This patch add column "enabled" to table Logical_Router for setting router administrative state.
The type of "enabled" is bool. If the administrative state is false, delete all the flows relevant to the logical router from table Logical_Flow. Signed-off-by: Na Zhu <na...@cn.ibm.com> Reported-by: Na Zhu <na...@cn.ibm.com> Reported-at: https://bugs.launchpad.net/networking-ovn/+bug/1563175 --- ovn/northd/ovn-northd.8.xml | 4 ++++ ovn/northd/ovn-northd.c | 46 +++++++++++++++++++++++++++++++++++++++++++++ ovn/ovn-nb.ovsschema | 3 ++- ovn/ovn-nb.xml | 7 +++++++ 4 files changed, 59 insertions(+), 1 deletion(-) diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index da776e1..fed996c 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -397,6 +397,10 @@ output; <h2>Logical Router Datapaths</h2> + <p> + This is only enabled logical router. + </p> + <h3>Ingress Table 0: L2 Admission Control</h3> <p> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 4b1d611..ec1c6af 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -1312,6 +1312,12 @@ lport_is_up(const struct nbrec_logical_port *lport) } static bool +lrouter_is_enabled(const struct nbrec_logical_router *lrouter) +{ + return !lrouter->enabled || *lrouter->enabled; +} + +static bool has_stateful_acl(struct ovn_datapath *od) { for (size_t i = 0; i < od->nbs->n_acls; i++) { @@ -1793,6 +1799,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (!lrouter_is_enabled(od->nbr)) { + continue; + } + /* Logical VLANs not supported. * Broadcast/multicast source address is invalid. */ ovn_lflow_add(lflows, od, S_ROUTER_IN_ADMISSION, 100, @@ -1806,6 +1816,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (op->od->nbr && !lrouter_is_enabled(op->od->nbr)) { + continue; + } + if (!lrport_is_enabled(op->nbr)) { /* Drop packets from disabled logical ports (since logical flow * tables are default-drop). */ @@ -1826,6 +1840,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (!lrouter_is_enabled(od->nbr)) { + continue; + } + /* L3 admission control: drop multicast and broadcast source, localhost * source or destination, and zero network source or destination * (priority 100). */ @@ -1869,6 +1887,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (op->od->nbr && !lrouter_is_enabled(op->od->nbr)) { + continue; + } + /* L3 admission control: drop packets that originate from an IP address * owned by the router or a broadcast address known to the router * (priority 100). */ @@ -1941,6 +1963,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (op->od->nbr && !lrouter_is_enabled(op->od->nbr)) { + continue; + } + add_route(lflows, op, op->network, op->mask, 0); } HMAP_FOR_EACH (od, key_node, datapaths) { @@ -1948,6 +1974,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (!lrouter_is_enabled(od->nbr)) { + continue; + } + if (od->gateway && od->gateway_port) { add_route(lflows, od->gateway_port, 0, 0, od->gateway); } @@ -1961,6 +1991,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, * resolves the IP address in reg0 into an output port in outport and an * Ethernet address in eth.dst. */ HMAP_FOR_EACH (op, key_node, ports) { + if (op->od->nbr && !lrouter_is_enabled(op->od->nbr)) { + continue; + } + if (op->nbr) { /* This is a logical router port. If next-hop IP address in 'reg0' * matches ip address of this router port, then the packet is @@ -2042,6 +2076,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (!lrouter_is_enabled(od->nbr)) { + continue; + } + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_RESOLVE, 0, "1", "get_arp(outport, reg0); next;"); } @@ -2056,6 +2094,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (!lrouter_is_enabled(od->nbr)) { + continue; + } + ovn_lflow_add(lflows, od, S_ROUTER_IN_ARP_REQUEST, 100, "eth.dst == 00:00:00:00:00:00", "arp { " @@ -2075,6 +2117,10 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, continue; } + if (op->od->nbr && !lrouter_is_enabled(op->od->nbr)) { + continue; + } + if (!lrport_is_enabled(op->nbr)) { /* Drop packets to disabled logical ports (since logical flow * tables are default-drop). */ diff --git a/ovn/ovn-nb.ovsschema b/ovn/ovn-nb.ovsschema index 40a7a97..e878ac8 100644 --- a/ovn/ovn-nb.ovsschema +++ b/ovn/ovn-nb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Northbound", "version": "2.0.2", - "cksum": "4289495412 4436", + "cksum": "1227843805 4513", "tables": { "Logical_Switch": { "columns": { @@ -72,6 +72,7 @@ "min": 0, "max": "unlimited"}}, "default_gw": {"type": {"key": "string", "min": 0, "max": 1}}, + "enabled": {"type": {"key": "boolean", "min": 0, "max": 1}}, "external_ids": { "type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}}}, diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml index e65bc3a..843ae4c 100644 --- a/ovn/ovn-nb.xml +++ b/ovn/ovn-nb.xml @@ -627,6 +627,13 @@ IP address to use as default gateway, if any. </column> + <column name="enabled"> + This column is used to administratively set router state. If this column + is empty or is set to <code>true</code>, the router is enabled. If this + column is set to <code>false</code>, the router is disabled. A disabled + router has all ingress and egress traffic dropped. + </column> + <group title="Common Columns"> <column name="external_ids"> See <em>External IDs</em> at the beginning of this document. -- 2.5.0 Regards, Juno Zhu IBM China Development Labs (CDL) Cloud IaaS Lab Email: na...@cn.ibm.com 5F, Building 10, 399 Keyuan Road, Zhangjiang Hi-Tech Park, Pudong New District, Shanghai, China (201203) _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
