noironetworks / opflex / 1576
79%
master: 68%

LAST BUILD BRANCH: coveralls
DEFAULT BRANCH: master
Ran
Jobs 1
Files 271
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
1576

push

travis-ci-com

Madhu Challa 
Bypass secgrp when backend reaches its service

- Connection tracking in security groups will drop the mirrored
  ingress packet unless ingress rules are configured and its non
  intuitive to add ingress allow for just this case.
- Bypass done via a separate table right after drop log table=0
  whenever the src and dst pairs match service ip and its backend ip
- This is done so that later conntrack code can skip this table
  when recirculating and secondly we only need to populate output
  register for this case.
- In order to avoid the complexity of subscribing to service updates
  and the ordering of svc and ep updates a new section is added
  to the EP file "service-ip" an array of services the ep is
  a backend to.
- We use these ips to populate the flows with a uuid of the ep
  that will change as the ep file changes.
- Host agent will populate this section when an ep is a backend
  to a service

New flows for this bypass table look like this:

 cookie=0x0, duration=237.465s, table=1, n_packets=23, n_bytes=2652, priority=10,ip,in_port="pa-vethd3b789d9",nw_src=10.100.25.118,nw_dst=11.3.56.67 actions=load:0x5->NXM_NX_REG7[],goto_table:5
 cookie=0x0, duration=237.464s, table=1, n_packets=23, n_bytes=2652, priority=10,ip,in_port=vethd3b789d9,nw_src=11.3.56.67,nw_dst=10.100.25.118 actions=load:0x3->NXM_NX_REG7[],goto_table:5
 cookie=0x0, duration=509.304s, table=1, n_packets=155, n_bytes=15895, priority=1 actions=goto_table:2
 cookie=0x4000000000000000, duration=509.304s, table=1, n_packets=0, n_bytes=0, send_flow_rem priority=0 actions=move:NXM_NX_REG0[]->NXM_NX_TUN_METADATA0[0..31],move:NXM_NX_REG1[]->NXM_NX_TUN_METADATA1[0..31],move:NXM_NX_REG2[]->NXM_NX_TUN_METADATA2[0..31],move:NXM_NX_REG3[]->NXM_NX_TUN_METADATA3[0..31],move:NXM_NX_REG4[]->NXM_NX_TUN_METADATA4[0..31],move:NXM_NX_REG5[]->NXM_NX_TUN_METADATA5[0..31],move:NXM_NX_REG6[]->NXM_NX_TUN_METADATA6[0..31],move:NXM_NX_REG7[]->NXM_NX_TUN_METADATA7[0..31],move:NXM_NX_CT_STATE[]->NXM_NX_TUN_MET... (continued)

22174 of 27909 relevant lines covered (79.45%)

3300.66 hits per line

Jobs
ID Job ID Ran Files Coverage
1 1576.1 (TEST_SUITE=travis-build.sh) 0
79.45
 Travis Job 1576.1
Source Files on build 1576
Detailed source file information is not available for this build.