ovn: Add support for link-local addresses.

Every IPv6-enabled interface is supposed to have a link-local address available to it. This commit adds a link local interface to each router port and scopes link-local routes to the ingress port that received the packet. Signed-off-by: Justin Pettit <jpettit@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
openvswitch · Jul 29, 2016 · a63f723 · a63f723
1 parent bf14349
commit a63f723
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 7 deletions.
diff --git a/ovn/lib/ovn-util.c b/ovn/lib/ovn-util.c
@@ -122,9 +122,11 @@ extract_lsp_addresses(char *address, struct lport_addresses *laddrs)
 /* Extracts the mac, IPv4 and IPv6 addresses from the
  * "nbrec_logical_router_port" parameter 'lrp'.  Stores the IPv4 and
  * IPv6 addresses in the 'ipv4_addrs' and 'ipv6_addrs' fields of
- * 'laddrs', respectively.
+ * 'laddrs', respectively.  In addition, a link local IPv6 address
+ * based on the 'mac' member of 'lrp' is added to the 'ipv6_addrs'
+ * field.
  *
- * Return true if at least 'MAC' is found in 'lrp', false otherwise.
+ * Return true if a valid 'mac' address is found in 'lrp', false otherwise.
  *
  * The caller must call destroy_lport_addresses(). */
 bool
@@ -175,6 +177,11 @@ extract_lrp_networks(const struct nbrec_logical_router_port *lrp,
         }
     }
 
+    /* Always add the IPv6 link local address. */
+    struct in6_addr lla;
+    in6_generate_lla(laddrs->ea, &lla);
+    add_ipv6_netaddr(laddrs, lla, 64);
+
     return true;
 }
 

diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
@@ -1131,6 +1131,11 @@ next;
           Instead, if the route is from a configured static route, <var>G</var>
           is the next hop IP address.  Else it is <code>ip6.dst</code>.
         </p>
+
+        <p>
+          If the address <var>A</var> is in the link-local scope, the
+          route will be limited to sending on the ingress port.
+        </p>
       </li>
     </ul>
 

diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
@@ -2777,9 +2777,18 @@ add_route(struct hmap *lflows, const struct ovn_port *op,
           const char *gateway)
 {
     bool is_ipv4 = strchr(network_s, '.') ? true : false;
+    struct ds match = DS_EMPTY_INITIALIZER;
 
-    char *match = xasprintf("ip%s.dst == %s/%d", is_ipv4 ? "4" : "6",
-                            network_s, plen);
+    /* IPv6 link-local addresses must be scoped to the local router port. */
+    if (!is_ipv4) {
+        struct in6_addr network;
+        ovs_assert(ipv6_parse(network_s, &network));
+        if (in6_is_lla(&network)) {
+            ds_put_format(&match, "inport == %s && ", op->json_key);
+        }
+    }
+    ds_put_format(&match, "ip%s.dst == %s/%d", is_ipv4 ? "4" : "6",
+                  network_s, plen);
 
     struct ds actions = DS_EMPTY_INITIALIZER;
     ds_put_format(&actions, "ip.ttl--; %sreg0 = ", is_ipv4 ? "" : "xx");
@@ -2802,10 +2811,10 @@ add_route(struct hmap *lflows, const struct ovn_port *op,
 
     /* The priority here is calculated to implement longest-prefix-match
      * routing. */
-    ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, plen, match,
-                  ds_cstr(&actions));
+    ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_ROUTING, plen,
+                  ds_cstr(&match), ds_cstr(&actions));
+    ds_destroy(&match);
     ds_destroy(&actions);
-    free(match);
 }
 
 static void

diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml
@@ -885,6 +885,12 @@
         address is 192.168.0.1 and that packets destined to
         192.168.0.<var>x</var> should be routed to this port.
       </p>
+
+      <p>
+        A logical router port always adds a link-local IPv6 address
+        (fe80::/64) automatically generated from the interface's MAC
+        address using the modified EUI-64 format.
+      </p>
     </column>
 
     <column name="mac">