]> git.proxmox.com Git - ovs.git/blame - tests/system-ovn.at
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
system-traffic: Introduce OVS_START_L7 macro.
[ovs.git] / tests / system-ovn.at
CommitLineData
12969035 1AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, SNAT and DNAT])
cc08428b
GS		 2AT_KEYWORDS([ovnnat])
3
4CHECK_CONNTRACK()
4573c42e 5CHECK_CONNTRACK_NAT()
cc08428b
GS		 6ovn_start
7OVS_TRAFFIC_VSWITCHD_START()
8ADD_BR([br-int])
9
10# Set external-ids in br-int needed for ovn-controller
11ovs-vsctl \
12 -- set Open_vSwitch . external-ids:system-id=hv1 \
13 -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
14 -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
15 -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
16 -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
17
18# Start ovn-controller
19start_daemon ovn-controller
20
21# Logical network:
22# Two LRs - R1 and R2 that are connected to each other via LS "join"
23# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
24# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
25# to it. R2 is a gateway router on which we add NAT rules.
26#
27# foo -- R1 -- join - R2 -- alice
28# |
29# bar ----
30
31ovn-nbctl create Logical_Router name=R1
32ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
33
34ovn-nbctl ls-add foo
35ovn-nbctl ls-add bar
36ovn-nbctl ls-add alice
37ovn-nbctl ls-add join
38
39# Connect foo to R1
40ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
41ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
42 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
43
44# Connect bar to R1
45ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
46ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
47 type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
48
49# Connect alice to R2
50ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
51ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
52 type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
53
54# Connect R1 to join
55ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
56ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
57 type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
58
59# Connect R2 to join
60ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
61ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
62 type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
63
64# Static routes.
65ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
66ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
67
68# Logical port 'foo1' in switch 'foo'.
69ADD_NAMESPACES(foo1)
70ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
71 "192.168.1.1")
72ovn-nbctl lsp-add foo foo1 \
73-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
74
75# Logical port 'alice1' in switch 'alice'.
76ADD_NAMESPACES(alice1)
77ADD_VETH(alice1, alice1, br-int, "172.16.1.2/24", "f0:00:00:01:02:04", \
78 "172.16.1.1")
79ovn-nbctl lsp-add alice alice1 \
80-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
81
82# Logical port 'bar1' in switch 'bar'.
83ADD_NAMESPACES(bar1)
84ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24", "f0:00:00:01:02:05", \
85"192.168.2.1")
86ovn-nbctl lsp-add bar bar1 \
87-- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
88
89# Add a DNAT rule.
90ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=192.168.1.2 \
91 external_ip=30.0.0.2 -- add logical_router R2 nat @nat
92
93# Add a SNAT rule
94ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.2.2 \
95 external_ip=30.0.0.1 -- add logical_router R2 nat @nat
96
97# wait for ovn-controller to catch up.
98OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep ct\( | grep nat])
99
100# 'alice1' should be able to ping 'foo1' directly.
101NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 192.168.1.2 | FORMAT_PING], \
102[0], [dnl
1033 packets transmitted, 3 received, 0% packet loss, time 0ms
104])
105
106# North-South DNAT: 'alice1' should also be able to ping 'foo1' via 30.0.0.2
107NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.2 | FORMAT_PING], \
108[0], [dnl
1093 packets transmitted, 3 received, 0% packet loss, time 0ms
110])
111
112# Check conntrack entries.
113AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.1.2) | \
114sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
9132729e 115icmp,orig=(src=172.16.1.2,dst=30.0.0.2,id=<cleared>,type=8,code=0),reply=(src=192.168.1.2,dst=172.16.1.2,id=<cleared>,type=0,code=0),zone=<cleared>
cc08428b
GS		 116])
117
118# South-North SNAT: 'bar1' pings 'alice1'. But 'alice1' receives traffic
119# from 30.0.0.1
120NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.2 | FORMAT_PING], \
121[0], [dnl
1223 packets transmitted, 3 received, 0% packet loss, time 0ms
123])
124
125# We verify that SNAT indeed happened via 'dump-conntrack' command.
126AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
127sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
9132729e 128icmp,orig=(src=192.168.2.2,dst=172.16.1.2,id=<cleared>,type=8,code=0),reply=(src=172.16.1.2,dst=30.0.0.1,id=<cleared>,type=0,code=0),zone=<cleared>
cc08428b
GS		 129])
130
131# Add static routes to handle east-west NAT.
132ovn-nbctl lr-route-add R1 30.0.0.0/24 20.0.0.2
133
134# Flush conntrack entries for easier output parsing of next test.
135AT_CHECK([ovs-appctl dpctl/flush-conntrack])
136
137# East-west DNAT and SNAT: 'bar1' pings 30.0.0.2. 'foo1' receives it.
138NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.2 | FORMAT_PING], \
139[0], [dnl
1403 packets transmitted, 3 received, 0% packet loss, time 0ms
141])
142
143# As we have a static route that sends all packets with destination
144# 30.0.0.2 to R2, it hits the DNAT rule and converts 30.0.0.2 to 192.168.1.2
145AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.2) | \
146sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
9132729e 147icmp,orig=(src=192.168.2.2,dst=30.0.0.2,id=<cleared>,type=8,code=0),reply=(src=192.168.1.2,dst=192.168.2.2,id=<cleared>,type=0,code=0),zone=<cleared>
cc08428b
GS		 148])
149
150# As we have a SNAT rule that converts 192.168.2.2 to 30.0.0.1, the source is
151# SNATted and 'foo1' receives it.
152AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
153sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
9132729e 154icmp,orig=(src=192.168.2.2,dst=192.168.1.2,id=<cleared>,type=8,code=0),reply=(src=192.168.1.2,dst=30.0.0.1,id=<cleared>,type=0,code=0),zone=<cleared>
cc08428b
GS		 155])
156
157OVS_APP_EXIT_AND_WAIT([ovn-controller])
158
159as ovn-sb
160OVS_APP_EXIT_AND_WAIT([ovsdb-server])
161
162as ovn-nb
163OVS_APP_EXIT_AND_WAIT([ovsdb-server])
164
165as northd
166OVS_APP_EXIT_AND_WAIT([ovn-northd])
167
168as
576d1a80
GS		 169OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
170/connection dropped.*/d"])
cc08428b 171AT_CLEANUP
e74d157a 172
12969035
D		 173AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, easy SNAT])
174AT_KEYWORDS([ovnnat])
175
176CHECK_CONNTRACK()
4573c42e 177CHECK_CONNTRACK_NAT()
12969035
D		 178ovn_start
179OVS_TRAFFIC_VSWITCHD_START()
180ADD_BR([br-int])
181
182# Set external-ids in br-int needed for ovn-controller
183ovs-vsctl \
184 -- set Open_vSwitch . external-ids:system-id=hv1 \
185 -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
186 -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
187 -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
188 -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
189
190# Start ovn-controller
191start_daemon ovn-controller
192
193# Logical network:
194# Two LRs - R1 and R2 that are connected to each other via LS "join"
195# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) connected
196# to it. R2 has alice (172.16.1.0/24) connected to it.
197# R2 is a gateway router on which we add NAT rules.
198#
199# foo -- R1 -- join - R2 -- alice
200
201ovn-nbctl lr-add R1
202ovn-nbctl lr-add R2 -- set Logical_Router R2 options:chassis=hv1
203
204ovn-nbctl ls-add foo
205ovn-nbctl ls-add alice
206ovn-nbctl ls-add join
207
208ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
209ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
210ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
211ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
212
213# Connect foo to R1
214ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
215 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
216
217# Connect alice to R2
218ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
219 type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
220
221# Connect R1 to join
222ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
223 type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
224
225# Connect R2 to join
226ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
227 type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
228
229# Static routes.
230ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
231ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
232
233# Logical port 'foo1' in switch 'foo'.
234ADD_NAMESPACES(foo1)
235ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
236 "192.168.1.1")
237ovn-nbctl lsp-add foo foo1 \
238-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
239
240# Logical port 'alice1' in switch 'alice'.
241ADD_NAMESPACES(alice1)
242ADD_VETH(alice1, alice1, br-int, "172.16.1.2/24", "f0:00:00:01:02:04", \
243 "172.16.1.1")
244ovn-nbctl lsp-add alice alice1 \
245-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
246
247# Add a SNAT rule
248ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.1.2 \
249 external_ip=172.16.1.1 -- add logical_router R2 nat @nat
250
576d1a80
GS		 251OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep ct\( | grep nat])
252
12969035
D		 253# South-North SNAT: 'foo1' pings 'alice1'. But 'alice1' receives traffic
254# from 172.16.1.1
255NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.2 | FORMAT_PING], \
256[0], [dnl
2573 packets transmitted, 3 received, 0% packet loss, time 0ms
258])
259
260# We verify that SNAT indeed happened via 'dump-conntrack' command.
261AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.1.1) | \
262sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
9132729e 263icmp,orig=(src=192.168.1.2,dst=172.16.1.2,id=<cleared>,type=8,code=0),reply=(src=172.16.1.2,dst=172.16.1.1,id=<cleared>,type=0,code=0),zone=<cleared>
12969035
D		 264])
265
266OVS_APP_EXIT_AND_WAIT([ovn-controller])
267
268as ovn-sb
269OVS_APP_EXIT_AND_WAIT([ovsdb-server])
270
271as ovn-nb
272OVS_APP_EXIT_AND_WAIT([ovsdb-server])
273
274as northd
275OVS_APP_EXIT_AND_WAIT([ovn-northd])
276
277as
576d1a80
GS		 278OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
279/connection dropped.*/d"])
12969035 280AT_CLEANUP
e74d157a 281
65d8810c
GS		 282AT_SETUP([ovn -- multiple gateway routers, SNAT and DNAT])
283AT_KEYWORDS([ovnnat])
284
285CHECK_CONNTRACK()
286CHECK_CONNTRACK_NAT()
287ovn_start
288OVS_TRAFFIC_VSWITCHD_START()
289ADD_BR([br-int])
290
291# Set external-ids in br-int needed for ovn-controller
292ovs-vsctl \
293 -- set Open_vSwitch . external-ids:system-id=hv1 \
294 -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
295 -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
296 -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
297 -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
298
299# Start ovn-controller
300start_daemon ovn-controller
301
302# Logical network:
303# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
304# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
305# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
306# to it. R3 has bob (172.16.1.0/24) connected to it. Note how both alice and
307# bob have the same subnet behind it. We are trying to simulate external
308# network via those 2 switches. In real world the switch ports of these
309# switches will have addresses set as "unknown" to make them learning switches.
310# Or those switches will be "localnet" ones.
311#
312# foo -- R1 -- join - R2 -- alice
313# | |
314# bar ---- - R3 --- bob
315
316ovn-nbctl create Logical_Router name=R1
317ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
318ovn-nbctl create Logical_Router name=R3 options:chassis=hv1
319
320ovn-nbctl ls-add foo
321ovn-nbctl ls-add bar
322ovn-nbctl ls-add alice
323ovn-nbctl ls-add bob
324ovn-nbctl ls-add join
325
326# Connect foo to R1
327ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
328ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
329 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
330
331# Connect bar to R1
332ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
333ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
334 type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
335
336# Connect alice to R2
337ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
338ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
339 type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
340
341# Connect bob to R3
342ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 172.16.1.2/24
343ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
344 type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
345
346# Connect R1 to join
347ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
348ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
349 type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
350
351# Connect R2 to join
352ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
353ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
354 type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
355
356# Connect R3 to join
357ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24
358ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
359 type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
360
361# Install static routes with source ip address as the policy for routing.
362# We want traffic from 'foo' to go via R2 and traffic of 'bar' to go via R3.
363ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.1.0/24 20.0.0.2
364ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.2.0/24 20.0.0.3
365
366# Static routes.
367ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
368ovn-nbctl lr-route-add R3 192.168.0.0/16 20.0.0.1
369
370# For gateway routers R2 and R3, set a force SNAT rule.
371ovn-nbctl set logical_router R2 options:dnat_force_snat_ip=20.0.0.2
372ovn-nbctl set logical_router R3 options:dnat_force_snat_ip=20.0.0.3
373
374# Logical port 'foo1' in switch 'foo'.
375ADD_NAMESPACES(foo1)
376ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
377 "192.168.1.1")
378ovn-nbctl lsp-add foo foo1 \
379-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
380
381# Logical port 'alice1' in switch 'alice'.
382ADD_NAMESPACES(alice1)
383ADD_VETH(alice1, alice1, br-int, "172.16.1.3/24", "f0:00:00:01:02:04", \
384 "172.16.1.1")
385ovn-nbctl lsp-add alice alice1 \
386-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.3"
387
388# Logical port 'bar1' in switch 'bar'.
389ADD_NAMESPACES(bar1)
390ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24", "f0:00:00:01:02:05", \
391"192.168.2.1")
392ovn-nbctl lsp-add bar bar1 \
393-- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
394
395# Logical port 'bob1' in switch 'bob'.
396ADD_NAMESPACES(bob1)
397ADD_VETH(bob1, bob1, br-int, "172.16.1.4/24", "f0:00:00:01:02:06", \
398 "172.16.1.2")
399ovn-nbctl lsp-add bob bob1 \
400-- lsp-set-addresses bob1 "f0:00:00:01:02:06 172.16.1.4"
401
402# Router R2
403# Add a DNAT rule.
404ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=192.168.1.2 \
405 external_ip=30.0.0.2 -- add logical_router R2 nat @nat
406
407# Add a SNAT rule
408ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.1.2 \
409 external_ip=30.0.0.1 -- add logical_router R2 nat @nat
410
411# Router R3
412# Add a DNAT rule.
413ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=192.168.1.2 \
414 external_ip=30.0.0.3 -- add logical_router R3 nat @nat
415
416# Add a SNAT rule
417ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.2.2 \
418 external_ip=30.0.0.4 -- add logical_router R3 nat @nat
419
420# wait for ovn-controller to catch up.
421OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep ct\( | grep nat])
422
423# North-South DNAT: 'alice1' should be able to ping 'foo1' via 30.0.0.2
424NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.2 | FORMAT_PING], \
425[0], [dnl
4263 packets transmitted, 3 received, 0% packet loss, time 0ms
427])
428
429# Check conntrack entries.
430AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.1.3) | \
431sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
432icmp,orig=(src=172.16.1.3,dst=30.0.0.2,id=<cleared>,type=8,code=0),reply=(src=192.168.1.2,dst=172.16.1.3,id=<cleared>,type=0,code=0),zone=<cleared>
433])
434
435# But foo1 should receive traffic from 20.0.0.2
436AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(20.0.0.2) | \
437sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
438icmp,orig=(src=172.16.1.3,dst=192.168.1.2,id=<cleared>,type=8,code=0),reply=(src=192.168.1.2,dst=20.0.0.2,id=<cleared>,type=0,code=0),zone=<cleared>
439])
440
441# North-South DNAT: 'bob1' should be able to ping 'foo1' via 30.0.0.3
442NS_CHECK_EXEC([bob1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.3 | FORMAT_PING], \
443[0], [dnl
4443 packets transmitted, 3 received, 0% packet loss, time 0ms
445])
446
447# Check conntrack entries.
448AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(172.16.1.4) | \
449sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
450icmp,orig=(src=172.16.1.4,dst=30.0.0.3,id=<cleared>,type=8,code=0),reply=(src=192.168.1.2,dst=172.16.1.4,id=<cleared>,type=0,code=0),zone=<cleared>
451])
452
453# But foo1 should receive traffic from 20.0.0.3
454AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(20.0.0.3) | \
455sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
456icmp,orig=(src=172.16.1.4,dst=192.168.1.2,id=<cleared>,type=8,code=0),reply=(src=192.168.1.2,dst=20.0.0.3,id=<cleared>,type=0,code=0),zone=<cleared>
457])
458
459# South-North SNAT: 'bar1' pings 'bob1'. But 'bob1' receives traffic
460# from 30.0.0.4
461NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.4 | FORMAT_PING], \
462[0], [dnl
4633 packets transmitted, 3 received, 0% packet loss, time 0ms
464])
465
466# We verify that SNAT indeed happened via 'dump-conntrack' command.
467AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.4) | \
468sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
469icmp,orig=(src=192.168.2.2,dst=172.16.1.4,id=<cleared>,type=8,code=0),reply=(src=172.16.1.4,dst=30.0.0.4,id=<cleared>,type=0,code=0),zone=<cleared>
470])
471
472# South-North SNAT: 'foo1' pings 'alice1'. But 'alice1' receives traffic
473# from 30.0.0.1
474NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.3 | FORMAT_PING], \
475[0], [dnl
4763 packets transmitted, 3 received, 0% packet loss, time 0ms
477])
478
479# We verify that SNAT indeed happened via 'dump-conntrack' command.
480AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
481sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
482icmp,orig=(src=192.168.1.2,dst=172.16.1.3,id=<cleared>,type=8,code=0),reply=(src=172.16.1.3,dst=30.0.0.1,id=<cleared>,type=0,code=0),zone=<cleared>
483])
484
485OVS_APP_EXIT_AND_WAIT([ovn-controller])
486
487as ovn-sb
488OVS_APP_EXIT_AND_WAIT([ovsdb-server])
489
490as ovn-nb
491OVS_APP_EXIT_AND_WAIT([ovsdb-server])
492
493as northd
494OVS_APP_EXIT_AND_WAIT([ovn-northd])
495
496as
497OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
498/connection dropped.*/d"])
499AT_CLEANUP
500
e74d157a
GS		 501AT_SETUP([ovn -- load-balancing])
502AT_KEYWORDS([ovnlb])
503
504CHECK_CONNTRACK()
4573c42e 505CHECK_CONNTRACK_NAT()
e74d157a
GS		 506ovn_start
507OVS_TRAFFIC_VSWITCHD_START()
508ADD_BR([br-int])
509
510# Set external-ids in br-int needed for ovn-controller
511ovs-vsctl \
512 -- set Open_vSwitch . external-ids:system-id=hv1 \
513 -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
514 -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
515 -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
516 -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
517
518# Start ovn-controller
519start_daemon ovn-controller
520
521# Logical network:
522# 2 logical switches "foo" (192.168.1.0/24) and "bar" (172.16.1.0/24)
523# connected to a router R1.
524# foo has foo1 to act as a client.
525# bar has bar1, bar2, bar3 to act as servers.
526#
527# Loadbalancer VIPs in 30.0.0.0/24 network.
528
529ovn-nbctl create Logical_Router name=R1
530ovn-nbctl ls-add foo
531ovn-nbctl ls-add bar
532
533# Connect foo to R1
534ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
535ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
536 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
537
538# Connect bar to R1
539ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 172.16.1.1/24
540ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
541 type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
542
543# Create logical port 'foo1' in switch 'foo'.
544ADD_NAMESPACES(foo1)
545ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
546 "192.168.1.1")
547ovn-nbctl lsp-add foo foo1 \
548-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
549
550# Create logical ports 'bar1', 'bar2', 'bar3' in switch 'bar'.
551ADD_NAMESPACES(bar1)
552ADD_VETH(bar1, bar1, br-int, "172.16.1.2/24", "f0:00:0f:01:02:03", \
553 "172.16.1.1")
554ovn-nbctl lsp-add bar bar1 \
555-- lsp-set-addresses bar1 "f0:00:0f:01:02:03 172.16.1.2"
556
557ADD_NAMESPACES(bar2)
558ADD_VETH(bar2, bar2, br-int, "172.16.1.3/24", "f0:00:0f:01:02:04", \
559 "172.16.1.1")
560ovn-nbctl lsp-add bar bar2 \
561-- lsp-set-addresses bar2 "f0:00:0f:01:02:04 172.16.1.3"
562
563ADD_NAMESPACES(bar3)
564ADD_VETH(bar3, bar3, br-int, "172.16.1.4/24", "f0:00:0f:01:02:05", \
565 "172.16.1.1")
566ovn-nbctl lsp-add bar bar3 \
567-- lsp-set-addresses bar3 "f0:00:0f:01:02:05 172.16.1.4"
568
569# Config OVN load-balancer with a VIP.
570uuid=`ovn-nbctl create load_balancer vips:30.0.0.1="172.16.1.2,172.16.1.3,172.16.1.4"`
571ovn-nbctl set logical_switch foo load_balancer=$uuid
572
61591ad9
GS		 573# Create another load-balancer with another VIP.
574uuid=`ovn-nbctl create load_balancer vips:30.0.0.3="172.16.1.2,172.16.1.3,172.16.1.4"`
575ovn-nbctl add logical_switch foo load_balancer $uuid
576
e74d157a
GS		 577# Config OVN load-balancer with another VIP (this time with ports).
578ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"172.16.1.2:80,172.16.1.3:80,172.16.1.4:80"'
579
580# Wait for ovn-controller to catch up.
581OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | grep ct\(])
582
583# Start webservers in 'bar1', 'bar2' and 'bar3'.
7ed40afe
JS		 584OVS_START_L7([bar1], [http])
585OVS_START_L7([bar2], [http])
586OVS_START_L7([bar3], [http])
e74d157a 587
61591ad9
GS		 588dnl Should work with the virtual IP 30.0.0.1 address through NAT
589for i in `seq 1 20`; do
e74d157a
GS		 590 echo Request $i
591 NS_CHECK_EXEC([foo1], [wget 30.0.0.1 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
592done
593
594dnl Each server should have at least one connection.
926c34fd
RM		 595AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
596sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
597tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
598tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.3,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
599tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.4,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
e74d157a
GS		 600])
601
61591ad9
GS		 602dnl Should work with the virtual IP 30.0.0.3 address through NAT
603for i in `seq 1 20`; do
604 echo Request $i
605 NS_CHECK_EXEC([foo1], [wget 30.0.0.3 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
606done
607
608dnl Each server should have at least one connection.
926c34fd
RM		 609AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.3) | \
610sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
611tcp,orig=(src=192.168.1.2,dst=30.0.0.3,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
612tcp,orig=(src=192.168.1.2,dst=30.0.0.3,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.3,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
613tcp,orig=(src=192.168.1.2,dst=30.0.0.3,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.4,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
61591ad9
GS		 614])
615
e74d157a 616dnl Test load-balancing that includes L4 ports in NAT.
61591ad9 617for i in `seq 1 20`; do
e74d157a
GS		 618 echo Request $i
619 NS_CHECK_EXEC([foo1], [wget 30.0.0.2:8000 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
620done
621
622dnl Each server should have at least one connection.
926c34fd
RM		 623AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.2) | \
624sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
625tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
626tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.3,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
627tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=172.16.1.4,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
e74d157a
GS		 628])
629
630
0deb0f6d
GS		 631OVS_APP_EXIT_AND_WAIT([ovn-controller])
632
633as ovn-sb
634OVS_APP_EXIT_AND_WAIT([ovsdb-server])
635
636as ovn-nb
637OVS_APP_EXIT_AND_WAIT([ovsdb-server])
638
639as northd
640OVS_APP_EXIT_AND_WAIT([ovn-northd])
641
642as
643OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
644AT_CLEANUP
645
646AT_SETUP([ovn -- load-balancing - same subnet.])
647AT_KEYWORDS([ovnlb])
648
649CHECK_CONNTRACK()
650CHECK_CONNTRACK_NAT()
651ovn_start
652OVS_TRAFFIC_VSWITCHD_START()
653ADD_BR([br-int])
654
655# Set external-ids in br-int needed for ovn-controller
656ovs-vsctl \
657 -- set Open_vSwitch . external-ids:system-id=hv1 \
658 -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
659 -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
660 -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
661 -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
662
663# Start ovn-controller
664start_daemon ovn-controller
665
666# Logical network:
667# 1 logical switch "foo" (192.168.1.0/24) connected to router R1.
668# foo has foo1, foo2, foo3, foo4 as logical ports.
669#
670# Loadbalancer VIPs in 30.0.0.0/24 network. Router is needed for default
671# gateway. We will test load-balancing with foo1 as a client and foo2, foo3 and
672# foo4 as servers.
673
674ovn-nbctl create Logical_Router name=R1
675ovn-nbctl ls-add foo
676
677# Connect foo to R1
678ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
679ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
680 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
681
682# Create logical port 'foo1', 'foo2', 'foo3' and 'foo4' in switch 'foo'.
683ADD_NAMESPACES(foo1, foo2, foo3, foo4)
684for i in `seq 1 4`; do
685 j=`expr $i + 1`
686 ADD_VETH(foo$i, foo$i, br-int, "192.168.1.$j/24", "f0:00:00:01:02:0$j", \
687 "192.168.1.1")
688 ovn-nbctl lsp-add foo foo$i \
689 -- lsp-set-addresses foo$i "f0:00:00:01:02:0$j 192.168.1.$j"
690done
691
692# Config OVN load-balancer with a VIP.
693uuid=`ovn-nbctl create load_balancer vips:30.0.0.1="192.168.1.3,192.168.1.4,192.168.1.5"`
694ovn-nbctl set logical_switch foo load_balancer=$uuid
695
696# Config OVN load-balancer with another VIP (this time with ports).
697ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.3:80,192.168.1.4:80,192.168.1.5:80"'
698
699# Wait for ovn-controller to catch up.
700OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | grep ct\(])
701
702# Start webservers in 'foo2', 'foo3' and 'foo4'.
7ed40afe
JS		 703OVS_START_L7([foo2], [http])
704OVS_START_L7([foo3], [http])
705OVS_START_L7([foo4], [http])
0deb0f6d
GS		 706
707dnl Should work with the virtual IP address through NAT
708for i in `seq 1 20`; do
709 echo Request $i
710 NS_CHECK_EXEC([foo1], [wget 30.0.0.1 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
711done
712
713dnl Each server should have at least one connection.
926c34fd
RM		 714AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
715sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
716tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.3,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
717tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.4,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
718tcp,orig=(src=192.168.1.2,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.5,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
0deb0f6d
GS		 719])
720
721dnl Test load-balancing that includes L4 ports in NAT.
722for i in `seq 1 20`; do
723 echo Request $i
724 NS_CHECK_EXEC([foo1], [wget 30.0.0.2:8000 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
725done
726
727dnl Each server should have at least one connection.
926c34fd
RM		 728AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.2) | \
729sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
730tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.3,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
731tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.4,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
732tcp,orig=(src=192.168.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.5,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
0deb0f6d
GS		 733])
734
735
e74d157a
GS		 736OVS_APP_EXIT_AND_WAIT([ovn-controller])
737
738as ovn-sb
739OVS_APP_EXIT_AND_WAIT([ovsdb-server])
740
741as ovn-nb
742OVS_APP_EXIT_AND_WAIT([ovsdb-server])
743
744as northd
745OVS_APP_EXIT_AND_WAIT([ovn-northd])
746
747as
748OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
749AT_CLEANUP
cc4583aa
GS		 750
751AT_SETUP([ovn -- load balancing in gateway router])
752AT_KEYWORDS([ovnlb])
753
754CHECK_CONNTRACK()
755CHECK_CONNTRACK_NAT()
756ovn_start
757OVS_TRAFFIC_VSWITCHD_START()
758ADD_BR([br-int])
759
760# Set external-ids in br-int needed for ovn-controller
761ovs-vsctl \
762 -- set Open_vSwitch . external-ids:system-id=hv1 \
763 -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
764 -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
765 -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
766 -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
767
768# Start ovn-controller
769start_daemon ovn-controller
770
771# Logical network:
772# Two LRs - R1 and R2 that are connected to each other via LS "join"
773# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
774# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
775# to it. R2 is a gateway router on which we add load-balancing rules.
776#
777# foo -- R1 -- join - R2 -- alice
778# |
779# bar ----
780
781ovn-nbctl create Logical_Router name=R1
782ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
783
784ovn-nbctl ls-add foo
785ovn-nbctl ls-add bar
786ovn-nbctl ls-add alice
787ovn-nbctl ls-add join
788
789# Connect foo to R1
790ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
791ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
792 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
793
794# Connect bar to R1
795ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
796ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
797 type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
798
799# Connect alice to R2
800ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
801ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
802 type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
803
804# Connect R1 to join
805ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
806ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
807 type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
808
809# Connect R2 to join
810ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
811ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
812 type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
813
814# Static routes.
815ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
816ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
817
818# Logical port 'foo1' in switch 'foo'.
819ADD_NAMESPACES(foo1)
820ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
821 "192.168.1.1")
822ovn-nbctl lsp-add foo foo1 \
823-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
824
825# Logical port 'alice1' in switch 'alice'.
826ADD_NAMESPACES(alice1)
827ADD_VETH(alice1, alice1, br-int, "172.16.1.2/24", "f0:00:00:01:02:04", \
828 "172.16.1.1")
829ovn-nbctl lsp-add alice alice1 \
830-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
831
832# Logical port 'bar1' in switch 'bar'.
833ADD_NAMESPACES(bar1)
834ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24", "f0:00:00:01:02:05", \
835"192.168.2.1")
836ovn-nbctl lsp-add bar bar1 \
837-- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
838
839# Config OVN load-balancer with a VIP.
840uuid=`ovn-nbctl create load_balancer vips:30.0.0.1="192.168.1.2,192.168.2.2"`
841ovn-nbctl set logical_router R2 load_balancer=$uuid
842
843# Config OVN load-balancer with another VIP (this time with ports).
844ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.168.2.2:80"'
845
846# Wait for ovn-controller to catch up.
847OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | grep ct\(])
848
849# Start webservers in 'foo1', 'bar1'.
7ed40afe
JS		 850OVS_START_L7([foo1], [http])
851OVS_START_L7([bar1], [http])
cc4583aa
GS		 852
853dnl Should work with the virtual IP address through NAT
854for i in `seq 1 20`; do
855 echo Request $i
856 NS_CHECK_EXEC([alice1], [wget 30.0.0.1 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
857done
858
859dnl Each server should have at least one connection.
860AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) |
861sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
862tcp,orig=(src=172.16.1.2,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=172.16.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
863tcp,orig=(src=172.16.1.2,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=172.16.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
864])
865
866dnl Test load-balancing that includes L4 ports in NAT.
867for i in `seq 1 20`; do
868 echo Request $i
869 NS_CHECK_EXEC([alice1], [wget 30.0.0.2:8000 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
870done
871
872dnl Each server should have at least one connection.
873AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.2) |
874sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
875tcp,orig=(src=172.16.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=172.16.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
876tcp,orig=(src=172.16.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=172.16.1.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
877])
878
879OVS_APP_EXIT_AND_WAIT([ovn-controller])
880
881as ovn-sb
882OVS_APP_EXIT_AND_WAIT([ovsdb-server])
883
884as ovn-nb
885OVS_APP_EXIT_AND_WAIT([ovsdb-server])
886
887as northd
888OVS_APP_EXIT_AND_WAIT([ovn-northd])
889
890as
891OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
892/connection dropped.*/d"])
893AT_CLEANUP
65d8810c
GS		 894
895AT_SETUP([ovn -- multiple gateway routers, load-balancing])
896AT_KEYWORDS([ovnlb])
897
898CHECK_CONNTRACK()
899CHECK_CONNTRACK_NAT()
900ovn_start
901OVS_TRAFFIC_VSWITCHD_START()
902ADD_BR([br-int])
903
904# Set external-ids in br-int needed for ovn-controller
905ovs-vsctl \
906 -- set Open_vSwitch . external-ids:system-id=hv1 \
907 -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
908 -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
909 -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
910 -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
911
912# Start ovn-controller
913start_daemon ovn-controller
914
915# Logical network:
916# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
917# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
918# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
919# to it. R3 has bob (172.16.1.0/24) connected to it. Note how both alice and
920# bob have the same subnet behind it. We are trying to simulate external
921# network via those 2 switches. In real world the switch ports of these
922# switches will have addresses set as "unknown" to make them learning switches.
923# Or those switches will be "localnet" ones.
924#
925# foo -- R1 -- join - R2 -- alice
926# | |
927# bar ---- - R3 --- bob
928
929ovn-nbctl create Logical_Router name=R1
930ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
931ovn-nbctl create Logical_Router name=R3 options:chassis=hv1
932
933ovn-nbctl ls-add foo
934ovn-nbctl ls-add bar
935ovn-nbctl ls-add alice
936ovn-nbctl ls-add bob
937ovn-nbctl ls-add join
938
939# Connect foo to R1
940ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
941ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
942 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
943
944# Connect bar to R1
945ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
946ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
947 type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
948
949# Connect alice to R2
950ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
951ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
952 type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
953
954# Connect bob to R3
955ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 172.16.1.2/24
956ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
957 type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
958
959# Connect R1 to join
960ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
961ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
962 type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
963
964# Connect R2 to join
965ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
966ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
967 type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
968
969# Connect R3 to join
970ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24
971ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
972 type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
973
974# Install static routes with source ip address as the policy for routing.
975# We want traffic from 'foo' to go via R2 and traffic of 'bar' to go via R3.
976ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.1.0/24 20.0.0.2
977ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.2.0/24 20.0.0.3
978
979# Static routes.
980ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
981ovn-nbctl lr-route-add R3 192.168.0.0/16 20.0.0.1
982
983# For gateway routers R2 and R3, set a force SNAT rule.
984ovn-nbctl set logical_router R2 options:lb_force_snat_ip=20.0.0.2
985ovn-nbctl set logical_router R3 options:lb_force_snat_ip=20.0.0.3
986
987# Logical port 'foo1' in switch 'foo'.
988ADD_NAMESPACES(foo1)
989ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
990 "192.168.1.1")
991ovn-nbctl lsp-add foo foo1 \
992-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
993
994# Logical port 'alice1' in switch 'alice'.
995ADD_NAMESPACES(alice1)
996ADD_VETH(alice1, alice1, br-int, "172.16.1.3/24", "f0:00:00:01:02:04", \
997 "172.16.1.1")
998ovn-nbctl lsp-add alice alice1 \
999-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.3"
1000
1001# Logical port 'bar1' in switch 'bar'.
1002ADD_NAMESPACES(bar1)
1003ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24", "f0:00:00:01:02:05", \
1004"192.168.2.1")
1005ovn-nbctl lsp-add bar bar1 \
1006-- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
1007
1008# Logical port 'bob1' in switch 'bob'.
1009ADD_NAMESPACES(bob1)
1010ADD_VETH(bob1, bob1, br-int, "172.16.1.4/24", "f0:00:00:01:02:06", \
1011 "172.16.1.2")
1012ovn-nbctl lsp-add bob bob1 \
1013-- lsp-set-addresses bob1 "f0:00:00:01:02:06 172.16.1.4"
1014
1015# Config OVN load-balancer with a VIP.
1016uuid=`ovn-nbctl create load_balancer vips:30.0.0.1="192.168.1.2,192.168.2.2"`
1017ovn-nbctl set logical_router R2 load_balancer=$uuid
1018ovn-nbctl set logical_router R3 load_balancer=$uuid
1019
1020# Wait for ovn-controller to catch up.
1021OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | grep ct\(])
1022
1023# Start webservers in 'foo1', 'bar1'.
7ed40afe
JS		 1024OVS_START_L7([foo1], [http])
1025OVS_START_L7([bar1], [http])
65d8810c
GS		 1026
1027dnl Should work with the virtual IP address through NAT
1028for i in `seq 1 20`; do
1029 echo Request $i
1030 NS_CHECK_EXEC([alice1], [wget 30.0.0.1 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
1031done
1032
1033dnl Each server should have at least one connection.
1034AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) |
1035sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
1036tcp,orig=(src=172.16.1.3,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=172.16.1.3,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
1037tcp,orig=(src=172.16.1.3,dst=30.0.0.1,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=172.16.1.3,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
1038])
1039
1040dnl Force SNAT should have worked.
1041AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(20.0.0) |
1042sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
1043tcp,orig=(src=172.16.1.3,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=20.0.0.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
1044tcp,orig=(src=172.16.1.3,dst=192.168.2.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=20.0.0.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
1045])
1046OVS_APP_EXIT_AND_WAIT([ovn-controller])
1047
1048as ovn-sb
1049OVS_APP_EXIT_AND_WAIT([ovsdb-server])
1050
1051as ovn-nb
1052OVS_APP_EXIT_AND_WAIT([ovsdb-server])
1053
1054as northd
1055OVS_APP_EXIT_AND_WAIT([ovn-northd])
1056
1057as
1058OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
1059/connection dropped.*/d"])
1060AT_CLEANUP
openvswitch packages for PVE