ovn-northd: Add IGMP Relay support

Add a new configuration option 'mcast_relay' to the Logical_Router:options in the OVN Northbound database. If a router is configured with 'mcast_relay' enabled then ovn-northd will install Logical_Flows to allow IP multicast traffic to be routed between Logical_Switches. The logical router will aggregate all IGMP groups from attached logical switches and modify the routing pipeline in the following way: - Table S_ROUTER_IN_IP_INPUT: add flow allowing IP multicast traffic if mcast_relay is enabled on the datapath. - Table S_ROUTER_IN_IP_ROUTING: add flow matching the group address, update TTL and set outport="<Multicast_Group> associated with the IGMP group". Continue to next table. - Table S_ROUTER_IN_ARP_RESOLVE: bypass ARP resolve for IP multicast traffic and continue to next table. - Table S_ROUTER_OUT_DELIVERY: add flow matching IP multicast traffic and set ETH.SRC to the MAC address of the logical port on which traffic is forwarded. Signed-off-by: Dumitru Ceara <dceara@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
ovn-org · Aug 16, 2019 · 5d1527b · 5d1527b
1 parent 7fbdeaa
commit 5d1527b
Show file tree

Hide file tree

Showing 8 changed files with 650 additions and 151 deletions.
diff --git a/NEWS b/NEWS
@@ -39,6 +39,7 @@ Post-v2.11.0
        logical groups which results in tunnels only been formed between
        members of the same transport zone(s).
      * Support for new logical switch port type - 'virtual'.
+     * Support for IGMP Snooping/Querier and Relay.
    - New QoS type "linux-netem" on Linux.
    - Added support for TLS Server Name Indication (SNI).
 

diff --git a/lib/logical-fields.c b/lib/logical-fields.c
@@ -156,6 +156,8 @@ ovn_init_symtab(struct shash *symtab)
 
     expr_symtab_add_field(symtab, "ip4.src", MFF_IPV4_SRC, "ip4", false);
     expr_symtab_add_field(symtab, "ip4.dst", MFF_IPV4_DST, "ip4", false);
+    expr_symtab_add_predicate(symtab, "ip4.src_mcast",
+                              "ip4.src[28..31] == 0xe");
     expr_symtab_add_predicate(symtab, "ip4.mcast", "ip4.dst[28..31] == 0xe");
 
     expr_symtab_add_predicate(symtab, "icmp4", "ip4 && ip.proto == 1");

diff --git a/lib/mcast-group-index.h b/lib/mcast-group-index.h
@@ -20,8 +20,17 @@ struct ovsdb_idl;
 
 struct sbrec_datapath_binding;
 
-#define OVN_MCAST_FLOOD_TUNNEL_KEY   65535
-#define OVN_MCAST_UNKNOWN_TUNNEL_KEY (OVN_MCAST_FLOOD_TUNNEL_KEY - 1)
+#define OVN_MIN_MULTICAST 32768
+#define OVN_MAX_MULTICAST 65535
+
+enum ovn_mcast_tunnel_keys {
+
+    OVN_MCAST_FLOOD_TUNNEL_KEY = OVN_MIN_MULTICAST,
+    OVN_MCAST_UNKNOWN_TUNNEL_KEY,
+    OVN_MCAST_MROUTER_FLOOD_TUNNEL_KEY,
+    OVN_MIN_IP_MULTICAST,
+    OVN_MAX_IP_MULTICAST = OVN_MAX_MULTICAST,
+};
 
 struct ovsdb_idl_index *mcast_group_index_create(struct ovsdb_idl *);
 const struct sbrec_multicast_group *

diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
@@ -947,10 +947,40 @@ output;
 
     <ul>
       <li>
-        A priority-100 flow that outputs all packets with an Ethernet broadcast
+        A priority-100 flow that punts all IGMP packets to
+        <code>ovn-controller</code> if IGMP snooping is enabled on the
+        logical switch.
+      </li>
+
+      <li>
+        Priority-90 flows that forward registered IP multicast traffic to
+        their corresponding multicast group, which <code>ovn-northd</code>
+        creates based on learnt <ref table="IGMP_Group" db="OVN_Southbound"/>
+        entries.  The flows also forward packets to the
+        <code>MC_MROUTER_FLOOD</code> multicast group, which
+        <code>ovn-nortdh</code> populates with all the logical ports that
+        are connected to logical routers with
+        <ref column="options" table="Logical_Router"/>:mcast_relay='true'.
+      </li>
+
+      <li>
+        A priority-85 flow that forwards all IP multicast traffic destined to
+        224.0.0.X to the <code>MC_FLOOD</code> multicast group, which
+        <code>ovn-northd</code> populates with all enabled logical ports.
+      </li>
+
+      <li>
+        A priority-80 flow that forwards all unregistered IP multicast traffic
+        to the <code>MC_MROUTER_FLOOD</code> multicast group, if any.
+        Otherwise the flow drops all unregistered IP multicast packets.  This
+        flow is added only if <ref column="other_config"
+        table="Logical_Switch"/>:mcast_flood_unregistered='false'.
+      </li>
+
+      <li>
+        A priority-70 flow that outputs all packets with an Ethernet broadcast
         or multicast <code>eth.dst</code> to the <code>MC_FLOOD</code>
-        multicast group, which <code>ovn-northd</code> populates with all
-        enabled logical ports.
+        multicast group.
       </li>
 
       <li>
@@ -1226,6 +1256,14 @@ output;
         </ul>
       </li>
 
+      <li>
+        <p>
+          A priority-95 flow allows IP multicast traffic if
+          <ref column="options" table="Logical_Router"/>:mcast_relay='true',
+          otherwise drops it.
+        </p>
+      </li>
+
       <li>
         <p>
           ICMP echo reply.  These flows reply to ICMP echo requests received
@@ -1939,6 +1977,16 @@ output;
     </p>
 
     <ul>
+      <li>
+        <p>
+          Priority-500 flows that match IP multicast traffic destined to
+          groups registered on any of the attached switches and sets
+          <code>outport</code> to the associated multicast group that will
+          eventually flood the traffic to all interested attached logical
+          switches. The flows also decrement TTL.
+        </p>
+      </li>
+
       <li>
         <p>
           For distributed logical routers where one of the logical router
@@ -2072,6 +2120,15 @@ next;
     </p>
 
     <ul>
+      <li>
+        <p>
+          A priority-500 flow that matches IP multicast traffic that was
+          allowed in the routing pipeline. For this kind of traffic the
+          <code>outport</code> was already set so the flow just advances to
+          the next table.
+        </p>
+      </li>
+
       <li>
         <p>
           For distributed logical routers where one of the logical router
@@ -2641,9 +2698,19 @@ clone {
     <h3>Egress Table 3: Delivery</h3>
 
     <p>
-      Packets that reach this table are ready for delivery.  It contains
-      priority-100 logical flows that match packets on each enabled logical
-      router port, with action <code>output;</code>.
+      Packets that reach this table are ready for delivery.  It contains:
+      <ul>
+        <li>
+          Priority-110 logical flows that match IP multicast packets on each
+          enabled logical router port and modify the Ethernet source address
+          of the packets to the Ethernet address of the port and then execute
+          action <code>output;</code>.
+        </li>
+        <li>
+          Priority-100 logical flows that match packets on each enabled
+          logical router port, with action <code>output;</code>.
+        </li>
+      </ul>
     </p>
 
 </manpage>