bfd: Support overlay BFD

Current OVS intercepts and processes all BFD packets, thus VM-2-VM BFD packets get lost and the recipient VM never sees them. This patch fixes it by only intercepting and processing BFD packets destined to a configured BFD instance, and other BFD packets are made available to the OVS flow table for forwarding. This patch keeps BFD's backward compatibility. VMware-BZ: #2579326 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Signed-off-by: William Tu <u9012063@gmail.com>
2025-08-22 01:51:26 +00:00 · 2020-07-27 12:27:23 -07:00 · 2020-07-27 12:27:23 -07:00 · b793a65c16
commit b793a65c16
parent 5e06e7ac99
3 changed files with 52 additions and 3 deletions
--- a/lib/bfd.c
+++ b/lib/bfd.c
@ -149,6 +149,9 @@ BUILD_ASSERT_DECL(BFD_PACKET_LEN == sizeof(struct msg));
 #define FLAGS_MASK 0x3f
 #define DEFAULT_MULT 3

+#define BFD_DEFAULT_SRC_IP 0xA9FE0101 /* 169.254.1.1 */
+#define BFD_DEFAULT_DST_IP 0xA9FE0100 /* 169.254.1.0 */
+
 struct bfd {
    struct hmap_node node;        /* In 'all_bfds'. */
    uint32_t disc;                /* bfd.LocalDiscr. Key in 'all_bfds' hmap. */
@ -457,9 +460,9 @@ bfd_configure(struct bfd *bfd, const char *name, const struct smap *cfg,
                         &bfd->rmt_eth_dst);

    bfd_lookup_ip(smap_get_def(cfg, "bfd_src_ip", ""),
-                  htonl(0xA9FE0101) /* 169.254.1.1 */, &bfd->ip_src);
+                  htonl(BFD_DEFAULT_SRC_IP), &bfd->ip_src);
    bfd_lookup_ip(smap_get_def(cfg, "bfd_dst_ip", ""),
-                  htonl(0xA9FE0100) /* 169.254.1.0 */, &bfd->ip_dst);
+                  htonl(BFD_DEFAULT_DST_IP), &bfd->ip_dst);

    forwarding_if_rx = smap_get_bool(cfg, "forwarding_if_rx", false);
    if (bfd->forwarding_if_rx != forwarding_if_rx) {
@ -674,7 +677,14 @@ bfd_should_process_flow(const struct bfd *bfd_, const struct flow *flow,
        memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto);
        if (flow->nw_proto == IPPROTO_UDP
            && !(flow->nw_frag & FLOW_NW_FRAG_LATER)
-            && tp_dst_equals(flow, BFD_DEST_PORT, wc)) {
+            && tp_dst_equals(flow, BFD_DEST_PORT, wc)
+            && (bfd->ip_src == htonl(BFD_DEFAULT_SRC_IP)
+                || bfd->ip_src == flow->nw_dst)) {
+
+            if (bfd->ip_src == flow->nw_dst) {
+                memset(&wc->masks.nw_dst, 0xffffffff, sizeof wc->masks.nw_dst);
+            }
+
            bool check_tnl_key;

            atomic_read_relaxed(&bfd->check_tnl_key, &check_tnl_key);
--- a/tests/bfd.at
+++ b/tests/bfd.at
@ -1101,3 +1101,35 @@ BFD_CHECK_MULT([p1], [3], [3])

 OVS_VSWITCHD_STOP
 AT_CLEANUP
+
+AT_SETUP([bfd - overlay])
+OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=gre \
+                    options:remote_ip=2.2.2.2 ofport_request=1 -- \
+                    set interface p1 bfd:enable=true bfd:bfd_src_ip=2.2.2.1 -- \
+                    set bridge br0 fail-mode=standalone])
+
+# Userspace slow path handles normal BFD packets.
+AT_CHECK([ovs-appctl ofproto/trace --l7-len 0 ovs-dummy 'tunnel(tun_id=0x0,src=2.2.2.2,dst=2.2.2.1,tos=0x0,ttl=64,tp_src=0,tp_dst=0,flags()),in_port(1),skb_mark(0/0),eth(src=00:11:22:33:44:55,dst=00:23:20:00:00:01),eth_type(0x0800),ipv4(src=2.2.2.2/0.0.0.0,dst=2.2.2.1/0.0.0.0,proto=17/0xff,tos=0/0,ttl=255/0,frag=no),udp(src=49152/0,dst=3784/0xffff)' -generate], [0], [stdout])
+# check that the packet should be handled as BFD packet.
+AT_CHECK([tail -2 stdout], [0], [dnl
+This flow is handled by the userspace slow path because it:
+  - Consists of BFD packets.
+], [])
+
+# Userspace slow path won't handle overlay BFD packets. Instead, other OVS flows, if configured, will handle them.
+AT_CHECK([ovs-appctl ofproto/trace --l7-len 0 ovs-dummy 'tunnel(tun_id=0x0,src=2.2.2.2,dst=2.2.2.1,tos=0x0,ttl=64,tp_src=0,tp_dst=0,flags()),in_port(1),skb_mark(0/0),eth(src=00:11:22:33:44:66,dst=00:23:20:00:00:77),eth_type(0x0800),ipv4(src=192.168.2.2/0.0.0.0,dst=192.168.2.1/0.0.0.0,proto=17/0xff,tos=0/0,ttl=255/0,frag=no),udp(src=49152/0,dst=3784/0xffff)' -generate], [0], [stdout])
+AT_CHECK([tail -10 stdout], [0], [dnl
+bridge("br0")
+-------------
+ 0. priority 0
+    NORMAL
+     -> learned that 00:11:22:33:44:66 is on port p1 in VLAN 0
+     -> no learned MAC for destination, flooding
+
+Final flow: unchanged
+Megaflow: recirc_id=0,eth,udp,tun_id=0,tun_src=2.2.2.2,tun_dst=2.2.2.1,tun_tos=0,tun_flags=-df-csum+key,in_port=1,dl_src=00:11:22:33:44:66,dl_dst=00:23:20:00:00:77,nw_frag=no,tp_dst=3784
+Datapath actions: 100
+], [])
+
+OVS_VSWITCHD_STOP
+AT_CLEANUP
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@ -3670,6 +3670,13 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
        optional Authentication or ``Echo Mode'' features.
      </p>

+      <p>
+        OVS 2.13 and earlier intercepted and processed all BFD packets.
+        OVS 2.14 and later only intercept and process BFD packets destined
+        to a configured BFD instance, and other BFD packets are made available
+        to the OVS flow table for forwarding.
+      </p>
+
      <group title="BFD Configuration">
        <p>
          A controller sets up key-value pairs in the <ref column="bfd"/>