Bug 1858191
Summary: | the connection to load balancer VIP breaks when ACL is added | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | Jianlin Shi <jishi> |
Component: | ovn2.13 | Assignee: | Numan Siddique <nusiddiq> |
Status: | CLOSED ERRATA | QA Contact: | Jianlin Shi <jishi> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | FDP 20.E | CC: | ctrautma, jishi, ltomasbo, mdemaced, nusiddiq, ralongi |
Target Milestone: | --- | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-08-18 11:23:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1857865 |
Description
Jianlin Shi
2020-07-17 07:42:35 UTC
Verified on ovn2.13-20.06.1-4.el8fdp.x86_64: + ip netns exec sw0p2 ping -c3 20.0.0.3 PING 20.0.0.3 (20.0.0.3) 56(84) bytes of data. 64 bytes from 20.0.0.3: icmp_seq=2 ttl=64 time=1.35 ms 64 bytes from 20.0.0.3: icmp_seq=1 ttl=64 time=1061 ms 64 bytes from 20.0.0.3: icmp_seq=3 ttl=64 time=0.076 ms --- 20.0.0.3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 63ms rtt min/avg/max/mdev = 0.076/354.211/1061.205/499.920 ms, pipe 2 + ip netns exec sw0p1 nc -vz 20.0.0.4 80 + ip netns exec sw0p2 nc -l 20.0.0.4 80 -k -vv Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Listening on 20.0.0.4:80 Ncat: Connected to 20.0.0.4:80. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. Ncat: Connection from 20.0.0.3. Ncat: Connection from 20.0.0.3:45528. NCAT DEBUG: EOF on stdin NCAT DEBUG: Closing fd 4. + ip netns exec sw0p1 nc -vz 30.0.0.10 80 Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to 30.0.0.10:80. Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds. Ncat: Connection from 20.0.0.3. Ncat: Connection from 20.0.0.3:50484. NCAT DEBUG: Closing fd 4. + ovn-nbctl acl-add sw1 to-lport 2002 ip allow-related + ip netns exec sw0p1 nc -vz 30.0.0.10 80 Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to 30.0.0.10:80. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. Ncat: Connection from 20.0.0.3. Ncat: Connection from 20.0.0.3:50486. NCAT DEBUG: Closing fd 4. + ovn-nbctl clear logical_switch sw1 acls + ip netns exec sw0p1 nc -vz 30.0.0.10 80 Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to 30.0.0.10:80. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. Ncat: Connection from 20.0.0.3. Ncat: Connection from 20.0.0.3:50488. NCAT DEBUG: Closing fd 4. [root@dell-per740-12 bz1858191]# rpm -qa | grep -E "openvswitch|ovn" openvswitch-selinux-extra-policy-1.0-23.el8fdp.noarch openvswitch2.13-2.13.0-48.el8fdp.x86_64 ovn2.13-host-20.06.1-4.el8fdp.x86_64 ovn2.13-20.06.1-4.el8fdp.x86_64 ovn2.13-central-20.06.1-4.el8fdp.x86_64 also Verified on ovn2.13-20.06.1-4.el7fdp.x86_64: + ip netns exec sw0p2 ping -c3 20.0.0.3 PING 20.0.0.3 (20.0.0.3) 56(84) bytes of data. 64 bytes from 20.0.0.3: icmp_seq=2 ttl=64 time=3.22 ms 64 bytes from 20.0.0.3: icmp_seq=1 ttl=64 time=1003 ms 64 bytes from 20.0.0.3: icmp_seq=3 ttl=64 time=0.069 ms --- 20.0.0.3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.069/335.482/1003.153/472.116 ms, pipe 2 + ip netns exec sw0p1 nc -vz 20.0.0.4 80 + ip netns exec sw0p2 nc -l 20.0.0.4 80 -k -vv Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Listening on 20.0.0.4:80 Ncat: Connected to 20.0.0.4:80. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. Ncat: Connection from 20.0.0.3. Ncat: Connection from 20.0.0.3:58956. NCAT DEBUG: EOF on stdin NCAT DEBUG: Closing fd 4. + ip netns exec sw0p1 nc -vz 30.0.0.10 80 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 30.0.0.10:80. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. Ncat: Connection from 20.0.0.3. Ncat: Connection from 20.0.0.3:51278. NCAT DEBUG: Closing fd 4. + ovn-nbctl acl-add sw1 to-lport 2002 ip allow-related + ip netns exec sw0p1 nc -vz 30.0.0.10 80 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 30.0.0.10:80. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. Ncat: Connection from 20.0.0.3. Ncat: Connection from 20.0.0.3:51280. NCAT DEBUG: Closing fd 4. + ovn-nbctl clear logical_switch sw1 acls + ip netns exec sw0p1 nc -vz 30.0.0.10 80 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to 30.0.0.10:80. Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. Ncat: Connection from 20.0.0.3. Ncat: Connection from 20.0.0.3:51282. NCAT DEBUG: Closing fd 4. [root@dell-per740-42 bz1858191]# rpm -qa | grep -E "openvswitch|ovn" openvswitch2.13-2.13.0-39.el7fdp.x86_64 ovn2.13-20.06.1-4.el7fdp.x86_64 openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch ovn2.13-central-20.06.1-4.el7fdp.x86_64 ovn2.13-host-20.06.1-4.el7fdp.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3488 |