ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lb: Fix src_ip_sticky evaluation bug in per-port-vip case.

Browse Source 
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.

This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.

The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248

Type: fix
Fixes: 613e6dc0bf ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
This commit is contained in:
Nobuhiro MIKI
2023-06-28 15:15:58 +09:00
committed by Mohammed HAWARI
parent df4d342d76
commit 95c2da7c25
4 changed files with 106 additions and 469 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/plugins/lb/lb.c
-120
View File
@@ -93,78 +93,6 @@ const static char* const * const lb_dpo_nat6_port_nodes[DPO_PROTO_NUM] =
[DPO_PROTO_IP6] = lb_dpo_nat6_ip6_port,
};
const static char *const lb_dpo_gre4_ip4_sticky[] = { "lb4-gre4-sticky",
NULL };
const static char *const lb_dpo_gre4_ip6_sticky[] = { "lb6-gre4-sticky",
NULL };
const static char *const *const lb_dpo_gre4_sticky_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP4] = lb_dpo_gre4_ip4_sticky,
[DPO_PROTO_IP6] = lb_dpo_gre4_ip6_sticky,
};
const static char *const lb_dpo_gre6_ip4_sticky[] = { "lb4-gre6-sticky",
NULL };
const static char *const lb_dpo_gre6_ip6_sticky[] = { "lb6-gre6-sticky",
NULL };
const static char *const *const lb_dpo_gre6_sticky_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP4] = lb_dpo_gre6_ip4_sticky,
[DPO_PROTO_IP6] = lb_dpo_gre6_ip6_sticky,
};
const static char *const lb_dpo_gre4_ip4_port_sticky[] = {
"lb4-gre4-port-sticky", NULL
};
const static char *const lb_dpo_gre4_ip6_port_sticky[] = {
"lb6-gre4-port-sticky", NULL
};
const static char *const
*const lb_dpo_gre4_port_sticky_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP4] = lb_dpo_gre4_ip4_port_sticky,
[DPO_PROTO_IP6] = lb_dpo_gre4_ip6_port_sticky,
};
const static char *const lb_dpo_gre6_ip4_port_sticky[] = {
"lb4-gre6-port-sticky", NULL
};
const static char *const lb_dpo_gre6_ip6_port_sticky[] = {
"lb6-gre6-port-sticky", NULL
};
const static char *const
*const lb_dpo_gre6_port_sticky_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP4] = lb_dpo_gre6_ip4_port_sticky,
[DPO_PROTO_IP6] = lb_dpo_gre6_ip6_port_sticky,
};
const static char *const lb_dpo_l3dsr_ip4_sticky[] = { "lb4-l3dsr-sticky",
NULL };
const static char *const *const lb_dpo_l3dsr_sticky_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP4] = lb_dpo_l3dsr_ip4_sticky,
};
const static char *const lb_dpo_l3dsr_ip4_port_sticky[] = {
"lb4-l3dsr-port-sticky", NULL
};
const static char *const
*const lb_dpo_l3dsr_port_sticky_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP4] = lb_dpo_l3dsr_ip4_port_sticky,
};
const static char *const lb_dpo_nat4_ip4_port_sticky[] = {
"lb4-nat4-port-sticky", NULL
};
const static char *const
*const lb_dpo_nat4_port_sticky_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP4] = lb_dpo_nat4_ip4_port_sticky,
};
const static char *const lb_dpo_nat6_ip6_port_sticky[] = {
"lb6-nat6-port-sticky", NULL
};
const static char *const
*const lb_dpo_nat6_port_sticky_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP6] = lb_dpo_nat6_ip6_port_sticky,
};
u32 lb_hash_time_now(vlib_main_t * vm)
{
return (u32) (vlib_time_now(vm) + 10000);
@@ -1024,22 +952,6 @@ static void lb_vip_add_adjacency(lb_main_t *lbm, lb_vip_t *vip,
dpo_type = lbm->dpo_nat4_port_type;
else if (lb_vip_is_nat6_port(vip))
dpo_type = lbm->dpo_nat6_port_type;
else if (lb_vip_is_gre4_sticky (vip))
dpo_type = lbm->dpo_gre4_sticky_type;
else if (lb_vip_is_gre6_sticky (vip))
dpo_type = lbm->dpo_gre6_sticky_type;
else if (lb_vip_is_gre4_port_sticky (vip))
dpo_type = lbm->dpo_gre4_port_sticky_type;
else if (lb_vip_is_gre6_port_sticky (vip))
dpo_type = lbm->dpo_gre6_port_sticky_type;
else if (lb_vip_is_l3dsr_sticky (vip))
dpo_type = lbm->dpo_l3dsr_sticky_type;
else if (lb_vip_is_l3dsr_port_sticky (vip))
dpo_type = lbm->dpo_l3dsr_port_sticky_type;
else if (lb_vip_is_nat4_port_sticky (vip))
dpo_type = lbm->dpo_nat4_port_sticky_type;
else if (lb_vip_is_nat6_port_sticky (vip))
dpo_type = lbm->dpo_nat6_port_sticky_type;
dpo_set(&dpo, dpo_type, proto, *vip_prefix_index);
fib_table_entry_special_dpo_add(0,
@@ -1406,22 +1318,6 @@ lb_as_stack (lb_as_t *as)
dpo_type = lbm->dpo_nat4_port_type;
else if (lb_vip_is_nat6_port(vip))
dpo_type = lbm->dpo_nat6_port_type;
else if (lb_vip_is_gre4_sticky (vip))
dpo_type = lbm->dpo_gre4_sticky_type;
else if (lb_vip_is_gre6_sticky (vip))
dpo_type = lbm->dpo_gre6_sticky_type;
else if (lb_vip_is_gre4_port_sticky (vip))
dpo_type = lbm->dpo_gre4_port_sticky_type;
else if (lb_vip_is_gre6_port_sticky (vip))
dpo_type = lbm->dpo_gre6_port_sticky_type;
else if (lb_vip_is_l3dsr_sticky (vip))
dpo_type = lbm->dpo_l3dsr_sticky_type;
else if (lb_vip_is_l3dsr_port_sticky (vip))
dpo_type = lbm->dpo_l3dsr_port_sticky_type;
else if (lb_vip_is_nat4_port_sticky (vip))
dpo_type = lbm->dpo_nat4_port_sticky_type;
else if (lb_vip_is_nat6_port_sticky (vip))
dpo_type = lbm->dpo_nat6_port_sticky_type;
dpo_stack(dpo_type,
lb_vip_is_ip4(vip->type)?DPO_PROTO_IP4:DPO_PROTO_IP6,
@@ -1523,22 +1419,6 @@ lb_init (vlib_main_t * vm)
lb_dpo_nat4_port_nodes);
lbm->dpo_nat6_port_type = dpo_register_new_type(&lb_vft,
lb_dpo_nat6_port_nodes);
lbm->dpo_gre4_sticky_type =
dpo_register_new_type (&lb_vft, lb_dpo_gre4_sticky_nodes);
lbm->dpo_gre6_sticky_type =
dpo_register_new_type (&lb_vft, lb_dpo_gre6_sticky_nodes);
lbm->dpo_gre4_port_sticky_type =
dpo_register_new_type (&lb_vft, lb_dpo_gre4_port_sticky_nodes);
lbm->dpo_gre6_port_sticky_type =
dpo_register_new_type (&lb_vft, lb_dpo_gre6_port_sticky_nodes);
lbm->dpo_l3dsr_sticky_type =
dpo_register_new_type (&lb_vft, lb_dpo_l3dsr_sticky_nodes);
lbm->dpo_l3dsr_port_sticky_type =
dpo_register_new_type (&lb_vft, lb_dpo_l3dsr_port_sticky_nodes);
lbm->dpo_nat4_port_sticky_type =
dpo_register_new_type (&lb_vft, lb_dpo_nat4_port_sticky_nodes);
lbm->dpo_nat6_port_sticky_type =
dpo_register_new_type (&lb_vft, lb_dpo_nat6_port_sticky_nodes);
lbm->fib_node_type = fib_node_register_new_type ("lb", &lb_fib_node_vft);
//Init AS reference counters
src/plugins/lb/lb.h
+8 -69
View File
@@ -353,94 +353,41 @@ typedef struct {
/* clang-format off */
#define lb_vip_is_gre4(vip) (((vip)->type == LB_VIP_TYPE_IP6_GRE4 \
|| (vip)->type == LB_VIP_TYPE_IP4_GRE4) \
&& ((vip)->port == 0) \
&& !lb_vip_is_src_ip_sticky (vip))
&& ((vip)->port == 0))
#define lb_vip_is_gre6(vip) (((vip)->type == LB_VIP_TYPE_IP6_GRE6 \
|| (vip)->type == LB_VIP_TYPE_IP4_GRE6) \
&& ((vip)->port == 0) \
&& !lb_vip_is_src_ip_sticky (vip))
&& ((vip)->port == 0))
#define lb_vip_is_gre4_port(vip) (((vip)->type == LB_VIP_TYPE_IP6_GRE4 \
|| (vip)->type == LB_VIP_TYPE_IP4_GRE4) \
&& ((vip)->port != 0) \
&& !lb_vip_is_src_ip_sticky (vip))
&& ((vip)->port != 0))
#define lb_vip_is_gre6_port(vip) (((vip)->type == LB_VIP_TYPE_IP6_GRE6 \
|| (vip)->type == LB_VIP_TYPE_IP4_GRE6) \
&& ((vip)->port != 0) \
&& !lb_vip_is_src_ip_sticky (vip))
&& ((vip)->port != 0))
/* clang-format on */
#define lb_vip_is_gre4_sticky(vip) \
(((vip)->type == LB_VIP_TYPE_IP6_GRE4 || \
(vip)->type == LB_VIP_TYPE_IP4_GRE4) && \
((vip)->port == 0) && lb_vip_is_src_ip_sticky (vip))
#define lb_vip_is_gre6_sticky(vip) \
(((vip)->type == LB_VIP_TYPE_IP6_GRE6 || \
(vip)->type == LB_VIP_TYPE_IP4_GRE6) && \
((vip)->port == 0) && lb_vip_is_src_ip_sticky (vip))
#define lb_vip_is_gre4_port_sticky(vip) \
(((vip)->type == LB_VIP_TYPE_IP6_GRE4 || \
(vip)->type == LB_VIP_TYPE_IP4_GRE4) && \
((vip)->port != 0) && lb_vip_is_src_ip_sticky (vip))
#define lb_vip_is_gre6_port_sticky(vip) \
(((vip)->type == LB_VIP_TYPE_IP6_GRE6 || \
(vip)->type == LB_VIP_TYPE_IP4_GRE6) && \
((vip)->port != 0) && lb_vip_is_src_ip_sticky (vip))
always_inline bool
lb_vip_is_l3dsr(const lb_vip_t *vip)
{
return (vip->type == LB_VIP_TYPE_IP4_L3DSR && vip->port == 0 &&
!lb_vip_is_src_ip_sticky (vip));
return (vip->type == LB_VIP_TYPE_IP4_L3DSR && vip->port == 0);
}
always_inline bool
lb_vip_is_l3dsr_port(const lb_vip_t *vip)
{
return (vip->type == LB_VIP_TYPE_IP4_L3DSR && vip->port != 0 &&
!lb_vip_is_src_ip_sticky (vip));
return (vip->type == LB_VIP_TYPE_IP4_L3DSR && vip->port != 0);
}
always_inline bool
lb_vip_is_nat4_port(const lb_vip_t *vip)
{
return (vip->type == LB_VIP_TYPE_IP4_NAT4 && vip->port != 0 &&
!lb_vip_is_src_ip_sticky (vip));
return (vip->type == LB_VIP_TYPE_IP4_NAT4 && vip->port != 0);
}
always_inline bool
lb_vip_is_nat6_port(const lb_vip_t *vip)
{
return (vip->type == LB_VIP_TYPE_IP6_NAT6 && vip->port != 0 &&
!lb_vip_is_src_ip_sticky (vip));
}
always_inline bool
lb_vip_is_l3dsr_sticky (const lb_vip_t *vip)
{
return (vip->type == LB_VIP_TYPE_IP4_L3DSR && vip->port == 0 &&
lb_vip_is_src_ip_sticky (vip));
}
always_inline bool
lb_vip_is_l3dsr_port_sticky (const lb_vip_t *vip)
{
return (vip->type == LB_VIP_TYPE_IP4_L3DSR && vip->port != 0 &&
lb_vip_is_src_ip_sticky (vip));
}
always_inline bool
lb_vip_is_nat4_port_sticky (const lb_vip_t *vip)
{
return (vip->type == LB_VIP_TYPE_IP4_NAT4 && vip->port != 0 &&
lb_vip_is_src_ip_sticky (vip));
}
always_inline bool
lb_vip_is_nat6_port_sticky (const lb_vip_t *vip)
{
return (vip->type == LB_VIP_TYPE_IP6_NAT6 && vip->port != 0 &&
lb_vip_is_src_ip_sticky (vip));
return (vip->type == LB_VIP_TYPE_IP6_NAT6 && vip->port != 0);
}
format_function_t format_lb_vip;
@@ -600,14 +547,6 @@ typedef struct {
dpo_type_t dpo_l3dsr_port_type;
dpo_type_t dpo_nat4_port_type;
dpo_type_t dpo_nat6_port_type;
dpo_type_t dpo_gre4_sticky_type;
dpo_type_t dpo_gre6_sticky_type;
dpo_type_t dpo_gre4_port_sticky_type;
dpo_type_t dpo_gre6_port_sticky_type;
dpo_type_t dpo_l3dsr_sticky_type;
dpo_type_t dpo_l3dsr_port_sticky_type;
dpo_type_t dpo_nat4_port_sticky_type;
dpo_type_t dpo_nat6_port_sticky_type;
/**
* Node type for registering to fib changes.
*/
src/plugins/lb/node.c
+66 -280
View File
File diff suppressed because it is too large Load Diff
test/test_lb.py
+32
View File
@@ -403,6 +403,29 @@ class TestLB(VppTestCase):
self.vapi.cli("lb vip 90.0.0.0/8 encap l3dsr dscp 7 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_l3dsr_src_ip_sticky(self):
"""Load Balancer IP4 L3DSR on vip with src_ip_sticky case"""
try:
self.vapi.cli("lb vip 90.0.0.0/8 encap l3dsr dscp 7 src_ip_sticky")
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 10.0.0.%u" % (asid))
# Generate duplicated packets
pkts = self.generatePackets(self.pg0, isv4=True)
pkts = pkts[: len(pkts) // 2]
pkts = pkts + pkts
self.pg0.add_stream(pkts)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="l3dsr", isv4=True, src_ip_sticky=True)
finally:
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 10.0.0.%u del" % (asid))
self.vapi.cli("lb vip 90.0.0.0/8 encap l3dsr dscp 7 src_ip_sticky del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_l3dsr_port(self):
"""Load Balancer IP4 L3DSR on per-port-vip case"""
try:
@@ -432,6 +455,12 @@ class TestLB(VppTestCase):
def test_lb_ip4_l3dsr_port_src_ip_sticky(self):
"""Load Balancer IP4 L3DSR on per-port-vip with src_ip_sticky case"""
try:
# This VIP at port 1000 does not receive packets, but is defined
# as a dummy to verify that the src_ip_sticky flag can be set
# independently for each port.
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 10000 encap l3dsr dscp 7"
)
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 20000 encap l3dsr dscp 7 src_ip_sticky"
)
@@ -458,6 +487,9 @@ class TestLB(VppTestCase):
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 20000 encap l3dsr dscp 7 src_ip_sticky del"
)
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 10000 encap l3dsr dscp 7 del"
)
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_nat4_port(self):