Restrict ARP/IPv6 ND replies for LB VIP only on chassis redirect port

Presently when ARP/ND request for the load balance VIP is received from the provider network, all the ovn-controllers' reply to the ARP/ND request which have ovn-bridge-mappings configured. This patch restricts these ARP/ND replies only on the chassis where the chassis redirect port of the distributed router port is resident. Signed-off-by: Numan Siddique <numans@ovn.org> Signed-off-by: 0-day Robot <robot@bytheb.org>
ovsrobot · Jan 9, 2020 · c5e5002 · c5e5002
1 parent 4238bea
commit c5e5002
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml
@@ -1680,6 +1680,13 @@ flags.loopback = 1;
 output;
         </pre>
 
+        <p>
+          If the router port <var>P</var> is a distributed gateway router
+          port, then the <code>is_chassis_resident(<var>P</var>)</code> is
+          also added in the match condition for the load balancer IPv4
+          VIP <var>A</var>.
+        </p>
+
         <p>
           IPv6: For a configured DNAT IP address or a load balancer
           IPv6 VIP <var>A</var>, solicited node address <var>S</var>,
@@ -1704,6 +1711,13 @@ nd_na {
 }
         </pre>
 
+        <p>
+          If the router port <var>P</var> is a distributed gateway router
+          port, then the <code>is_chassis_resident(<var>P</var>)</code>
+          is also added in the match condition for the load balancer IPv6
+          VIP <var>A</var>.
+        </p>
+
         <p>
           For the gateway port on a distributed logical router with NAT
           (where one of the logical router ports specifies a

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
@@ -7511,6 +7511,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           "inport == %s && arp.tpa == %s && arp.op == 1",
                           op->json_key, ip_address);
 
+            if (op == op->od->l3dgw_port) {
+                ds_put_format(&match, " && is_chassis_resident(%s)",
+                              op->od->l3redirect_port->json_key);
+            }
             ds_clear(&actions);
             ds_put_format(&actions,
                           "eth.dst = eth.src; "
@@ -7538,6 +7542,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                           "inport == %s && nd_ns && nd.target == %s",
                           op->json_key, ip_address);
 
+            if (op == op->od->l3dgw_port) {
+                ds_put_format(&match, " && is_chassis_resident(%s)",
+                              op->od->l3redirect_port->json_key);
+            }
             ds_clear(&actions);
             ds_put_format(&actions,
                           "nd_na { "