue; + } + } + vector_push(map, &e); + } + free(tokstr); +} + static void physical_consider_evpn_binding(const struct evpn_binding *binding, - const struct in6_addr *local_ip, + const struct vector *vni_ip_map, struct ofpbuf *ofpacts, struct match *match, - struct ovn_desired_flow_table *flow_table, - bool ipv4) + struct ovn_desired_flow_table *flow_table) { + bool ipv4 = IN6_IS_ADDR_V4MAPPED(&binding->remote_ip); + const struct in6_addr *local_ip = evpn_local_ip_lookup_by_vni(vni_ip_map, + binding->vni, + ipv4); + if (!local_ip) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); + VLOG_WARN_RL(&rl, "failed to get local tunnel ip"); + return; + } + /* Ingress flows. */ ofpbuf_clear(ofpacts); match_init_catchall(match); @@ -3308,29 +3382,40 @@ physical_consider_evpn_binding(const struct evpn_binding *binding, static void physical_consider_evpn_multicast(const struct evpn_multicast_group *mc_group, - const struct in6_addr *local_ip, + const struct vector *vni_ip_map, struct ofpbuf *ofpacts, struct match *match, - struct ovn_desired_flow_table *flow_table, - bool ipv4) + struct ovn_desired_flow_table *flow_table) { const struct evpn_binding *binding = NULL; + const struct in6_addr *local_ip = NULL; ofpbuf_clear(ofpacts); uint32_t multicast_tunnel_keys[] = {OVN_MCAST_FLOOD_TUNNEL_KEY, OVN_MCAST_UNKNOWN_TUNNEL_KEY, OVN_MCAST_FLOOD_L2_TUNNEL_KEY}; - if (ipv4) { - ovs_be32 ip4 = in6_addr_get_mapped_ipv4(local_ip); - put_load_bytes(&ip4, sizeof ip4, MFF_TUN_SRC, 0, 32, ofpacts); - } else { - put_load_bytes(local_ip, sizeof *local_ip, MFF_TUN_IPV6_SRC, - 0, 128, ofpacts); - } - put_load(mc_group->vni, MFF_TUN_ID, 0, 24, ofpacts); - const struct hmapx_node *node; HMAPX_FOR_EACH (node, &mc_group->bindings) { binding = node->data; + bool ipv4 = IN6_IS_ADDR_V4MAPPED(&binding->remote_ip); + if (!local_ip) { + local_ip = evpn_local_ip_lookup_by_vni(vni_ip_map, binding->vni, + ipv4); + if (!local_ip) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); + VLOG_WARN_RL(&rl, "failed to get local tunnel ip"); + return; + } + + if (ipv4) { + ovs_be32 ip4 = in6_addr_get_mapped_ipv4(local_ip); + put_load_bytes(&ip4, sizeof ip4, MFF_TUN_SRC, 0, 32, ofpacts); + } else { + put_load_bytes(local_ip, sizeof *local_ip, MFF_TUN_IPV6_SRC, + 0, 128, ofpacts); + } + put_load(mc_group->vni, MFF_TUN_ID, 0, 24, ofpacts); + } + if (ipv4) { ovs_be32 ip4 = in6_addr_get_mapped_ipv4(&binding->remote_ip); put_load_bytes(&ip4, sizeof ip4, MFF_TUN_DST, 0, 32, ofpacts); @@ -3420,28 +3505,24 @@ physical_eval_evpn_flows(const struct physical_ctx *ctx, const char *local_ip_str = smap_get_def(&ctx->chassis->other_config, "ovn-evpn-local-ip", ""); - struct in6_addr local_ip; - if (!ip46_parse(local_ip_str, &local_ip)) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1); - VLOG_WARN_RL(&rl, "EVPN enabled, but required 'evpn-local-ip' is " - "missing or invalid %s ", local_ip_str); - return; - } + struct vector vni_ip_map = + VECTOR_EMPTY_INITIALIZER(const struct vni_local_ip); + evpn_vni_local_ip_map_parse(&vni_ip_map, local_ip_str); struct match match = MATCH_CATCHALL_INITIALIZER; - bool ipv4 = IN6_IS_ADDR_V4MAPPED(&local_ip); - const struct evpn_binding *binding; + HMAP_FOR_EACH (binding, hmap_node, ctx->evpn_bindings) { - physical_consider_evpn_binding(binding, &local_ip, ofpacts, - &match, flow_table, ipv4); + physical_consider_evpn_binding(binding, &vni_ip_map, ofpacts, + &match, flow_table); } const struct evpn_multicast_group *mc_group; HMAP_FOR_EACH (mc_group, hmap_node, ctx->evpn_multicast_groups) { - physical_consider_evpn_multicast(mc_group, &local_ip, ofpacts, - &match, flow_table, ipv4); + physical_consider_evpn_multicast(mc_group, &vni_ip_map, ofpacts, + &match, flow_table); } + vector_destroy(&vni_ip_map); const struct evpn_fdb *fdb; HMAP_FOR_EACH (fdb, hmap_node, ctx->evpn_fdbs) { @@ -3571,32 +3652,30 @@ physical_handle_evpn_binding_changes( { const char *local_ip_str = smap_get_def(&ctx->chassis->other_config, "ovn-evpn-local-ip", ""); - struct in6_addr local_ip; - if (!ip46_parse(local_ip_str, &local_ip)) { - return; - } + struct vector vni_ip_map = + VECTOR_EMPTY_INITIALIZER(const struct vni_local_ip); + evpn_vni_local_ip_map_parse(&vni_ip_map, local_ip_str); struct ofpbuf ofpacts; ofpbuf_init(&ofpacts, 0); struct match match = MATCH_CATCHALL_INITIALIZER; - bool ipv4 = IN6_IS_ADDR_V4MAPPED(&local_ip); const struct hmapx_node *node; HMAPX_FOR_EACH (node, updated_bindings) { const struct evpn_binding *binding = node->data; - ofctrl_remove_flows(flow_table, &binding->flow_uuid); - physical_consider_evpn_binding(binding, &local_ip, &ofpacts, - &match, flow_table, ipv4); + physical_consider_evpn_binding(binding, &vni_ip_map, &ofpacts, + &match, flow_table); } HMAPX_FOR_EACH (node, updated_multicast_groups) { const struct evpn_multicast_group *mc_group = node->data; ofctrl_remove_flows(flow_table, &mc_group->flow_uuid); - physical_consider_evpn_multicast(mc_group, &local_ip, &ofpacts, - &match, flow_table, ipv4); + physical_consider_evpn_multicast(mc_group, &vni_ip_map, &ofpacts, + &match, flow_table); } + vector_destroy(&vni_ip_map); ofpbuf_uninit(&ofpacts); diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 1b4b30743..9980927ba 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -18160,6 +18160,540 @@ AT_CLEANUP EVPN_SWITCH_TESTS([default]) EVPN_SWITCH_TESTS([custom]) +OVN_FOR_EACH_NORTHD([ +AT_SETUP([dynamic-routing - EVPN - IPv6]) +AT_KEYWORDS([dynamic-routing]) + +CHECK_VRF() +CHECK_CONNTRACK() +CHECK_CONNTRACK_NAT() + +vni=10 +VRF_RESERVE([$vni]) +ovn_start +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-int]) +ADD_BR([br-ext], [set Bridge br-ext fail-mode=standalone]) + +# Set external-ids in br-int needed for ovn-controller. +check ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169::1 \ + -- set Open_vSwitch . external-ids:ovn-bridge-mappings=phynet:br-ext \ + -- set Open_vSwitch . external-ids:ovn-evpn-local-ip=10:169.0.0.1,10:[169::1] \ + -- set Open_vSwitch . external-ids:ovn-evpn-vxlan-ports=4789 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller. +start_daemon ovn-controller + +OVS_WAIT_WHILE([ip link | grep -q ovnvrf$vni:.*UP]) + +check ovn-nbctl \ + -- ls-add ls-evpn \ + -- lsp-add ls-evpn workload1 \ + -- lsp-set-addresses workload1 "f0:00:0f:16:01:10 172.16.1.10 172:16::10" \ + -- lsp-add ls-evpn workload2 \ + -- lsp-set-addresses workload2 "f0:00:0f:16:01:20 172.16.1.20 172:16::20" \ + -- lsp-add-localnet-port ls-evpn ln_port phynet + +ADD_NAMESPACES(workload1) +ADD_VETH(workload1, workload1, br-int, "172:16::10/64", "f0:00:0f:16:01:10", \ + "172:16::1", "nodad", "172.16.1.10/24", "172.16.1.1") + +ADD_NAMESPACES(workload2) +ADD_VETH(workload2, workload2, br-int, "172:16::20/64", "f0:00:0f:16:01:20", \ + "172:16::1", "nodad", "172.16.1.20/24", "172.16.1.1") + +OVN_POPULATE_ARP +check ovn-nbctl --wait=hv sync +wait_for_ports_up + +# Setup a VRF for the VNI. +check ip link add vrf-$vni type vrf table $vni +on_exit "ip link del vrf-$vni" +check ip link set vrf-$vni up + +# Add VNI bridge. +check ip link add br-$vni type bridge +on_exit "ip link del br-$vni" +check ip link set br-$vni master vrf-$vni addrgenmode none +check ip link set dev br-$vni up + +# Add VXLAN VTEP for the VNI (linked to the OVS vxlan_sys_<port> interface). +# Use a dstport different than the one used by OVS. +# This is fine because we don't actually want traffic to pass through +# the $vxlan interface. FRR should read the dstport from the linked +# vxlan_sys_${vxlan_port} device. +dstport=$((60000 + $vni)) +check ip link add vxlan-$vni type vxlan \ + id $vni dstport $dstport local 169::1 nolearning +on_exit "ip link del vxlan-$vni" +check ip link set dev vxlan-$vni up +check ip link set vxlan-$vni master br-$vni + +# Add a dummy loopback to the VNI bridge to be used for advertising local +# MACs. +check ip link add name lo-$vni type dummy +on_exit "ip link del lo-$vni" +check ip link set lo-$vni master br-$vni +check ip link set lo-$vni up + +AS_BOX([L2 EVPN VTEP and FDB learning]) + +check ovn-nbctl --wait=hv set logical_switch ls-evpn other_config:dynamic-routing-vni=$vni +ofport=$(ovs-vsctl --bare --columns ofport find Interface name="ovn-evpn-4789") +dp_key=$(fetch_column Datapath tunnel_key external_ids:name=ls-evpn) + +AT_CHECK([ovn-appctl evpn/remote-vtep-list], [0], [dnl +]) + +AT_CHECK([ovn-appctl evpn/vtep-binding-list], [0], [dnl +]) + +AT_CHECK([ovn-appctl evpn/vtep-multicast-group-list], [0], [dnl +]) + +# Simulate remote VTEP. +check bridge fdb append 00:00:00:00:00:00 dev vxlan-$vni dst 169::a static permanent + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/remote-vtep-list], [0], [dnl +IP: 169::a, port: 4789, vni: $vni +]) + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/vtep-binding-list | cut -d',' -f2-], [0], [dnl + Remote IP: 169::a, vni: $vni, binding_key: 0x80000001, tunnel_ofport: $ofport, dp_key: $dp_key +]) + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/vtep-multicast-group-list | cut -d',' -f2-], [0], [dnl + Remote IPs: 169::a, vni: $vni +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep priority=1050 | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=1050,tun_id=0xa,tun_ipv6_src=169::a,tun_ipv6_dst=169::1,in_port=$ofport actions=load:0x$dp_key->OXM_OF_METADATA[[0..31]],load:0x80000001->NXM_NX_REG14[[]],resubmit(,OFTABLE_LEARN_REMOTE_FDB),resubmit(,OFTABLE_LOG_INGRESS_PIPELINE) +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_REMOTE_VTEP_OUTPUT | grep output | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=50,reg15=0x8000,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],load:0xa->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],output:$ofport,resubmit(,OFTABLE_LOCAL_OUTPUT) +priority=50,reg15=0x80000001,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0xa->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],output:$ofport +priority=50,reg15=0x8001,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],load:0xa->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],output:$ofport,resubmit(,OFTABLE_LOCAL_OUTPUT) +priority=50,reg15=0x8004,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],load:0xa->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],output:$ofport,resubmit(,OFTABLE_LOCAL_OUTPUT) +priority=55,reg10=0x1/0x1,reg15=0x80000001,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0xa->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],load:0xffff->NXM_OF_IN_PORT[[]],output:$ofport +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB | grep priority | \ + awk '{print $7, $8}' | strip_cookie | sort], [0], [dnl +priority=100,reg14=0x80000001,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +]) + +# Simulate more remote VTEPs. +check bridge fdb append 00:00:00:00:00:00 dev vxlan-$vni dst 169::14 static permanent +check bridge fdb append 00:00:00:00:00:01 dev vxlan-$vni dst 169::1e extern_learn + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/remote-vtep-list | sort], [0], [dnl +IP: 169::14, port: 4789, vni: $vni +IP: 169::1e, port: 4789, vni: $vni +IP: 169::a, port: 4789, vni: $vni +]) + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/vtep-binding-list | cut -d',' -f2- | sort], [0], [dnl + Remote IP: 169::14, vni: $vni, binding_key: 0x80000002, tunnel_ofport: $ofport, dp_key: $dp_key + Remote IP: 169::1e, vni: $vni, binding_key: 0x80000003, tunnel_ofport: $ofport, dp_key: $dp_key + Remote IP: 169::a, vni: $vni, binding_key: 0x80000001, tunnel_ofport: $ofport, dp_key: $dp_key +]) + +# We cannot check the output directly because the order might change. +OVS_WAIT_UNTIL([ovn-appctl evpn/vtep-multicast-group-list | grep -q "169::a"]) +OVS_WAIT_UNTIL([ovn-appctl evpn/vtep-multicast-group-list | grep -q "169::14"]) +OVS_WAIT_UNTIL([ovn-appctl evpn/vtep-multicast-group-list | grep -q "169::1e"]) +AT_CHECK([ovn-appctl evpn/vtep-multicast-group-list | wc -l], [0], [1 +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_PHY_TO_LOG | grep priority=1050 | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=1050,tun_id=0xa,tun_ipv6_src=169::14,tun_ipv6_dst=169::1,in_port=$ofport actions=load:0x$dp_key->OXM_OF_METADATA[[0..31]],load:0x80000002->NXM_NX_REG14[[]],resubmit(,OFTABLE_LEARN_REMOTE_FDB),resubmit(,OFTABLE_LOG_INGRESS_PIPELINE) +priority=1050,tun_id=0xa,tun_ipv6_src=169::1e,tun_ipv6_dst=169::1,in_port=$ofport actions=load:0x$dp_key->OXM_OF_METADATA[[0..31]],load:0x80000003->NXM_NX_REG14[[]],resubmit(,OFTABLE_LEARN_REMOTE_FDB),resubmit(,OFTABLE_LOG_INGRESS_PIPELINE) +priority=1050,tun_id=0xa,tun_ipv6_src=169::a,tun_ipv6_dst=169::1,in_port=$ofport actions=load:0x$dp_key->OXM_OF_METADATA[[0..31]],load:0x80000001->NXM_NX_REG14[[]],resubmit(,OFTABLE_LEARN_REMOTE_FDB),resubmit(,OFTABLE_LOG_INGRESS_PIPELINE) +]) + +ovs-ofctl dump-flows br-int table=OFTABLE_REMOTE_VTEP_OUTPUT > oftable_remote_vtep_output +AT_CHECK_UNQUOTED([grep "output" oftable_remote_vtep_output | grep -v resubmit | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=50,reg15=0x80000001,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0xa->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],output:$ofport +priority=50,reg15=0x80000002,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0x14->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],output:$ofport +priority=50,reg15=0x80000003,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0x1e->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],output:$ofport +priority=55,reg10=0x1/0x1,reg15=0x80000001,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0xa->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],load:0xffff->NXM_OF_IN_PORT[[]],output:$ofport +priority=55,reg10=0x1/0x1,reg15=0x80000002,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0x14->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],load:0xffff->NXM_OF_IN_PORT[[]],output:$ofport +priority=55,reg10=0x1/0x1,reg15=0x80000003,metadata=0x$dp_key actions=load:0x1->NXM_NX_TUN_IPV6_SRC[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_SRC[[64..127]],load:0x1e->NXM_NX_TUN_IPV6_DST[[0..63]],load:0x169000000000000->NXM_NX_TUN_IPV6_DST[[64..127]],load:0xa->NXM_NX_TUN_ID[[0..23]],load:0xffff->NXM_OF_IN_PORT[[]],output:$ofport +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB | grep priority | \ + awk '{print $7, $8}' | strip_cookie | sort], [0], [dnl +priority=100,reg14=0x80000001,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=100,reg14=0x80000002,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=100,reg14=0x80000003,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=150,reg14=0x80000003,metadata=0x1,dl_src=00:00:00:00:00:01 actions=drop +]) + +AT_CHECK([grep "resubmit" oftable_remote_vtep_output | grep "load:0xa->NXM_NX_TUN_IPV6_DST" | grep -c "load:0x169000000000000->NXM_NX_TUN_IPV6_DST"], [0], [3 +]) +AT_CHECK([grep "resubmit" oftable_remote_vtep_output | grep "load:0x14->NXM_NX_TUN_IPV6_DST" | grep -c "load:0x169000000000000->NXM_NX_TUN_IPV6_DST"], [0], [3 +]) +AT_CHECK([grep "resubmit" oftable_remote_vtep_output | grep "load:0x1e->NXM_NX_TUN_IPV6_DST" | grep -c "load:0x169000000000000->NXM_NX_TUN_IPV6_DST"], [0], [3 +]) + +# Simulate remote workload. +check bridge fdb add f0:00:0f:16:10:50 dev vxlan-$vni dst 169::a static extern_learn +check bridge fdb add f0:00:0f:16:10:60 dev vxlan-$vni dst 169::14 static extern_learn +check bridge fdb add f0:00:0f:16:10:70 dev vxlan-$vni dst 169::1e static extern_learn + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/vtep-fdb-list | cut -d',' -f2- | sort], [0], [dnl + MAC: 00:00:00:00:00:01, vni: $vni, binding_key: 0x80000003, dp_key: $dp_key + MAC: f0:00:0f:16:10:50, vni: $vni, binding_key: 0x80000001, dp_key: $dp_key + MAC: f0:00:0f:16:10:60, vni: $vni, binding_key: 0x80000002, dp_key: $dp_key + MAC: f0:00:0f:16:10:70, vni: $vni, binding_key: 0x80000003, dp_key: $dp_key +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_GET_REMOTE_FDB | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=0 actions=load:0->NXM_NX_REG1[[]] +priority=150,metadata=0x$dp_key,dl_dst=00:00:00:00:00:01 actions=load:0x80000003->NXM_NX_REG1[[]] +priority=150,metadata=0x$dp_key,dl_dst=f0:00:0f:16:10:50 actions=load:0x80000001->NXM_NX_REG1[[]] +priority=150,metadata=0x$dp_key,dl_dst=f0:00:0f:16:10:60 actions=load:0x80000002->NXM_NX_REG1[[]] +priority=150,metadata=0x$dp_key,dl_dst=f0:00:0f:16:10:70 actions=load:0x80000003->NXM_NX_REG1[[]] +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB | grep priority | \ + awk '{print $7, $8}' | strip_cookie | sort], [0], [dnl +priority=100,reg14=0x80000001,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=100,reg14=0x80000002,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=100,reg14=0x80000003,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=150,reg14=0x80000001,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:50 actions=drop +priority=150,reg14=0x80000002,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:60 actions=drop +priority=150,reg14=0x80000003,metadata=0x$dp_key,dl_src=00:00:00:00:00:01 actions=drop +priority=150,reg14=0x80000003,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:70 actions=drop +]) + +# Check that the recompute won't change the UUIDs and tunnel keys. +ovn-appctl evpn/vtep-binding-list > bindings_before +ovn-appctl evpn/vtep-multicast-group-list > mc_groups_before +ovn-appctl evpn/vtep-fdb-list > fdb_before + +check ovn-appctl inc-engine/recompute +check ovn-nbctl --wait=hv sync + +ovn-appctl evpn/vtep-binding-list > bindings_after +ovn-appctl evpn/vtep-multicast-group-list > mc_groups_after +ovn-appctl evpn/vtep-fdb-list > fdb_after + +check diff -q bindings_before bindings_after +check diff -q mc_groups_before mc_groups_after +check diff -q fdb_before fdb_after + +AS_BOX([L2 EVPN FDB advertising]) + +check ovn-nbctl --wait=hv set logical_switch ls-evpn other_config:dynamic-routing-redistribute=fdb +OVS_WAIT_FOR_OUTPUT([bridge fdb show | grep "lo-10" | grep "f0:00:0f:16:01" | sort], [0], [dnl +f0:00:0f:16:01:10 dev lo-10 master br-10 static +f0:00:0f:16:01:10 dev lo-10 vlan 1 master br-10 static +f0:00:0f:16:01:20 dev lo-10 master br-10 static +f0:00:0f:16:01:20 dev lo-10 vlan 1 master br-10 static +]) + +check ovn-nbctl --wait=hv lsp-del workload2 +OVS_WAIT_FOR_OUTPUT([bridge fdb show | grep "lo-10" | grep "f0:00:0f:16:01" | sort], [0], [dnl +f0:00:0f:16:01:10 dev lo-10 master br-10 static +f0:00:0f:16:01:10 dev lo-10 vlan 1 master br-10 static +]) + +check ovn-nbctl --wait=hv remove logical_switch ls-evpn other_config dynamic-routing-redistribute +OVS_WAIT_FOR_OUTPUT([bridge fdb show | grep "lo-10" | grep "f0:00:0f:16:01" | sort], [0], [dnl +]) + +check ovn-nbctl --wait=hv set logical_switch ls-evpn other_config:fdb_age_threshold=300 +ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB | grep priority | \ + awk '{print $7, $8}' | strip_cookie | sort], [0], [dnl +priority=100,reg14=0x80000001,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=100,reg14=0x80000002,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=100,reg14=0x80000003,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=150,reg14=0x80000001,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:50 actions=drop +priority=150,reg14=0x80000002,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:60 actions=drop +priority=150,reg14=0x80000003,metadata=0x$dp_key,dl_src=00:00:00:00:00:01 actions=drop +priority=150,reg14=0x80000003,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:70 actions=drop +]) + +check ovn-nbctl --wait=hv remove logical_switch ls-evpn other_config fdb_age_threshold +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB | grep priority | \ + awk '{print $7, $8}' | strip_cookie | sort], [0], [dnl +priority=100,reg14=0x80000001,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=100,reg14=0x80000002,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=100,reg14=0x80000003,metadata=0x$dp_key actions=learn(table=OFTABLE_GET_REMOTE_FDB,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]]) +priority=150,reg14=0x80000001,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:50 actions=drop +priority=150,reg14=0x80000002,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:60 actions=drop +priority=150,reg14=0x80000003,metadata=0x$dp_key,dl_src=00:00:00:00:00:01 actions=drop +priority=150,reg14=0x80000003,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:70 actions=drop +]) + +AS_BOX([L2 EVPN ARP learning]) +# Add a router connected to the EVPN logical switch. +check ovn-nbctl --wait=hv \ + -- lr-add lr \ + -- lrp-add lr lr-ls-evpn f0:00:0f:16:01:01 172.16.1.1/24 172:16::1/64 \ + -- lsp-add-router-port ls-evpn ls-evpn-lr lr-ls-evpn + +rtr_dp_key=$(fetch_column Datapath tunnel_key external_ids:name=lr) +rtr_port_key=$(fetch_column Port_Binding tunnel_key logical_port=lr-ls-evpn) + +# Simulate remote workload ARPs (type-2 MAC+IP EVPN route). +# ovn-controller needs to add OF rules for ARP lookup but no rules for +# MAC_CACHE use. These entries do not age out automatically, their lifetime +# is controlled by the BGP-EVPN control plane. +check ip neigh add dev br-10 172.16.1.50 lladdr f0:00:0f:16:10:50 nud noarp extern_learn +check ip neigh add dev br-10 172.16.1.60 lladdr f0:00:0f:16:10:60 nud noarp extern_learn +check ip neigh add dev br-10 172.16.1.70 lladdr f0:00:0f:16:10:70 nud noarp extern_learn + +check ip -6 neigh add dev br-10 172:16::50 lladdr f0:00:0f:16:10:50 nud noarp extern_learn +check ip -6 neigh add dev br-10 172:16::60 lladdr f0:00:0f:16:10:60 nud noarp extern_learn +check ip -6 neigh add dev br-10 172:16::70 lladdr f0:00:0f:16:10:70 nud noarp extern_learn + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/vtep-arp-list | cut -d',' -f2- | sort], [0], [dnl + VNI: 10, MAC: f0:00:0f:16:10:50, IP: 172.16.1.50, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:50, IP: 172:16::50, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:60, IP: 172.16.1.60, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:60, IP: 172:16::60, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:70, IP: 172.16.1.70, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:70, IP: 172:16::70, dp_key: $dp_key +]) + +AS_BOX([Check dynamic-routing-arp-prefer-local=true]) +check ovn-nbctl --wait=hv set Logical_Switch ls-evpn other_config:dynamic-routing-arp-prefer-local=true + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,reg0=0xac10010a,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:01:10,load:0x1->NXM_NX_REG10[[6]] +priority=20,reg0=0xac100132,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:50,load:0x1->NXM_NX_REG10[[6]] +priority=20,reg0=0xac10013c,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:60,load:0x1->NXM_NX_REG10[[6]] +priority=20,reg0=0xac100146,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:70,load:0x1->NXM_NX_REG10[[6]] +priority=20,reg4=0x1720016,reg5=0,reg6=0,reg7=0x50,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:50,load:0x1->NXM_NX_REG10[[6]] +priority=20,reg4=0x1720016,reg5=0,reg6=0,reg7=0x60,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:60,load:0x1->NXM_NX_REG10[[6]] +priority=20,reg4=0x1720016,reg5=0,reg6=0,reg7=0x70,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:70,load:0x1->NXM_NX_REG10[[6]] +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,arp,reg0=0xac10010a,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10 actions=load:0x1->NXM_NX_REG10[[6]] +priority=20,arp,reg0=0xac100132,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:50 actions=load:0x1->NXM_NX_REG10[[6]] +priority=20,arp,reg0=0xac10013c,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:60 actions=load:0x1->NXM_NX_REG10[[6]] +priority=20,arp,reg0=0xac100146,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:70 actions=load:0x1->NXM_NX_REG10[[6]] +priority=20,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x50,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:50,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +priority=20,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x60,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:60,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +priority=20,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x70,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:70,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,arp,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10,arp_spa=172.16.1.10,arp_op=2 actions=drop +priority=100,ip,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10,nw_src=172.16.1.10 actions=drop +]) + +AS_BOX([Check dynamic-routing-arp-prefer-local=false]) +check ovn-nbctl --wait=hv set Logical_Switch ls-evpn other_config:dynamic-routing-arp-prefer-local=false + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,reg0=0xac10010a,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:01:10,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg0=0xac100132,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:50,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg0=0xac10013c,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:60,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg0=0xac100146,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:70,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg4=0x1720016,reg5=0,reg6=0,reg7=0x50,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:50,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg4=0x1720016,reg5=0,reg6=0,reg7=0x60,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:60,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg4=0x1720016,reg5=0,reg6=0,reg7=0x70,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:70,load:0x1->NXM_NX_REG10[[6]] +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,arp,reg0=0xac10010a,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,arp,reg0=0xac100132,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:50 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,arp,reg0=0xac10013c,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:60 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,arp,reg0=0xac100146,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:70 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x50,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:50,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x60,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:60,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x70,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:70,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,arp,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10,arp_spa=172.16.1.10,arp_op=2 actions=drop +priority=100,ip,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10,nw_src=172.16.1.10 actions=drop +]) + +# Check that the recompute won't change the UUIDs and flows. +ovn-appctl evpn/vtep-arp-list > arp_before + +check ovn-appctl inc-engine/recompute +check ovn-nbctl --wait=hv sync + +ovn-appctl evpn/vtep-arp-list > arp_after + +check diff -q arp_before arp_after + +# Remove remote workload ARP entries and check ovn-controller's state. +check ip neigh del dev br-10 172.16.1.50 +check ip neigh del dev br-10 172.16.1.60 +check ip neigh del dev br-10 172.16.1.70 + +check ip -6 neigh del dev br-10 172:16::50 +check ip -6 neigh del dev br-10 172:16::60 +check ip -6 neigh del dev br-10 172:16::70 + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/vtep-arp-list | cut -d',' -f2- | sort], [0], [dnl +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,reg0=0xac10010a,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:01:10,load:0x1->NXM_NX_REG10[[6]] +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,arp,reg0=0xac10010a,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10 actions=load:0x1->NXM_NX_REG10[[6]] +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_CACHE_USE | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,arp,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10,arp_spa=172.16.1.10,arp_op=2 actions=drop +priority=100,ip,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10,nw_src=172.16.1.10 actions=drop +]) + +# Re-add the remote workload ARPs, remove the router, check that flows are +# removed (vtep-arp-list should still list the ARPs as they're learned on +# the logical switch that still exists). +check ip neigh add dev br-10 172.16.1.50 lladdr f0:00:0f:16:10:50 nud noarp extern_learn +check ip neigh add dev br-10 172.16.1.60 lladdr f0:00:0f:16:10:60 nud noarp extern_learn +check ip neigh add dev br-10 172.16.1.70 lladdr f0:00:0f:16:10:70 nud noarp extern_learn + +check ip -6 neigh add dev br-10 172:16::50 lladdr f0:00:0f:16:10:50 nud noarp extern_learn +check ip -6 neigh add dev br-10 172:16::60 lladdr f0:00:0f:16:10:60 nud noarp extern_learn +check ip -6 neigh add dev br-10 172:16::70 lladdr f0:00:0f:16:10:70 nud noarp extern_learn + +OVS_WAIT_FOR_OUTPUT_UNQUOTED([ovn-appctl evpn/vtep-arp-list | cut -d',' -f2- | sort], [0], [dnl + VNI: 10, MAC: f0:00:0f:16:10:50, IP: 172.16.1.50, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:50, IP: 172:16::50, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:60, IP: 172.16.1.60, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:60, IP: 172:16::60, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:70, IP: 172.16.1.70, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:70, IP: 172:16::70, dp_key: $dp_key +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,reg0=0xac10010a,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:01:10,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg0=0xac100132,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:50,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg0=0xac10013c,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:60,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg0=0xac100146,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:70,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg4=0x1720016,reg5=0,reg6=0,reg7=0x50,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:50,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg4=0x1720016,reg5=0,reg6=0,reg7=0x60,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:60,load:0x1->NXM_NX_REG10[[6]] +priority=200,reg4=0x1720016,reg5=0,reg6=0,reg7=0x70,reg15=0x$rtr_port_key,metadata=0x$rtr_dp_key actions=mod_dl_dst:f0:00:0f:16:10:70,load:0x1->NXM_NX_REG10[[6]] +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +priority=100,arp,reg0=0xac10010a,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:01:10 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,arp,reg0=0xac100132,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:50 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,arp,reg0=0xac10013c,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:60 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,arp,reg0=0xac100146,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:70 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x50,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:50,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x60,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:60,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +priority=200,icmp6,reg0=0x1720016,reg1=0,reg2=0,reg3=0x70,reg14=0x$rtr_port_key,metadata=0x$rtr_dp_key,dl_src=f0:00:0f:16:10:70,icmp_code=0 actions=load:0x1->NXM_NX_REG10[[6]] +]) + +check ovn-nbctl --wait=hv lr-del lr +AT_CHECK_UNQUOTED([ovn-appctl evpn/vtep-arp-list | cut -d',' -f2- | sort], [0], [dnl + VNI: 10, MAC: f0:00:0f:16:10:50, IP: 172.16.1.50, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:50, IP: 172:16::50, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:60, IP: 172.16.1.60, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:60, IP: 172:16::60, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:70, IP: 172.16.1.70, dp_key: $dp_key + VNI: 10, MAC: f0:00:0f:16:10:70, IP: 172:16::70, dp_key: $dp_key +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_BINDING | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +]) + +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_MAC_LOOKUP | grep priority | \ + awk '{print $7, $8}' | sort], [0], [dnl +]) + +AS_BOX([L2 EVPN ARP advertising]) +# Add a router connected to the EVPN logical switch. +check ovn-nbctl --wait=hv \ + -- lr-add lr \ + -- set Logical_Router lr options:chassis=hv1 \ + -- lrp-add lr lr-ls-evpn f0:00:0f:16:01:01 172.16.1.1/24 172:16::1/64 + +ls_evpn_uuid=$(fetch_column Datapath_Binding _uuid external_ids:name=ls-evpn) +check ovn-nbctl --wait=hv set logical_switch ls-evpn other_config:dynamic-routing-redistribute=fdb,ip +check_row_count Advertised_MAC_Binding 1 ip='172.16.1.10' mac='f0\:00\:0f\:16\:01\:10' datapath=$ls_evpn_uuid +check_row_count Advertised_MAC_Binding 1 ip='172.16.1.1' mac='f0\:00\:0f\:16\:01\:01' datapath=$ls_evpn_uuid +check_row_count Advertised_MAC_Binding 1 ip='172\:16\:\:10' mac='f0\:00\:0f\:16\:01\:10' datapath=$ls_evpn_uuid +check_row_count Advertised_MAC_Binding 1 ip='172\:16\:\:1' mac='f0\:00\:0f\:16\:01\:01' datapath=$ls_evpn_uuid +check_row_count Advertised_MAC_Binding 4 + +AT_CHECK([ip neigh show dev br-10 nud noarp | grep -q '172.16.1.10 lladdr f0:00:0f:16:01:10 NOARP']) +AT_CHECK([ip neigh show dev br-10 nud noarp | grep -q '172.16.1.1 lladdr f0:00:0f:16:01:01 NOARP']) +AT_CHECK([ip -6 neigh show dev br-10 nud noarp | grep -q '172:16::10 lladdr f0:00:0f:16:01:10 NOARP']) +AT_CHECK([ip -6 neigh show dev br-10 nud noarp | grep -q '172:16::1 lladdr f0:00:0f:16:01:01 NOARP']) + +OVS_WAIT_FOR_OUTPUT([bridge fdb show | grep "lo-10" | grep "f0:00:0f:16:01" | sort], [0], [dnl +f0:00:0f:16:01:01 dev lo-10 master br-10 static +f0:00:0f:16:01:01 dev lo-10 vlan 1 master br-10 static +f0:00:0f:16:01:10 dev lo-10 master br-10 static +f0:00:0f:16:01:10 dev lo-10 vlan 1 master br-10 static +]) + +check ovn-nbctl --wait=hv lsp-add ls-evpn workload2 \ + -- lsp-set-addresses workload2 "f0:00:0f:16:01:20 172.16.1.20 172:16::20" + +check_row_count Advertised_MAC_Binding 1 ip='172.16.1.20' mac='f0\:00\:0f\:16\:01\:20' datapath=$ls_evpn_uuid +AT_CHECK([ip neigh show dev br-10 nud noarp | grep -q '172.16.1.20 lladdr f0:00:0f:16:01:20 NOARP']) + +check_row_count Advertised_MAC_Binding 1 ip='172\:16\:\:20' mac='f0\:00\:0f\:16\:01\:20' datapath=$ls_evpn_uuid +AT_CHECK([ip -6 neigh show dev br-10 nud noarp | grep -q '172:16::20 lladdr f0:00:0f:16:01:20 NOARP']) + +check ovn-nbctl --wait=hv lsp-del workload2 +AT_CHECK([ip neigh show dev br-10 nud noarp | grep -q '172.16.1.20 lladdr f0:00:0f:16:01:20 NOARP'], [1]) +AT_CHECK([ip -6 neigh show dev br-10 nud noarp | grep -q '172:16::20 lladdr f0:00:0f:16:01:20 NOARP'], [1]) + +check ovn-nbctl --wait=hv lsp-del workload1 +check_row_count Advertised_MAC_Binding 2 +AT_CHECK([ip neigh show dev br-10 nud noarp | grep -q '172.16.1.10 lladdr f0:00:0f:16:01:10 NOARP'], [1]) +AT_CHECK([ip -6 neigh show dev br-10 nud noarp | grep -q '172:16::10 lladdr f0:00:0f:16:01:10 NOARP'], [1]) + +check ovn-nbctl --wait=hv lrp-del lr-ls-evpn +check_row_count Advertised_MAC_Binding 0 +AT_CHECK([ip neigh show dev br-10 nud noarp | grep -q '172.16.1.1 lladdr f0:00:0f:16:01:01 NOARP'], [1]) +AT_CHECK([ip -6 neigh show dev br-10 nud noarp | grep -q '172:16::1 lladdr f0:00:0f:16:01:01 NOARP'], [1]) + +check ovn-nbctl --wait=hv ls-del ls-evpn +check ovn-nbctl --wait=hv lr-del lr + +OVN_CLEANUP_CONTROLLER([hv1]) + +OVN_CLEANUP_NORTHD + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d +/Failed to acquire.*/d +/connection dropped.*/d"]) +AT_CLEANUP +]) + OVN_FOR_EACH_NORTHD([ AT_SETUP([Router reroute policies - output port]) AT_SKIP_IF([test $HAVE_NC = no]) -- 2.52.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
