Bug 1626096

Summary: systemctl reload openvswitch includes default flow.
Product: Red Hat Enterprise Linux 7 Reporter: Flavio Leitner <fleitner>
Component: openvswitchAssignee: Timothy Redaelli <tredaelli>
Status: CLOSED ERRATA QA Contact: Rick Alongi <ralongi>
Severity: high Docs Contact:
Priority: high    
Version: 7.5CC: atelang, atragler, ctrautma, lmanasko, ovs-qe, qding, rkhan
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openvswitch-2.9.0-64.el7fdn Doc Type: Bug Fix
Doc Text:
Previously, when OpenvSwitch service was reloaded, the default flow was not removed and it became part of the final flow table. With this update, the default flow rule is no longer added after a service reload. As a result, the described problem no longer occurs.
 Story Points: ---
Clone Of:
: 1628905 (view as bug list) Environment:
Last Closed: 2018-11-05 14:59:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Flavio Leitner 2018-09-06 14:49:33 UTC 
Description of problem:
The flows should be restored when issuing a service reload, however the default flow is not removed when it starts and becomes part of the final flow table.

// installed version
# rpm -q openvswitch
openvswitch-2.9.0-56.el7fdp.x86_64

// adding an example of flow table
# ovs-ofctl del-flows ovsbr0 
# ovs-ofctl add-flow ovsbr0 'in_port=10 actions=output:20'
# ovs-ofctl add-flow ovsbr0 'in_port=20 actions=output:10'
# ovs-ofctl add-flow ovsbr0 'actions=drop'

// Dumping the flows
# ovs-ofctl dump-flows ovsbr0 
 cookie=0x0, duration=24.416s, table=0, n_packets=0, n_bytes=0, in_port=veth1 actions=output:veth2
 cookie=0x0, duration=18.466s, table=0, n_packets=0, n_bytes=0, in_port=veth2 actions=output:veth1
 cookie=0x0, duration=7.818s, table=0, n_packets=0, n_bytes=0, actions=drop

// Reload the service
# systemctl reload openvswitch 

// Dump the flow table again to check
[root@localhost ~]# ovs-ofctl dump-flows ovsbr0 
 cookie=0x0, duration=3.136s, table=0, n_packets=0, n_bytes=0, in_port=veth1 actions=output:veth2
 cookie=0x0, duration=3.136s, table=0, n_packets=0, n_bytes=0, in_port=veth2 actions=output:veth1
 cookie=0x0, duration=3.151s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
 cookie=0x0, duration=3.136s, table=0, n_packets=0, n_bytes=0, actions=drop


Notice the default 'actions=NORMAL' is added to the flow table.

Expected results:
The flow table is restored as it was before the reloading the service.
Comment 2 Timothy Redaelli 2018-09-10 14:21:12 UTC 
Patch sent on OVS mailing list: https://mail.openvswitch.org/pipermail/ovs-dev/2018-September/351970.html
Comment 5 Rick Alongi 2018-10-11 17:59:05 UTC 
Reproduced issue:

[root@netqe11 yum.repos.d]# rpm -q openvswitch
openvswitch-2.9.0-56.el7fdp.x86_64

systemctl start openvswitch

# add bridge and flows

ovs-vsctl --if-exists del-br ovsbr0
ovs-vsctl add-br ovsbr0

ovs-ofctl del-flows ovsbr0 
ovs-ofctl add-flow ovsbr0 'in_port=10 actions=output:20'
ovs-ofctl add-flow ovsbr0 'in_port=20 actions=output:10'
ovs-ofctl add-flow ovsbr0 'actions=drop'

ovs-ofctl dump-flows ovsbr0

[root@netqe11 yum.repos.d]# ovs-ofctl dump-flows ovsbr0
 cookie=0x0, duration=28.241s, table=0, n_packets=0, n_bytes=0, in_port=10 actions=output:20
 cookie=0x0, duration=28.238s, table=0, n_packets=0, n_bytes=0, in_port=20 actions=output:10
 cookie=0x0, duration=28.235s, table=0, n_packets=0, n_bytes=0, actions=drop
 
 systemctl reload openvswitch
 
 # observe issue where NORMAL flow rule is added after systemctl reload openvswitch
 
 [root@netqe11 yum.repos.d]# ovs-ofctl dump-flows ovsbr0
 cookie=0x0, duration=5.715s, table=0, n_packets=0, n_bytes=0, in_port=10 actions=output:20
 cookie=0x0, duration=5.715s, table=0, n_packets=0, n_bytes=0, in_port=20 actions=output:10
 cookie=0x0, duration=5.731s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
 cookie=0x0, duration=5.715s, table=0, n_packets=0, n_bytes=0, actions=drop

# Verified fix using openvswitch-2.9.0-70.el7fdp.x86_64

systemctl start openvswitch

# add bridge and flows

ovs-vsctl --if-exists del-br ovsbr0
ovs-vsctl add-br ovsbr0

ovs-ofctl del-flows ovsbr0 
ovs-ofctl add-flow ovsbr0 'in_port=10 actions=output:20'
ovs-ofctl add-flow ovsbr0 'in_port=20 actions=output:10'
ovs-ofctl add-flow ovsbr0 'actions=drop'

[root@netqe9 home]# ovs-ofctl dump-flows ovsbr0
 cookie=0x0, duration=0.044s, table=0, n_packets=0, n_bytes=0, in_port=10 actions=output:20
 cookie=0x0, duration=0.029s, table=0, n_packets=0, n_bytes=0, in_port=20 actions=output:10
 cookie=0x0, duration=0.014s, table=0, n_packets=0, n_bytes=0, actions=drop

[root@netqe9 home]# systemctl reload openvswitch

# NORMAL flow rule is no longer added after systemctl reload openvswitch

[root@netqe9 home]# ovs-ofctl dump-flows ovsbr0
 cookie=0x0, duration=2.896s, table=0, n_packets=0, n_bytes=0, in_port=10 actions=output:20
 cookie=0x0, duration=2.896s, table=0, n_packets=0, n_bytes=0, in_port=20 actions=output:10
 cookie=0x0, duration=2.896s, table=0, n_packets=0, n_bytes=0, actions=drop

Ran of_rules regression: https://beaker.engineering.redhat.com/jobs/2882488

Marking as Verified.
Comment 7 errata-xmlrpc 2018-11-05 14:59:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3500