From: Hangbin Liu <liuhangbin@gmail.com>
To: netdev@vger.kernel.org
Cc: Jay Vosburgh <j.vosburgh@gmail.com>,
Andy Gospodarek <andy@greyhouse.net>,
"David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>,
Nikolay Aleksandrov <razor@blackwall.org>,
Simon Horman <horms@kernel.org>,
Aaron Conole <aconole@redhat.com>,
Ilya Maximets <i.maximets@ovn.org>,
Adrian Moreno <amorenoz@redhat.com>,
Stanislas Faye <sfaye@redhat.com>
Subject: [Discuss] ARP monitor for OVS bridge over bonding
Date: Tue, 10 Sep 2024 10:17:08 +0000 [thread overview]
Message-ID: <ZuAcpIqvJYmCTFFK@fedora> (raw)
Hi all,
Recently, our customer got an issue with OVS bridge over bonding. e.g.
eth0 eth1
| |
-- bond0 --
|
br-ex (ovs-vsctl add-port br-ex bond0; ip addr add 192.168.1.1/24 dev br-ex)
Before sending arp message for bond slave detecting, the bond need to check
if the br-ex is in the same data path with bond0 via function
bond_verify_device_path(), which using netdev_for_each_upper_dev_rcu()
to check all upper devices. This works with normal bridge. But with ovs
bridge, the upper device is "ovs-system" instead of br-ex.
After talking with OVS developers. It turned out the real upper OVS topology
is looks like
--------------------------------
| |
br-ex -----+-- ovs-system |
| |
br-int -----+-- |
| |
| bond0 eth2 veth42 |
| | | | |
| | | | |
-------+-------+-------+--------
| | |
+--+--+ physical |
| | link |
eth0 eth1 veth43
The br-ex is not upper link of bond0. ovs-system, instead, is the master
of bond0. This make us unable to make sure the br-ex and bond0 is in the
same datapath.
On the other hand, as Adrián Moreno said, the packets generated on br-ex
could be routed anywhere using OpenFlow rules (including eth2 in the
diagram). The same with normal bridge, with tc/netfilter rules, the packets
could also be routed to other interface instead of bond0.
So the rt interface checking in bond_arp_send_all() is not always correct.
Stanislas suggested adding a new parameter like 'arp monitor source interface'
to binding that the user could supply. Then we can do like
If (rt->dst.dev == arp_src_iface->dev)
goto found;
What do you think?
Thanks
Hangbin
next reply other threads:[~2024-09-10 10:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-10 10:17 Hangbin Liu [this message]
2024-09-12 16:36 ` [Discuss] ARP monitor for OVS bridge over bonding Jay Vosburgh
2024-09-14 10:01 ` Hangbin Liu
2024-09-17 9:10 ` Adrián Moreno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZuAcpIqvJYmCTFFK@fedora \
--to=liuhangbin@gmail.com \
--cc=aconole@redhat.com \
--cc=amorenoz@redhat.com \
--cc=andy@greyhouse.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=i.maximets@ovn.org \
--cc=j.vosburgh@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=razor@blackwall.org \
--cc=sfaye@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.