WIP: Enable ARP responder to act as a proxy ARP

Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
markdgray · Nov 10, 2020 · 21dc037 · 21dc037
1 parent 55bccb8
commit 21dc037
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 2 deletions.
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
@@ -98,6 +98,10 @@ static bool check_lsp_is_up;
 static char svc_monitor_mac[ETH_ADDR_STRLEN + 1];
 static struct eth_addr svc_monitor_mac_ea;
 
+/* By default, OVN will reply to ARP requests for known ports on remote chassis,
+   this will disable this behaviour */
+bool enable_proxy_arp = true;
+
 /* Default probe interval for NB and SB DB connections. */
 #define DEFAULT_PROBE_INTERVAL_MSEC 5000
 static int northd_probe_interval_nb = DEFAULT_PROBE_INTERVAL_MSEC;
@@ -6927,8 +6931,14 @@ build_lswitch_flows(struct hmap *datapaths, struct hmap *ports,
             for (size_t i = 0; i < op->n_lsp_addrs; i++) {
                 for (size_t j = 0; j < op->lsp_addrs[i].n_ipv4_addrs; j++) {
                     ds_clear(&match);
-                    ds_put_format(&match, "arp.tpa == %s && arp.op == 1",
-                                op->lsp_addrs[i].ipv4_addrs[j].addr_s);
+                    if (enable_proxy_arp) {
+                        ds_put_format(&match, "arp.tpa == %s && arp.op == 1",
+                                  op->lsp_addrs[i].ipv4_addrs[j].addr_s);
+                    } else {
+                        ds_put_format(&match, "is_chassis_resident(\"%s\") && arp.tpa == %s && arp.op == 1",
+                                  op->key, op->lsp_addrs[i].ipv4_addrs[j].addr_s);
+                    }
+
                     ds_clear(&actions);
                     ds_put_format(&actions,
                         "eth.dst = eth.src; "
@@ -12188,6 +12198,9 @@ ovnnb_db_run(struct northd_context *ctx,
         }
     }
 
+    enable_proxy_arp = smap_get_bool(&nb->options, "enable-proxy-arp", true);
+    VLOG_INFO("enable-proxy-arp = %d", enable_proxy_arp);
+
     struct smap options;
     smap_clone(&options, &nb->options);
 

diff --git a/tests/ovn.at b/tests/ovn.at
@@ -22581,3 +22581,55 @@ AT_CHECK([test "$encap_rec_mvtep" == "$encap_rec_mvtep1"], [0], [])
 
 OVN_CLEANUP([hv1])
 AT_CLEANUP
+
+# 2 hypervisors, one logical switch, 2 logical ports per hypervisor
+# logical ports bound to chassis encap-ip using proxy-arp-mac
+AT_SETUP([ovn -- 2 HVs, 1 LS, 2 lports/HV, proxy-arp-mac])
+AT_KEYWORDS([ovnarp])
+ovn_start
+
+ovn-nbctl set NB_Global . options:enable-proxy-arp=false
+
+# Create hypervisors hv[12].
+# Add vif1[12] to hv1, vif2[12] to hv2
+ovn-nbctl ls-add lsw0
+net_add n1
+for i in 1 2; do
+    sim_add hv$i
+    as hv$i
+    ovs-vsctl add-br br-phys
+    ovn_attach n1 br-phys 192.168.0.$i
+
+    for j in 1 2; do
+        ovs-vsctl add-port br-int vif$i$j -- set Interface vif$i$j external-ids:iface-id=lp$i$j options:tx_pcap=hv$i/vif$i$j-tx.pcap options:rxq_pcap=hv$i/vif$i$j-rx.pcap ofport-request=$i$j
+        ovn-nbctl lsp-add lsw0 lp$i$j
+        ip_addrs="192.168.0.$i$j"
+        ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j $ip_addrs"
+        ovn-nbctl --wait=hv lsp-set-port-security lp$i$j f0:00:00:00:00:$i$j
+    done
+done
+####################### THIS IS WIP #################################
+
+# Bind the ports to the encap-ip
+for i in 1 2; do
+    for j in 1 2; do
+        as hv$i
+        ovs-vsctl set Interface vif$i$j external-ids:encap-ip=192.168.0.$i
+    done
+done
+
+sleep 5
+
+ovn-sbctl lflow-list
+
+echo "------ hv1 dump ------"
+as hv1 ovs-vsctl show
+as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
+
+echo "------ hv2 dump ------"
+as hv2 ovs-vsctl show
+as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
+
+OVN_CLEANUP([hv1],[hv2])
+
+AT_CLEANUP