controller: add ovn-set-local-ip option

When transport node has multiple interfaces (vlans) and ovn-encap-ip on different hosts need to be configured from different VLANs source IP for encapsulated packet can be not the same, which is expected by remote system. Explicitely setting local_ip resolves such problem. Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> Acked-by: Han Zhou <hzhou@ovn.org> Signed-off-by: Numan Siddique <numans@ovn.org>
ovn-org · Feb 22, 2022 · 31ee63a · 31ee63a
1 parent 97a502b
commit 31ee63a
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 15 deletions.
diff --git a/controller/encaps.c b/controller/encaps.c
@@ -23,6 +23,7 @@
 #include "openvswitch/vlog.h"
 #include "lib/ovn-sb-idl.h"
 #include "ovn-controller.h"
+#include "smap.h"
 
 VLOG_DEFINE_THIS_MODULE(encaps);
 
@@ -176,8 +177,31 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg,
         smap_add(&options, "dst_port", dst_port);
     }
 
+    const struct ovsrec_open_vswitch *cfg =
+        ovsrec_open_vswitch_table_first(ovs_table);
+
+    bool set_local_ip = false;
+    if (cfg) {
+        /* If the tos option is configured, get it */
+        const char *encap_tos = smap_get_def(&cfg->external_ids,
+           "ovn-encap-tos", "none");
+
+        if (encap_tos && strcmp(encap_tos, "none")) {
+            smap_add(&options, "tos", encap_tos);
+        }
+
+        /* If ovn-set-local-ip option is configured, get it */
+        set_local_ip = smap_get_bool(&cfg->external_ids, "ovn-set-local-ip",
+                                     false);
+    }
+
     /* Add auth info if ipsec is enabled. */
     if (sbg->ipsec) {
+        set_local_ip = true;
+        smap_add(&options, "remote_name", new_chassis_id);
+    }
+
+    if (set_local_ip) {
         const struct sbrec_chassis *this_chassis = tc->this_chassis;
         const char *local_ip = NULL;
 
@@ -187,8 +211,10 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg,
          */
         for (int i = 0; i < this_chassis->n_encaps; i++) {
             if (local_ip && strcmp(local_ip, this_chassis->encaps[i]->ip)) {
-                VLOG_ERR("ovn-encap-ip has been configured as a list. This "
-                         "is unsupported for IPsec.");
+                static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
+                VLOG_ERR_RL(&rl, "ovn-encap-ip has been configured as a list. "
+                            "This is unsupported for IPsec and explicit "
+                            "local_ip configuration.");
                 /* No need to loop further as we know this condition has been
                  * hit */
                 break;
@@ -200,19 +226,6 @@ tunnel_add(struct tunnel_ctx *tc, const struct sbrec_sb_global *sbg,
         if (local_ip) {
             smap_add(&options, "local_ip", local_ip);
         }
-        smap_add(&options, "remote_name", new_chassis_id);
-    }
-
-    const struct ovsrec_open_vswitch *cfg =
-        ovsrec_open_vswitch_table_first(ovs_table);
-    /* If the tos option is configured, get it */
-    if (cfg) {
-        const char *encap_tos = smap_get_def(&cfg->external_ids,
-           "ovn-encap-tos", "none");
-
-        if (encap_tos && strcmp(encap_tos, "none")) {
-            smap_add(&options, "tos", encap_tos);
-        }
     }
 
     /* If there's an existing chassis record that does not need any change,

diff --git a/controller/ovn-controller.8.xml b/controller/ovn-controller.8.xml
@@ -304,6 +304,13 @@
         of how many entries there are in the cache.  By default this is set to
         30000 (30 seconds).
       </dd>
+      <dt><code>external_ids:ovn-set-local-ip</code></dt>
+      <dd>
+        The boolean flag indicates if <code>ovn-controller</code> when create
+        tunnel ports should set <code>local_ip</code> parameter.  Can be
+        heplful to pin source outer IP for the tunnel when multiple interfaces
+        are used on the host for overlay traffic.
+      </dd>
     </dl>
 
     <p>

diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
@@ -298,6 +298,15 @@ OVS_WAIT_UNTIL([check_tunnel_property type geneve])
 ovs-vsctl del-port ovn-fakech-0
 OVS_WAIT_UNTIL([check_tunnel_property type geneve])
 
+# set `ovn-set-local-ip` option to true and check if tunnel parameters
+OVS_WAIT_WHILE([check_tunnel_property options:local_ip "\"192.168.0.1\""])
+ovs-vsctl set open . external_ids:ovn-set-local-ip=true
+OVS_WAIT_UNTIL([check_tunnel_property options:local_ip "\"192.168.0.1\""])
+
+# Change the local_ip on the OVS side and check than OVN fixes it
+ovs-vsctl set interface ovn-fakech-0 options:local_ip="1.1.1.1"
+OVS_WAIT_UNTIL([check_tunnel_property options:local_ip "\"192.168.0.1\""])
+
 # Gracefully terminate daemons
 OVN_CLEANUP_SBOX([hv])
 OVN_CLEANUP_VSWITCH([main])