Older versions of Open vSwitch supported a management protocol based on
OpenFlow message framing. The current Open vSwitch instead uses the
OVSDB protocol for the same purposes. We don't plan to support this older
protocol any longer, so this commit deletes support.
This commit also deletes the management_id column from the vswitch's
database schema. The management_id was used by the older management
protocol to match up OpenFlow switch connections to management connections,
but the current implementation instead matches up connections based on
the datapath IDs exported by the configuration database. In fact, the
OpenFlow connections had no way to actually export the management ID, so
this just deletes code that was essentially without function anyhow.
This brings over some features that were added to the netdev interface,
most notably the separation between the name and the type. In addition
to being cleaner, this also avoids problems where it is expected that
the local port has the same name as the datapath.
This builds on earlier work that implemented netdev object refcounting.
However, rather than requiring explicit create and destroy calls,
these operations are now performed automatically based on the referenece
count. This is important because in certain situations it is not
possible to know whether a netdev has already been created. A
workaround existed (which looked fairly similar to this paradigm) but
introduced it's own issues. This simplifies and unifies the API.
This reduces the amount of redundancy in the source tree, by making all of
the current implementations of a vconn simply delegate to the "stream"
abstraction.
At one point Nicira had deployment plans for which adding a remote command
execution feature to the OpenFlow stack made a lot of sense. We no longer
have those plans, as far as I know, and leaving the feature in seems like
a huge potential security hole. So this commit blows away the entire
feature.
Until now the ovsdb-based vswitch has provided no way to know when it has
finished applying the configuration from the database. This commit
introduces a way:
* The client who wants to wait increments the "next_cfg" column of the
Open_vSwitch record.
* When ovs-vswitchd finishes reconfiguring, it sets the value of the
"cur_cfg" column to that of the "next_cfg" column.
* The client waits until the "cur_cfg" column is at least as great as
the value it set into "next_cfg".
This allows us to drop the 5-second sleep in interface-reconfigure.
ovs-vswitchd needs to choose a sensible MAC address for the local port of
a bridge. Until now, the algorithm has ignored certain interfaces, in
particular internal interfaces and those with the MAC addresses that
indicate that they are probably Xen VIFs. The goal is to choose a physical
interface's MAC address because this is more stable and more likely to
be meaningful to the outside world. Stability, in turn, is important
because the MAC address of the local port is used as the default datapath
ID for OpenFlow connections.
This existing algorithm was too specialized to work well with the new
kinds of ports that we have been introducing in OVS. In particular,
GRE ports could be chosen as the MAC address. This commit changes the
algorithm for choosing the local port MAC address. Now it ignores any
interface that has the "local" bit set in its MAC address, which
catches GRE ports. The new rule also catches the VIF and internal
port cases, so this commit also deletes those special cases.
This commit deleted the only user of eth_addr_is_vif(), so it deletes
that function also.
Jesse Gross suggested this revised heuristic.
CC: Jeremy Stribling <strib@nicira.com>
Now ovs-vswitchd fills in the Interface ofport and Bridge datapath_id
fields when it reconfigures.
The existing Bridge datapath_id and hwaddr columns, which had surprising
meanings, have been banished to a new other_config column.
Connecting to a controller requires the vswitch to have a local port
(typically named the same as the bridge itself). Before the introduction
of ovsdb ovs-vswitchd simply added the local port itself if it was missing.
This was not properly implemented with the ovsdb transition, and a segfault
resulted. This commit avoids the segfault, although it should possibly
be improved to also add the local port, as before.
CC: Jeremy Stribling <strib@nicira.com>
This implements the userspace portion of GRE on Linux. It communicates
with the kernel module to setup tunnels using either Netlink or ioctls
as appropriate based on the kernel version.
Significant portions of this commit were actually written by
Justin Pettit.
This fixes a bug originally introduced in commit 763435 "vswitchd:
Initial conversion to database-based configuration." The bug
reversed a less than operator when setting the active timeout field.
Also add a warning if the timeout is set to an invalid value.
CC: Glen Gibb <grg@stanford.edu>
bridge_create() can return a null pointer if creating the bridge fails, so
check for that and don't dereference it in that case.
Thank to Jeremy Stribling for reporting the problem.
ovs-vswitchd has never supported spanning tree protocol, but there was
nevertheless a considerable amount of code that provided a framework for
supporting it.
This commit deletes this code, since we have no plans to introduce STP
support soon.
This change adds netdev_create() and netdev_destroy() functions to allow
the creation of network devices through the netdev library. Previously,
network devices had to already exist or be created on demand through
netdev_open(). This caused problems such as not being able to specify
TAP devices as ports in ovs-vswitchd, which this patch fixes.
This also lays the groundwork for adding GRE and VDE support.
This first stab at any interface definition language and compiler for OVSDB
will give other developers a chance to look at it and try to integrate it.
The IDL is not actually implemented yet; I am working on that.
This function combines what dpif_create() and dpif_open() do. It allows
us to factor a tiny amount of code out of the vswitch, but more importantly
this function is also useful in the following commit.
A function call using in_port was accidentally moved before the check
to see if it is null. in_port can be null if a port was deleted but
an update is still pending. This moves the call after the check.
Bug #2313
Update the learning table to keep it current with flows actually
going through the datapath. This ensures that entries do not age
out when they are actively being used.
Feature #2209
RSPAN does not work properly unless MAC learning for the VLAN is
disabled on all switches between the origin and monitoring point.
This allows learning to be disabled on a given VLAN so vSwitch can
acts as an intermediate switch.
Feature #2136
The bridge nominally allowed the MAC learning module to not be enabled
though in reality it was always used. Tracking active MAC addresses
in the bridge is useful for other reasons besides deciding the output
port - primarily for bonding. In addition there were several bugs
that would have been triggered had learning actually been disabled since
that code path is never tested. This makes it explicit that the learning
table should be maintained at all times.
If all slaves on a bond are down but some are waiting for an updelay,
enable the slave with the shortest amount of delay remaining. This
would already occur if all other slaves were disabled at the time the
delay was to begin but not if a delay was already in progress. This
also immediately sends learning packets out in both situations, which
prevents incoming packets to disabled slaves from being blackholed.
CC: Danny Wannagat <Danny.Wannagat@eu.citrix.com>
Previously NetFlow expiration messages always contained 0 as the
output interface index. This changes that to report the OpenFlow
interface instead.
Feature #1202
This merge took a little bit of care due to two issues:
- Crossport of "interface-reconfigure" fixes from master back to
citrix that had happened and needed to be canceled out of the merge.
- New script "refresh-xs-network-uuids" added on citrix branch that
needed to be moved from /root/vswitch/scripts to
/usr/share/vswitch/scripts.
When revalidating NORMAL flows we consult the learning table, which
could be empty if a packet hasn't come to userspace in a while or we
just did a bridge flush. If there is no learning entry then existing
flows will begin flooding packets until a new flow is setup. The
problem is worse with bonding because we can receive one of the flooded
packets back on a bond slave and learn that port, causing us to send
traffic to the wrong location.
Previously when deciding whether to migrate a hash between slaves
we would never move it if it would cause more load on the new slave
than the old. This could lead to a situation where the slaves would
be imbalanced but no migration would occur since it would flip the
load. This will do the migration if it will decrease the ratio.
Bug NIC-49
Drop packets received on a bond port if we have learned a different
source port for that MAC. We were already doing this for multicast
packets but extend the logic to unicast packets as well since the
same situation can occur if the connected switch has not learned the
MAC address and is flooding. Otherwise vSwitch will learn the bond
port as the source of that MAC.
Bug #2167
We check that a packet is not sent out the on the in port on the
same VLAN when performing RSPAN. However, we were comparing the
vlan tag from a packet after implicit tagging with a tag from
before implicit tagging. This ensures that we always compare them
before such tagging.
In order to avoid loops we check that the input and output ports
are not equal. When selecting mirror outputs for RSPAN we were
checking interfaces instead of ports. This lead to loops when
using RSPAN with bonded ports.
Bug #2118
Brings the fake bond interface up and down to match our notion of
whether the bond is currently active. This solves an issue where
XenCenter would always show the bond as disconnected.
Bug #1703
Until now the vswitch configuration file has allowed the user to configure
the MAC address on bridge local ports only. This commit adds the ability
to configure them on any internal interface.
It would be logical to extend this to any bridge port, period, but many
network devices must be brought down before their Ethernet addresses may be
changed. Bringing a network interface down and then back up can reset a
lot of state, so as we don't actually need the ability to change any bridge
port's MAC address yet this commit does not implement it.
CC: Ian Campbell <Ian.Campbell@citrix.com>