Add "disable_arp_nd_rsp" option to LSP.

This option can be used to enable/disable arp/nd reply flows. Usecase: ========= It is useful to reduce packet loss when VM is being migrated to different AZ via VXLAN tunnel. Port is configured in both AZs on different logical switches which are sharing same IP subnet. In reality, the port is active on only one logical switch. Skipping ARP/ND responder and letting the ARP/ND get flooded to learn the location of the port. Signed-off-by: Naveen Yerramneni <naveen.yerramneni@nutanix.com> Signed-off-by: Numan Siddique <numans@ovn.org>
ovn-org · Feb 16, 2024 · 72fac9b · 72fac9b
1 parent 6230d74
commit 72fac9b
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 4 deletions.
diff --git a/NEWS b/NEWS
@@ -3,6 +3,8 @@ Post v24.03.0
   - Added a new logical switch port option "pkt_clone_type".
     If the value is set to "mc_unknown", packets destined to the port gets
     cloned to all unknown ports connected to the same Logical Switch.
+  - Added a new logical switch port option "disable_arp_nd_rsp" to
+    disable adding the ARP responder flows if set to true.
 
 OVN v24.03.0 - xx xxx xxxx
 --------------------------

diff --git a/northd/northd.c b/northd/northd.c
@@ -1329,6 +1329,12 @@ localnet_can_learn_mac(const struct nbrec_logical_switch_port *nbsp)
     return smap_get_bool(&nbsp->options, "localnet_learn_fdb", false);
 }
 
+static bool
+lsp_disable_arp_nd_rsp(const struct nbrec_logical_switch_port *nbsp)
+{
+    return smap_get_bool(&nbsp->options, "disable_arp_nd_rsp", false);
+}
+
 static bool
 lsp_is_type_changed(const struct sbrec_port_binding *sb,
                 const struct nbrec_logical_switch_port *nbsp,
@@ -8815,7 +8821,8 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
     } else {
         /*
          * Add ARP/ND reply flows if either the
-         *  - port is up and it doesn't have 'unknown' address defined or
+         *  - port is up and it doesn't have 'unknown' address defined or it
+         *    doesn't have the option disable_arp_nd_rsp=true.
          *  - port type is router or
          *  - port type is localport
          */
@@ -8825,7 +8832,8 @@ build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
             return;
         }
 
-        if (lsp_is_external(op->nbsp) || op->has_unknown) {
+        if (lsp_is_external(op->nbsp) || op->has_unknown ||
+           (!op->nbsp->type[0] && lsp_disable_arp_nd_rsp(op->nbsp))) {
             return;
         }
 

diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
@@ -1458,8 +1458,9 @@ output;
           ignore_lsp_down</code> is configured as true in <code>options</code>
           column of <code>NB_Global</code> table of the <code>Northbound</code>
           database), for logical ports of type <code>virtual</code>, for
-          logical ports with 'unknown' address set and for logical ports of
-          a logical switch configured with
+          logical ports with 'unknown' address set, for logical ports with
+          the <code>options:disable_arp_nd_rsp=true</code> and for logical
+          ports of a logical switch configured with
           <code>other_config:vlan-passthru=true</code>.
         </p>
 

diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
@@ -9220,6 +9220,37 @@ AT_CHECK([grep "lr_in_dnat " R1flows_2lbs | ovn_strip_lflows], [0], [dnl
 ])
 
 
+AT_CLEANUP
+])
+
+OVN_FOR_EACH_NORTHD_NO_HV([
+AT_SETUP([check options:disable_arp_nd_rsp for LSP])
+ovn_start NORTHD_TYPE
+ovn-nbctl ls-add S1
+ovn-nbctl --wait=sb lsp-add S1 S1-vm1
+ovn-nbctl --wait=sb lsp-set-addresses S1-vm1 "50:54:00:00:00:010 192.168.0.10 fd00::10"
+
+ovn-sbctl dump-flows S1 > S1flows
+AT_CAPTURE_FILE([S1flows])
+
+AT_CHECK([grep -e "ls_in_arp_rsp" S1flows | ovn_strip_lflows], [0], [dnl
+  table=??(ls_in_arp_rsp      ), priority=0    , match=(1), action=(next;)
+  table=??(ls_in_arp_rsp      ), priority=100  , match=(arp.tpa == 192.168.0.10 && arp.op == 1 && inport == "S1-vm1"), action=(next;)
+  table=??(ls_in_arp_rsp      ), priority=100  , match=(nd_ns && ip6.dst == {fd00::10, ff02::1:ff00:10} && nd.target == fd00::10 && inport == "S1-vm1"), action=(next;)
+  table=??(ls_in_arp_rsp      ), priority=50   , match=(arp.tpa == 192.168.0.10 && arp.op == 1), action=(eth.dst = eth.src; eth.src = 50:54:00:00:00:10; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = 50:54:00:00:00:10; arp.tpa = arp.spa; arp.spa = 192.168.0.10; outport = inport; flags.loopback = 1; output;)
+  table=??(ls_in_arp_rsp      ), priority=50   , match=(nd_ns && ip6.dst == {fd00::10, ff02::1:ff00:10} && nd.target == fd00::10), action=(nd_na { eth.src = 50:54:00:00:00:10; ip6.src = fd00::10; nd.target = fd00::10; nd.tll = 50:54:00:00:00:10; outport = inport; flags.loopback = 1; output; };)
+])
+
+#Set the disable_arp_nd_rsp option and verify the flow
+ovn-nbctl --wait=sb set logical_switch_port S1-vm1 options:disable_arp_nd_rsp=true
+
+ovn-sbctl dump-flows S1 > S1flows
+AT_CAPTURE_FILE([S1flows])
+
+AT_CHECK([grep -e "ls_in_arp_rsp" S1flows | ovn_strip_lflows], [0], [dnl
+  table=??(ls_in_arp_rsp      ), priority=0    , match=(1), action=(next;)
+])
+
 AT_CLEANUP
 ])