For the case where the static route specifies the output_port (logical router
port), this patch is not as efficient and streamlined as it could be.
With this patch, in ovn/ovn-nb.ovsschema, the output_port is defined as a
string that consists of a uuid:
+"Logical_Router_Static_Route": {
I am missing something basic here.
In your tests, you have logical switch bob that seems like it could be present
on both hv1 and hv2, and a logical router R2 that is local to hv2 but not
present on hv1.
Wouldn't the logical switch bob flows on hv1 still send packets locally to the
patch port r
" can be on multiple chassis, I start
thinking about multiple possible chassis and ECMP which would add significant
complexity.
Mickey
-Darrell Ball wrote: -
To: Mickey Spiegel/San Jose/IBM@IBMUS
From: Darrell Ball
Date: 05/09/2016 09:11PM
Cc: d...@openvswitch.com
Subject: Re: [ovs
See comments inline.
>To: dev@openvswitch.org
>From: Gurucharan Shetty
>Sent by: "dev"
>Date: 05/10/2016 08:10PM
>Cc: Gurucharan Shetty
>Subject: [ovs-dev] [PATCH 2/5] ovn: Introduce l3 gateway router.
>
>Currently OVN has distributed switches and routers. When a packet
>exits a container or a
>To: Ben Pfaff
>From: Guru Shetty
>Sent by: "dev"
>Date: 05/18/2016 09:10AM
>Cc: ovs dev
>Subject: Re: [ovs-dev] Seek information about OVN L3 gateway and NAT
>
>>
>>
>>
>> There was an in-person meeting yesterday at VMware with Mickey (from
>> that thread) and some other IBMers. I couldn't at
For the most part it looks good. I do have a few comments inline, a couple of
them towards the bottom being significant.
-"dev" wrote: -
>To: dev@openvswitch.org
>From: Gurucharan Shetty
>Sent by: "dev"
>Date: 05/19/2016 10:58PM
>Subject: [ovs-dev] [PATCH v3 5/5] ovn: DNAT and SNAT on
Please see replies inline.
-Guru Shetty wrote: -
>To: Mickey Spiegel/San Jose/IBM@IBMUS
>From: Guru Shetty
>Date: 06/02/2016 10:41PM
>Cc: ovs dev
>Subject: Re: [ovs-dev] [PATCH v3 5/5] ovn: DNAT and SNAT on a gateway
>router.
>
>
>>
>> Looking at t
>To: dev@openvswitch.org
>From: Russell Bryant
>Sent by: "dev"
>Date: 07/13/2016 02:53PM
>Subject: [ovs-dev] [PATCH] ovn-controller: Clean up bindings handling.
>
>Remove the global set of logical port IDs called 'all_lports'. This is
>no longer used for anything after conntrack ID assignment wa
-"dev" wrote: -
>To: dev@openvswitch.org
>From: Chandra Sekhar Vejendla/San Jose/IBM@IBMUS
>Sent by: "dev"
>Date: 07/18/2016 05:50AM
>Subject: [ovs-dev] [PATCH] ovn: Add datapth of gateway port to local_datapaths
>
>When a l3 gateway port is created on a chassis, the corresponding
>datap
Comments inline as
-"dev" wrote: -
To: Ben Pfaff
From: Liran Schour
Sent by: "dev"
Date: 07/19/2016 01:45AM
Cc: dev@openvswitch.org
Subject: [ovs-dev] [PATCH monitor_cond V10] RFC OVN: Implementation of
conditional monitoring usage
Conditional monitor of: Port_Binding, Logical_Flow
-Liran Schour/Haifa/IBM wrote: -
>To: Mickey Spiegel/San Jose/IBM@IBMUS
>From: Liran Schour/Haifa/IBM
>Date: 07/21/2016 04:18AM
>Cc: Ben Pfaff , dev@openvswitch.org
>Subject: Re: [ovs-dev] [PATCH monitor_cond V10] RFC OVN:
>Implementation of conditional monitoring usage
From: Mickey Spiegel
This patch adds a second logical switch ingress ACL stage, and
correspondingly a second logical switch egress ACL stage. This
allows for more than one ACL-based feature to be applied in the
ingress and egress logical switch pipelines. The features
driving the different ACL
-"dev" wrote: -
To: Mickey Spiegel
From: Russell Bryant
Sent by: "dev"
Date: 07/29/2016 10:02AM
Cc: ovs dev
Subject: Re: [ovs-dev] [PATCH] ovn: Add second ACL stage
On Fri, Jul 29, 2016 at 12:47 AM, Mickey Spiegel
wrote:
>
> This patch adds a second
On Fri, Jul 29, 2016 at 10:28 AM, Mickey Spiegel
wrote:
>
> -"dev" wrote: -----
>> To: Mickey Spiegel
>> From: Russell Bryant
>> Sent by: "dev"
>> Date: 07/29/2016 10:02AM
>> Cc: ovs dev
>> Subject: Re: [ovs-dev] [PATCH] ov
Comments inline with
-"dev" wrote: -
To: Ben Pfaff
From: Liran Schour
Sent by: "dev"
Date: 07/28/2016 04:49AM
Cc: dev@openvswitch.org
Subject: [ovs-dev] [PATCH monitor_cond V11] ovn: implementation of
conditional monitoring usage
Conditional monitor of: Port_Binding, Logical_Fl
quot; and "acl2". ACL
rules that do not specify an ACL stage are applied to the
default "acl" stage.
Signed-off-by: Mickey Spiegel
---
ovn/northd/ovn-northd.c | 319 +++---
ovn/ovn-nb.ovsschema | 7 +-
ovn/ovn-nb.xml
On Tue, Aug 2, 2016 at 9:26 AM, Darrell Ball wrote:
>
>
> On Tue, Aug 2, 2016 at 4:52 AM, Russell Bryant wrote:
>
>> On Sat, Jul 30, 2016 at 4:19 PM, Mickey Spiegel
>> wrote:
>>
>> > On Fri, Jul 29, 2016 at 10:28 AM, Mickey Spiegel
>> > wrote:
&
On Tue, Aug 2, 2016 at 1:39 PM, Darrell Ball wrote:
>
>
> On Tue, Aug 2, 2016 at 12:05 PM, Russell Bryant wrote:
>
>>
>>
>> On Tue, Aug 2, 2016 at 3:02 PM, Darrell Ball wrote:
>>
>>>
>>>
>>> On Tue, Aug 2, 2016 at 10:23 AM, Mic
al_ip", my mind wanders
to pieces of hardware, which is not what this is about.
How about "internal_ip"/"external_ip"?
Mickey
-Guru Shetty wrote: -
To: Mickey Spiegel/San Jose/IBM@IBMUS
From: Guru Shetty
Date: 06/07/2016 08:14AM
Cc: ovs dev
Subject: Re: [ovs-dev] [PATC
Works for me.
Mickey
-Guru Shetty wrote: -
To: Mickey Spiegel/San Jose/IBM@IBMUS
From: Guru Shetty
Date: 06/09/2016 10:20AM
Cc: ovs dev
Subject: Re: [ovs-dev] [PATCH v3 5/5] ovn: DNAT and SNAT on a gateway router.
Thinking about "logical_ip" and "physical_ip",
>To: dev@openvswitch.org
>From: Gurucharan Shetty
>Sent by: "dev"
>Date: 07/05/2016 11:15AM
>Subject: [ovs-dev] [PATCH 1/2] ovn-northd: Ability to loop-back in a router.
>
>Currently, when a client looks at a load balancer VIP,
>it notices that it is in a different subnet than itself
>and sends t
-Guru Shetty wrote: -
>To: Mickey Spiegel/San Jose/IBM@IBMUS
>From: Guru Shetty
>Date: 07/07/2016 09:34PM
>Cc: ovs dev
>Subject: Re: [ovs-dev] [PATCH 1/2] ovn-northd: Ability to loop-back
>in a router.
>
>
>
>On 7 July 2016 at 21:28, Guru Shetty wrote
"localnet" port bound to one particular physical endpoint representing one
gateway chassis or gateway chassis pair?
Mickey
-Mickey Spiegel/San Jose/IBM wrote: -
To: Darrell Ball
From: Mickey Spiegel/San Jose/IBM
Date: 02/17/2016 08:33PM
Cc: Russell Bryant , Darrell Lu ,
&quo
different tenant router
gateway interfaces across different chassis that are all connected to the same
external network. In this case, one "localnet" port would still map to N
chassis.
Mickey
-Justin Pettit wrote: -
To: Russell Bryant
From: Justin Pettit
Date: 03/01/201
The code proposed below puts the logical port to physical endpoint binding
directly in the Port_Binding table. At least for the "localnet" case, I wonder
if this provides sufficient separation between logical and physical.
If it can really be two different CMSes or two different users who are
r
Steve and Guru,
I am not all that concerned about the "valid" column, but I do think that we
will need a different additional column in the near future for output port.
There are three different motivations for allowing output port to be specified
in the static route:
1) In order to support sta
See comments inline
Mickey
-Guru Shetty wrote: -
>To: Mickey Spiegel/San Jose/IBM@IBMUS
>From: Guru Shetty
>Date: 04/06/2016 05:58PM
>Cc: ovs dev , Shi Xin Ruan
>Subject: Re: [ovs-dev] [PATCH 1/1] Add Static route to logical router
>
>
>
>On 6 April 20
Guru,
Your summary is exactly what I was thinking.
Mickey
-Guru Shetty wrote: -
To: Mickey Spiegel/San Jose/IBM@IBMUS
From: Guru Shetty
Date: 04/07/2016 11:05AM
Cc: ovs dev , Shi Xin Ruan
Subject: Re: [ovs-dev] [PATCH 1/1] Add Static route to logical router
On 7 April 2016 at 01
Gurucharan Shetty wrote:
>To: dev@openvswitch.org
>From: Gurucharan Shetty
>Sent by: "dev"
>Date: 04/11/2016 07:46AM
>Cc: Gurucharan Shetty
>Subject: [ovs-dev] [PATCH] ovn-northd: Add support for static_routes.
>
>static routes are useful when connecting multiple
>routers with each other.
Yes
One comment below.
-"dev" wrote: -
>To: Ben Pfaff
>From: Russell Bryant
>Sent by: "dev"
>Date: 04/12/2016 09:37AM
>Cc: ovs dev
>Subject: Re: [ovs-dev] [PATCH 3/3] ovn: Add address_set() support for
>ACLs.
>
>On Mon, Apr 11, 2016 at 12:08 PM, Ben Pfaff wrote:
>
>> On Tue, Apr 05, 201
On Sat, Aug 13, 2016 at 10:02 PM, Ben Pfaff wrote:
> On Fri, Jul 29, 2016 at 05:28:26PM +0000, Mickey Spiegel wrote:
> > Could you expand on why priorities in a single stage aren't enough to
> > satisfy the use case?
> >
> >
> > If two features are
On Tue, Aug 16, 2016 at 3:55 AM, wrote:
> From: Babu Shanmugam
>
> ovn-northd sets 'ip.dscp' to the DSCP value
>
> Signed-off-by: Babu Shanmugam
> ---
> ovn/lib/logical-fields.c| 2 +-
> ovn/northd/ovn-northd.8.xml | 5
> ovn/northd/ovn-northd.c | 13
> ovn/ovn-nb.xml
pectation is when
capabilities are implemented that take advantage of "chassisredirect"
ports (e.g. NAT), the addition of flows specifying a "chassisredirect"
port as the outport will also be triggered by the presence of the
"redirect-chassis" option.
Signed-off-by
he end
of the ingress pipeline to the beginning of the egress pipeline with
outport = inport, which is different.
Mickey Spiegel (2):
ovn: Introduce "chassisredirect" port binding
ovn: distributed NAT flows
ovn/controller/binding.c| 151 +++-
ovn/controller
mplementing the many test cases required to cover all code
paths, some consensus on the approach would be appreciated.
Signed-off-by: Mickey Spiegel
---
ovn/controller/ovn-controller.c | 6 +-
ovn/northd/ovn-northd.8.xml | 292 +++-
ovn/northd/ovn-northd.c
On Wed, Aug 17, 2016 at 6:39 AM, wrote:
> From: Babu Shanmugam
>
> ovn-northd sets 'ip.dscp' to the DSCP value
>
> Signed-off-by: Babu Shanmugam
> ---
> ovn/lib/logical-fields.c | 2 +-
> ovn/northd/ovn-northd.c | 13 +
> ovn/ovn-nb.xml | 6
> ovn/ovn-sb.xml
On Mon, Aug 29, 2016 at 4:34 AM, wrote:
> ovn-northd sets 'ip.dscp' to the DSCP value
>
> IMO the big question is still whether the first release of DSCP marking
should be
based only on ingress port, as this patch currently suggests, or whether it
should
allow DSCP marking based on arbitrary matc
my guess is that this would be done indirectly. DPI would
determine the application ID in earlier pipeline stages. The
QoS marking
stage could just match on the application ID, without having
to worry about
stateful behavior directly.
- For SFC insertion:
On Wed, Aug 31, 2016 at 12:11 AM, wrote:
> ovn-northd sets 'ip.dscp' to the DSCP value
>
If we were to go with DSCP based on port as the initial functionality, your
changes look good. A couple of nits below, and the first patch (which I
have not looked at) needs a rebase after the removal of inc
pointers, or someone familiar with IDL tests could
take over.
Signed-off-by: Mickey Spiegel
---
ovsdb/ovsdb-idlc.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ovsdb/ovsdb-idlc.in b/ovsdb/ovsdb-idlc.in
index 79db4b4..cd4532e 100755
--- a/ovsdb/ovsdb-idlc.in
+++ b/o
On Mon, Sep 5, 2016 at 10:23 PM, wrote:
> From: Babu Shanmugam
>
> This patch adds support for marking qos on IP packets based on arbitrary
> match criteria for a logical switch.
>
> Signed-off-by: Babu Shanmugam
> Suggested-by: Mickey Spiegel
>
Acked-by: Mickey Sp
On Thu, Sep 8, 2016 at 2:47 PM, Guru Shetty wrote:
> On 1 September 2016 at 10:02, Ben Pfaff wrote:
>
> > Nothing freed 'reply'. This fixes the problem.
> >
> > Most of this patch is moving coding around. The essential change is that
> > breaking the code that works with 'reply' out into a sep
(+ ovs dev mailing list)
On Mon, Oct 3, 2016 at 1:40 PM, Guru Shetty wrote:
>
>
> On 17 August 2016 at 14:11, Mickey Spiegel wrote:
>
>> Currently OVN supports NAT functionality by connecting each distributed
>> logical router to a centralized "l3gateway"
On Mon, Oct 3, 2016 at 2:21 PM, Darrell Ball wrote:
> On Mon, Oct 3, 2016 at 10:54 AM, Han Zhou wrote:
>
> >
> >
> > On Sun, Oct 2, 2016 at 2:14 PM, Darrell Ball wrote:
> > >
> > >
> > >
> > > On Sun, Oct 2, 2016 at 11:27 AM, Han Zhou wrote:
> > >>
> > >> On Sat, Oct 1, 2016 at 4:34 PM, Darrel
On Tue, Oct 4, 2016 at 4:53 PM, Darrell Ball wrote:
>
>
> On Tue, Oct 4, 2016 at 3:48 PM, Mickey Spiegel
> wrote:
>
>> On Mon, Oct 3, 2016 at 2:21 PM, Darrell Ball wrote:
>>
>
>
>>> I think you missed the main aspect.
>>> There is a layerin
On Wed, Oct 5, 2016 at 10:08 AM, Darrell Ball wrote:
> There has been enough confusion regarding logical switch datapath
> arp responders in ovn to warrant some additional comments;
> hence add a general description regarding why they exist and
> document the special cases.
>
> Signed-off-by: Dar
This is getting close. Some rewording suggestions below.
On Thu, Oct 6, 2016 at 10:34 AM, Darrell Ball wrote:
> There has been enough confusion regarding logical switch datapath
> arp responders in ovn to warrant some additional comments;
> hence add a general description regarding why they exis
Acked-by: Mickey Spiegel
A few very minor nits below.
On Fri, Oct 21, 2016 at 1:36 PM, Darrell Ball wrote:
> There has been enough confusion regarding logical switch datapath
> arp responders in ovn to warrant some additional comments;
> hence add a general description regarding
ct-chassis, in order to avoid messing up
upstream MAC learning.
9. Gratuitous ARP for NAT addresses needs to be updated for
distributed NAT.
Mickey Spiegel (5):
ovn: Introduce "chassisredirect" port binding
ovn: add is_chassis_resident match expression component
ovn: move load balanc
pectation is when
capabilities are implemented that take advantage of "chassisredirect"
ports (e.g. NAT), the addition of flows specifying a "chassisredirect"
port as the outport will also be triggered by the presence of the
"redirect-chassis" option.
Signed-off-by
".
This allows higher level features to specify flows that are only
installed on some chassis rather than on all chassis with the
corresponding datapath.
Suggested-by: Ben Pfaff
Signed-off-by: Mickey Spiegel
---
include/ovn/expr.h | 22 +-
ovn/controller/lflow.c
This will make it easy for distributed NAT to reuse some of the
existing code for NAT flows, while leaving load balancing and defrag
as functionality specific to gateway routers. There is no intent to
change any functionality in this patch.
Signed-off-by: Mickey Spiegel
---
ovn/northd/ovn
: Mickey Spiegel
---
include/ovn/actions.h | 3 +++
ovn/controller/lflow.c | 10 ++
ovn/lib/actions.c | 15 +--
tests/ovn.at | 2 +-
4 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 0bf6145..0451c08
ests for east/west traffic will be added in the future.
Signed-off-by: Mickey Spiegel
---
ovn/controller/ovn-controller.c | 6 +-
ovn/northd/ovn-northd.8.xml | 310 --
ovn/northd/ovn-northd.c | 363 ++--
ovn/ovn-n
Interesting problem. See comments inline.
On Thu, Nov 3, 2016 at 3:46 AM, Gurucharan Shetty wrote:
> When multiple gateway routers exist, a packet can
> enter any gateway router. Once the packet reaches its
> destination, its reverse direction should be via the
> same gateway router. This is ac
See reply at the bottom.
On Thu, Nov 3, 2016 at 6:06 PM, Guru Shetty wrote:
> It seems to me that the root of the problem has to do with
> > three issues:
> > 1. SNAT (and DNAT) rules should not apply to ct.rpl traffic,
> > instead only UNSNAT (and UNDNAT) rules should apply.
> > Conntrack
On Thu, Nov 3, 2016 at 6:06 PM, Guru Shetty wrote:
> > 2. If a stateful action such as DNAT or LB is taken on a
> > gateway router, such that it is necessary for the reverse
> > packet flow to come back to the same gateway router,
> > then there should be an SNAT action coupled with the
Forgot to copy the list on the last reply, but also realized something and
asking for one change below.
On Fri, Nov 4, 2016 at 9:54 AM, Guru Shetty wrote:
>
>
> On 3 November 2016 at 20:42, Mickey Spiegel wrote:
>
>> On Thu, Nov 3, 2016 at 6:06 PM, Guru Shetty wrote:
>&g
Acked-by: Mickey Spiegel
On Fri, Nov 4, 2016 at 10:06 AM, Darrell Ball wrote:
> There has been enough confusion regarding logical switch datapath
> arp responders in ovn to warrant some additional comments;
> hence add a general description regarding why they exist and
> document
Darrell,
Just catching up on this thread. A few things are still unclear.
The example that you gave bound the one "localnet" logical port to one physical
endpoint. Perhaps this is what you are intending for the L3 gateway case (still
waiting for that proposal).
In existing OVN, VMs can connect
chassis in the port binding empty?
Why is the logical port name in this example "provnet1-1-physnet1" when the
logical port was defined earlier as "provnet1-physnet1"?
Was this intentional or a typo?
Mickey
-Darrell Ball wrote: -
To: Mickey Spiegel/San Jose/IBM
61 matches
Mail list logo
