From 7490cfea75c38011e6d693953b599041a6c418d0 Mon Sep 17 00:00:00 2001 From: Vladislav Odintsov Date: Thu, 2 May 2024 11:39:54 +0300 Subject: [PATCH] northd: Add support for disabling vxlan mode. Commit [1] introduced a "vxlan mode" concept. It brought a limitation for available tunnel IDs because of lack of space in VXLAN VNI. In vxlan mode OVN is limited by 4095 datapaths (LRs or non-transit LSs) and 2047 logical switch ports per datapath. Prior to this patch vxlan mode was enabled automatically if at least one chassis had encap of vxlan type. In scenarios where one want to use VXLAN only for HW VTEP (RAMP) switch, such limitation makes no sence. This patch adds support for explicit disabling of vxlan mode via Northbound database. 1: https://github.com/ovn-org/ovn/commit/b07f1bc3d068 Signed-off-by: Vladislav Odintsov --- NEWS | 3 +++ northd/en-global-config.c | 7 ++++++- northd/northd.c | 10 ++++++++-- northd/northd.h | 3 ++- ovn-architecture.7.xml | 6 ++++++ ovn-nb.xml | 10 ++++++++++ tests/ovn-northd.at | 29 +++++++++++++++++++++++++++++ 7 files changed, 64 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 3b5e93dc9a..43ab05a680 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,9 @@ Post v24.03.0 external-ids, the option is no longer needed as it became effectively "true" for all scenarios. - Added DHCPv4 relay support. + - Added new global config option NB_Global:options:disable_vxlan_mode to + extend available tunnel IDs space for datapaths from 4095 to 16711680. + For more details see man ovn-nb(5) for mentioned option. OVN v24.03.0 - 01 Mar 2024 -------------------------- diff --git a/northd/en-global-config.c b/northd/en-global-config.c index 873649a894..f5e2a8154c 100644 --- a/northd/en-global-config.c +++ b/northd/en-global-config.c @@ -115,7 +115,7 @@ en_global_config_run(struct engine_node *node , void *data) config_data->svc_monitor_mac); } - init_vxlan_mode(sbrec_chassis_table); + init_vxlan_mode(&nb->options, sbrec_chassis_table); char *max_tunid = xasprintf("%d", get_ovn_max_dp_key_local()); smap_replace(options, "max_tunid", max_tunid); free(max_tunid); @@ -533,6 +533,11 @@ check_nb_options_out_of_sync(const struct nbrec_nb_global *nb, return true; } + if (config_out_of_sync(&nb->options, &config_data->nb_options, + "disable_vxlan_mode", false)) { + return true; + } + return false; } diff --git a/northd/northd.c b/northd/northd.c index b54219a85e..d1535172e8 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -886,8 +886,14 @@ join_datapaths(const struct nbrec_logical_switch_table *nbrec_ls_table, } void -init_vxlan_mode(const struct sbrec_chassis_table *sbrec_chassis_table) +init_vxlan_mode(const struct smap *nb_options, + const struct sbrec_chassis_table *sbrec_chassis_table) { + if (smap_get_bool(nb_options, "disable_vxlan_mode", false)) { + vxlan_mode = false; + return; + } + const struct sbrec_chassis *chassis; SBREC_CHASSIS_TABLE_FOR_EACH (chassis, sbrec_chassis_table) { for (int i = 0; i < chassis->n_encaps; i++) { @@ -17593,7 +17599,7 @@ ovnnb_db_run(struct northd_input *input_data, use_common_zone = smap_get_bool(input_data->nb_options, "use_common_zone", false); - init_vxlan_mode(input_data->sbrec_chassis_table); + init_vxlan_mode(input_data->nb_options, input_data->sbrec_chassis_table); build_datapaths(ovnsb_txn, input_data->nbrec_logical_switch_table, diff --git a/northd/northd.h b/northd/northd.h index be480003ea..d0322e621d 100644 --- a/northd/northd.h +++ b/northd/northd.h @@ -792,7 +792,8 @@ lr_has_multiple_gw_ports(const struct ovn_datapath *od) } void -init_vxlan_mode(const struct sbrec_chassis_table *sbrec_chassis_table); +init_vxlan_mode(const struct smap *nb_options, + const struct sbrec_chassis_table *sbrec_chassis_table); uint32_t get_ovn_max_dp_key_local(void); diff --git a/ovn-architecture.7.xml b/ovn-architecture.7.xml index 7abb1fa83e..251c9c5149 100644 --- a/ovn-architecture.7.xml +++ b/ovn-architecture.7.xml @@ -2919,4 +2919,10 @@ the future, gateways that do not support encapsulations with large amounts of metadata may continue to have a reduced feature set.

+

+ vxlan mode is recommended to be disabled if VXLAN encap at + hypervisors is needed only to support HW VTEP L2 Gateway functionality. + See man ovn-nb(5) for table NB_Global column + options key disable_vxlan_mode for more details. +

diff --git a/ovn-nb.xml b/ovn-nb.xml index 5cb6ba640e..a99e663e57 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -381,6 +381,16 @@ of SB changes would be very noticeable. + + By default if at least one chassis in OVN cluster has VXLAN encap, + northd will run in a vxlan mode. See man + ovn-architecture(7) Tunnel Encapsulations paragraph for + more details. In case VXLAN encaps are needed on chassis only to + support HW VTEP functionality and main encap type is GENEVE or STT, set + this option to `false` to use default non-`vxlan mode` tunnel IDs + allocation logic. + +

These options control how routes are advertised between OVN diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 680d966755..549a28b571 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -2847,6 +2847,35 @@ AT_CHECK( get_tunnel_keys AT_CHECK([test $lsp02 = 3 && test $ls1 = 123]) +AT_CLEANUP +]) +OVN_FOR_EACH_NORTHD_NO_HV([ +AT_SETUP([check vxlan mode disabling]) +ovn_start + +# Create a fake chassis with vxlan encap to implicitly enable vxlan mode. +ovn-sbctl \ + --id=@e create encap chassis_name=hv1 ip="192.168.0.1" type="vxlan" \ + -- --id=@c create chassis name=hv1 encaps=@e + +cmd="ovn-nbctl --wait=sb" +for i in {1..4097..1}; do + cmd="${cmd} -- ls-add lsw-${i}" +done + +check $cmd + +check_row_count nb:Logical_Switch 4097 +wait_row_count sb:Datapath_Binding 4095 + +OVS_WAIT_UNTIL([grep "all datapath tunnel ids exhausted" northd/ovn-northd.log]) + +# Explicitly disable vxlan mode and check that two remaining datapaths were created. +check ovn-nbctl set NB_Global . options:disable_vxlan_mode=true + +check_row_count nb:Logical_Switch 4097 +wait_row_count sb:Datapath_Binding 4097 + AT_CLEANUP ])