noironetworks / opflex / 1584
79%
master: 68%

LAST BUILD BRANCH: drop-log-redirect-args
DEFAULT BRANCH: master
Ran
Jobs 1
Files 271
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
1584

push

travis-ci-com

Madhu Challa 
Bypass secgrp when backend reaches its service

- Connection tracking in security groups will drop the mirrored
  ingress packet unless ingress rules are configured and its non
  intuitive to add ingress allow for just this case.
- Bypass done via a separate table right after drop log table=0
  whenever the src and dst pairs match service ip and its backend ip
- This is done so that later conntrack code can skip this table
  when recirculating and secondly we only need to populate output
  register for this case.
- In order to avoid the complexity of subscribing to service updates
  and the ordering of svc and ep updates a new section is added
  to the EP file "service-ip" an array of services the ep is
  a backend to.
- We use these ips to populate the flows with a uuid of the ep
  that will change as the ep file changes.
- Host agent will populate this section when an ep is a backend
  to a service

New flows for this bypass table look like this:
 4(pa-vethd3b789d9): addr:72:0d:48:eb:00:18
 5(vethd3b789d9): addr:26:5e:f8:1d:5f:54
 - Without VLAN
 cookie=0x0, duration=288.541s, table=1, n_packets=12, n_bytes=1359, priority=10,ip,in_port=vethd3b789d9,vlan_tci=0x0000/0x1fff,nw_src=11.3.56.67,nw_dst=10.100.25.118 actions=load:0x4->NXM_NX_REG7[],goto_table:5
 cookie=0x0, duration=681.139s, table=1, n_packets=12, n_bytes=1359, priority=10,ip,in_port="pa-vethd3b789d9",nw_src=10.100.25.118,nw_dst=11.3.56.67 actions=load:0x5->NXM_NX_REG7[],goto_table:5

 - With VLAN
 cookie=0x0, duration=8.238s, table=1, n_packets=0, n_bytes=0, priority=10,ip,in_port=vethd3b789d9,dl_vlan=4094,nw_src=11.3.56.67,nw_dst=10.100.25.118 actions=load:0x4->NXM_NX_REG7[],write_metadata:0x1/0xff,goto_table:5 // POP_VLAN
 cookie=0x0, duration=329.214s, table=1, n_packets=0, n_bytes=0, priority=10,ip,in_port="pa-vethd3b789d9",nw_src=10.100.25.118,nw_dst=11.3.56.67 actions=load:0x5->NXM_NX_REG7[],load:0xffe->NXM_NX_REG5[],write_metadata:0x2/0xff,goto_table:5 // PUSH_VLAN

- Took care of ... (continued)

22174 of 27959 relevant lines covered (79.31%)

3639.3 hits per line

Jobs
ID Job ID Ran Files Coverage
1 1584.1 (TEST_SUITE=travis-build.sh) 271
79.31
 Travis Job 1584.1
Source Files on build 1584