2 * Copyright (c) 2010, 2011 Nicira Networks.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
25 #include "byte-order.h"
26 #include "dynamic-string.h"
32 #include "poll-loop.h"
39 VLOG_DEFINE_THIS_MODULE(cfm);
41 #define CFM_MAX_RMPS 256
43 /* Ethernet destination address of CCM packets. */
44 static const uint8_t eth_addr_ccm[6] = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x30 };
45 static const uint8_t eth_addr_ccm_x[6] = {
46 0x01, 0x23, 0x20, 0x00, 0x00, 0x30
49 #define ETH_TYPE_CFM 0x8902
51 /* A 'ccm' represents a Continuity Check Message from the 802.1ag
52 * specification. Continuity Check Messages are broadcast periodically so that
53 * hosts can determine whom they have connectivity to.
55 * The minimum length of a CCM as specified by IEEE 802.1ag is 75 bytes.
56 * Previous versions of Open vSwitch generated 74-byte CCM messages, so we
57 * accept such messages too. */
59 #define CCM_ACCEPT_LEN 74
60 #define CCM_MAID_LEN 48
61 #define CCM_OPCODE 1 /* CFM message opcode meaning CCM. */
62 #define CCM_RDI_MASK 0x80
64 uint8_t mdlevel_version; /* MD Level and Version */
70 uint8_t maid[CCM_MAID_LEN];
72 /* Defined by ITU-T Y.1731 should be zero */
73 ovs_be16 interval_ms_x; /* Transmission interval in ms. */
74 ovs_be64 mpid64; /* MPID in extended mode. */
75 uint8_t opdown; /* Operationally down. */
80 } __attribute__((packed));
81 BUILD_ASSERT_DECL(CCM_LEN == sizeof(struct ccm));
84 char *name; /* Name of this CFM object. */
85 struct hmap_node hmap_node; /* Node in all_cfms list. */
88 bool extended; /* Extended mode. */
89 int fault; /* Connectivity fault status. */
90 int recv_fault; /* Bit mask of faults occuring on receive. */
91 bool opup; /* Operational State. */
92 bool remote_opup; /* Remote Operational State. */
94 int fault_override; /* Manual override of 'fault' status.
95 Ignored if negative. */
97 uint32_t seq; /* The sequence number of our last CCM. */
98 uint8_t ccm_interval; /* The CCM transmission interval. */
99 int ccm_interval_ms; /* 'ccm_interval' in milliseconds. */
100 uint16_t ccm_vlan; /* Vlan tag of CCM PDUs. CFM_RANDOM_VLAN if
102 uint8_t ccm_pcp; /* Priority of CCM PDUs. */
103 uint8_t maid[CCM_MAID_LEN]; /* The MAID of this CFM. */
105 struct timer tx_timer; /* Send CCM when expired. */
106 struct timer fault_timer; /* Check for faults when expired. */
108 struct hmap remote_mps; /* Remote MPs. */
110 /* Result of cfm_get_remote_mpids(). Updated only during fault check to
112 uint64_t *rmps_array; /* Cache of remote_mps. */
113 size_t rmps_array_len; /* Number of rmps in 'rmps_array'. */
116 /* Remote MPs represent foreign network entities that are configured to have
117 * the same MAID as this CFM instance. */
119 uint64_t mpid; /* The Maintenance Point ID of this 'remote_mp'. */
120 struct hmap_node node; /* Node in 'remote_mps' map. */
122 bool recv; /* CCM was received since last fault check. */
123 bool rdi; /* Remote Defect Indicator. Indicates remote_mp isn't
124 receiving CCMs that it's expecting to. */
125 bool opup; /* Operational State. */
126 uint32_t seq; /* Most recently received sequence number. */
129 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(20, 30);
130 static struct hmap all_cfms = HMAP_INITIALIZER(&all_cfms);
132 static unixctl_cb_func cfm_unixctl_show;
133 static unixctl_cb_func cfm_unixctl_set_fault;
135 static const uint8_t *
136 cfm_ccm_addr(const struct cfm *cfm)
138 return cfm->extended ? eth_addr_ccm_x : eth_addr_ccm;
141 /* Returns the string representation of the given cfm_fault_reason 'reason'. */
143 cfm_fault_reason_to_str(int reason) {
145 #define CFM_FAULT_REASON(NAME, STR) case CFM_FAULT_##NAME: return #STR;
147 #undef CFM_FAULT_REASON
148 default: return "<unknown>";
153 ds_put_cfm_fault(struct ds *ds, int fault)
155 size_t length = ds->length;
158 for (i = 0; i < CFM_FAULT_N_REASONS; i++) {
161 if (fault & reason) {
162 ds_put_format(ds, "%s ", cfm_fault_reason_to_str(reason));
166 if (ds->length > length) {
167 ds_truncate(ds, ds->length - 1);
172 cfm_generate_maid(struct cfm *cfm)
174 const char *ovs_md_name = "ovs";
175 const char *ovs_ma_name = "ovs";
177 size_t md_len, ma_len;
179 memset(cfm->maid, 0, CCM_MAID_LEN);
181 md_len = strlen(ovs_md_name);
182 ma_len = strlen(ovs_ma_name);
184 assert(md_len && ma_len && md_len + ma_len + 4 <= CCM_MAID_LEN);
186 cfm->maid[0] = 4; /* MD name string format. */
187 cfm->maid[1] = md_len; /* MD name size. */
188 memcpy(&cfm->maid[2], ovs_md_name, md_len); /* MD name. */
190 ma_p = cfm->maid + 2 + md_len;
191 ma_p[0] = 2; /* MA name string format. */
192 ma_p[1] = ma_len; /* MA name size. */
193 memcpy(&ma_p[2], ovs_ma_name, ma_len); /* MA name. */
197 ccm_interval_to_ms(uint8_t interval)
200 case 0: NOT_REACHED(); /* Explicitly not supported by 802.1ag. */
201 case 1: return 3; /* Not recommended due to timer resolution. */
202 case 2: return 10; /* Not recommended due to timer resolution. */
205 case 5: return 10000;
206 case 6: return 60000;
207 case 7: return 600000;
208 default: NOT_REACHED(); /* Explicitly not supported by 802.1ag. */
215 cfm_fault_interval(struct cfm *cfm)
217 /* According to the 802.1ag specification we should assume every other MP
218 * with the same MAID has the same transmission interval that we have. If
219 * an MP has a different interval, cfm_process_heartbeat will register it
220 * as a fault (likely due to a configuration error). Thus we can check all
221 * MPs at once making this quite a bit simpler.
223 * According to the specification we should check when (ccm_interval_ms *
224 * 3.5)ms have passed. */
225 return (cfm->ccm_interval_ms * 7) / 2;
229 ms_to_ccm_interval(int interval_ms)
233 for (i = 7; i > 0; i--) {
234 if (ccm_interval_to_ms(i) <= interval_ms) {
243 hash_mpid(uint64_t mpid)
245 return hash_bytes(&mpid, sizeof mpid, 0);
249 cfm_is_valid_mpid(bool extended, uint64_t mpid)
251 /* 802.1ag specification requires MPIDs to be within the range [1, 8191].
252 * In extended mode we relax this requirement. */
253 return mpid >= 1 && (extended || mpid <= 8191);
256 static struct remote_mp *
257 lookup_remote_mp(const struct cfm *cfm, uint64_t mpid)
259 struct remote_mp *rmp;
261 HMAP_FOR_EACH_IN_BUCKET (rmp, node, hash_mpid(mpid), &cfm->remote_mps) {
262 if (rmp->mpid == mpid) {
273 unixctl_command_register("cfm/show", "[interface]", 0, 1, cfm_unixctl_show,
275 unixctl_command_register("cfm/set-fault", "[interface] normal|false|true",
276 1, 2, cfm_unixctl_set_fault, NULL);
279 /* Allocates a 'cfm' object called 'name'. 'cfm' should be initialized by
280 * cfm_configure() before use. */
282 cfm_create(const char *name)
286 cfm = xzalloc(sizeof *cfm);
287 cfm->name = xstrdup(name);
288 hmap_init(&cfm->remote_mps);
289 cfm_generate_maid(cfm);
290 hmap_insert(&all_cfms, &cfm->hmap_node, hash_string(cfm->name, 0));
291 cfm->remote_opup = true;
292 cfm->fault_override = -1;
297 cfm_destroy(struct cfm *cfm)
299 struct remote_mp *rmp, *rmp_next;
305 HMAP_FOR_EACH_SAFE (rmp, rmp_next, node, &cfm->remote_mps) {
306 hmap_remove(&cfm->remote_mps, &rmp->node);
310 hmap_destroy(&cfm->remote_mps);
311 hmap_remove(&all_cfms, &cfm->hmap_node);
312 free(cfm->rmps_array);
317 /* Should be run periodically to update fault statistics messages. */
319 cfm_run(struct cfm *cfm)
321 if (timer_expired(&cfm->fault_timer)) {
322 long long int interval = cfm_fault_interval(cfm);
323 struct remote_mp *rmp, *rmp_next;
324 bool old_cfm_fault = cfm->fault;
326 cfm->fault = cfm->recv_fault;
329 cfm->rmps_array_len = 0;
330 free(cfm->rmps_array);
331 cfm->rmps_array = xmalloc(hmap_count(&cfm->remote_mps) *
332 sizeof *cfm->rmps_array);
334 cfm->remote_opup = true;
335 HMAP_FOR_EACH_SAFE (rmp, rmp_next, node, &cfm->remote_mps) {
338 VLOG_DBG("%s: no CCM from RMP %"PRIu64" in the last %lldms",
339 cfm->name, rmp->mpid, interval);
340 hmap_remove(&cfm->remote_mps, &rmp->node);
345 if (rmp->mpid == cfm->mpid) {
346 VLOG_WARN_RL(&rl,"%s: received CCM with local MPID"
347 " %"PRIu64, cfm->name, rmp->mpid);
348 cfm->fault |= CFM_FAULT_LOOPBACK;
352 VLOG_DBG("%s: RDI bit flagged from RMP %"PRIu64, cfm->name,
354 cfm->fault |= CFM_FAULT_RDI;
358 cfm->remote_opup = rmp->opup;
361 cfm->rmps_array[cfm->rmps_array_len++] = rmp->mpid;
365 if (hmap_is_empty(&cfm->remote_mps)) {
366 cfm->fault |= CFM_FAULT_RECV;
369 if (old_cfm_fault != cfm->fault) {
370 struct ds ds = DS_EMPTY_INITIALIZER;
372 ds_put_cfm_fault(&ds, cfm->fault);
373 VLOG_INFO_RL(&rl, "%s: CFM fault status changed: %s", cfm->name,
378 timer_set_duration(&cfm->fault_timer, interval);
382 /* Should be run periodically to check if the CFM module has a CCM message it
385 cfm_should_send_ccm(struct cfm *cfm)
387 return timer_expired(&cfm->tx_timer);
390 /* Composes a CCM message into 'packet'. Messages generated with this function
391 * should be sent whenever cfm_should_send_ccm() indicates. */
393 cfm_compose_ccm(struct cfm *cfm, struct ofpbuf *packet,
394 uint8_t eth_src[ETH_ADDR_LEN])
399 timer_set_duration(&cfm->tx_timer, cfm->ccm_interval_ms);
400 eth_compose(packet, cfm_ccm_addr(cfm), eth_src, ETH_TYPE_CFM, sizeof *ccm);
402 ccm_vlan = (cfm->ccm_vlan != CFM_RANDOM_VLAN
405 ccm_vlan = ccm_vlan & VLAN_VID_MASK;
407 if (ccm_vlan || cfm->ccm_pcp) {
408 uint16_t tci = ccm_vlan | (cfm->ccm_pcp << VLAN_PCP_SHIFT);
409 eth_push_vlan(packet, htons(tci));
413 ccm->mdlevel_version = 0;
414 ccm->opcode = CCM_OPCODE;
415 ccm->tlv_offset = 70;
416 ccm->seq = htonl(++cfm->seq);
417 ccm->flags = cfm->ccm_interval;
418 memcpy(ccm->maid, cfm->maid, sizeof ccm->maid);
419 memset(ccm->zero, 0, sizeof ccm->zero);
423 ccm->mpid = htons(hash_mpid(cfm->mpid));
424 ccm->mpid64 = htonll(cfm->mpid);
425 ccm->opdown = !cfm->opup;
427 ccm->mpid = htons(cfm->mpid);
428 ccm->mpid64 = htonll(0);
432 if (cfm->ccm_interval == 0) {
433 assert(cfm->extended);
434 ccm->interval_ms_x = htons(cfm->ccm_interval_ms);
437 if (hmap_is_empty(&cfm->remote_mps)) {
438 ccm->flags |= CCM_RDI_MASK;
443 cfm_wait(struct cfm *cfm)
445 timer_wait(&cfm->tx_timer);
446 timer_wait(&cfm->fault_timer);
449 /* Configures 'cfm' with settings from 's'. */
451 cfm_configure(struct cfm *cfm, const struct cfm_settings *s)
456 if (!cfm_is_valid_mpid(s->extended, s->mpid) || s->interval <= 0) {
461 cfm->extended = s->extended;
463 interval = ms_to_ccm_interval(s->interval);
464 interval_ms = ccm_interval_to_ms(interval);
466 cfm->ccm_vlan = s->ccm_vlan;
467 cfm->ccm_pcp = s->ccm_pcp & (VLAN_PCP_MASK >> VLAN_PCP_SHIFT);
468 if (cfm->extended && interval_ms != s->interval) {
470 interval_ms = MIN(s->interval, UINT16_MAX);
473 if (interval != cfm->ccm_interval || interval_ms != cfm->ccm_interval_ms) {
474 cfm->ccm_interval = interval;
475 cfm->ccm_interval_ms = interval_ms;
477 timer_set_expired(&cfm->tx_timer);
478 timer_set_duration(&cfm->fault_timer, cfm_fault_interval(cfm));
484 /* Returns true if 'cfm' should process packets from 'flow'. */
486 cfm_should_process_flow(const struct cfm *cfm, const struct flow *flow)
488 return (ntohs(flow->dl_type) == ETH_TYPE_CFM
489 && eth_addr_equals(flow->dl_dst, cfm_ccm_addr(cfm)));
492 /* Updates internal statistics relevant to packet 'p'. Should be called on
493 * every packet whose flow returned true when passed to
494 * cfm_should_process_flow. */
496 cfm_process_heartbeat(struct cfm *cfm, const struct ofpbuf *p)
499 struct eth_header *eth;
502 ccm = ofpbuf_at(p, (uint8_t *)p->l3 - (uint8_t *)p->data, CCM_ACCEPT_LEN);
505 VLOG_INFO_RL(&rl, "%s: Received an unparseable 802.1ag CCM heartbeat.",
510 if (ccm->opcode != CCM_OPCODE) {
511 VLOG_INFO_RL(&rl, "%s: Received an unsupported 802.1ag message. "
512 "(opcode %u)", cfm->name, ccm->opcode);
516 /* According to the 802.1ag specification, reception of a CCM with an
517 * incorrect ccm_interval, unexpected MAID, or unexpected MPID should
518 * trigger a fault. We ignore this requirement for several reasons.
520 * Faults can cause a controller or Open vSwitch to make potentially
521 * expensive changes to the network topology. It seems prudent to trigger
522 * them judiciously, especially when CFM is used to check slave status of
523 * bonds. Furthermore, faults can be maliciously triggered by crafting
525 if (memcmp(ccm->maid, cfm->maid, sizeof ccm->maid)) {
526 cfm->recv_fault |= CFM_FAULT_MAID;
527 VLOG_WARN_RL(&rl, "%s: Received unexpected remote MAID from MAC "
528 ETH_ADDR_FMT, cfm->name, ETH_ADDR_ARGS(eth->eth_src));
530 uint8_t ccm_interval = ccm->flags & 0x7;
531 bool ccm_rdi = ccm->flags & CCM_RDI_MASK;
532 uint16_t ccm_interval_ms_x = ntohs(ccm->interval_ms_x);
534 struct remote_mp *rmp;
540 ccm_mpid = ntohll(ccm->mpid64);
541 ccm_opdown = ccm->opdown;
543 ccm_mpid = ntohs(ccm->mpid);
546 ccm_seq = ntohl(ccm->seq);
548 if (ccm_interval != cfm->ccm_interval) {
549 VLOG_WARN_RL(&rl, "%s: received a CCM with an invalid interval"
550 " (%"PRIu8") from RMP %"PRIu64, cfm->name,
551 ccm_interval, ccm_mpid);
554 if (cfm->extended && ccm_interval == 0
555 && ccm_interval_ms_x != cfm->ccm_interval_ms) {
556 VLOG_WARN_RL(&rl, "%s: received a CCM with an invalid extended"
557 " interval (%"PRIu16"ms) from RMP %"PRIu64, cfm->name,
558 ccm_interval_ms_x, ccm_mpid);
561 rmp = lookup_remote_mp(cfm, ccm_mpid);
563 if (hmap_count(&cfm->remote_mps) < CFM_MAX_RMPS) {
564 rmp = xzalloc(sizeof *rmp);
565 hmap_insert(&cfm->remote_mps, &rmp->node, hash_mpid(ccm_mpid));
567 cfm->recv_fault |= CFM_FAULT_OVERFLOW;
569 "%s: dropped CCM with MPID %"PRIu64" from MAC "
570 ETH_ADDR_FMT, cfm->name, ccm_mpid,
571 ETH_ADDR_ARGS(eth->eth_src));
575 VLOG_DBG("%s: received CCM (seq %"PRIu32") (mpid %"PRIu64")"
576 " (interval %"PRIu8") (RDI %s)", cfm->name, ccm_seq,
577 ccm_mpid, ccm_interval, ccm_rdi ? "true" : "false");
580 if (rmp->seq && ccm_seq != (rmp->seq + 1)) {
581 VLOG_WARN_RL(&rl, "%s: (mpid %"PRIu64") detected sequence"
582 " numbers which indicate possible connectivity"
583 " problems (previous %"PRIu32") (current %"PRIu32
584 ")", cfm->name, ccm_mpid, rmp->seq, ccm_seq);
587 rmp->mpid = ccm_mpid;
591 rmp->opup = !ccm_opdown;
596 /* Gets the fault status of 'cfm'. Returns a bit mask of 'cfm_fault_reason's
597 * indicating the cause of the connectivity fault, or zero if there is no
600 cfm_get_fault(const struct cfm *cfm)
602 if (cfm->fault_override >= 0) {
603 return cfm->fault_override ? CFM_FAULT_OVERRIDE : 0;
608 /* Gets the operational state of 'cfm'. 'cfm' is considered operationally down
609 * if it has received a CCM with the operationally down bit set from any of its
610 * remote maintenance points. Returns true if 'cfm' is operationally up. False
613 cfm_get_opup(const struct cfm *cfm)
615 return cfm->remote_opup;
618 /* Populates 'rmps' with an array of remote maintenance points reachable by
619 * 'cfm'. The number of remote maintenance points is written to 'n_rmps'.
620 * 'cfm' retains ownership of the array written to 'rmps' */
622 cfm_get_remote_mpids(const struct cfm *cfm, const uint64_t **rmps,
625 *rmps = cfm->rmps_array;
626 *n_rmps = cfm->rmps_array_len;
630 cfm_find(const char *name)
634 HMAP_FOR_EACH_WITH_HASH (cfm, hmap_node, hash_string(name, 0), &all_cfms) {
635 if (!strcmp(cfm->name, name)) {
643 cfm_print_details(struct ds *ds, const struct cfm *cfm)
645 struct remote_mp *rmp;
647 ds_put_format(ds, "---- %s ----\n", cfm->name);
648 ds_put_format(ds, "MPID %"PRIu64":%s%s\n", cfm->mpid,
649 cfm->extended ? " extended" : "",
650 cfm->fault_override >= 0 ? " fault_override" : "");
653 if (cfm_get_fault(cfm)) {
654 ds_put_cstr(ds, "\tfault: ");
655 ds_put_cfm_fault(ds, cfm_get_fault(cfm));
656 ds_put_cstr(ds, "\n");
659 ds_put_format(ds, "\topstate: %s\n", cfm->opup ? "up" : "down");
660 ds_put_format(ds, "\tremote_opstate: %s\n",
661 cfm->remote_opup ? "up" : "down");
662 ds_put_format(ds, "\tinterval: %dms\n", cfm->ccm_interval_ms);
663 ds_put_format(ds, "\tnext CCM tx: %lldms\n",
664 timer_msecs_until_expired(&cfm->tx_timer));
665 ds_put_format(ds, "\tnext fault check: %lldms\n",
666 timer_msecs_until_expired(&cfm->fault_timer));
668 HMAP_FOR_EACH (rmp, node, &cfm->remote_mps) {
669 ds_put_format(ds, "Remote MPID %"PRIu64":%s\n",
671 rmp->rdi ? " rdi" : "");
672 ds_put_format(ds, "\trecv since check: %s\n",
673 rmp->recv ? "true" : "false");
674 ds_put_format(ds, "\topstate: %s\n", rmp->opup? "up" : "down");
679 cfm_unixctl_show(struct unixctl_conn *conn, int argc, const char *argv[],
680 void *aux OVS_UNUSED)
682 struct ds ds = DS_EMPTY_INITIALIZER;
683 const struct cfm *cfm;
686 cfm = cfm_find(argv[1]);
688 unixctl_command_reply_error(conn, "no such CFM object");
691 cfm_print_details(&ds, cfm);
693 HMAP_FOR_EACH (cfm, hmap_node, &all_cfms) {
694 cfm_print_details(&ds, cfm);
698 unixctl_command_reply(conn, ds_cstr(&ds));
703 cfm_unixctl_set_fault(struct unixctl_conn *conn, int argc, const char *argv[],
704 void *aux OVS_UNUSED)
706 const char *fault_str = argv[argc - 1];
710 if (!strcasecmp("true", fault_str)) {
712 } else if (!strcasecmp("false", fault_str)) {
714 } else if (!strcasecmp("normal", fault_str)) {
717 unixctl_command_reply_error(conn, "unknown fault string");
722 cfm = cfm_find(argv[1]);
724 unixctl_command_reply_error(conn, "no such CFM object");
727 cfm->fault_override = fault_override;
729 HMAP_FOR_EACH (cfm, hmap_node, &all_cfms) {
730 cfm->fault_override = fault_override;
734 unixctl_command_reply(conn, "OK");