-
Notifications
You must be signed in to change notification settings - Fork 255
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix load balanced hairpin traffic for fragmented packets.
If we have a UDP load balancer - 10.0.0.10:80 = 10.0.0.3:8080, in order to determine if the load balanced traffic needs to be hairpinned, the vip - 10.0.0.10 and the vip port - 80 are stored in the registers before the packet is load balanced using the below logical flow - table=6 (ls_in_pre_stateful ), priority=120 , match=(reg0[2] == 1 && ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(reg1 = 10.0.0.10; reg2[0..15] = 80; ct_lb_mark;) These registers are used in the later stages to check if the load balanced packet needs to be hairpinned or not. However, if the packet is fragmented we may not be able to match on the L4 fields (tcp, udp or sctp dest port) and this breaks the hairpin traffic. This patch addressed this issue by making use of ct_nw_dst/ct_ip6_dst and ct_tp_dst conntrack fields to determine the hairpin load balanced traffic. In order to not break hardware offload on certain smart nics, care is taken to match on these fields only for fragmented packets. Note: Relying on conntrack to reassemble packets is not exactly correct, it only accidentaly works with the kernel datapath. In our internal bug tracking system we have this issue to track this incorrect assumption: https://issues.redhat.com/browse/FDP-913 Reported-at: https://issues.redhat.com/browse/FDP-905 Fixes: 1139b65 ("Don't blindly save original dst IP and Port to avoid megaflow unwildcarding.") Acked-by: Dumitru Ceara <[email protected]> Suggested-by: Dumitru Ceara <[email protected]> Signed-off-by: Numan Siddique <[email protected]> (cherry picked from commit 0f806cf)
- Loading branch information
1 parent
e5b428e
commit 0e2fb83
Showing
14 changed files
with
513 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.