From 81ef85707ed7959da629b6481edb0e943693abaa Mon Sep 17 00:00:00 2001
From: Ilya Maximets <i.maximets@ovn.org>
Date: Sat, 16 Nov 2024 00:40:37 +0100
Subject: [PATCH] northd: Don't generate IPv6 prefix delegation flows if not
 configured.

If the feature is not enabled, there is no need to create extra
logical flows per network for each router port.  These flows match on
exact IPv6 addresses and UDP ports contributing to increased number of
datapath flows generated in OVS on the nodes.  This turns into exact
matches in most cases potentially causing datapath flow explosion for
the traffic entering OVN network from multiple sources.

Flows removed from unrelated tests as a result.

Fixes: 5c1d2d230773 ("northd: Add logical flows for dhcpv6 pfd parsing")
Reported-at: https://issues.redhat.com/browse/FDP-992
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Ales Musil <amusil@redhat.com>
Signed-off-by: Dumitru Ceara <dceara@redhat.com>
(cherry picked from commit 3e177f726635c509f4f11e8112d8c31527d0c2c7)
---
 northd/northd.c | 9 ++++++---
 northd/northd.h | 1 +
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/northd/northd.c b/northd/northd.c
index a9f9ea6d91..f0890c1701 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -2196,6 +2196,9 @@ join_logical_ports(const struct sbrec_port_binding_table *sbrec_pb_table,
             op->lrp_networks = lrp_networks;
             op->od = od;
 
+            op->prefix_delegation = smap_get_bool(&op->nbrp->options,
+                                                  "prefix_delegation", false);
+
             for (size_t j = 0; j < op->lrp_networks.n_ipv4_addrs; j++) {
                 sset_add(&op->od->router_ips,
                          op->lrp_networks.ipv4_addrs[j].addr_s);
@@ -6610,8 +6613,8 @@ ovn_update_ipv6_opt_for_op(struct ovn_port *op)
     smap_clone(&options, &op->sb->options);
 
     /* enable IPv6 prefix delegation */
-    bool prefix_delegation = smap_get_bool(&op->nbrp->options,
-                                           "prefix_delegation", false);
+    bool prefix_delegation = op->prefix_delegation;
+
     if (!lrport_is_enabled(op->nbrp)) {
         prefix_delegation = false;
     }
@@ -13675,7 +13678,7 @@ build_dhcpv6_reply_flows_for_lrouter_port(
         struct lflow_ref *lflow_ref)
 {
     ovs_assert(op->nbrp);
-    if (op->l3dgw_port) {
+    if (!op->prefix_delegation || op->l3dgw_port) {
         return;
     }
     for (size_t i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) {
diff --git a/northd/northd.h b/northd/northd.h
index 3f1cd83413..a664941978 100644
--- a/northd/northd.h
+++ b/northd/northd.h
@@ -573,6 +573,7 @@ struct ovn_port {
     const struct nbrec_logical_router_port *nbrp; /* May be NULL. */
 
     struct lport_addresses lrp_networks;
+    bool prefix_delegation; /* True if IPv6 prefix delegation enabled. */
 
     /* Logical port multicast data. */
     struct mcast_port_info mcast_info;