Merge pull request #5334 from trozet/fix_fdb_learning

Fixes FDB learning and usage of NORMAL action

Author: trozet

go-controller/pkg/node/gateway.go

@@ -424,6 +424,11 @@ func gatewayInitInternal(nodeName, gwIntf, egressGatewayIntf string, gwNextHops
 		}
 	}
 
+	// Set static FDB entry for LOCAL port
+	if err := util.SetStaticFDBEntry(gatewayBridge.bridgeName, gatewayBridge.bridgeName, gatewayBridge.macAddress); err != nil {
+		return nil, nil, err
+	}
+
 	l3GwConfig := util.L3GatewayConfig{
 		Mode:           config.Gateway.Mode,
 		ChassisID:      chassisID,

go-controller/pkg/node/gateway_init_linux_test.go

@@ -195,6 +195,9 @@ func shareGatewayInterfaceTest(app *cli.App, testNS ns.NetNS,
 			Cmd:    "ovs-vsctl --timeout=15 --if-exists get Open_vSwitch . other_config:hw-offload",
 			Output: fmt.Sprintf("%t", hwOffload),
 		})
+		fexec.AddFakeCmdsNoOutputNoError([]string{
+			"ovs-appctl --timeout=15 fdb/add breth0 breth0 0 " + eth0MAC,
+		})
 		fexec.AddFakeCmd(&ovntest.ExpectedCmd{
 			Cmd:    "ovs-vsctl --timeout=15 get Interface patch-breth0_node1-to-br-int ofport",
 			Output: "5",
@@ -633,6 +636,9 @@ func shareGatewayInterfaceDPUTest(app *cli.App, testNS ns.NetNS,
 			Cmd:    "ovs-vsctl --timeout=15 --if-exists get Open_vSwitch . other_config:hw-offload",
 			Output: "false",
 		})
+		fexec.AddFakeCmdsNoOutputNoError([]string{
+			fmt.Sprintf("ovs-appctl --timeout=15 fdb/add %s %s 0 %s", brphys, brphys, hostMAC),
+		})
 		// GetDPUHostInterface
 		fexec.AddFakeCmd(&ovntest.ExpectedCmd{
 			Cmd:    "ovs-vsctl --timeout=15 list-ports " + brphys,
@@ -1086,6 +1092,9 @@ OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0`
 			Cmd:    "ovs-vsctl --timeout=15 --if-exists get Open_vSwitch . other_config:hw-offload",
 			Output: "false",
 		})
+		fexec.AddFakeCmdsNoOutputNoError([]string{
+			"ovs-appctl --timeout=15 fdb/add breth0 breth0 0 " + eth0MAC,
+		})
 		fexec.AddFakeCmd(&ovntest.ExpectedCmd{
 			Cmd:    "ovs-vsctl --timeout=15 get Interface patch-breth0_node1-to-br-int ofport",
 			Output: "5",

go-controller/pkg/node/gateway_shared_intf.go

@@ -1897,10 +1897,10 @@ func commonFlows(hostSubnets []*net.IPNet, bridge *bridgeConfiguration) ([]strin
 		for _, netConfig := range bridge.patchedNetConfigs() {
 			actions += "output:" + netConfig.ofPortPatch + ","
 		}
-		actions += strip_vlan + "output:" + ofPortHost
+		actions += strip_vlan + "NORMAL"
 		dftFlows = append(dftFlows,
-			fmt.Sprintf("cookie=%s, priority=10, table=0, in_port=%s, %s dl_dst=%s, actions=%s",
-				defaultOpenFlowCookie, ofPortPhys, match_vlan, bridgeMacAddress, actions))
+			fmt.Sprintf("cookie=%s, priority=10, table=0, %s dl_dst=%s, actions=%s",
+				defaultOpenFlowCookie, match_vlan, bridgeMacAddress, actions))
 	}
 
 	// table 0, check packets coming from OVN have the correct mac address. Low priority flows that are a catch all

go-controller/pkg/node/gateway_udn_test.go

@@ -171,6 +171,9 @@ func setUpGatewayFakeOVSCommands(fexec *ovntest.FakeExec) {
 		Cmd:    "ovs-vsctl --timeout=15 --if-exists get Open_vSwitch . other_config:hw-offload",
 		Output: "false",
 	})
+	fexec.AddFakeCmdsNoOutputNoError([]string{
+		"ovs-appctl --timeout=15 fdb/add breth0 breth0 0 00:00:00:55:66:99",
+	})
 	fexec.AddFakeCmd(&ovntest.ExpectedCmd{
 		Cmd:    "ovs-vsctl --timeout=15 get Interface patch-breth0_worker1-to-br-int ofport",
 		Output: "5",

go-controller/pkg/util/ovs.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"net"
 	"regexp"
 	"runtime"
 	"strings"
@@ -819,6 +820,18 @@ func DetectCheckPktLengthSupport(bridge string) (bool, error) {
 	return false, nil
 }
 
+// SetStaticFDBEntry programs a static MAC entry into the OVS FIB and disables MAC learning for this entry
+func SetStaticFDBEntry(bridge, port string, mac net.HardwareAddr) error {
+	// Assume default VLAN for local port
+	vlan := "0"
+	stdout, stderr, err := RunOVSAppctl("fdb/add", bridge, port, vlan, mac.String())
+	if err != nil {
+		return fmt.Errorf("failed to add FDB entry to OVS for LOCAL port, "+
+			"stdout: %q, stderr: %q, error: %v", stdout, stderr, err)
+	}
+	return nil
+}
+
 // IsOvsHwOffloadEnabled checks if OvS Hardware Offload is enabled.
 func IsOvsHwOffloadEnabled() (bool, error) {
 	stdout, stderr, err := RunOVSVsctl("--if-exists", "get",