diff options
| author | Mickey Spiegel <mickeys.dev@gmail.com> | 2017-01-26 17:31:06 -0800 |
|---|---|---|
| committer | Gurucharan Shetty <guru@ovn.org> | 2017-01-27 11:10:30 -0800 |
| commit | 8697d4268b9a4578cfe0b783bc83b91b6a0c9e11 (patch) | |
| tree | 77b26356e2662e2f64817df7eef7d246eb916d5f /ovn | |
| parent | 72c84bc2db23dfb9bb9032478b7c414d492ac717 (diff) | |
| download | openvswitch-8697d4268b9a4578cfe0b783bc83b91b6a0c9e11.tar.gz | |
ovn: move load balancing flows after NAT flows
This will make it easy for distributed NAT to reuse some of the
existing code for NAT flows, while leaving load balancing and defrag
as functionality specific to gateway routers. There is no intent to
change any functionality in this patch.
Signed-off-by: Mickey Spiegel <mickeys.dev@gmail.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Diffstat (limited to 'ovn')
| -rw-r--r-- | ovn/northd/ovn-northd.c | 140 |
1 files changed, 70 insertions, 70 deletions
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 3b054704c..5c03b04b3 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -4128,76 +4128,6 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, const char *lb_force_snat_ip = get_force_snat_ip(od, "lb", &snat_ip); - /* A set to hold all ips that need defragmentation and tracking. */ - struct sset all_ips = SSET_INITIALIZER(&all_ips); - - for (int i = 0; i < od->nbr->n_load_balancer; i++) { - struct nbrec_load_balancer *lb = od->nbr->load_balancer[i]; - struct smap *vips = &lb->vips; - struct smap_node *node; - - SMAP_FOR_EACH (node, vips) { - uint16_t port = 0; - - /* node->key contains IP:port or just IP. */ - char *ip_address = NULL; - ip_address_and_port_from_lb_key(node->key, &ip_address, &port); - if (!ip_address) { - continue; - } - - if (!sset_contains(&all_ips, ip_address)) { - sset_add(&all_ips, ip_address); - } - - /* Higher priority rules are added for load-balancing in DNAT - * table. For every match (on a VIP[:port]), we add two flows - * via add_router_lb_flow(). One flow is for specific matching - * on ct.new with an action of "ct_lb($targets);". The other - * flow is for ct.est with an action of "ct_dnat;". */ - ds_clear(&actions); - ds_put_format(&actions, "ct_lb(%s);", node->value); - - ds_clear(&match); - ds_put_format(&match, "ip && ip4.dst == %s", - ip_address); - free(ip_address); - - if (port) { - if (lb->protocol && !strcmp(lb->protocol, "udp")) { - ds_put_format(&match, " && udp && udp.dst == %d", - port); - } else { - ds_put_format(&match, " && tcp && tcp.dst == %d", - port); - } - add_router_lb_flow(lflows, od, &match, &actions, 120, - lb_force_snat_ip); - } else { - add_router_lb_flow(lflows, od, &match, &actions, 110, - lb_force_snat_ip); - } - } - } - - /* If there are any load balancing rules, we should send the - * packet to conntrack for defragmentation and tracking. This helps - * with two things. - * - * 1. With tracking, we can send only new connections to pick a - * DNAT ip address from a group. - * 2. If there are L4 ports in load balancing rules, we need the - * defragmentation to match on L4 ports. */ - const char *ip_address; - SSET_FOR_EACH(ip_address, &all_ips) { - ds_clear(&match); - ds_put_format(&match, "ip && ip4.dst == %s", ip_address); - ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, - 100, ds_cstr(&match), "ct_next;"); - } - - sset_destroy(&all_ips); - for (int i = 0; i < od->nbr->n_nat; i++) { const struct nbrec_nat *nat; @@ -4352,6 +4282,76 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * routing in the openflow pipeline. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_DNAT, 50, "ip", "flags.loopback = 1; ct_dnat;"); + + /* A set to hold all ips that need defragmentation and tracking. */ + struct sset all_ips = SSET_INITIALIZER(&all_ips); + + for (int i = 0; i < od->nbr->n_load_balancer; i++) { + struct nbrec_load_balancer *lb = od->nbr->load_balancer[i]; + struct smap *vips = &lb->vips; + struct smap_node *node; + + SMAP_FOR_EACH (node, vips) { + uint16_t port = 0; + + /* node->key contains IP:port or just IP. */ + char *ip_address = NULL; + ip_address_and_port_from_lb_key(node->key, &ip_address, &port); + if (!ip_address) { + continue; + } + + if (!sset_contains(&all_ips, ip_address)) { + sset_add(&all_ips, ip_address); + } + + /* Higher priority rules are added for load-balancing in DNAT + * table. For every match (on a VIP[:port]), we add two flows + * via add_router_lb_flow(). One flow is for specific matching + * on ct.new with an action of "ct_lb($targets);". The other + * flow is for ct.est with an action of "ct_dnat;". */ + ds_clear(&actions); + ds_put_format(&actions, "ct_lb(%s);", node->value); + + ds_clear(&match); + ds_put_format(&match, "ip && ip4.dst == %s", + ip_address); + free(ip_address); + + if (port) { + if (lb->protocol && !strcmp(lb->protocol, "udp")) { + ds_put_format(&match, " && udp && udp.dst == %d", + port); + } else { + ds_put_format(&match, " && tcp && tcp.dst == %d", + port); + } + add_router_lb_flow(lflows, od, &match, &actions, 120, + lb_force_snat_ip); + } else { + add_router_lb_flow(lflows, od, &match, &actions, 110, + lb_force_snat_ip); + } + } + } + + /* If there are any load balancing rules, we should send the + * packet to conntrack for defragmentation and tracking. This helps + * with two things. + * + * 1. With tracking, we can send only new connections to pick a + * DNAT ip address from a group. + * 2. If there are L4 ports in load balancing rules, we need the + * defragmentation to match on L4 ports. */ + const char *ip_address; + SSET_FOR_EACH(ip_address, &all_ips) { + ds_clear(&match); + ds_put_format(&match, "ip && ip4.dst == %s", ip_address); + ovn_lflow_add(lflows, od, S_ROUTER_IN_DEFRAG, + 100, ds_cstr(&match), "ct_next;"); + } + + sset_destroy(&all_ips); } /* Logical router ingress table 5: IP Routing. |