Merge "Add a static FDB entry to fabric-facing bridges"

2025-02-05 18:18:06 +00:00 · 2025-02-05 18:18:06 +00:00 · a631d050a4
commit a631d050a4
parent 37655792e1 1986ad2398
4 changed files with 30 additions and 0 deletions
--- a/ovn_bgp_agent/drivers/openstack/utils/ovs.py
+++ b/ovn_bgp_agent/drivers/openstack/utils/ovs.py
@ -241,6 +241,12 @@ def del_flow(flow, bridge, cookie):
        ['--strict', 'del-flows', bridge, f])


+def add_fdb_entry(bridge: str, port: str, mac: str, vlan: int = 0):
+    ovn_bgp_agent.privileged.ovs_vsctl.ovs_appctl(
+        ['fdb/add', bridge, port, str(vlan), mac]
+    )
+
+
 def get_flow_info(flow):
    # example:
    # cookie=0x3e7, duration=85.005s, table=0, n_packets=0,
--- a/ovn_bgp_agent/drivers/openstack/utils/wire.py
+++ b/ovn_bgp_agent/drivers/openstack/utils/wire.py
@ -266,6 +266,7 @@ def _ensure_base_wiring_config_ovn(ovs_idl, ovn_idl):
            # External Bridge connecting to the external networks
            _ensure_ovn_network_link_external(ovn_idl, network, ip, mac)
            _ensure_ingress_flows(bridge, mac, network, provider_cidrs)
+            _ensure_fdb_entry(bridge, mac)

    return ovn_bridge_mappings, flows_info

@ -482,6 +483,18 @@ def _ensure_ingress_flows(bridge, mac, switch_name, provider_cidrs):
        ovs.ensure_flow(bridge, flow)


+def _ensure_fdb_entry(bridge, mac):
+    """Ensure static FDB entries for internal ports of a fabric bridge.
+
+    Fabric-facing bridges need to have a static MAC entry to avoid dynamic
+    re-learning in their FDB as this will lead to drop flows being generated
+    by OVS due to flow table misses.
+    """
+    # The bridge name is also the name of its internal port. The MAC address
+    # is the MAC address of the bridge itself.
+    ovs.add_fdb_entry(bridge, bridge, mac, 0)
+
+
 def _ensure_egress_flows(bridge, patch_ports):
    # outcomming traffic flows
    # patch=`ovs-ofctl show br-provider | grep patch | grep provnet |
--- a/ovn_bgp_agent/privileged/ovs_vsctl.py
+++ b/ovn_bgp_agent/privileged/ovs_vsctl.py
@ -42,3 +42,7 @@ def ovs_ofctl(args, timeout=None):
        return ovs_cmd('ovs-ofctl', args, timeout)
    except processutils.ProcessExecutionError:
        return ovs_cmd('ovs-ofctl', args + ['-O', 'OpenFlow13'], timeout)
+
+
+def ovs_appctl(args):
+    return ovs_cmd('ovs-appctl', args)
--- a/ovn_bgp_agent/tests/unit/privileged/test_ovs_vsctl.py
+++ b/ovn_bgp_agent/tests/unit/privileged/test_ovs_vsctl.py
@ -103,3 +103,10 @@ class TestPrivilegedOvsVsctl(test_base.TestCase):
                 mock.call('ovs-ofctl', 'add-flow', 'br-ex', 'dummy-flow',
                           '-O', 'OpenFlow13')]
        self.mock_exc.assert_has_calls(calls)
+
+    def test_ovs_appctl(self):
+        ovs_vsctl.ovs_appctl(
+            ['fdb/add', 'br-fabric', 'br-fabric', '0', 'de:ad:be:ef:ca:fe'])
+        self.mock_exc.assert_called_once_with(
+            'ovs-appctl', 'fdb/add', 'br-fabric', 'br-fabric',
+            '0', 'de:ad:be:ef:ca:fe')