Skip to content
Permalink
Browse files

ovn-northd: Add logical flows to support native DHCPv4

OVN implements a native DHCPv4 support which caters to the common
use case of providing an IP address to a booting instance by
providing stateless replies to DHCPv4 requests based on statically
configured address mappings. To do this it allows a short list of
DHCPv4 options to be configured and applied at each compute host
running ovn-controller.

A new table 'DHCP_Options' is added in OVN NB DB to store the DHCP
options. Logical ports refer to this table to configure the DHCPv4
options.

For each logical port configured with DHCPv4 Options following flows
are added
 - A logical flow which copies the DHCPv4 options to the DHCPv4
   request packets using the 'put_dhcp_opts' action and advances the
   packet to the next stage.

 - A logical flow which implements the DHCP reponder by sending
   the DHCPv4 reply back to the inport once the 'put_dhcp_opts' action
   is applied.

Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Co-authored-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: Ramu Ramamurthy <ramu.ramamurthy@us.ibm.com>
Acked-by: Ramu Ramamurthy <ramu.ramamurthy@us.ibm.com>
  • Loading branch information...
numansiddique and blp committed Jul 26, 2016
1 parent d8bfab5 commit 281977f72ede2f03b778896c58b1f1013ca6aee6
Showing with 1,086 additions and 10 deletions.
  1. +90 −1 ovn/northd/ovn-northd.8.xml
  2. +239 −6 ovn/northd/ovn-northd.c
  3. +17 −3 ovn/ovn-nb.ovsschema
  4. +232 −0 ovn/ovn-nb.xml
  5. +30 −0 ovn/utilities/ovn-nbctl.8.xml
  6. +197 −0 ovn/utilities/ovn-nbctl.c
  7. +281 −0 tests/ovn.at
@@ -457,7 +457,90 @@ output;
</li>
</ul>

<h3>Ingress Table 10: Destination Lookup</h3>
<h3>Ingress Table 10: DHCP option processing</h3>

<p>
This table adds the DHCPv4 options to a DHCPv4 packet from the
logical ports configured with IPv4 address(es) and DHCPv4 options.
</p>

<ul>
<li>
<p>
A priority-100 logical flow is added for these logical ports
which matches the IPv4 packet with <code>udp.src</code> = 68 and
<code>udp.dst</code> = 67 and applies the action
<code>put_dhcp_opts</code> and advances the packet to the next table.
</p>

<pre>
reg0[3] = put_dhcp_opts(offer_ip = <var>O</var>, <i>options</i>...);
next;
</pre>

<p>
For DHCPDISCOVER and DHCPREQUEST, this transforms the packet into a
DHCP reply, adds the DHCP offer IP <var>O</var> and options to the
packet, and stores 1 into reg0[3]. For other kinds of packets, it
just stores 0 into reg0[3]. Either way, it continues to the next
table.
</p>

</li>

<li>
A priority-0 flow that matches all packets to advances to table 11.
</li>
</ul>

<h3>Ingress Table 11: DHCP responses</h3>

<p>
This table implements DHCP responder for the DHCP replies generated by
the previous table.
</p>

<ul>
<li>
<p>
A priority 100 logical flow is added for the logical ports configured
with DHCPv4 options which matches IPv4 packets with <code>udp.src == 68
&amp;&amp; udp.dst == 67 &amp;&amp; reg0[3] == 1</code> and
responds back to the <code>inport</code> after applying these
actions. If <code>reg0[3]</code> is set to 1, it means that the
action <code>put_dhcp_opts</code> was successful.
</p>

<pre>
eth.dst = eth.src;
eth.src = <var>E</var>;
ip4.dst = <var>O</var>;
ip4.src = <var>S</var>;
udp.src = 67;
udp.dst = 68;
outport = <var>P</var>;
inport = ""; /* Allow sending out inport. */
output;
</pre>

<p>
where <var>E</var> is the server MAC address and <var>S</var> is the
server IPv4 address defined in the DHCPv4 options and <var>O</var> is
the IPv4 address defined in the logical port's addresses column.
</p>

<p>
(This terminates ingress packet processing; the packet does not go
to the next ingress table.)
</p>
</li>

<li>
A priority-0 flow that matches all packets to advances to table 12.
</li>
</ul>

<h3>Ingress Table 12: Destination Lookup</h3>

<p>
This table implements switching behavior. It contains these logical
@@ -531,6 +614,12 @@ output;
there are no rules added for load balancing new connections.
</p>

<p>
Also a priority 34000 logical flow is added for each logical port which
has DHCPv4 options defined to allow the DHCPv4 reply packet from the
<code>Ingress Table 11: DHCP responses</code>.
</p>

<h3>Egress Table 6: Egress Port Security - IP</h3>

<p>

0 comments on commit 281977f

Please sign in to comment.
You can’t perform that action at this time.