summaryrefslogtreecommitdiff
path: root/ovn
diff options
context:
space:
mode:
authorDaniel Alvarez <dalvarez@redhat.com>2017-05-26 12:08:43 +0000
committerBen Pfaff <blp@ovn.org>2017-05-30 09:56:16 -0700
commit2a38ef4520f646df2ad6e879aa7825e1cec48bac (patch)
tree2e5e026834758331186f6e23c757ef98471004e1 /ovn
parenta129fe8c9f97c3e6e8b73ac15a23d2203d60509f (diff)
downloadopenvswitch-2a38ef4520f646df2ad6e879aa7825e1cec48bac.tar.gz
ovn: Add support for new logical port type "localport".
This patch introduces a new type of OVN ports called "localport". These ports will be present in every hypervisor and may have the same IP/MAC addresses. They are not bound to any chassis and traffic to these ports will never go through a tunnel. Its main use case is the OpenStack metadata API support which relies on a local agent running on every hypervisor and serving metadata to VM's locally. This service is described in detail at [0]. An example to illustrate the purpose of this patch: - One logical switch sw0 with 2 ports (p1, p2) and 1 localport (lp) - Two hypervisors: HV1 and HV2 - p1 in HV1 (OVS port with external-id:iface-id="p1") - p2 in HV2 (OVS port with external-id:iface-id="p2") - lp in both hypevisors (OVS port with external-id:iface-id="lp") - p1 should be able to reach p2 and viceversa - lp on HV1 should be able to reach p1 but not p2 - lp on HV2 should be able to reach p2 but not p1 Explicit drop rules are inserted in table 32 with priority 150 in order to prevent traffic originated at a localport to go over a tunnel. [0] https://docs.openstack.org/developer/networking-ovn/design/metadata_api.html Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'ovn')
-rw-r--r--ovn/controller/binding.c5
-rw-r--r--ovn/controller/ovn-controller.c2
-rw-r--r--ovn/controller/physical.c30
-rw-r--r--ovn/controller/physical.h4
-rw-r--r--ovn/northd/ovn-northd.8.xml8
-rw-r--r--ovn/northd/ovn-northd.c6
-rw-r--r--ovn/ovn-architecture.7.xml45
-rw-r--r--ovn/ovn-nb.xml9
-rw-r--r--ovn/ovn-sb.xml14
9 files changed, 105 insertions, 18 deletions
diff --git a/ovn/controller/binding.c b/ovn/controller/binding.c
index 95e9deb32..bb7660875 100644
--- a/ovn/controller/binding.c
+++ b/ovn/controller/binding.c
@@ -380,7 +380,10 @@ consider_local_datapath(struct controller_ctx *ctx,
if (iface_rec && qos_map && ctx->ovs_idl_txn) {
get_qos_params(binding_rec, qos_map);
}
- our_chassis = true;
+ /* This port is in our chassis unless it is a localport. */
+ if (strcmp(binding_rec->type, "localport")) {
+ our_chassis = true;
+ }
} else if (!strcmp(binding_rec->type, "l2gateway")) {
const char *chassis_id = smap_get(&binding_rec->options,
"l2gateway-chassis");
diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c
index 1ff1b5b73..8fbe3564c 100644
--- a/ovn/controller/ovn-controller.c
+++ b/ovn/controller/ovn-controller.c
@@ -656,7 +656,7 @@ main(int argc, char *argv[])
physical_run(&ctx, mff_ovn_geneve,
br_int, chassis, &ct_zones, &lports,
- &flow_table, &local_datapaths);
+ &flow_table, &local_datapaths, &local_lports);
ofctrl_put(&flow_table, &pending_ct_zones,
get_nb_cfg(ctx.ovnsb_idl));
diff --git a/ovn/controller/physical.c b/ovn/controller/physical.c
index 532c7252e..dad4e32cc 100644
--- a/ovn/controller/physical.c
+++ b/ovn/controller/physical.c
@@ -769,7 +769,8 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id mff_ovn_geneve,
const struct ovsrec_bridge *br_int,
const struct sbrec_chassis *chassis,
const struct simap *ct_zones, struct lport_index *lports,
- struct hmap *flow_table, struct hmap *local_datapaths)
+ struct hmap *flow_table, struct hmap *local_datapaths,
+ const struct sset *local_lports)
{
/* This bool tracks physical mapping changes. */
@@ -988,15 +989,40 @@ physical_run(struct controller_ctx *ctx, enum mf_field_id mff_ovn_geneve,
*/
struct match match;
match_init_catchall(&match);
- ofpbuf_clear(&ofpacts);
match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0,
MLF_RCV_FROM_VXLAN, MLF_RCV_FROM_VXLAN);
/* Resubmit to table 33. */
+ ofpbuf_clear(&ofpacts);
put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0,
&match, &ofpacts);
+ /* Table 32, priority 150.
+ * =======================
+ *
+ * Handles packets received from ports of type "localport". These ports
+ * are present on every hypervisor. Traffic that originates at one should
+ * never go over a tunnel to a remote hypervisor, so resubmit them to table
+ * 33 for local delivery. */
+ match_init_catchall(&match);
+ ofpbuf_clear(&ofpacts);
+ put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts);
+ const char *localport;
+ SSET_FOR_EACH (localport, local_lports) {
+ /* Iterate over all local logical ports and insert a drop
+ * rule with higher priority for every localport in this
+ * datapath. */
+ const struct sbrec_port_binding *pb = lport_lookup_by_name(
+ lports, localport);
+ if (pb && !strcmp(pb->type, "localport")) {
+ match_set_reg(&match, MFF_LOG_INPORT - MFF_REG0, pb->tunnel_key);
+ match_set_metadata(&match, htonll(pb->datapath->tunnel_key));
+ ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0,
+ &match, &ofpacts);
+ }
+ }
+
/* Table 32, Priority 0.
* =======================
*
diff --git a/ovn/controller/physical.h b/ovn/controller/physical.h
index e2debed89..66aa80e2d 100644
--- a/ovn/controller/physical.h
+++ b/ovn/controller/physical.h
@@ -32,6 +32,7 @@ struct hmap;
struct ovsdb_idl;
struct ovsrec_bridge;
struct simap;
+struct sset;
/* OVN Geneve option information.
*
@@ -45,6 +46,7 @@ void physical_run(struct controller_ctx *, enum mf_field_id mff_ovn_geneve,
const struct ovsrec_bridge *br_int,
const struct sbrec_chassis *chassis,
const struct simap *ct_zones, struct lport_index *,
- struct hmap *flow_table, struct hmap *local_datapaths);
+ struct hmap *flow_table, struct hmap *local_datapaths,
+ const struct sset *local_lports);
#endif /* ovn/physical.h */
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index c0b4c5eb0..7ff524508 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -492,8 +492,8 @@ output;
</pre>
<p>
- These flows are omitted for logical ports (other than router ports)
- that are down.
+ These flows are omitted for logical ports (other than router ports or
+ <code>localport</code> ports) that are down.
</p>
</li>
@@ -519,8 +519,8 @@ nd_na {
</pre>
<p>
- These flows are omitted for logical ports (other than router ports)
- that are down.
+ These flows are omitted for logical ports (other than router ports or
+ <code>localport</code> ports) that are down.
</p>
</li>
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 4d4930855..591498816 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -3305,9 +3305,11 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
/*
* Add ARP/ND reply flows if either the
* - port is up or
- * - port type is router
+ * - port type is router or
+ * - port type is localport
*/
- if (!lsp_is_up(op->nbsp) && strcmp(op->nbsp->type, "router")) {
+ if (!lsp_is_up(op->nbsp) && strcmp(op->nbsp->type, "router") &&
+ strcmp(op->nbsp->type, "localport")) {
continue;
}
diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml
index d8114f1f9..085a6aefe 100644
--- a/ovn/ovn-architecture.7.xml
+++ b/ovn/ovn-architecture.7.xml
@@ -409,6 +409,21 @@
logical patch ports at each such point of connectivity, one on
each side.
</li>
+ <li>
+ <dfn>Localport ports</dfn> represent the points of local
+ connectivity between logical switches and VIFs. These ports are
+ present in every chassis (not bound to any particular one) and
+ traffic from them will never go through a tunnel. A
+ <code>localport</code> is expected to only generate traffic destined
+ for a local destination, typically in response to a request it
+ received.
+ One use case is how OpenStack Neutron uses a <code>localport</code>
+ port for serving metadata to VM's residing on every hypervisor. A
+ metadata proxy process is attached to this port on every host and all
+ VM's within the same network will reach it at the same IP/MAC address
+ without any traffic being sent over a tunnel. Further details can be
+ seen at https://docs.openstack.org/developer/networking-ovn/design/metadata_api.html.
+ </li>
</ul>
</li>
</ul>
@@ -993,15 +1008,31 @@
hypervisor, in the same way as for unicast destinations. If a
multicast group includes a logical port or ports on the local
hypervisor, then its actions also resubmit to table 33. Table 32 also
- includes a fallback flow that resubmits to table 33 if there is no
- other match. Table 32 also contains a higher priority rule to match
- packets received from VXLAN tunnels, based on flag MLF_RCV_FROM_VXLAN
- and resubmit these packets to table 33 for local delivery. Packets
- received from VXLAN tunnels reach here because of a lack of logical
- output port field in the tunnel key and thus these packets needed to
- be submitted to table 16 to determine the output port.
+ includes:
</p>
+ <ul>
+ <li>
+ A higher-priority rule to match packets received from VXLAN tunnels,
+ based on flag MLF_RCV_FROM_VXLAN, and resubmit these packets to table
+ 33 for local delivery. Packets received from VXLAN tunnels reach
+ here because of a lack of logical output port field in the tunnel key
+ and thus these packets needed to be submitted to table 16 to
+ determine the output port.
+ </li>
+ <li>
+ A higher-priority rule to match packets received from ports of type
+ <code>localport</code>, based on the logical input port, and resubmit
+ these packets to table 33 for local delivery. Ports of type
+ <code>localport</code> exist on every hypervisor and by definition
+ their traffic should never go out through a tunnel.
+ </li>
+ <li>
+ A fallback flow that resubmits to table 33 if there is no other
+ match.
+ </li>
+ </ul>
+
<p>
Flows in table 33 resemble those in table 32 but for logical ports that
reside locally rather than remotely. For unicast logical output ports
diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
index f5be9e24b..eb348fe59 100644
--- a/ovn/ovn-nb.xml
+++ b/ovn/ovn-nb.xml
@@ -283,6 +283,15 @@
to model direct connectivity to an existing network.
</dd>
+ <dt><code>localport</code></dt>
+ <dd>
+ A connection to a local VIF. Traffic that arrives on a
+ <code>localport</code> is never forwarded over a tunnel to another
+ chassis. These ports are present on every chassis and have the same
+ address in all of them. This is used to model connectivity to local
+ services that run on every hypervisor.
+ </dd>
+
<dt><code>l2gateway</code></dt>
<dd>
A connection to a physical network.
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 387adb806..f3c321222 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -1802,6 +1802,11 @@ tcp.flags = RST;
connectivity to the corresponding physical network.
</dd>
+ <dt>localport</dt>
+ <dd>
+ Always empty. A localport port is present on every chassis.
+ </dd>
+
<dt>l3gateway</dt>
<dd>
The physical location of the L3 gateway. To successfully identify a
@@ -1882,6 +1887,15 @@ tcp.flags = RST;
to model direct connectivity to an existing network.
</dd>
+ <dt><code>localport</code></dt>
+ <dd>
+ A connection to a local VIF. Traffic that arrives on a
+ <code>localport</code> is never forwarded over a tunnel to another
+ chassis. These ports are present on every chassis and have the same
+ address in all of them. This is used to model connectivity to local
+ services that run on every hypervisor.
+ </dd>
+
<dt><code>l2gateway</code></dt>
<dd>
An L2 connection to a physical network. The chassis this
View Lorry Controller Status