| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
A previous commit changed the command names in ovn-nbctl from lport-* to
lsp-*. Change lport-bind and lport-unbind in ovn-sbctl to match.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Amitabha Biswas <abiswas@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, when address set value changes, ovn controller
doesn't remove the old entry from the tracking hash, it
just adds the new one, leading to multiple entries for the
same symbol.
Fix this behavior and add a smoke test to avoid a regression
in the future.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds schema changes to the OVN_Northbound database to support
Load balancers.
In ovn-northd, it adds two logical tables to program logical flows.
It adds a 'pre_lb' table that sits before 'pre_stateful' table.
For packets that need to be load balanced, this table sets reg0[0]
to act as a hint for the pre-stateful table to send the packet to
the conntrack table for defragmentation.
It also adds a 'lb' table that sits before 'stateful' table.
For packets from established connections, this table sets reg0[2] to
indicate to the 'stateful' table that the packet needs to be sent to
connection tracking table to just do NAT.
In stateful table, packet for a new connection that needs to be load balanced
is given a ct_lb($IP_LIST) action.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ovn-controller now supports 2 new logical actions.
1. ct_lb;
Sends the packet through the conntrack zone to NAT
packets. Packets that are part of established connection
will automatically get NATed based on the NAT arguments
supplied to conntrack when the first packet was committed.
2. ct_lb(192.168.1.2, 192.168.1.3);
ct_lb(192.168.1.2:80, 192.168.1.3:80);
Creates an OpenFlow group with multiple buckets and equal weights
that changes the destination IP address (and port number) of the packet
statefully to one of the options provided inside the parenthesis.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
| |
Signed-off-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
Extract block within SBREC_MAC_BINDING_FOR_EACH loop within
add_neighbor_flows to helper method so it can be reused when
doing incremental processing.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
Extract block from SBREC_MULTICAST_GROUP_FOR_EACH block
in physical_run to helper method so that it can be reused when
doing incremental processing.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Extract block from SBREC_PORT_BINDING_FOR_EACH block in
physical_run to helper method so that it can be reused when
doing incremental processing.
Side effects:
- localvif_to_oport and tunnels are now static file scoped.
- the is_new parameter is added for use in a later patch set.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
Refactor code block inside of SBREC_LOGICAL_FLOW_FOR_EACH
loop in add_logical_flow so that this can be reused when
incremental processing is added.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
In encaps.c, binding.c, and lport.c incremental processing
is aided by tracking entries by their ovsdb row uuids.
The original patch sets used pointers, which might lead
to errors if the ovsdb row uuid memory is released. So,
use actual structures to hold the values instead.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the only use of stateful services in conntrack is
OVN ACLs. In table ACL, we commit the packet to conntrack
via ct_commit action.
As we introduce more stateful services, the ACL feature will
have to share the conntrack module with others. As
preparation for more stateful features like load balancing,
this commit introduces a new stateful table
that is responsible to commit packets to conntrack via
ct_commit action. If ACL table needs to commit a packet,
it sets 'reg0[1]' as 1. Stateful table in-turn will commit
the packet if 'reg0[1]' is 1.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the only use of stateful services in conntrack is
OVN ACLs. In table pre-ACL, we send the packet to conntrack
to track it (to get its status) and to defrag via the ct_next
action.
As we introduce more stateful services, the ACL feature will
have to share the conntrack module with others. As
preparation for more stateful features like loadbalancing,
this commit introduces a new pre-stateful table that is
responsible to send packets through conntrack via
ct_next action. If pre-ACL table needs to send a packet
through conntrack, it just sets the 'reg0[0]' as 1.
Pre-stateful table in-turn will send the packet to conntrack
if 'reg0[0]' is 1.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature was originally proposed here:
http://openvswitch.org/pipermail/dev/2016-March/067440.html
A common use case for OVN ACLs involves needing to match a set of IP
addresses.
outport == "lp1" && ip4.src == {10.0.0.5, 10.0.0.25, 10.0.0.50}
This example match only has 3 addresses, but it could easily have
hundreds of addresses. In some cases, the same large set of addresses
needs to be used in several ACLs.
This patch adds a new Address_Set table to OVN_Northbound so that a set
of addresses can be specified once and then referred to by name in ACLs.
To recreate the above example, you would first create an address set:
$ ovn-nbctl create Address_Set name=set1 addresses="10.0.0.5","10.0.0.25","10.0.0.50"
Then you can refer to this address set by name in an ACL match:
outport == "lp1" && ip4.src == $set1
Signed-off-by: Russell Bryant <russell@ovn.org>
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com>
Co-authored-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As currently implemented, binding_run() normally updates the set of
locally owned logical ports on each call. When changes to the
membership of this set are detected (i.e. when locally bound
logical ports are added or deleted), additional processing to
update the sb database with lport binding is performed.
However, the sb database can only be updated when a transaction to
the sb database is possible (that is, when ctx->ovnsb_idl_txn is
non-NULL). If a new logical port is detected while ctx->ovnsb_idl_txn
happens to be NULL, its binding information will not be updated in
the the sb database until another change to the set of locally-owned
logical ports changes. If no such change ever occurs, the sb database
is never updated with the appropriate binding information.
Eliminate this issue by only updating the set of locally owned logical
ports when an sb database transaction is possible. This addresses
a cause of occasional failures in the "3 HVs, 3 LS, 3 lports/LS, 1 LR"
test case.
The failing scenario goes like this:
1) Test case logical network setup is complete.
2) The last physical network port is added via
as hv3 ovs-vsctl --add-port ... --set Interface vif333 external-ids:iface-id=lp333
3) hv3 ovn-controller receives update from hv3 ovsdb-server with above mapping,
binding_run() is called, and ctx->ovnsb_idl_txn happens to be NULL.
4) binding_run() calls get_local_iface_ids(), which recognizes the new
local port as matching a logical port, so the lp333 is added to the
global ssets "lports" and "all_lports". This means lp333 will not be treated
as a new logical port on subsequent calls. Because getLocal_iface_ids()
has discovered a new lport, it returns changed = true.
5) Because get_local_iface_ids() returned true, binding_run() sets process_full_binding
to true.
6) Because process_full_binding is true, binding_run() calls consider_local_datapath()
for each logical port in shash_lports (which now includes lp333).
7) consider_local_datapath() processing returns without calling
sbrec_port_binding_set_chassis() because ctx->ovnsb_idl_txn is NULL.
8) There are subsequent calls to binding_run() with non-NULL ctx->ovnsb_idl,
but because lp333 is already in the "lports" sset, get_local_iface_ids()
returns changed=false, so process_full_binding is false, which means
consider_local_datapath() is not called for lp333.
9) Because consider_local_datapath() is not called for lp333, the sb database
is not updated with the lport/chassis binding.
Hopefully the above is intelligible. Another way of looking at it would be
to say the condition for calling consider_local_datapath() is an "edge trigger",
this change suppresses the trigger until the necessary actions can be performed.
Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
If there are multiple logical switches or routers with a duplicate name,
the configuration is slightly different. You should configure the logical
switches or routers using the UUID instead of the name.
Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
When new tables are introduced, it gets a little harder to
track all the different table numbers used in the documentation.
This commit changes some table numbers to names to make it a little
easier to update documentation when new tables are introduced in the
upcoming commits.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
| |
Future patches introduce more tables between
pre-ACL and ACL processing. As such, it looks
easier to separate these out into separate
functions to enhance code readability.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
The intent here was to free the error reported by ipv6_parse_cidr(),
but in fact the error reported by that function was discarded and
the previous error from ip_parse_cidr() was freed again.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
| |
Found by Clang.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the OVN expression parser to support address sets. Previously,
you could have a set of IP or MAC addresses in this form:
{addr1, addr2, ..., addrN}
This patch adds support for a bit of indirection where we can define a
set of addresses and refer to them by name.
$name
This '$name' can be used in the expresssions like
{addr1, addr2, $name, ... }
{$name}
$name
A future patch will expose the ability to define address sets for use.
Signed-off-by: Russell Bryant <russell@ovn.org>
Co-authored-by: Babu Shanmugam <bschanmu@redhat.com>
Signed-off-by: Babu Shanmugam <bschanmu@redhat.com>
[blp@ovn.org made numerous small changes]
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch tries to support ND versus ARP for OVN.
It adds a new OVN action 'na' in ovn-controller side, and modify lflows
for 'na' action and relevant packets in ovn-northd.
First, for ovn-northd, it will generate lflows per each lport with its
IPv6 addresses and mac addresss, with 'na' action, such as:
match=(icmp6 && icmp6.type == 135 &&
(nd.target == fd81:ce49:a948:0:f816:3eff:fe46:8a42 ||
nd.target == fd81:ce49:b123:0:f816:3eff:fe46:8a42)),
action=(na { eth.src = fa:16:3e:46:8a:42; nd.tll = fa:16:3e:46:8a:42;
outport = inport;
inport = ""; /* Allow sending out inport. */ output; };)
and new lflows will be set in tabel ls_in_arp_nd_rsp, which is renamed
from previous ls_in_arp_rsp.
Later, for ovn-controller, when it received a ND packet, it frames a
template NA packet for reply. The NA packet will be initialized based on
ND packet, such as NA packet will use:
- ND packet eth.src as eth.dst,
- ND packet eth.dst as eth.src,
- ND packet ip6.src as ip6.dst,
- ND packet nd.target as ip6.src,
- ND packet eth.dst as nd.tll.
Finally, nested actions in 'na' action will update necessary fileds
for NA packet, such as:
- eth.src, nd.tll
- inport, outport
Since patch port for IPv6 router interface is not ready yet, this
patch will only try to deal with ND from VM. This patch will set
RSO flags to 011 for NA packets.
This patch also modified current ACL lflows for ND, not to do conntrack
on ND and NA packets in following tables:
- S_SWITCH_IN_PRE_ACL
- S_SWITCH_OUT_PRE_ACL
- S_SWITCH_IN_ACL
- S_SWITCH_OUT_ACL
Signed-off-by: Zong Kai LI <zealokii@gmail.com>
[blp@ovn.org made several minor simplifications and improvements]
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The probe timer between ovn-controller and OVN Southbound
can be configured using ovn-vsctl command, but that is not
effective on the fly. In other words, ovn-controller has
to be restarted to use that probe_timer value, this patch
takes care of that.
Signed-off-by: Nirapada Ghosh <nghosh@us.ibm.com>
[blp@ovn.org made various adjustments]
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
| |
The command 'lr-route-add' currently cannot update the output
port.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements one approach to using ovn-controller to implement
a software l2 gateway between logical and physical networks.
A new logical port type called "l2gateway" is introduced here. It is very
close to how localnet ports work, with the following exception:
- A localnet port makes OVN use the physical network as the
transport between hypervisors instead of tunnels. An l2gateway port still
uses tunnels between all hypervisors, and packets only go to/from the
specified physical network as needed via the chassis the l2gateway port
is bound to.
- An l2gateway port also gets bound to a chassis while a localnet port does
not. This binding is not done by ovn-controller. It is left as an
administrative function. In the case of OpenStack, the Neutron plugin
will do this.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the "ct_commit;" logical flow action to optionally take
one or two parameters, setting the value of "ct_mark" or "ct_label".
Supported ct_commit syntax now includes:
ct_commit;
ct_commit();
ct_commit(ct_mark=1);
ct_commit(ct_mark=1/1);
ct_commit(ct_label=1);
ct_commit(ct_label=1/1);
ct_commit(ct_mark=1, ct_label=1);
Setting ct_mark via this type of logical flow results in an OpenFlow
flow that looks like:
actions=ct(commit,zone=NXM_NX_REG5[0..15],exec(set_field:0x1->ct_mark))
Similarly, setting ct_label results in:
actions=ct(commit,zone=NXM_NX_REG5[0..15],exec(set_field:0x1->ct_label))
A future commit will make use of this feature.
Signed-off-by: Russell Bryant <russell@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
| |
It's a pretty common pattern so create a function for it.
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch "Convert binding_run to incremental processing." introduced
a bug where the port binding table is not correctly updated when
an OVS port is deleted. Fix this by
- persisting the lport shash used to record OVS ports
- change get_local_iface_ids to return a bool indicating if
the persisted lport shash has changed
- change port binding table processing from incremental to full
if the persisted lport shash has changed
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
| |
Also there were lots of 'continue's sprinkled around that didn't seem to
be needed given some simple code rearrangement.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new OVN action 'put_dhcp_opts' to support native
DHCP in OVN.
ovn-controller parses this action and adds a NXT_PACKET_IN2
OF flow with 'pause' flag set and the DHCP options stored in
'userdata' field.
When the valid DHCP packet is received by ovn-controller, it frames a
new DHCP reply packet with the DHCP options present in the
'userdata' field and resumes the packet and stores 1 in the 1-bit subfield.
If the packet is invalid, it resumes the packet without any modifying and
stores 0 in the 1-bit subfield.
Eg. reg0[0] = put_dhcp_opts(offerip = 10.0.0.4, router = 10.0.0.1,
netmask = 255.255.255.0, lease_time = 3600,....)
A new 'DHCP_Options' table is added in SB DB which stores
the supported DHCP options with DHCP code and type. ovn-northd is
expected to popule this table.
The next patch will add logical flows with this action.
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
| |
As written, it was difficult for the OVN logical action code to add support
for new actions of the form "dst = ...", because the code to parse the left
side of the assignment was a monolithic part of the expr library. This
commit refactors the code division so that an upcoming patch can support a
new "dst = func(args);" kind of action.
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
| |
Seems to me that this makes the code slightly easier to follow.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
This is preparatory to making physical_run and lflow_run process
incrementally as changes to the data in these structures control
that processing.
Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure that the entire port binding table is processed
when chassis are added/removed or when get_local_iface_ids
finds new ports on the local vswitch.
Side effects:
- Persist local_datapaths and patch_datapaths across runs so
that changes to either can be used as a trigger to reset
incremental flow processing.
- Persist all_lports structure
- Revert commit 9baaabfff3c7df014e9acbd4c68189b568552ca9
(ovn: Fix localnet ports deletion and recreation sometimes
after restart.) as these changes are not desirable once
local_datatpath is persisted.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
| |
As a side effect, tunnel context is persisted.
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Responding to icmp queries where the L3 destination is a directed broadcast
was not being properly handled, causing the reply to be sent to all logical
ports except for the one port that should receive it.
This is a proposal for using choice B in the mail discussion; where icmp
queries to broadcast are simply not responded by the logical router.
Reported-at: http://openvswitch.org/pipermail/discuss/2016-June/021610.html
Signed-off-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
|
| |
|
|
|
|
|
|
|
| |
By default all the ip traffic destined to router ip is dropped in
lr_in_ip_input stage. When the router ip is used as snat ip, allow
reverse snat traffic destined to the router ip.
Signed-off-by: Chandra Sekhar Vejendla <csvejend@us.ibm.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For traffic from physical space to virtual space we need DNAT.
The DNAT happens in the gateway router and reaches the logical
port. The return traffic should be unDNATed.
Traffic originating in virtual space heading to physical space
should be SNATed. The return traffic is unSNATted.
East-west traffic with the public destination IP address needs
a DNAT. This traffic is punted to the l3 gateway where DNAT
takes place. This traffic is also SNATed and eventually loops back to
its destination. The SNAT is needed because we need the reverse traffic
to go back to the l3 gateway and not short-circuit directly to the source.
This commit introduces 4 new logical actions.
1. ct_snat: To send the packet through SNAT zone to unSNAT packets.
2. ct_snat(IP): To SNAT to the provided IP address.
3. ct_dnat: To send the packet throgh DNAT zone to unDNAT packets.
4. ct_dnat(IP): To DNAT to the provided IP.
This commit only provides the ability to do IP based NAT. This will
eventually be enhanced to do PORT based NAT too.
Command hints:
Consider a distributed router "R1" that has switch foo (192.168.1.0/24)
with a lport foo1 (192.168.1.2) and bar (192.168.2.0/24) with lport bar1
(192.168.2.2) connected to it. You connect "R1" to
a gateway router "R2" via a switch "join" in (20.0.0.0/24) network.
R2 has a switch "alice" (172.16.1.0/24) connected to it (to simulate
external network).
case: Add pure DNAT (north-south)
Add a DNAT rule in R2:
ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=192.168.1.2 \
external_ip=30.0.0.2 -- add logical_router R2 nat @nat
Now alice1 should be able to ping 192.168.1.2 via 30.0.0.2.
case2 : Add pure SNAT (south-north)
Add a SNAT rule in R2:
ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.2.2 \
external_ip=30.0.0.1 -- add logical_router R2 nat @nat
(You need a static route in R1 to send packets destined to outside
world to go through R2. The logical_ip can be a subnet.)
When bar1 pings alice1, alice1 receives traffic from 30.0.0.1
case3 : SNAT and DNAT (east-west traffic)
When bar1 pings 30.0.0.2, the traffic jumps to the gateway router
and loops back to foo1 with a source ip address of 30.0.0.1
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Flavio Fernandes <flavio@flaviof.com>
|
| |
|
|
|
| |
Signed-off-by: Hui Kang <kangh@us.ibm.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A few minor changes related to logical switch commands:
- Use "ls" instead of "lswitch" to be more consistent with other
command changes.
- Use commands where possible in ovn unit tests.
- Update references from "lswitch" to "ls" (code) or "switch" (user).
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A few minor changes related to logical switch port commands:
- Use "lsp" instead of "lport" to be more consistent with later
changes.
- Use commands where possible in ovn unit tests.
- Update references from "lport" to "lsp" (code) or "port" (user).
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We have both logical switch and router ports. Router ports are
referenced in "Logical_Router_Port" table, so this make it more
consistent.
Also change internal use of "lport" to "lsp".
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few minor changes related to logical router port commands:
- Use "lrp" instead of "lrport" to be more consistent with later
changes.
- Use commands where possible in ovn unit tests.
- Move documentation to group router commands together.
- Adds mac/network/peer to lrp-add command. The existing command
doesn't require creating a mac or network address, which shouldn't
be possible.
- Drops lrport-[get|set]-mac-addresses commands in favor of
initializing them in lrp-add command.
- Update references from "lrport" to "lrp" (code) or "port" (user).
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few minor changes related to router commands:
- Use "lr" instead of "lrouter" to be more consistent with later
changes.
- Use the commands where possible in ovn unit tests.
- Move documentation to group router commands together.
- Update references from "lrouter" to "router".
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
|
| |
|
|
|
|
| |
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Ryan Moats <rmoats@us.ibm.com>
|
| |
|
|
|
| |
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When responding to icmp echo requests (aka ping) packets, the logical
router should not restrict responses based on the inport.
Example diagram:
vm: IP1.1 (subnet1)
logical_router: IP1.2 (subnet1) and IP2.2 (subnet2)
vm -------[subnet1]------- logical_router -------[subnet2]
<IP1.1> <IP1.2> <IP2.2>
vm should be able to ping <IP2.2>, even though it is an address
of a subnet that can only be reached through L3 routing.
Reference to the mailing list thread:
http://openvswitch.org/pipermail/discuss/2016-May/021172.html
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ovn-nbctl provides a shortcut to perform commands related lswitch, lport
and such but it doesn't have similar commands related to logical routers
and logical router ports. Also, 'ovn-nbctl show' is supposed to show an
overview of database contents, which means it should show the routers
as well. "ovn-nbctl show LSWITCH" shows the switch details, similarly
"ovn-nbctl show LROUTER" should show the router details too. This patch
takes care of all of these.
Modifications;
1) ovn-nbctl show -- will now show lrouters as well
2) ovn-nbctl show <lrouter> -- will show the router now
New commands added:
3) ovn-nbctl lrouter-add [LROUTER]
4) ovn-nbctl lrouter-del LROUTER
5) ovn-nbctl lrouter-list
6) lrport-add LROUTER LRPORT
7) lrport-del LRPORT
8) lrport-list LROUTER
9) lrport-set-mac-address LRPORT [ADDRESS]
10) lrport-get-mac-address LRPORT
11) lrport-set-enabled LRPORT STATE
12) lrport-get-enabled LRPORT
Unit test cases have been added to test all of these modifications and
additions.
Signed-off-by: Nirapada Ghosh <nghosh@us.ibm.com>
[blp@ovn.org added features to match the lswitch and lport commands]
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
| |
OVS NAT currently cannot do snat and dnat in the same zone.
So we need two zones per gateway router.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
|
| |
|
|
|
|
|
|
|
|
| |
commit 60bdd01148e4 ("Separating OVN NB and SB database processes")
introduced a separating OVN NB and SB database process, the path of
sock files need to be updated.
Fixes: 60bdd01148e4 ("Separating OVN NB and SB database processes")
Signed-off-by: Li Wei <lw@cn.fujitsu.com>
Signed-off-by: Russell Bryant <russell@ovn.org>
|
