Re: [ovs-dev] [PATCH ovn 1/3] ovn-northd: Add support for Load Balancer health check
On 10/31/19 9:43 AM, num...@ovn.org wrote:
From: Numan Siddique
The present Load balancer feature in OVN provides load balancing
functionality to the back end ips without checking if the chosen
backend ip is reachable or not. In case a back end service is
down and if that IP is chosen, then packet will be lost.
This patch series adds the health check feature for these
backend IPs and only active backend IPs are considered for
load balancing. CMS needs to enable this functionality.
In the SB DB a new table Service_Monitor is added. For every
backend IP in the load balancer for which health check is configured,
a new row in the Service_Monitor table is created. In the upcoming
patch in this series, ovn-controller will monitor the services set
in this table by generating a health check packet.
Health checks are supported only for IPv4 Load balancers in this patch.
Existing load balancers will be unaffected after this patch.
Signed-off-by: Numan Siddique
---
northd/ovn-northd.8.xml | 75 +-
northd/ovn-northd.c | 493
ovn-nb.ovsschema| 25 +-
ovn-nb.xml | 68 ++
ovn-sb.ovsschema| 33 ++-
ovn-sb.xml | 85 +++
tests/ovn-northd.at | 215 ++
7 files changed, 948 insertions(+), 46 deletions(-)
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index f6cafbd55..91d3cff55 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -308,6 +308,16 @@
previously created, it will be associated to the empty_lb logical flow
+
+ This table also has a priority-110 flow with the match
+ eth.src == E for all logical switch
+ datapaths to move traffic to the next table. Where E
+ is the service monitor mac defined in the
+ colum of table.
+
+
Ingress Table 5: Pre-stateful
@@ -476,7 +486,10 @@
, where args contains comma separated IP addresses
(and optional port numbers) to load balance to. The address family of
the IP addresses of args is the same as the address family
-of VIP
+of VIP. If health check is enabled, then args
+will only contain those endpoints whose service monitor status entry
+in OVN_Southbound db is either online or
+empty.
For all the configured load balancing rules for a switch in
@@ -698,6 +711,51 @@ nd_na_router {
+
+
+ For each SVC_MON_SRC_IP defined in the value of
+ the column of
+ table, priority-110
+ logical flow is added with the match
+ arp.tpa == SVC_MON_SRC_IP
+ && && arp.op == 1 and applies the action
+
+
+
+eth.dst = eth.src;
+eth.src = E;
+arp.op = 2; /* ARP reply. */
+arp.tha = arp.sha;
+arp.sha = E;
+arp.tpa = arp.spa;
+arp.spa = A;
+outport = inport;
+flags.loopback = 1;
+output;
+
+
+
+ where E is the service monitor source mac defined in
+ the column in the table. This mac is used as the source mac
+ in the service monitor packets for the load balancer endpoint IP
+ health checks.
+
+
+
+ SVC_MON_SRC_IP is used as the source ip in the
+ service monitor IPv4 packets for the load balancer endpoint IP
+ health checks.
+
+
+
+ These flows are required if an ARP request is sent for the IP
+ SVC_MON_SRC_IP.
+
+
+
One priority-0 fallback flow that matches all packets and advances to
the next table.
@@ -1086,6 +1144,16 @@ output;
tracker for packet de-fragmentation.
+
+ This table also has a priority-110 flow with the match
+ eth.src == E for all logical switch
+ datapaths to move traffic to the next table. Where E
+ is the service monitor mac defined in the
+ colum of table.
+
+
Egress Table 1: to-lport Pre-ACLs
@@ -1920,7 +1988,10 @@ icmp6 {
(and optional port numbers) to load balance to. If the router is
configured to force SNAT any load-balanced packets, the above action
will be replaced by flags.force_snat_for_lb = 1;
-ct_lb(args);.
+ct_lb(args);. If health check is enabled, then
+args will only contain those endpoints whose service
+monitor status entry in OVN_Southbound db is
+either online or empty.
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 71ee0b678..5c7a179f3 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -88,6 +88,13 @@ static struct eth_addr mac_prefix;
static bool controller_event_en;
+/* MAC allocated for service monitor usage. Just one mac is allocated
+ * for this purpose and ovn-controller's on each chassis will make use
+ * of this mac when sending out the packets to mo
[ovs-dev] [PATCH ovn 1/3] ovn-northd: Add support for Load Balancer health check
From: Numan Siddique
The present Load balancer feature in OVN provides load balancing
functionality to the back end ips without checking if the chosen
backend ip is reachable or not. In case a back end service is
down and if that IP is chosen, then packet will be lost.
This patch series adds the health check feature for these
backend IPs and only active backend IPs are considered for
load balancing. CMS needs to enable this functionality.
In the SB DB a new table Service_Monitor is added. For every
backend IP in the load balancer for which health check is configured,
a new row in the Service_Monitor table is created. In the upcoming
patch in this series, ovn-controller will monitor the services set
in this table by generating a health check packet.
Health checks are supported only for IPv4 Load balancers in this patch.
Existing load balancers will be unaffected after this patch.
Signed-off-by: Numan Siddique
---
northd/ovn-northd.8.xml | 75 +-
northd/ovn-northd.c | 493
ovn-nb.ovsschema| 25 +-
ovn-nb.xml | 68 ++
ovn-sb.ovsschema| 33 ++-
ovn-sb.xml | 85 +++
tests/ovn-northd.at | 215 ++
7 files changed, 948 insertions(+), 46 deletions(-)
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
index f6cafbd55..91d3cff55 100644
--- a/northd/ovn-northd.8.xml
+++ b/northd/ovn-northd.8.xml
@@ -308,6 +308,16 @@
previously created, it will be associated to the empty_lb logical flow
+
+ This table also has a priority-110 flow with the match
+ eth.src == E for all logical switch
+ datapaths to move traffic to the next table. Where E
+ is the service monitor mac defined in the
+ colum of table.
+
+
Ingress Table 5: Pre-stateful
@@ -476,7 +486,10 @@
, where args contains comma separated IP addresses
(and optional port numbers) to load balance to. The address family of
the IP addresses of args is the same as the address family
-of VIP
+of VIP. If health check is enabled, then args
+will only contain those endpoints whose service monitor status entry
+in OVN_Southbound db is either online or
+empty.
For all the configured load balancing rules for a switch in
@@ -698,6 +711,51 @@ nd_na_router {
+
+
+ For each SVC_MON_SRC_IP defined in the value of
+ the column of
+ table, priority-110
+ logical flow is added with the match
+ arp.tpa == SVC_MON_SRC_IP
+ && && arp.op == 1 and applies the action
+
+
+
+eth.dst = eth.src;
+eth.src = E;
+arp.op = 2; /* ARP reply. */
+arp.tha = arp.sha;
+arp.sha = E;
+arp.tpa = arp.spa;
+arp.spa = A;
+outport = inport;
+flags.loopback = 1;
+output;
+
+
+
+ where E is the service monitor source mac defined in
+ the column in the table. This mac is used as the source mac
+ in the service monitor packets for the load balancer endpoint IP
+ health checks.
+
+
+
+ SVC_MON_SRC_IP is used as the source ip in the
+ service monitor IPv4 packets for the load balancer endpoint IP
+ health checks.
+
+
+
+ These flows are required if an ARP request is sent for the IP
+ SVC_MON_SRC_IP.
+
+
+
One priority-0 fallback flow that matches all packets and advances to
the next table.
@@ -1086,6 +1144,16 @@ output;
tracker for packet de-fragmentation.
+
+ This table also has a priority-110 flow with the match
+ eth.src == E for all logical switch
+ datapaths to move traffic to the next table. Where E
+ is the service monitor mac defined in the
+ colum of table.
+
+
Egress Table 1: to-lport Pre-ACLs
@@ -1920,7 +1988,10 @@ icmp6 {
(and optional port numbers) to load balance to. If the router is
configured to force SNAT any load-balanced packets, the above action
will be replaced by flags.force_snat_for_lb = 1;
-ct_lb(args);.
+ct_lb(args);. If health check is enabled, then
+args will only contain those endpoints whose service
+monitor status entry in OVN_Southbound db is
+either online or empty.
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 71ee0b678..5c7a179f3 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -88,6 +88,13 @@ static struct eth_addr mac_prefix;
static bool controller_event_en;
+/* MAC allocated for service monitor usage. Just one mac is allocated
+ * for this purpose and ovn-controller's on each chassis will make use
+ * of this mac when sending out the packets to monitor the services
+ * defined in Service_Monitor Southbound table. Since these packets
+ * a
