Re: [ovs-dev] [External] : Re: [PATCH ovn] northd: Skip arp-proxy flows if the lsp is a router port.
On 07/06/2024 14:20, Dumitru Ceara wrote:
On 6/7/24 12:24, brendan.do...@oracle.com wrote:
On 06/06/2024 17:34, Dumitru Ceara wrote:
On 6/5/24 16:52, Brendan Doyle via dev wrote:
So I'm wondering will this break the LSP option:
*o**p**t**i**o**n**s* *:* *a**r**p**_**p**r**o**x**y*:
optional string
Optional. A list of MAC and addresses/cidrs or
just ad‐
dresses/cidrs that this logical
switch*r**o**u**t**e**r* port will reply to
ARP/NDP requests.
Examples:*1**6**9**.**2**5**4**.**2**3**9**.**2**5**4*
*1**6**9**.**2**5**4**.**2**3**9**.**2*,
*0**a**:**5**8**:**a**9**:**f**e**:**0**1**:**0**1*
*1**6**9**.**2**5**4**.**2**3**9**.**2**5**4*
*1**6**9**.**2**5**4**.**2**3**9**.**2*
*1**6**9**.**2**5**4**.**2**3**8**.**0**/**2**4*,*f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**1* *f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**2*,
*0**a**:**5**8**:**a**9**:**f**e**:**0**1**:**0**1*
*f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**0**/**6**4*.
The*o**p**t**i**o**n**s**:**r**o**u**t**e**r**-*
*p**o**r**t*’s logical router should have a route
to forward packets
sent to configured proxy ARP MAC/IPs to an appropriate
destina‐
tion.
Hi Brendan,
I'm not sure I understand what breaks. Do you have a specific scenario
in mind? The patch is for the arp-proxy feature. I doubt that people
rely on ARP requests originated by logical routers being handled by the
arp proxy on the connected logical switch port. But I might be wrong.
Thanks,
Dumitru
The arp_proxy option allows an lsp prot connected to an LR to respond
to ARP requests sent from say a VM connected to the same LS.
Right, we have a test for that:
https://urldefense.com/v3/__https://github.com/ovn-org/ovn/blob/main/tests/system-ovn.at*L10721-L10869__;Iw!!ACWV5N9M2RV99hQ!K8qbDDzmm6Fz7yPm3lubG0kMbM_MmKQPqAW5ewepc1iqUAdif248P613_b0CNhmCXnEozbrwpIVCStm3Jg$
And the patch doesn't change it, it just expands it. Or am I missing
something?
No, I think we are good then just checking.
Regards,
Dumitru
On 05/06/2024 13:03, Enrique Llorente Pastora wrote:
On Wed, Jun 5, 2024 at 12:12 PM Lorenzo Bianconi <
lorenzo.bianc...@redhat.com> wrote:
On 5/14/24 18:44, Lorenzo Bianconi wrote:
Skip proxy-arp logical flows for traffic that is entering the
logical
switch pipeline from a lsp of type router. This patch will avoid
recirculating back the traffic entering by the logical router
pipeline if proxy-arp hasn been configured by the CMS.
Reported-at:https://urldefense.com/v3/__https://issues.redhat.com/browse/FDP-96__;!!ACWV5N9M2RV99hQ!LZCOnrD03VQXa0QBfUgAD0IntqpkCU4P2Mz0jhlfAcJ0Joe1ehsAIloa28JszFGBjchui8U4OL2MfnKJQEhn$
Signed-off-by: Lorenzo Bianconi
---
Hi Lorenzo,
This change looks OK but I'd like to double check that it doesn't
break
CNV/ovn-kubernetes use cases.
Hi Enrique,
Would you mind double checking that on one of your setups?
If I'm not wrong our upstream ovn-kubernetes (in ovn-org/ovn) tests
don't enable anything CNV specific:
https://urldefense.com/v3/__https://github.com/ovsrobot/ovn/actions/runs/9083258143__;!!ACWV5N9M2RV99hQ!LZCOnrD03VQXa0QBfUgAD0IntqpkCU4P2Mz0jhlfAcJ0Joe1ehsAIloa28JszFGBjchui8U4OL2MflAqga4Q$
Thanks,
Dumitru
Hi Dumitru,
Thx, for the review. That's a good idea :)
Live migration tests look fine with this change, both IC and non IC,
let's
also activate the
kubevirt lanes so we gate with them too.
Tested-by:
Regards,
Lorenzo
northd/northd.c | 15 +--
tests/ovn.at | 8
tests/system-ovn.at | 22 +-
3 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index 0cabda7ea..29dc58ef4 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -118,6 +118,7 @@ static bool default_acl_drop;
#define REGBIT_PORT_SEC_DROP "reg0[15]"
#define REGBIT_ACL_STATELESS "reg0[16]"
#define REGBIT_ACL_HINT_ALLOW_REL "reg0[17]"
+#define REGBIT_FROM_ROUTER_PORT "reg0[18]"
#define REG_ORIG_DIP_IPV4 "reg1"
#define REG_ORIG_DIP_IPV6 "xxreg1"
@@ -5785,6 +5786,13 @@ build_lswitch_port_sec_op(struct ovn_port
*op,
struct lflow_table *lflows,
&op->od->localnet_ports[0]->nbsp->header_,
op->lflow_ref);
}
+ } else if (lsp_is_router(op->nbsp)) {
+ ds_put_format(actions, REGBIT_FROM_ROUTER_PORT" = 1;
next;");
+ ovn_lflow_add_with_lport_and_hint(lflows, op->od,
+
S_SWITCH_IN_CHECK_PORT_SEC,
70,
+ ds_cstr(match),
ds_cstr(actions),
+ op->key,
&op->nbsp->header_,
Re: [ovs-dev] [External] : Re: [PATCH ovn] northd: Skip arp-proxy flows if the lsp is a router port.
On 06/06/2024 17:34, Dumitru Ceara wrote:
On 6/5/24 16:52, Brendan Doyle via dev wrote:
So I'm wondering will this break the LSP option:
*o**p**t**i**o**n**s* *:* *a**r**p**_**p**r**o**x**y*:
optional string
Optional. A list of MAC and addresses/cidrs or
just ad‐
dresses/cidrs that this logical
switch*r**o**u**t**e**r* port will reply to
ARP/NDP requests.
Examples:*1**6**9**.**2**5**4**.**2**3**9**.**2**5**4*
*1**6**9**.**2**5**4**.**2**3**9**.**2*,
*0**a**:**5**8**:**a**9**:**f**e**:**0**1**:**0**1*
*1**6**9**.**2**5**4**.**2**3**9**.**2**5**4*
*1**6**9**.**2**5**4**.**2**3**9**.**2*
*1**6**9**.**2**5**4**.**2**3**8**.**0**/**2**4*,*f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**1* *f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**2*,
*0**a**:**5**8**:**a**9**:**f**e**:**0**1**:**0**1*
*f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**0**/**6**4*.
The*o**p**t**i**o**n**s**:**r**o**u**t**e**r**-*
*p**o**r**t*’s logical router should have a route
to forward packets
sent to configured proxy ARP MAC/IPs to an appropriate
destina‐
tion.
Hi Brendan,
I'm not sure I understand what breaks. Do you have a specific scenario
in mind? The patch is for the arp-proxy feature. I doubt that people
rely on ARP requests originated by logical routers being handled by the
arp proxy on the connected logical switch port. But I might be wrong.
Thanks,
Dumitru
The arp_proxy option allows an lsp prot connected to an LR to respond
to ARP requests sent from say a VM connected to the same LS.
On 05/06/2024 13:03, Enrique Llorente Pastora wrote:
On Wed, Jun 5, 2024 at 12:12 PM Lorenzo Bianconi <
lorenzo.bianc...@redhat.com> wrote:
On 5/14/24 18:44, Lorenzo Bianconi wrote:
Skip proxy-arp logical flows for traffic that is entering the logical
switch pipeline from a lsp of type router. This patch will avoid
recirculating back the traffic entering by the logical router
pipeline if proxy-arp hasn been configured by the CMS.
Reported-at:https://urldefense.com/v3/__https://issues.redhat.com/browse/FDP-96__;!!ACWV5N9M2RV99hQ!LZCOnrD03VQXa0QBfUgAD0IntqpkCU4P2Mz0jhlfAcJ0Joe1ehsAIloa28JszFGBjchui8U4OL2MfnKJQEhn$
Signed-off-by: Lorenzo Bianconi
---
Hi Lorenzo,
This change looks OK but I'd like to double check that it doesn't break
CNV/ovn-kubernetes use cases.
Hi Enrique,
Would you mind double checking that on one of your setups?
If I'm not wrong our upstream ovn-kubernetes (in ovn-org/ovn) tests
don't enable anything CNV specific:
https://urldefense.com/v3/__https://github.com/ovsrobot/ovn/actions/runs/9083258143__;!!ACWV5N9M2RV99hQ!LZCOnrD03VQXa0QBfUgAD0IntqpkCU4P2Mz0jhlfAcJ0Joe1ehsAIloa28JszFGBjchui8U4OL2MflAqga4Q$
Thanks,
Dumitru
Hi Dumitru,
Thx, for the review. That's a good idea :)
Live migration tests look fine with this change, both IC and non IC,
let's
also activate the
kubevirt lanes so we gate with them too.
Tested-by:
Regards,
Lorenzo
northd/northd.c | 15 +--
tests/ovn.at | 8
tests/system-ovn.at | 22 +-
3 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index 0cabda7ea..29dc58ef4 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -118,6 +118,7 @@ static bool default_acl_drop;
#define REGBIT_PORT_SEC_DROP "reg0[15]"
#define REGBIT_ACL_STATELESS "reg0[16]"
#define REGBIT_ACL_HINT_ALLOW_REL "reg0[17]"
+#define REGBIT_FROM_ROUTER_PORT "reg0[18]"
#define REG_ORIG_DIP_IPV4 "reg1"
#define REG_ORIG_DIP_IPV6 "xxreg1"
@@ -5785,6 +5786,13 @@ build_lswitch_port_sec_op(struct ovn_port *op,
struct lflow_table *lflows,
&op->od->localnet_ports[0]->nbsp->header_,
op->lflow_ref);
}
+ } else if (lsp_is_router(op->nbsp)) {
+ ds_put_format(actions, REGBIT_FROM_ROUTER_PORT" = 1; next;");
+ ovn_lflow_add_with_lport_and_hint(lflows, op->od,
+ S_SWITCH_IN_CHECK_PORT_SEC,
70,
+ ds_cstr(match),
ds_cstr(actions),
+ op->key,
&op->nbsp->header_,
+ op->lflow_ref);
}
}
@@ -9051,7 +9059,9 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
if (op->proxy_arp_addrs.n_ipv4_addrs) {
/* Match rule on all proxy ARP IPs. */
ds_clear(match);
- ds_put_cstr(match, "arp.op == 1 && arp.tpa == {");
+ ds_put_cstr(match,
+ REGBIT_FROM_ROUTER_
Re: [ovs-dev] [External] : Re: [PATCH ovn] northd: Skip arp-proxy flows if the lsp is a router port.
So I'm wondering will this break the LSP option:
*o**p**t**i**o**n**s* *:* *a**r**p**_**p**r**o**x**y*: optional string
Optional. A list of MAC and addresses/cidrs or just ad‐
dresses/cidrs that this logical switch*r**o**u**t**e**r* port
will reply to
ARP/NDP requests.
Examples:*1**6**9**.**2**5**4**.**2**3**9**.**2**5**4*
*1**6**9**.**2**5**4**.**2**3**9**.**2*,
*0**a**:**5**8**:**a**9**:**f**e**:**0**1**:**0**1*
*1**6**9**.**2**5**4**.**2**3**9**.**2**5**4*
*1**6**9**.**2**5**4**.**2**3**9**.**2*
*1**6**9**.**2**5**4**.**2**3**8**.**0**/**2**4*,*f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**1*
*f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**2*,
*0**a**:**5**8**:**a**9**:**f**e**:**0**1**:**0**1*
*f**d**7**b**:**6**b**4**d**:**7**b**2**5**:**d**2**2**f**:**:**0**/**6**4*.
The*o**p**t**i**o**n**s**:**r**o**u**t**e**r**-*
*p**o**r**t*’s logical router should have a route to forward
packets
sent to configured proxy ARP MAC/IPs to an appropriate destina‐
tion.
On 05/06/2024 13:03, Enrique Llorente Pastora wrote:
On Wed, Jun 5, 2024 at 12:12 PM Lorenzo Bianconi <
lorenzo.bianc...@redhat.com> wrote:
On 5/14/24 18:44, Lorenzo Bianconi wrote:
Skip proxy-arp logical flows for traffic that is entering the logical
switch pipeline from a lsp of type router. This patch will avoid
recirculating back the traffic entering by the logical router
pipeline if proxy-arp hasn been configured by the CMS.
Reported-at:https://urldefense.com/v3/__https://issues.redhat.com/browse/FDP-96__;!!ACWV5N9M2RV99hQ!LZCOnrD03VQXa0QBfUgAD0IntqpkCU4P2Mz0jhlfAcJ0Joe1ehsAIloa28JszFGBjchui8U4OL2MfnKJQEhn$
Signed-off-by: Lorenzo Bianconi
---
Hi Lorenzo,
This change looks OK but I'd like to double check that it doesn't break
CNV/ovn-kubernetes use cases.
Hi Enrique,
Would you mind double checking that on one of your setups?
If I'm not wrong our upstream ovn-kubernetes (in ovn-org/ovn) tests
don't enable anything CNV specific:
https://urldefense.com/v3/__https://github.com/ovsrobot/ovn/actions/runs/9083258143__;!!ACWV5N9M2RV99hQ!LZCOnrD03VQXa0QBfUgAD0IntqpkCU4P2Mz0jhlfAcJ0Joe1ehsAIloa28JszFGBjchui8U4OL2MflAqga4Q$
Thanks,
Dumitru
Hi Dumitru,
Thx, for the review. That's a good idea :)
Live migration tests look fine with this change, both IC and non IC, let's
also activate the
kubevirt lanes so we gate with them too.
Tested-by:
Regards,
Lorenzo
northd/northd.c | 15 +--
tests/ovn.at| 8
tests/system-ovn.at | 22 +-
3 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index 0cabda7ea..29dc58ef4 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -118,6 +118,7 @@ static bool default_acl_drop;
#define REGBIT_PORT_SEC_DROP "reg0[15]"
#define REGBIT_ACL_STATELESS "reg0[16]"
#define REGBIT_ACL_HINT_ALLOW_REL "reg0[17]"
+#define REGBIT_FROM_ROUTER_PORT "reg0[18]"
#define REG_ORIG_DIP_IPV4 "reg1"
#define REG_ORIG_DIP_IPV6 "xxreg1"
@@ -5785,6 +5786,13 @@ build_lswitch_port_sec_op(struct ovn_port *op,
struct lflow_table *lflows,
&op->od->localnet_ports[0]->nbsp->header_,
op->lflow_ref);
}
+} else if (lsp_is_router(op->nbsp)) {
+ds_put_format(actions, REGBIT_FROM_ROUTER_PORT" = 1; next;");
+ovn_lflow_add_with_lport_and_hint(lflows, op->od,
+ S_SWITCH_IN_CHECK_PORT_SEC,
70,
+ ds_cstr(match),
ds_cstr(actions),
+ op->key, &op->nbsp->header_,
+ op->lflow_ref);
}
}
@@ -9051,7 +9059,9 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
if (op->proxy_arp_addrs.n_ipv4_addrs) {
/* Match rule on all proxy ARP IPs. */
ds_clear(match);
-ds_put_cstr(match, "arp.op == 1 && arp.tpa == {");
+ds_put_cstr(match,
+REGBIT_FROM_ROUTER_PORT" == 0 "
+"&& arp.op == 1 && arp.tpa == {");
for (i = 0; i < op->proxy_arp_addrs.n_ipv4_addrs; i++) {
ds_put_format(match, "%s/%u,",
@@ -9105,7 +9115,8 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
ds_truncate(&nd_target_match, nd_target_match.length - 2);
ds_clear(match);
ds_put_format(match,
- "nd_ns "
+ REGBIT_FROM_ROUTER_PORT" == 0 "
+ "&& nd_ns "
"&& ip6.dst == { %s } "
"&& nd.target == { %s }",
ds_cstr(&ip6_dst_match),
d
Re: [ovs-dev] [External] : OVS+OVN Fall Conference 2023 - Day 2 information
Hi, I missed this, where can I access the recordings? On 06/12/2023 17:36, Aaron Conole wrote: Greetings, We had an open bridge today during the call that got flooded with spam bots for a few minutes, and we had to lock the meeting down. As such, we won't broadly publish the meeting link. If you have already filled in the google form for registration, you will have already been sent the meeting link. If you'd like to join, please fill out the form that you can access from https://urldefense.com/v3/__http://ovscon.site__;!!ACWV5N9M2RV99hQ!I6A93V0MUG7nbSaKwHW6DLY2Uqn6A0kQCfn71b7f11yhpnCA6E-_rUFXw5jouqeIrF4wckaOc8bzc62dAdM$ to get "registered." As a reminder, the conference is free this year. Thanks, -Aaron ___ dev mailing list d...@openvswitch.org https://urldefense.com/v3/__https://mail.openvswitch.org/mailman/listinfo/ovs-dev__;!!ACWV5N9M2RV99hQ!I6A93V0MUG7nbSaKwHW6DLY2Uqn6A0kQCfn71b7f11yhpnCA6E-_rUFXw5jouqeIrF4wckaOc8bzAk2d45c$ ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [External] : Re: " Add support for DHCP Option 12 (Hostname)"
OK thanks, It was going to be a relatively easy backport if we need to do it. But great that it is already done. On 25/10/2021 15:04, Numan Siddique wrote: On Fri, Oct 22, 2021 at 9:23 AM Brendan Doyle wrote: Just wondering was this patch backported, if so could someone provide a pointer I see the commit [1] in the main branch and branch-21.09. https://urldefense.com/v3/__https://github.com/ovn-org/ovn/commit/0e4d0f1fbf70ddfc347781129451fb61097d559e__;!!ACWV5N9M2RV99hQ!amElLcjYZZwvrE3Arm25gxq2Fqhed7WSKhfXoSinx8dyZlQLuBjBT9G1mR7HHfDVqzk$ Thanks Numan Thanks ___ dev mailing list d...@openvswitch.org https://urldefense.com/v3/__https://mail.openvswitch.org/mailman/listinfo/ovs-dev__;!!ACWV5N9M2RV99hQ!amElLcjYZZwvrE3Arm25gxq2Fqhed7WSKhfXoSinx8dyZlQLuBjBT9G1mR7He6P7wbM$ ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] " Add support for DHCP Option 12 (Hostname)"
Just wondering was this patch backported, if so could someone provide a pointer Thanks ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [External] : [PATCH ovn] northd-ddlog: Add proxy arp flows for configured addresses in lsp router port.
Thanks for doing the ddlog for this, comment below
On 29/06/2021 17:08, num...@ovn.org wrote:
From: Numan Siddique
The commit [1] didn't add the ddlog part.
[1] - 8087cbc7462("ovn-northd.c: Add proxy ARP support to OVN")
Signed-off-by: Numan Siddique
---
northd/ovn.dl| 1 +
northd/ovn.rs| 13 +
northd/ovn_northd.dl | 38 ++
tests/ovn.at | 4 ++--
4 files changed, 54 insertions(+), 2 deletions(-)
diff --git a/northd/ovn.dl b/northd/ovn.dl
index f23ea3b9e1..3c7a734ddb 100644
--- a/northd/ovn.dl
+++ b/northd/ovn.dl
@@ -364,6 +364,7 @@ extern function is_dynamic_lsp_address(addr: string): bool
extern function extract_lsp_addresses(address: string):
Option
extern function extract_addresses(address: string): Option
extern function extract_lrp_networks(mac: string, networks: Set):
Option
+extern function extract_ip_addresses(address: string): Option
extern function split_addresses(addr: string): (Set, Set)
diff --git a/northd/ovn.rs b/northd/ovn.rs
index d44f83bc75..5f0939409c 100644
--- a/northd/ovn.rs
+++ b/northd/ovn.rs
@@ -184,6 +184,18 @@ pub fn extract_lrp_networks(mac: &String, networks:
&ddlog_std::Set) ->
}
}
+pub fn extract_ip_addresses(address: &String) -> ddlog_std::Option {
+unsafe {
+let mut laddrs: lport_addresses_c = Default::default();
+if ovn_c::extract_ip_addresses(string2cstr(address).as_ptr(),
+ &mut laddrs as *mut lport_addresses_c) {
+ddlog_std::Option::Some{x: laddrs.into_ddlog()}
+} else {
+ddlog_std::Option::None
+}
+}
+}
+
pub fn ovn_internal_version() -> String {
unsafe {
let s = ovn_c::ovn_get_internal_version();
@@ -623,6 +635,7 @@ mod ovn_c {
pub fn extract_addresses(address: *const raw::c_char, laddrs: *mut
lport_addresses_c, ofs: *mut raw::c_int) -> bool;
pub fn extract_lrp_networks__(mac: *const raw::c_char, networks:
*const *const raw::c_char,
n_networks: libc::size_t, laddrs: *mut
lport_addresses_c) -> bool;
+pub fn extract_ip_addresses(address: *const raw::c_char, laddrs: *mut
lport_addresses_c) -> bool;
pub fn destroy_lport_addresses(addrs: *mut lport_addresses_c);
pub fn is_dynamic_lsp_address(address: *const raw::c_char) -> bool;
pub fn split_addresses(addresses: *const raw::c_char, ip4_addrs: *mut
ovs_svec, ipv6_addrs: *mut ovs_svec);
diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl
index 52a6206a18..a7a327c7f0 100644
--- a/northd/ovn_northd.dl
+++ b/northd/ovn_northd.dl
@@ -3360,6 +3360,44 @@ for (CheckLspIsUp[check_lsp_is_up]) {
}
}
+Flow(.logical_datapath = sw._uuid,
+ .stage= s_SWITCH_IN_ARP_ND_RSP(),
+ .priority = 50,
+ .__match = __match,
+ .actions = __actions,
+ .external_ids = stage_hint(sp.lsp._uuid)) :-
+
+sp in &SwitchPort(.sw = sw, .peer = Some{rp}),
+rp.is_enabled(),
+var proxy_ips = {
+match (sp.lsp.options.get("arp_proxy")) {
+None -> "",
+Some {addresses} -> {
+match (extract_ip_addresses(addresses)) {
+None -> "",
+Some{addr} -> {
+var ip4_addrs = vec_empty();
+for (ip4 in addr.ipv4_addrs) {
+ip4_addrs.push("${ip4.addr}")
+};
+string_join(ip4_addrs, ",")
+}
+}
+}
+}
+},
+proxy_ips != "",
+var __match = "arp.op == 1 && arp.tpa == {" ++ proxy_ips ++ "}",
+var __actions = "eth.dst = eth.src; "
+"eth.src = ${rp.networks.ea}; "
+"arp.op = 2; /* ARP reply */ "
+"arp.tha = arp.sha; "
+"arp.sha = %s; "
+"arp.tpa <-> arp.spa; "
+"outport = inport; "
+"flags.loopback = 1; "
+"output;".
+
/* For ND solicitations, we need to listen for both the
* unicast IPv6 address and its all-nodes multicast address,
* but always respond with the unicast IPv6 address. */
diff --git a/tests/ovn.at b/tests/ovn.at
index db1a0a35c2..31f0b90996 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26940,7 +26940,7 @@ ovs-vsctl -- add-port br-int vif1 -- \
# And proxy ARP flows for 69.254.239.254 and 169.254.239.2
# and check that SB flows have been added.
ovn-nbctl --wait=hv add Logical_Switch_Port rp-ls1 \
-options arp_proxy='"169.254.239.254 169.254.239.2"'
+options arp_proxy='"169.254.239.254,169.254.239.2"'
ovn-sbctl dump-flows > sbflows
AT_CAPTURE_FILE([sbflows])
@@ -26957,7 +26957,7 @@ AT_CHECK([ovn-sbctl dump-flows | grep ls_in_arp_rsp | grep "169.254.239.2"], [1]
# Add the
Re: [ovs-dev] [External] : Re: [PATCH ovn v5] ovn-northd.c: Add proxy ARP support to OVN
On 29/06/2021 13:24, Numan Siddique wrote:
On Tue, Jun 29, 2021 at 7:48 AM Brendan Doyle wrote:
Numan,
Did this version apply ? I'm guessing not. This was generated with git
mail. But I don't see
an entry in
https://urldefense.com/v3/__https://patchwork.ozlabs.org/project/ovn/list/__;!!ACWV5N9M2RV99hQ!crHDbcylO2xdE8lL5OBvisqTciHbBxY2Viml-p_H_HuEtd6-KXvvdib_NWgdqCHWi3M$
for it. Please let me know if this has issue, if so I'll try generate a PR.
No. This didn't apply either. Since the patch was straightforward,
I just applied
the diff manually and applied the patch to the main branch.
Great thanks.
I'm not
sure how you
generated the patch. I presume using git-format-patch.
Yes.
You can refer this if you haven't already -
https://urldefense.com/v3/__https://github.com/ovn-org/ovn/blob/master/Documentation/internals/contributing/submitting-patches.rst__;!!ACWV5N9M2RV99hQ!crHDbcylO2xdE8lL5OBvisqTciHbBxY2Viml-p_H_HuEtd6-KXvvdib_NWgdUiKKgR0$
Yes, I have, and as far as I know I followed all the instructions. Even
sent the patch via git mail to a colleague
who was able to apply the patch to his fresh clone of master.
I did a few changes in the code and in the test before applying.
Ok, I'll have a look - thanks
The commit is missing the ddlog part unfortunately. I tried to add
it, but I probably need some
help from Ben.
Sorry, just don't know anything about dlog
The added test case fails for ddlog now.
Thanks
Numan
Thanks
Brendan
On 28/06/2021 12:16, Brendan Doyle wrote:
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 48
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 160 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index fcd6167..258b5db 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6969,6 +6969,8 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
+
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7126,6 +7128,52 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+
+if (arp_proxy && op->peer) {
+struct lport_addresses proxy_arp_addrs;
+int i = 0;
+
+if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match);
+ds_put_cstr(match, "arp.op == 1 && (");
+
+for (i = 0; i < proxy_arp_addrs.n_ipv4_addrs; i++) {
+if (i > 0) {
+ds_put_cstr(match, " || ");
+}
+ds_put_format(match, "arp.tpa == %s",
+proxy_arp_addrs.ipv4_addrs[i].addr_s);
+}
+
+ds_put_cstr(match, ")");
+destroy_lport_addresses(&proxy_arp_addrs);
+
+ds_clear(actions);
+ds_put_format(actions,
+"eth.dst = eth.src; "
+"eth.src = %s; "
+"arp.op = 2; /* ARP reply */ "
+"arp.tha = arp.sha; "
+"arp.sha = %s; "
+"arp.tpa <-> arp.spa; "
+"outport = inport; "
+"flags.loopback = 1; "
+"output;",
+op->peer->lrp_networks.ea_s,
+op->peer->lrp_networks.ea_s);
+
+ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP,
+50, ds_cstr(match), ds_cstr(actions
Re: [ovs-dev] [PATCH ovn v5] ovn-northd.c: Add proxy ARP support to OVN
Numan,
Did this version apply ? I'm guessing not. This was generated with git
mail. But I don't see
an entry in https://patchwork.ozlabs.org/project/ovn/list/
for it. Please let me know if this has issue, if so I'll try generate a PR.
Thanks
Brendan
On 28/06/2021 12:16, Brendan Doyle wrote:
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 48
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 160 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index fcd6167..258b5db 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6969,6 +6969,8 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
+
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7126,6 +7128,52 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+
+if (arp_proxy && op->peer) {
+struct lport_addresses proxy_arp_addrs;
+int i = 0;
+
+if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match);
+ds_put_cstr(match, "arp.op == 1 && (");
+
+for (i = 0; i < proxy_arp_addrs.n_ipv4_addrs; i++) {
+if (i > 0) {
+ds_put_cstr(match, " || ");
+}
+ds_put_format(match, "arp.tpa == %s",
+proxy_arp_addrs.ipv4_addrs[i].addr_s);
+}
+
+ds_put_cstr(match, ")");
+destroy_lport_addresses(&proxy_arp_addrs);
+
+ds_clear(actions);
+ds_put_format(actions,
+"eth.dst = eth.src; "
+"eth.src = %s; "
+"arp.op = 2; /* ARP reply */ "
+"arp.tha = arp.sha; "
+"arp.sha = %s; "
+"arp.tpa <-> arp.spa; "
+"outport = inport; "
+"flags.loopback = 1; "
+"output;",
+op->peer->lrp_networks.ea_s,
+op->peer->lrp_networks.ea_s);
+
+ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP,
+50, ds_cstr(match), ds_cstr(actions), &op->nbsp->header_);
+}
+}
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 406bc85..077a2d8 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A list IPv4 addresses that this
+ logical switch router port will reply to ARP requests.
+ Example: 169.254.239.254 169.254.239.2. The
+ 's logical router should
+ have a route to forward packets sent to configured proxy ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 5926350..1e0065d 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26899,3 +26899,106 @@ AT_CHECK([ovs-ofctl dump-flows br-int
"nw_src=10.0.0.0/24" | \
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
+ovn-nbctl lsp-ad
Re: [ovs-dev] [External] : [PATCH ovn v3] ovn-northd.c: Add proxy ARP support to OVN
Hi Numan,
So just did a v5 this time using git mail, please see if you can apply
that one.
Thanks
On 27/06/2021 18:19, Numan Siddique wrote:
On Sun, Jun 27, 2021 at 8:46 AM Brendan Doyle wrote:
Hi Numan,
I did a fresh clone and recreated/resubmitted the patch [PATCH ovn v4]
ovn-northd.c: Add proxy ARP support to OVN.
v4 still doesn't apply. Maybe you can share your github private
branch with the patch ?
Thanks
Numan
I tried to create a PR, but I got an error when trying to create a
remote branch from which to
generate the PR:
git push --set-upstream origin proxy_arp:proxy_arp
Username for
'https://urldefense.com/v3/__https://github.com__;!!ACWV5N9M2RV99hQ!fE13KKbvJnF64MDyfTHbnvYXjqu8wuAVInShZvJAwXy6NPM6rcdjMhesoD8-oZGth6Y$
': BrendanDoyle1
Password for
'https://urldefense.com/v3/__https://BrendanDoyle1@github.com__;!!ACWV5N9M2RV99hQ!fE13KKbvJnF64MDyfTHbnvYXjqu8wuAVInShZvJAwXy6NPM6rcdjMhesoD8-qzJHZ_8$
':
remote: Permission to ovn-org/ovn.git denied to BrendanDoyle1.
fatal: unable to access
'https://urldefense.com/v3/__https://github.com/ovn-org/ovn/__;!!ACWV5N9M2RV99hQ!fE13KKbvJnF64MDyfTHbnvYXjqu8wuAVInShZvJAwXy6NPM6rcdjMhesoD8-k2ML9jk$
': The
requested URL returned error: 403
If the v4 does not work I'll have to wait for my goit/GitHub experts to
come in on Monday.
Brendan.
On 25/06/2021 22:22, Numan Siddique wrote:
On Thu, Jun 24, 2021 at 5:14 AM Brendan Doyle wrote:
Hi,
Just wondering how to move this along. It's been in the queue a while now.
I've made the requested changes, this is v3 of the patch.
The product I'm working on requires this feature and If I can't get it
upstream
I'll need to look at other options.
Hi Brendan,
I just can't apply your patch cleanly. The same issue I faced with
your previous version.
Normally when patch is submitted, the ovsrobot applies the patch on
top of the master
and runs the tests. It generally creates a branch with the patch series number.
In your case, the series number is 249668
(https://urldefense.com/v3/__https://patchwork.ozlabs.org/project/ovn/list/?series=249668__;!!ACWV5N9M2RV99hQ!fmNb3A9Qn2_9U4wjyZ1fVFxqrPOwLDHJ8uBbL-0zKNDDHDNqE-xORpdhqZdjs1rnJo4$
)
and the branch is here -
https://urldefense.com/v3/__https://github.com/ovsrobot/ovn/commits/series_249668__;!!ACWV5N9M2RV99hQ!fmNb3A9Qn2_9U4wjyZ1fVFxqrPOwLDHJ8uBbL-0zKNDDHDNqE-xORpdhqZdjS24tNa4$
and I don't see
your patch applied cleanly. So I'm pretty sure something is wrong
with your patch format.
Either you can resend the patch or send a github PR.
Thanks
Numan
Thanks
Brendan
On 18/06/2021 14:53, Brendan Doyle wrote:
From 634fd88b726700b30cb76203ca45f1e9c041368a Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 46 +++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 158 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..2bc6f28 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,51 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+if (arp_proxy && op->peer) {
+struct lport_addresses proxy_arp_addrs;
+int i = 0;
+
+if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match);
+
Re: [ovs-dev] [External] : [PATCH ovn v3] ovn-northd.c: Add proxy ARP support to OVN
On 27/06/2021 18:19, Numan Siddique wrote:
On Sun, Jun 27, 2021 at 8:46 AM Brendan Doyle wrote:
Hi Numan,
I did a fresh clone and recreated/resubmitted the patch [PATCH ovn v4]
ovn-northd.c: Add proxy ARP support to OVN.
v4 still doesn't apply. Maybe you can share your github private
branch with the patch ?
I can't push to origin to create a branch. I'll have to wait for some help
from my colleagues who are more familiar with GitLab
Thanks
Numan
I tried to create a PR, but I got an error when trying to create a
remote branch from which to
generate the PR:
git push --set-upstream origin proxy_arp:proxy_arp
Username for
'https://urldefense.com/v3/__https://github.com__;!!ACWV5N9M2RV99hQ!fE13KKbvJnF64MDyfTHbnvYXjqu8wuAVInShZvJAwXy6NPM6rcdjMhesoD8-oZGth6Y$
': BrendanDoyle1
Password for
'https://urldefense.com/v3/__https://BrendanDoyle1@github.com__;!!ACWV5N9M2RV99hQ!fE13KKbvJnF64MDyfTHbnvYXjqu8wuAVInShZvJAwXy6NPM6rcdjMhesoD8-qzJHZ_8$
':
remote: Permission to ovn-org/ovn.git denied to BrendanDoyle1.
fatal: unable to access
'https://urldefense.com/v3/__https://github.com/ovn-org/ovn/__;!!ACWV5N9M2RV99hQ!fE13KKbvJnF64MDyfTHbnvYXjqu8wuAVInShZvJAwXy6NPM6rcdjMhesoD8-k2ML9jk$
': The
requested URL returned error: 403
If the v4 does not work I'll have to wait for my goit/GitHub experts to
come in on Monday.
Brendan.
On 25/06/2021 22:22, Numan Siddique wrote:
On Thu, Jun 24, 2021 at 5:14 AM Brendan Doyle wrote:
Hi,
Just wondering how to move this along. It's been in the queue a while now.
I've made the requested changes, this is v3 of the patch.
The product I'm working on requires this feature and If I can't get it
upstream
I'll need to look at other options.
Hi Brendan,
I just can't apply your patch cleanly. The same issue I faced with
your previous version.
Normally when patch is submitted, the ovsrobot applies the patch on
top of the master
and runs the tests. It generally creates a branch with the patch series number.
In your case, the series number is 249668
(https://urldefense.com/v3/__https://patchwork.ozlabs.org/project/ovn/list/?series=249668__;!!ACWV5N9M2RV99hQ!fmNb3A9Qn2_9U4wjyZ1fVFxqrPOwLDHJ8uBbL-0zKNDDHDNqE-xORpdhqZdjs1rnJo4$
)
and the branch is here -
https://urldefense.com/v3/__https://github.com/ovsrobot/ovn/commits/series_249668__;!!ACWV5N9M2RV99hQ!fmNb3A9Qn2_9U4wjyZ1fVFxqrPOwLDHJ8uBbL-0zKNDDHDNqE-xORpdhqZdjS24tNa4$
and I don't see
your patch applied cleanly. So I'm pretty sure something is wrong
with your patch format.
Either you can resend the patch or send a github PR.
Thanks
Numan
Thanks
Brendan
On 18/06/2021 14:53, Brendan Doyle wrote:
From 634fd88b726700b30cb76203ca45f1e9c041368a Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 46 +++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 158 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..2bc6f28 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,51 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+if (arp_proxy && op->peer) {
+struct lport_addresses proxy_arp_addrs;
+int i = 0;
+
+if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match)
Re: [ovs-dev] [External] : [PATCH ovn v3] ovn-northd.c: Add proxy ARP support to OVN
Hi Numan,
I did a fresh clone and recreated/resubmitted the patch [PATCH ovn v4]
ovn-northd.c: Add proxy ARP support to OVN.
I tried to create a PR, but I got an error when trying to create a
remote branch from which to
generate the PR:
git push --set-upstream origin proxy_arp:proxy_arp
Username for 'https://github.com': BrendanDoyle1
Password for 'https://brendandoy...@github.com':
remote: Permission to ovn-org/ovn.git denied to BrendanDoyle1.
fatal: unable to access 'https://github.com/ovn-org/ovn/': The
requested URL returned error: 403
If the v4 does not work I'll have to wait for my goit/GitHub experts to
come in on Monday.
Brendan.
On 25/06/2021 22:22, Numan Siddique wrote:
On Thu, Jun 24, 2021 at 5:14 AM Brendan Doyle wrote:
Hi,
Just wondering how to move this along. It's been in the queue a while now.
I've made the requested changes, this is v3 of the patch.
The product I'm working on requires this feature and If I can't get it
upstream
I'll need to look at other options.
Hi Brendan,
I just can't apply your patch cleanly. The same issue I faced with
your previous version.
Normally when patch is submitted, the ovsrobot applies the patch on
top of the master
and runs the tests. It generally creates a branch with the patch series number.
In your case, the series number is 249668
(https://urldefense.com/v3/__https://patchwork.ozlabs.org/project/ovn/list/?series=249668__;!!ACWV5N9M2RV99hQ!fmNb3A9Qn2_9U4wjyZ1fVFxqrPOwLDHJ8uBbL-0zKNDDHDNqE-xORpdhqZdjs1rnJo4$
)
and the branch is here -
https://urldefense.com/v3/__https://github.com/ovsrobot/ovn/commits/series_249668__;!!ACWV5N9M2RV99hQ!fmNb3A9Qn2_9U4wjyZ1fVFxqrPOwLDHJ8uBbL-0zKNDDHDNqE-xORpdhqZdjS24tNa4$
and I don't see
your patch applied cleanly. So I'm pretty sure something is wrong
with your patch format.
Either you can resend the patch or send a github PR.
Thanks
Numan
Thanks
Brendan
On 18/06/2021 14:53, Brendan Doyle wrote:
From 634fd88b726700b30cb76203ca45f1e9c041368a Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 46 +++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 158 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..2bc6f28 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,51 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+if (arp_proxy && op->peer) {
+struct lport_addresses proxy_arp_addrs;
+int i = 0;
+
+if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match);
+ds_put_cstr(match, "arp.op == 1 && (");
+
+for (i = 0; i < proxy_arp_addrs.n_ipv4_addrs; i++) {
+if (i > 0) {
+ds_put_cstr(match, " || ");
+}
+ds_put_format(match, "arp.tpa == %s",
+proxy_arp_addrs.ipv4_addrs[i].addr_s);
+}
+
+ds_put_cstr(match, ")");
+destroy_lport_addresses(&proxy_arp_addrs);
+
+ds_clear(actions);
+ds_put_format(actions,
+"eth.dst = eth.src; "
+"eth.src = %
[ovs-dev] [PATCH ovn v4] ovn-northd.c: Add proxy ARP support to OVN
From 7a38fff6ce6ee17767b426c7cf84e1b07eda5552 Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Sun, 27 Jun 2021 05:36:40 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 48
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 160 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index fcd6167..258b5db 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6969,6 +6969,8 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
+
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7126,6 +7128,52 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+
+if (arp_proxy && op->peer) {
+struct lport_addresses proxy_arp_addrs;
+int i = 0;
+
+if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match);
+ds_put_cstr(match, "arp.op == 1 && (");
+
+for (i = 0; i < proxy_arp_addrs.n_ipv4_addrs; i++) {
+if (i > 0) {
+ds_put_cstr(match, " || ");
+}
+ds_put_format(match, "arp.tpa == %s",
+proxy_arp_addrs.ipv4_addrs[i].addr_s);
+}
+
+ds_put_cstr(match, ")");
+destroy_lport_addresses(&proxy_arp_addrs);
+
+ds_clear(actions);
+ds_put_format(actions,
+"eth.dst = eth.src; "
+"eth.src = %s; "
+"arp.op = 2; /* ARP reply */ "
+"arp.tha = arp.sha; "
+"arp.sha = %s; "
+"arp.tpa <-> arp.spa; "
+"outport = inport; "
+"flags.loopback = 1; "
+"output;",
+op->peer->lrp_networks.ea_s,
+op->peer->lrp_networks.ea_s);
+
+ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP,
+50, ds_cstr(match), ds_cstr(actions), &op->nbsp->header_);
+}
+}
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 406bc85..077a2d8 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A list IPv4 addresses that this
+ logical switch router port will reply to ARP requests.
+ Example: 169.254.239.254 169.254.239.2. The
+ 's logical router should
+ have a route to forward packets sent to configured proxy ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 5926350..1e0065d 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26899,3 +26899,106 @@ AT_CHECK([ovs-ofctl dump-flows br-int
"nw_src=10.0.0.0/24" | \
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
+ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
+type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
+
+# Create
Re: [ovs-dev] [External] : [PATCH ovn v3] ovn-northd.c: Add proxy ARP support to OVN
Hi,
Just wondering how to move this along. It's been in the queue a while now.
I've made the requested changes, this is v3 of the patch.
The product I'm working on requires this feature and If I can't get it
upstream
I'll need to look at other options.
Thanks
Brendan
On 18/06/2021 14:53, Brendan Doyle wrote:
From 634fd88b726700b30cb76203ca45f1e9c041368a Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 46 +++
ovn-nb.xml | 9 +
tests/ovn.at | 103
3 files changed, 158 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..2bc6f28 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+ const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,51 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+ /*
+ * Add responses for ARP proxies.
+ */
+ arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+ if (arp_proxy && op->peer) {
+ struct lport_addresses proxy_arp_addrs;
+ int i = 0;
+
+ if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+ /*
+ * Match rule on all proxy ARP IPs.
+ */
+ ds_clear(match);
+ ds_put_cstr(match, "arp.op == 1 && (");
+
+ for (i = 0; i < proxy_arp_addrs.n_ipv4_addrs; i++) {
+ if (i > 0) {
+ ds_put_cstr(match, " || ");
+ }
+ ds_put_format(match, "arp.tpa == %s",
+ proxy_arp_addrs.ipv4_addrs[i].addr_s);
+ }
+
+ ds_put_cstr(match, ")");
+ destroy_lport_addresses(&proxy_arp_addrs);
+
+ ds_clear(actions);
+ ds_put_format(actions,
+ "eth.dst = eth.src; "
+ "eth.src = %s; "
+ "arp.op = 2; /* ARP reply */ "
+ "arp.tha = arp.sha; "
+ "arp.sha = %s; "
+ "arp.tpa <-> arp.spa; "
+ "outport = inport; "
+ "flags.loopback = 1; "
+ "output;",
+ op->peer->lrp_networks.ea_s,
+ op->peer->lrp_networks.ea_s);
+
+ ovn_lflow_add_with_hint(lflows, op->od,
S_SWITCH_IN_ARP_ND_RSP,
+ 50, ds_cstr(match), ds_cstr(actions),
&op->nbsp->header_);
+ }
+ }
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..e4a8114 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A list IPv4 addresses that this
+ logical switch router port will reply to ARP
requests.
+ Example: 169.254.239.254 169.254.239.2. The
+ 's logical router
should
+ have a route to forward packets sent to configured proxy
ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..ffbb594 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t
ovn-controller coverage/read-counter lflow_run) =
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1
Re: [ovs-dev] [External] : [PATCH ovn v3] ovn-northd.c: Add proxy ARP support to OVN
Hi Numan,
I know things are busy but did you get a chance to look at this. I made
the change to use
extract_ip_addresses() as requested.
Brendan
On 18/06/2021 14:53, Brendan Doyle wrote:
From 634fd88b726700b30cb76203ca45f1e9c041368a Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 46 +++
ovn-nb.xml | 9 +
tests/ovn.at | 103
3 files changed, 158 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..2bc6f28 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+ const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,51 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+ /*
+ * Add responses for ARP proxies.
+ */
+ arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+ if (arp_proxy && op->peer) {
+ struct lport_addresses proxy_arp_addrs;
+ int i = 0;
+
+ if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+ /*
+ * Match rule on all proxy ARP IPs.
+ */
+ ds_clear(match);
+ ds_put_cstr(match, "arp.op == 1 && (");
+
+ for (i = 0; i < proxy_arp_addrs.n_ipv4_addrs; i++) {
+ if (i > 0) {
+ ds_put_cstr(match, " || ");
+ }
+ ds_put_format(match, "arp.tpa == %s",
+ proxy_arp_addrs.ipv4_addrs[i].addr_s);
+ }
+
+ ds_put_cstr(match, ")");
+ destroy_lport_addresses(&proxy_arp_addrs);
+
+ ds_clear(actions);
+ ds_put_format(actions,
+ "eth.dst = eth.src; "
+ "eth.src = %s; "
+ "arp.op = 2; /* ARP reply */ "
+ "arp.tha = arp.sha; "
+ "arp.sha = %s; "
+ "arp.tpa <-> arp.spa; "
+ "outport = inport; "
+ "flags.loopback = 1; "
+ "output;",
+ op->peer->lrp_networks.ea_s,
+ op->peer->lrp_networks.ea_s);
+
+ ovn_lflow_add_with_hint(lflows, op->od,
S_SWITCH_IN_ARP_ND_RSP,
+ 50, ds_cstr(match), ds_cstr(actions),
&op->nbsp->header_);
+ }
+ }
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..e4a8114 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A list IPv4 addresses that this
+ logical switch router port will reply to ARP
requests.
+ Example: 169.254.239.254 169.254.239.2. The
+ 's logical router
should
+ have a route to forward packets sent to configured proxy
ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..ffbb594 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t
ovn-controller coverage/read-counter lflow_run) =
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add l
[ovs-dev] [PATCH ovn v3] ovn-northd.c: Add proxy ARP support to OVN
From 634fd88b726700b30cb76203ca45f1e9c041368a Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 46 +++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 158 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..2bc6f28 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,51 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+if (arp_proxy && op->peer) {
+struct lport_addresses proxy_arp_addrs;
+int i = 0;
+
+if (extract_ip_addresses(arp_proxy, &proxy_arp_addrs)) {
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match);
+ds_put_cstr(match, "arp.op == 1 && (");
+
+for (i = 0; i < proxy_arp_addrs.n_ipv4_addrs; i++) {
+if (i > 0) {
+ds_put_cstr(match, " || ");
+}
+ds_put_format(match, "arp.tpa == %s",
+proxy_arp_addrs.ipv4_addrs[i].addr_s);
+}
+
+ds_put_cstr(match, ")");
+destroy_lport_addresses(&proxy_arp_addrs);
+
+ds_clear(actions);
+ds_put_format(actions,
+"eth.dst = eth.src; "
+"eth.src = %s; "
+"arp.op = 2; /* ARP reply */ "
+"arp.tha = arp.sha; "
+"arp.sha = %s; "
+"arp.tpa <-> arp.spa; "
+"outport = inport; "
+"flags.loopback = 1; "
+"output;",
+op->peer->lrp_networks.ea_s,
+op->peer->lrp_networks.ea_s);
+
+ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP,
+50, ds_cstr(match), ds_cstr(actions), &op->nbsp->header_);
+}
+}
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..e4a8114 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A list IPv4 addresses that this
+ logical switch router port will reply to ARP requests.
+ Example: 169.254.239.254 169.254.239.2. The
+ 's logical router should
+ have a route to forward packets sent to configured proxy ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..ffbb594 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t ovn-controller
coverage/read-counter lflow_run) =
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
+ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
+type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
+
+# Create logic
Re: [ovs-dev] [External] : [PATCH ovn v2] ovn-northd.c: Add proxy ARP support to OVN
On 15/06/2021 14:33, Numan Siddique wrote:
On Tue, Jun 15, 2021 at 8:34 AM Brendan Doyle wrote:
On 15/06/2021 13:26, Numan Siddique wrote:
On Tue, Jun 15, 2021 at 7:50 AM Brendan Doyle wrote:
On 14/06/2021 21:17, Numan Siddique wrote:
On Mon, Jun 14, 2021 at 5:19 AM Brendan Doyle wrote:
Hi,
Just wondering how to move this along. It's been in the queue a while now.
The product I'm working on requires this feature and If I can't get it
upstream
I'll need to look at other options.
Hi Brendan,
Sorry for the late reply. For some reason the patch doesn't apply to me.
Sorry I'm not sure what you mean, the patch did not apply, it works when
I apply
to my repo?
Please see below for a few comments.
Thanks
Brendan
On 04/06/2021 15:51, Brendan Doyle wrote:
From 07ecd5d00f82658e094132102575d8d576161a6b Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 44 ++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 156 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..9b686d9 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,49 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
In my opinion instead of defining these proxy IPs in the logical
switch port options,
it is better to define them in the router port as generally a router
would handle proxy arps (correct me if I'm wrong here).
I'd suggest to add a new column "proxy_ips" (or something more appropriate)
in the Logical_Router_Port and this column would point to an address set.
CMS can define the list of IPs in the address set. ovn-northd can add
a logical flow like
match = "inport == && arp.tpa == $proxy_ip, action = {}
This would result in just one logical flow.
CMS would do something like
addr_set_uuid=$(ovn-nbctl create address_set name=proxy_arps
addresses="10.0.0.4, 10.0.0.5")
ovn-nbctl set logical_router_port proxy_ip=$addr_set_uuid
What do you think ?
In both cases only one OVS flows is created (after I made the changes)
suggested by Dan.
I can see the point with respect to proxy ARP and routers, in physical
equipment proxy ARP is done
by routers. But I think doing the proxy ARP on the LRP of the LS is
consistent with the use of
the "options : nat-addresses" entry in the Logical_Switch_Port TABLE .
The patch makes it clear
that this feature is associated with a router, It is after all in the
"Options for router ports". I think
it is also more efficient in that we'd respond to the ARP request
earlier in the datapath flows.
Even if the proxy arps are associated with a router port, the flows can still be
added in the logical switch pipeline of the peer to avoid the extra hop from
logical switch pipeline to router pipeline.
In my opinion, it is better that the proxy arps are associated with a
router port
rather than a logical switch peer port. Also having a separate column makes
more sense to me than defining a string of IP addresses in the options smap.
I see your point, but "options : nat-addresses" is a list of IPs on a
router peer
port so it is at least consistent with that. Like "options :
nat-addresses" I don't
expect it to be a large list.
Ok. I'd have no objections if other reviewers are fine.
Please see below for one comment.
Thanks
Numan
I defer to other reviewers if th
Re: [ovs-dev] [External] : [PATCH ovn v2] ovn-northd.c: Add proxy ARP support to OVN
On 15/06/2021 13:26, Numan Siddique wrote:
On Tue, Jun 15, 2021 at 7:50 AM Brendan Doyle wrote:
On 14/06/2021 21:17, Numan Siddique wrote:
On Mon, Jun 14, 2021 at 5:19 AM Brendan Doyle wrote:
Hi,
Just wondering how to move this along. It's been in the queue a while now.
The product I'm working on requires this feature and If I can't get it
upstream
I'll need to look at other options.
Hi Brendan,
Sorry for the late reply. For some reason the patch doesn't apply to me.
Sorry I'm not sure what you mean, the patch did not apply, it works when
I apply
to my repo?
Please see below for a few comments.
Thanks
Brendan
On 04/06/2021 15:51, Brendan Doyle wrote:
From 07ecd5d00f82658e094132102575d8d576161a6b Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 44 ++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 156 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..9b686d9 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,49 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
In my opinion instead of defining these proxy IPs in the logical
switch port options,
it is better to define them in the router port as generally a router
would handle proxy arps (correct me if I'm wrong here).
I'd suggest to add a new column "proxy_ips" (or something more appropriate)
in the Logical_Router_Port and this column would point to an address set.
CMS can define the list of IPs in the address set. ovn-northd can add
a logical flow like
match = "inport == && arp.tpa == $proxy_ip, action = {}
This would result in just one logical flow.
CMS would do something like
addr_set_uuid=$(ovn-nbctl create address_set name=proxy_arps
addresses="10.0.0.4, 10.0.0.5")
ovn-nbctl set logical_router_port proxy_ip=$addr_set_uuid
What do you think ?
In both cases only one OVS flows is created (after I made the changes)
suggested by Dan.
I can see the point with respect to proxy ARP and routers, in physical
equipment proxy ARP is done
by routers. But I think doing the proxy ARP on the LRP of the LS is
consistent with the use of
the "options : nat-addresses" entry in the Logical_Switch_Port TABLE .
The patch makes it clear
that this feature is associated with a router, It is after all in the
"Options for router ports". I think
it is also more efficient in that we'd respond to the ARP request
earlier in the datapath flows.
Even if the proxy arps are associated with a router port, the flows can still be
added in the logical switch pipeline of the peer to avoid the extra hop from
logical switch pipeline to router pipeline.
In my opinion, it is better that the proxy arps are associated with a
router port
rather than a logical switch peer port. Also having a separate column makes
more sense to me than defining a string of IP addresses in the options smap.
I see your point, but "options : nat-addresses" is a list of IPs on a
router peer
port so it is at least consistent with that. Like "options :
nat-addresses" I don't
expect it to be a large list.
I defer to other reviewers if they are fine with your patch.
Ok thanks.
Thanks
Numan
The suggestion you make is a lot more involved, touching much more code
and changes the DB
schema, so I'm hesitant to go down that path.
Brendan.
Re: [ovs-dev] [External] : [PATCH ovn v2] ovn-northd.c: Add proxy ARP support to OVN
On 14/06/2021 21:17, Numan Siddique wrote:
On Mon, Jun 14, 2021 at 5:19 AM Brendan Doyle wrote:
Hi,
Just wondering how to move this along. It's been in the queue a while now.
The product I'm working on requires this feature and If I can't get it
upstream
I'll need to look at other options.
Hi Brendan,
Sorry for the late reply. For some reason the patch doesn't apply to me.
Sorry I'm not sure what you mean, the patch did not apply, it works when
I apply
to my repo?
Please see below for a few comments.
Thanks
Brendan
On 04/06/2021 15:51, Brendan Doyle wrote:
From 07ecd5d00f82658e094132102575d8d576161a6b Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 44 ++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 156 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..9b686d9 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,49 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
In my opinion instead of defining these proxy IPs in the logical
switch port options,
it is better to define them in the router port as generally a router
would handle proxy arps (correct me if I'm wrong here).
I'd suggest to add a new column "proxy_ips" (or something more appropriate)
in the Logical_Router_Port and this column would point to an address set.
CMS can define the list of IPs in the address set. ovn-northd can add
a logical flow like
match = "inport == && arp.tpa == $proxy_ip, action = {}
This would result in just one logical flow.
CMS would do something like
addr_set_uuid=$(ovn-nbctl create address_set name=proxy_arps
addresses="10.0.0.4, 10.0.0.5")
ovn-nbctl set logical_router_port proxy_ip=$addr_set_uuid
What do you think ?
In both cases only one OVS flows is created (after I made the changes)
suggested by Dan.
I can see the point with respect to proxy ARP and routers, in physical
equipment proxy ARP is done
by routers. But I think doing the proxy ARP on the LRP of the LS is
consistent with the use of
the "options : nat-addresses" entry in the Logical_Switch_Port TABLE .
The patch makes it clear
that this feature is associated with a router, It is after all in the
"Options for router ports". I think
it is also more efficient in that we'd respond to the ARP request
earlier in the datapath flows.
The suggestion you make is a lot more involved, touching much more code
and changes the DB
schema, so I'm hesitant to go down that path.
Brendan.
Thanks
Numan
+if (arp_proxy && op->peer) {
+char *ips, *ip, *rest;
+int i = 0;
+
+ips = xstrdup(arp_proxy);
+rest = ips;
+
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match);
+ds_put_cstr(match, "arp.op == 1 && (");
+while ((ip = strtok_r(rest,",", &rest))) {
+if (i++ > 0) {
+ds_put_cstr(match, " || ");
+};
+ds_put_format(match, "arp.tpa == %s", ip);
+}
+ds_put_cstr(match, ")");
+
+ds_clear(actions);
+ds_put_format(actions,
+"eth.dst = eth.src; "
+"eth.src = %s; "
+
Re: [ovs-dev] [External] : [PATCH ovn v2] ovn-northd.c: Add proxy ARP support to OVN
Hi,
Just wondering how to move this along. It's been in the queue a while now.
The product I'm working on requires this feature and If I can't get it
upstream
I'll need to look at other options.
Thanks
Brendan
On 04/06/2021 15:51, Brendan Doyle wrote:
From 07ecd5d00f82658e094132102575d8d576161a6b Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 44 ++
ovn-nb.xml | 9 +
tests/ovn.at | 103
3 files changed, 156 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..9b686d9 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+ const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,49 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+ /*
+ * Add responses for ARP proxies.
+ */
+ arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+ if (arp_proxy && op->peer) {
+ char *ips, *ip, *rest;
+ int i = 0;
+
+ ips = xstrdup(arp_proxy);
+ rest = ips;
+
+ /*
+ * Match rule on all proxy ARP IPs.
+ */
+ ds_clear(match);
+ ds_put_cstr(match, "arp.op == 1 && (");
+ while ((ip = strtok_r(rest,",", &rest))) {
+ if (i++ > 0) {
+ ds_put_cstr(match, " || ");
+ };
+ ds_put_format(match, "arp.tpa == %s", ip);
+ }
+ ds_put_cstr(match, ")");
+
+ ds_clear(actions);
+ ds_put_format(actions,
+ "eth.dst = eth.src; "
+ "eth.src = %s; "
+ "arp.op = 2; /* ARP reply */ "
+ "arp.tha = arp.sha; "
+ "arp.sha = %s; "
+ "arp.tpa <-> arp.spa; "
+ "outport = inport; "
+ "flags.loopback = 1; "
+ "output;",
+ op->peer->lrp_networks.ea_s,
+ op->peer->lrp_networks.ea_s);
+
+ ovn_lflow_add_with_hint(lflows, op->od,
S_SWITCH_IN_ARP_ND_RSP,
+ 50, ds_cstr(match), ds_cstr(actions),
&op->nbsp->header_);
+ free(ips);
+ }
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..4b6c183 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A comma separated list IPv4 addresses that this
+ logical switch router port will reply to ARP
requests.
+ Example: 169.254.239.254,169.254.239.2. The
+ 's logical router
should
+ have a route to forward packets sent to configured proxy
ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..4befe4a 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t
ovn-controller coverage/read-counter lflow_run) =
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
+ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
+ type=router options:router
[ovs-dev] [PATCH ovn v2] ovn-northd.c: Add proxy ARP support to OVN
From 07ecd5d00f82658e094132102575d8d576161a6b Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 44 ++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 156 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..9b686d9 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,49 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+if (arp_proxy && op->peer) {
+char *ips, *ip, *rest;
+int i = 0;
+
+ips = xstrdup(arp_proxy);
+rest = ips;
+
+/*
+ * Match rule on all proxy ARP IPs.
+ */
+ds_clear(match);
+ds_put_cstr(match, "arp.op == 1 && (");
+while ((ip = strtok_r(rest,",", &rest))) {
+if (i++ > 0) {
+ds_put_cstr(match, " || ");
+};
+ds_put_format(match, "arp.tpa == %s", ip);
+}
+ds_put_cstr(match, ")");
+
+ds_clear(actions);
+ds_put_format(actions,
+"eth.dst = eth.src; "
+"eth.src = %s; "
+"arp.op = 2; /* ARP reply */ "
+"arp.tha = arp.sha; "
+"arp.sha = %s; "
+"arp.tpa <-> arp.spa; "
+"outport = inport; "
+"flags.loopback = 1; "
+"output;",
+op->peer->lrp_networks.ea_s,
+op->peer->lrp_networks.ea_s);
+
+ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP,
+50, ds_cstr(match), ds_cstr(actions), &op->nbsp->header_);
+free(ips);
+}
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..4b6c183 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A comma separated list IPv4 addresses that this
+ logical switch router port will reply to ARP requests.
+ Example: 169.254.239.254,169.254.239.2. The
+ 's logical router should
+ have a route to forward packets sent to configured proxy ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..4befe4a 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t ovn-controller
coverage/read-counter lflow_run) =
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
+ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
+type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
+
+# Create logical port ls1-lp1 in ls1
+ovn-nbctl lsp-add ls1 ls1-lp1 \
+-- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.16.1.6"
+
+
+# Create one hypervisor and create OVS ports corresponding to logical ports.
+net_add n
Re: [ovs-dev] [External] : Re: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
On 03/06/2021 16:59, Dan Williams wrote:
On Wed, 2021-06-02 at 17:02 +0100, Brendan Doyle wrote:
From a9d3140845175edb7644b2d0d82a95bd6cf94662 Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to
an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to
Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 38 +++
ovn-nb.xml | 9 +
tests/ovn.at | 103
3 files changed, 150 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..a377e83 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+ const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical
port
@@ -7096,6 +7097,43 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+ /*
+ * Add responses for ARP proxies.
+ */
+ arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+ if (arp_proxy && op->peer) {
+ char *ips, *ip, *rest;
+
+ ips = xstrdup(arp_proxy);
+ rest = ips;
+
+ while ((ip = strtok_r(rest,",", &rest))) {
+ ds_clear(match);
+ ds_put_format(match, "arp.tpa == %s && arp.op == 1",
ip);
+
+ ds_clear(actions);
+ ds_put_format(actions,
+ "eth.dst = eth.src; "
+ "eth.src = %s; "
+ "arp.op = 2; /* ARP reply */ "
+ "arp.tha = arp.sha; "
+ "arp.sha = %s; "
+ "arp.tpa = arp.spa; "
+ "arp.spa = %s; "
I think you can collapse the two lines above into:
"arp.tpa <-> arp.spa;"
and get rid of one %s. For an example, see build_lrouter_arp_flow().
In fact, you might be able to reduce the number of lflows down to one
by doing something like the following, since now your action is
constant due to the <->.
int i = 0;
ds_clear(&match);
ds_put_cstr(match, "arp.op == 1 && (");
while ((ip = strtok_r(rest,",", &rest))) {
if (i++ > 0) {
ds_put_cstr(match, " || ");
};
ds_put_format(match, "arp.tpa == %s", ip);
}
ds_put_cstr(match, ")");
An example of that is in build_port_security_ipv6_nd_flow().
Yes, I can modify as above much more elegant. On a process point It
seems the
convention for updated patches is to resubmit with a v2, v3 etc make
changes and resubmit as:
[PATCH ovn v2] ovn-northd.c: Add proxy ARP support to OVN
?
---
General comment, this will need a ddlog counterpart too. I'm not an
ddlog?? Not something I know about, I have seen other ovn-northd.c
patches that
do not have a reference to ddlog??
expert there, so I'll leave it to the OVN team to help. But you could
use Ilya's lrouter arp flow patch as a reference:
https://urldefense.com/v3/__http://patchwork.ozlabs.org/project/ovn/patch/20210507162256.3661118-1-i.maxim...@ovn.org/__;!!GqivPVa7Brio!Nj575dWsjTnglWHVCkWMecpF2LWvS8PaWIQQvYmZbvYYgt1yjxGBBOoivhRao3nCZd0$
Looking at that patch, you might need to update the ovn-northd.8
manpage as well?
Not sure I'm not adding a new table, just an ability to add flows to an
existing
table. Not sure what I would add to that man page, I have made updates to
ovn-nb.xml. I used:
[ovs-dev,v4] Policy-based routing (PBR) in OVN. - Patchwork
<https://patchwork.ozlabs.org/project/openvswitch/patch/1554334195-126528-2-git-send-email-mary.mano...@nutanix.com/>
as a guide on what I should update.
Thanks!
Dan
+ "outport = inport; "
+ "flags.loopback = 1; "
+ "output;"
[ovs-dev] [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
From a9d3140845175edb7644b2d0d82a95bd6cf94662 Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 38 +++
ovn-nb.xml | 9 +
tests/ovn.at| 103
3 files changed, 150 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..a377e83 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
struct ds *match)
{
if (op->nbsp) {
+const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,43 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port
*op,
}
}
}
+
+/*
+ * Add responses for ARP proxies.
+ */
+arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+if (arp_proxy && op->peer) {
+char *ips, *ip, *rest;
+
+ips = xstrdup(arp_proxy);
+rest = ips;
+
+while ((ip = strtok_r(rest,",", &rest))) {
+ds_clear(match);
+ds_put_format(match, "arp.tpa == %s && arp.op == 1", ip);
+
+ds_clear(actions);
+ds_put_format(actions,
+"eth.dst = eth.src; "
+"eth.src = %s; "
+"arp.op = 2; /* ARP reply */ "
+"arp.tha = arp.sha; "
+"arp.sha = %s; "
+"arp.tpa = arp.spa; "
+"arp.spa = %s; "
+"outport = inport; "
+"flags.loopback = 1; "
+"output;",
+op->peer->lrp_networks.ea_s,
+op->peer->lrp_networks.ea_s,
+ip);
+
+ovn_lflow_add_with_hint(lflows, op->od, S_SWITCH_IN_ARP_ND_RSP,
+50, ds_cstr(match), ds_cstr(actions),
+&op->nbsp->header_);
+}
+free(ips);
+}
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..4b6c183 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A comma separated list IPv4 addresses that this
+ logical switch router port will reply to ARP requests.
+ Example: 169.254.239.254,169.254.239.2. The
+ 's logical router should
+ have a route to forward packets sent to configured proxy ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..c675cc9 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t ovn-controller
coverage/read-counter lflow_run) =
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
+ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
+type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
+
+# Create logical port ls1-lp1 in ls1
+ovn-nbctl lsp-add ls1 ls1-lp1 \
+-- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.16.1.6"
+
+
+# Create one hypervisor and create OVS ports corresponding to logical ports.
+net_add n1
+
+sim_add pa-hv
+as pa-hv
+ovs-vsctl add-br br-phys
+ovn_attach n1 br-phys 192.16.0.1
+
+# Note: tx/rx are with respect to the LS port, so
+# tx on switch port is HV rx, etc.
+ovs-vsc
Re: [ovs-dev] [External] : Re: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
On 02/06/2021 15:42, Dan Williams wrote:
On Wed, 2021-06-02 at 09:26 +0100, Brendan Doyle wrote:
Hi,
Just wondering what the process is here, I submitted this patch a while
ago, and I see quite a few
other patches have been submitted since. So wondering what happens
after
a patch is submitted,
how do I know if it has been accepted/rejected/need more work, and how
does it make it into the
repo if accepted. This does not seem to be documented in:
Thanks for the patch; now that it's posted the patch is waiting for
review. You can track overall status here:
https://urldefense.com/v3/__http://patchwork.ozlabs.org/project/ovn/list/?series=246447__;!!GqivPVa7Brio!NAT2CA0Mr3YQ0gASU9iSe8-ql0xQnnn3q7gvr8E25QYgrAvVWAE0QvPelMH9KXmj-pM$
Great, thanks
but you'll also get replies to the patch with review comments. Reviews
may take a bit of time as the patch volume is fairly large, and
everyone is busy. But don't worry! It's on the list.
NP - I know the feeling :)
Submitting Patches — Open Virtual Network (OVN) 21.03.0 documentation
<
https://urldefense.com/v3/__https://docs.ovn.org/en/stable/internals/contributing/submitting-patches.html__;!!GqivPVa7Brio!NAT2CA0Mr3YQ0gASU9iSe8-ql0xQnnn3q7gvr8E25QYgrAvVWAE0QvPelMH9OLJt62c$
Good point, there should probably be a "What's next?" section.
---
One thing though, the patch seems to be linewrapped and won't apply
cleanly. Any chance you could fix that up by setting your email client
to "preformatted" before pasting the patch into the mail, or using git-
send-email?
Oh, sorry I did run the patch checker before pasting into email, I'll
see what I can do.
Then just resubmit?
Thanks,
Dan
Thanks
Brendan
On 31/05/2021 10:06, Brendan Doyle wrote:
From a9d3140845175edb7644b2d0d82a95bd6cf94662 Mon Sep 17 00:00:00
2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a
Logical
Switch Router port. The IPs are added as Options for router ports.
This
provides a useful feature where traffic for a service must be sent
to an
address in a logical network address space, but the service is
provided
in a different network. For example an NFS service is provide to
Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port
can
be configured to respond to ARP requests sent to the service
"Logical
address", the Logical Router/Gateway can then be configured to
forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 38 +++
ovn-nb.xml | 9 +
tests/ovn.at | 103
3 files changed, 150 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..a377e83 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@
build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+ const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical
port
@@ -7096,6 +7097,43 @@
build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+ /*
+ * Add responses for ARP proxies.
+ */
+ arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+ if (arp_proxy && op->peer) {
+ char *ips, *ip, *rest;
+
+ ips = xstrdup(arp_proxy);
+ rest = ips;
+
+ while ((ip = strtok_r(rest,",", &rest))) {
+ ds_clear(match);
+ ds_put_format(match, "arp.tpa == %s && arp.op ==
1",
ip);
+
+ ds_clear(actions);
+ ds_put_format(actions,
+ "eth.dst = eth.src; "
+ "eth.src = %s; "
+ "arp.op = 2; /* ARP reply */ "
+ "arp.tha = arp.sha; "
+ "arp.sha = %s; "
+ "arp.tpa = arp.spa; "
+ "arp.spa = %s; "
+ "outport = inport; "
+ "flags.loopback = 1; "
+ "output;",
+ op->peer->lrp_networks.ea_s,
+ op->peer->lrp_networks.ea_s,
+ ip);
+
+ ovn_lflow_add_with_hint(lflows, op->od,
S_SWITCH_IN_ARP_ND_RSP,
+ 50, ds_cstr(match), ds_cstr(actions),
+ &op->nbsp->header_);
+
Re: [ovs-dev] [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
Hi,
Just wondering what the process is here, I submitted this patch a while
ago, and I see quite a few
other patches have been submitted since. So wondering what happens after
a patch is submitted,
how do I know if it has been accepted/rejected/need more work, and how
does it make it into the
repo if accepted. This does not seem to be documented in:
Submitting Patches — Open Virtual Network (OVN) 21.03.0 documentation
<https://docs.ovn.org/en/stable/internals/contributing/submitting-patches.html>
Thanks
Brendan
On 31/05/2021 10:06, Brendan Doyle wrote:
From a9d3140845175edb7644b2d0d82a95bd6cf94662 Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 38 +++
ovn-nb.xml | 9 +
tests/ovn.at | 103
3 files changed, 150 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..a377e83 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+ const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,43 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+ /*
+ * Add responses for ARP proxies.
+ */
+ arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+ if (arp_proxy && op->peer) {
+ char *ips, *ip, *rest;
+
+ ips = xstrdup(arp_proxy);
+ rest = ips;
+
+ while ((ip = strtok_r(rest,",", &rest))) {
+ ds_clear(match);
+ ds_put_format(match, "arp.tpa == %s && arp.op == 1",
ip);
+
+ ds_clear(actions);
+ ds_put_format(actions,
+ "eth.dst = eth.src; "
+ "eth.src = %s; "
+ "arp.op = 2; /* ARP reply */ "
+ "arp.tha = arp.sha; "
+ "arp.sha = %s; "
+ "arp.tpa = arp.spa; "
+ "arp.spa = %s; "
+ "outport = inport; "
+ "flags.loopback = 1; "
+ "output;",
+ op->peer->lrp_networks.ea_s,
+ op->peer->lrp_networks.ea_s,
+ ip);
+
+ ovn_lflow_add_with_hint(lflows, op->od,
S_SWITCH_IN_ARP_ND_RSP,
+ 50, ds_cstr(match), ds_cstr(actions),
+ &op->nbsp->header_);
+ }
+ free(ips);
+ }
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..4b6c183 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A comma separated list IPv4 addresses that this
+ logical switch router port will reply to ARP
requests.
+ Example: 169.254.239.254,169.254.239.2. The
+ 's logical router
should
+ have a route to forward packets sent to configured proxy
ARP IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..c675cc9 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t
ovn-controller coverage/read-counter lflow_run) =
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:0
[ovs-dev] [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
From a9d3140845175edb7644b2d0d82a95bd6cf94662 Mon Sep 17 00:00:00 2001
From: Brendan Doyle
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.
Signed-off-by: Brendan Doyle
---
northd/ovn-northd.c | 38 +++
ovn-nb.xml | 9 +
tests/ovn.at | 103
3 files changed, 150 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..a377e83 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
struct ds *match)
{
if (op->nbsp) {
+ const char *arp_proxy;
if (!strcmp(op->nbsp->type, "virtual")) {
/* Handle
* - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,43 @@ build_lswitch_arp_nd_responder_known_ips(struct
ovn_port *op,
}
}
}
+
+ /*
+ * Add responses for ARP proxies.
+ */
+ arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+ if (arp_proxy && op->peer) {
+ char *ips, *ip, *rest;
+
+ ips = xstrdup(arp_proxy);
+ rest = ips;
+
+ while ((ip = strtok_r(rest,",", &rest))) {
+ ds_clear(match);
+ ds_put_format(match, "arp.tpa == %s && arp.op == 1", ip);
+
+ ds_clear(actions);
+ ds_put_format(actions,
+ "eth.dst = eth.src; "
+ "eth.src = %s; "
+ "arp.op = 2; /* ARP reply */ "
+ "arp.tha = arp.sha; "
+ "arp.sha = %s; "
+ "arp.tpa = arp.spa; "
+ "arp.spa = %s; "
+ "outport = inport; "
+ "flags.loopback = 1; "
+ "output;",
+ op->peer->lrp_networks.ea_s,
+ op->peer->lrp_networks.ea_s,
+ ip);
+
+ ovn_lflow_add_with_hint(lflows, op->od,
S_SWITCH_IN_ARP_ND_RSP,
+ 50, ds_cstr(match), ds_cstr(actions),
+ &op->nbsp->header_);
+ }
+ free(ips);
+ }
}
}
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..4b6c183 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
+
+
+ Optional. A comma separated list IPv4 addresses that this
+ logical switch router port will reply to ARP
requests.
+ Example: 169.254.239.254,169.254.239.2. The
+ 's logical router should
+ have a route to forward packets sent to configured proxy ARP
IPs to
+ an appropriate destination.
+
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..c675cc9 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t ovn-controller
coverage/read-counter lflow_run) =
OVN_CLEANUP([hv1])
AT_CLEANUP
])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
+ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
+ type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
+
+# Create logical port ls1-lp1 in ls1
+ovn-nbctl lsp-add ls1 ls1-lp1 \
+-- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.16.1.6"
+
+
+# Create one hypervisor and create OVS ports corresponding to logical
ports.
+net_add n1
+
+sim_add pa-hv
+as pa-hv
+ovs-vsctl add-br br-phys
+ovn_attach n1 br-phys 192.16.0.1
+
+# Note: tx/rx are with respect to the LS port, so
+# tx on switch port is H
Re: [ovs-dev] [External] : Re: Fwd: tracing ovs flows in br-int
Thanks
On 19/01/2021 12:14, Ilya Maximets wrote:
On 1/18/21 7:38 PM, Brendan Doyle wrote:
Forwarded Message
Subject: tracing ovs flows in br-int
Date: Mon, 18 Jan 2021 18:31:53 +
From: Brendan Doyle
Organization: Oracle Corporation
To: ovs-disc...@openvswitch.org
Hi Folks,
I'm trying to trace a flow through br-int but ovs-appctl ofproto/trace br-int
is not
giving me the output I expect to see.
I'm trying to trace the pkt below through br-int on the remote chassis. The pkt
does get tunnel and delivered to its destination, which replies, and the reply
is successfully tunneled back to the initiating host, so the flows are working,
but
I just can't seem to trace them.
pkt in question (extract from tcpdump):
--
00:00:00.00 98:03:9b:59:af:1c > 98:03:9b:3f:d9:1e, ethertype IPv4 (0x0800),
length 156: (tos 0x0, ttl 64, id 9804, offset 0, flags [DF], proto UDP (17),
length 142)
253.255.2.6.47096 > 253.255.0.35.6081: [udp sum ok] Geneve, Flags [C], vni
0x392, proto TEB (0x6558), options [class Open Virtual Networking (OVN) (0x102)
type 0x80(C) len 8 data 00010007]
52:54:00:be:06:16 > 40:44:00:00:04:10, ethertype IPv4 (0x0800), length 98:
(tos 0x0, ttl 64, id 43284, offset 0, flags [DF], proto ICMP (1), length 84)
192.16.1.6 > 169.254.169.254: ICMP echo request, id 25237, seq 1, length 64
0x: 9803 9b3f d91e 9803 9b59 af1c 0800 4500
0x0010: 008e 264c 4000 4011 15eb fdff 0206 fdff
0x0020: 0023 b7f8 17c1 007a 10f4 0240 6558 0003
0x0030: 9200 0102 8001 0001 0007 4044 0410
0x0040: 5254 00be 0616 0800 4500 0054 a914 4000
0x0050: 4001 7c81 c010 0106 a9fe a9fe 0800 f629
0x0060: 6295 0001 f166 0560 e3a5 0600
0x0070: 1011 1213 1415 1617 1819 1a1b
0x0080: 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
0x0090: 2c2d 2e2f 3031 3233 3435 3637
---
The ovs br-int details on the target chassis:
ovs-appctl dpif/show
system@ovs-system: hit:6576964 missed:4469
br-int:
br-int 65534/2: (internal)
ovn-ca-rai-0 2/1: (geneve: csum=true, key=flow, remote_ip=253.255.2.17)
ovn-ca-rai-1 11/1: (geneve: csum=true, key=flow, remote_ip=253.255.0.34)
ovn-ca-rai-2 5/1: (geneve: csum=true, key=flow, remote_ip=253.255.0.33)
ovn-ca-rai-3 3/1: (geneve: csum=true, key=flow, remote_ip=253.255.2.6) <--
tunnel port for VM host (3)
ovn-ca-rai-4 4/1: (geneve: csum=true, key=flow, remote_ip=253.255.2.5)
vethVn1M 84/3: (system) <-- Veth port (84)
I thought this command would replicate the pkt that is deviled to the tunnel
port
on the target chassis:
-
ovs-appctl ofproto/trace br-int in_port=3
98039b3fd91e98039b59af1c0800458e264c4000401115ebfdff0206fdff0023b7f817c1007a10f40240655800039200010280010001000740440410525400be061608004554a914400040017c81c0100106a9fea9fe0800f62962950001f1660560e3a50600101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
Flow:
udp,in_port=3,vlan_tci=0x,dl_src=98:03:9b:59:af:1c,dl_dst=98:03:9b:3f:d9:1e,nw_src=253.255.2.6,nw_dst=253.255.0.35,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=47096,tp_dst=6081
bridge("br-int")
0. in_port=3, priority 100
move:NXM_NX_TUN_ID[0..23]->OXM_OF_METADATA[0..23]
-> OXM_OF_METADATA[0..23] is now 0
move:NXM_NX_TUN_METADATA0[16..30]->NXM_NX_REG14[0..14]
-> NXM_NX_REG14[0..14] is now 0
move:NXM_NX_TUN_METADATA0[0..15]->NXM_NX_REG15[0..15]
-> NXM_NX_REG15[0..15] is now 0
resubmit(,33)
33. No match.
drop
Final flow: unchanged
Megaflow: recirc_id=0,eth,ip,tun_id=0/0xff,in_port=3,nw_frag=no
Datapath actions: drop
-
But it says the packet is dropped, when in actual fact it is output on port 84
as expected.
So I'm wondering am I inserting the pkt wrong? to the wrong port on the remote
chassis?
Hi. While receiving packets on tunnel ports, kernel fills up tunnel metadata.
You can see that rules from table 0 are trying to extract TUN_ID and
TUN_METADATA0
fields, but you're passing pure packet without this information, so flows in
table 33 that are likely matches on extracted metadata doesn't fit.
You need to pass the packet in a different format with tunnel metadata included
in order to have behavior similar to what you have for a real packet, e.g.
ovs-appctl ofproto/trace br-int in_port=3,tun_id=
You may also need to specify other things like tun_src/dst, tun_metadata0,
tun_tos
or tun_flags.
Since you have 'key=flow', you need to find out the correct tun_id for your
tunnel
in your OF rules.
Best regards, Ilya Maximets.
_
[ovs-dev] Fwd: tracing ovs flows in br-int
Forwarded Message
Subject:tracing ovs flows in br-int
Date: Mon, 18 Jan 2021 18:31:53 +
From: Brendan Doyle
Organization: Oracle Corporation
To: ovs-disc...@openvswitch.org
Hi Folks,
I'm trying to trace a flow through br-int but ovs-appctl ofproto/trace
br-int is not
giving me the output I expect to see.
I'm trying to trace the pkt below through br-int on the remote chassis.
The pkt
does get tunnel and delivered to its destination, which replies, and the
reply
is successfully tunneled back to the initiating host, so the flows are
working, but
I just can't seem to trace them.
pkt in question (extract from tcpdump):
--
00:00:00.00 98:03:9b:59:af:1c > 98:03:9b:3f:d9:1e, ethertype IPv4
(0x0800), length 156: (tos 0x0, ttl 64, id 9804, offset 0, flags [DF],
proto UDP (17), length 142)
253.255.2.6.47096 > 253.255.0.35.6081: [udp sum ok] Geneve, Flags
[C], vni 0x392, proto TEB (0x6558), options [class Open Virtual
Networking (OVN) (0x102) type 0x80(C) len 8 data 00010007]
52:54:00:be:06:16 > 40:44:00:00:04:10, ethertype IPv4 (0x0800),
length 98: (tos 0x0, ttl 64, id 43284, offset 0, flags [DF], proto ICMP
(1), length 84)
192.16.1.6 > 169.254.169.254: ICMP echo request, id 25237, seq 1,
length 64
0x: 9803 9b3f d91e 9803 9b59 af1c 0800 4500
0x0010: 008e 264c 4000 4011 15eb fdff 0206 fdff
0x0020: 0023 b7f8 17c1 007a 10f4 0240 6558 0003
0x0030: 9200 0102 8001 0001 0007 4044 0410
0x0040: 5254 00be 0616 0800 4500 0054 a914 4000
0x0050: 4001 7c81 c010 0106 a9fe a9fe 0800 f629
0x0060: 6295 0001 f166 0560 e3a5 0600
0x0070: 1011 1213 1415 1617 1819 1a1b
0x0080: 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
0x0090: 2c2d 2e2f 3031 3233 3435 3637
---
The ovs br-int details on the target chassis:
ovs-appctl dpif/show
system@ovs-system: hit:6576964 missed:4469
br-int:
br-int 65534/2: (internal)
ovn-ca-rai-0 2/1: (geneve: csum=true, key=flow, remote_ip=253.255.2.17)
ovn-ca-rai-1 11/1: (geneve: csum=true, key=flow,
remote_ip=253.255.0.34)
ovn-ca-rai-2 5/1: (geneve: csum=true, key=flow, remote_ip=253.255.0.33)
ovn-ca-rai-3 3/1: (geneve: csum=true, key=flow,
remote_ip=253.255.2.6) <-- tunnel port for VM host (3)
ovn-ca-rai-4 4/1: (geneve: csum=true, key=flow, remote_ip=253.255.2.5)
vethVn1M 84/3: (system) <-- Veth port (84)
I thought this command would replicate the pkt that is deviled to the
tunnel port
on the target chassis:
-
ovs-appctl ofproto/trace br-int in_port=3
98039b3fd91e98039b59af1c0800458e264c4000401115ebfdff0206fdff0023b7f817c1007a10f40240655800039200010280010001000740440410525400be061608004554a914400040017c81c0100106a9fea9fe0800f62962950001f1660560e3a50600101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637
Flow:
udp,in_port=3,vlan_tci=0x,dl_src=98:03:9b:59:af:1c,dl_dst=98:03:9b:3f:d9:1e,nw_src=253.255.2.6,nw_dst=253.255.0.35,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=47096,tp_dst=6081
bridge("br-int")
0. in_port=3, priority 100
move:NXM_NX_TUN_ID[0..23]->OXM_OF_METADATA[0..23]
-> OXM_OF_METADATA[0..23] is now 0
move:NXM_NX_TUN_METADATA0[16..30]->NXM_NX_REG14[0..14]
-> NXM_NX_REG14[0..14] is now 0
move:NXM_NX_TUN_METADATA0[0..15]->NXM_NX_REG15[0..15]
-> NXM_NX_REG15[0..15] is now 0
resubmit(,33)
33. No match.
drop
Final flow: unchanged
Megaflow: recirc_id=0,eth,ip,tun_id=0/0xff,in_port=3,nw_frag=no
Datapath actions: drop
-
But it says the packet is dropped, when in actual fact it is output on
port 84 as expected.
So I'm wondering am I inserting the pkt wrong? to the wrong port on the
remote chassis?
Thanks
Brendan.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
