Bug 1886746

Summary: SNAT rule does not provide ARP response
Product: Red Hat Enterprise Linux Fast Datapath Reporter: ying xu <yinxu>
Component: ovn2.11Assignee: OVN Team <ovnteam>
Status: NEW --- QA Contact: ying xu <yinxu>
Severity: medium Docs Contact:
Priority: medium    
Version: RHEL 7.7CC: ctrautma
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ying xu 2020-10-09 10:14:34 UTC 
This bug was initially created as a copy of Bug #1861294

I am copying this bug because: 
ovn 2.11 has this bug too.

# rpm -qa|grep ovn
ovn2.11-central-2.11.1-54.el7fdp.x86_64
ovn2.11-2.11.1-54.el7fdp.x86_64
ovn2.11-host-2.11.1-54.el7fdp.x86_64

Description of problem:

This is a bug found on OpenShift running OVN-Kubernetes

When creating a NAT rule of type "snat" there are no ARP responses given to other "nodes" sending ARP requests for the "External IP" as specified in the NAT rule.   

Version-Release number of selected component (if applicable):

rpm -qa | grep ovn
ovn-central-20.06.1-4.fc31.x86_64
ovn-20.06.1-4.fc31.x86_64
ovn-host-20.06.1-4.fc31.x86_64

How reproducible:

Create a snat rule specifying an external and logical IP. Send a packet from the logical IP to an exterior component, the exterior component will perform ARP requests for the external IP (as to be able to provide the answer), the ARP request is never answered to by OVN and thus the response from the exterior component never reaches the logical IP.   

In the example I am providing we have the following:

Component      Logical IP     External IP
netserver-0    10.244.0.3     172.17.0.126

External Component, with IP:
172.17.0.5

tcpdump logs on the node hosting netserver-0, show the following:

$tcpdump -i any arp
08:36:45.831053 ARP, Request who-has 172.17.0.126 tell 172.17.0.5, length 28
08:36:45.831200 ARP, Request who-has 172.17.0.126 tell 172.17.0.5, length 28
08:36:46.861088 ARP, Request who-has 172.17.0.126 tell 172.17.0.5, length 28
08:36:46.861170 ARP, Request who-has 172.17.0.126 tell 172.17.0.5, length 28
08:36:47.885146 ARP, Request who-has 172.17.0.126 tell 172.17.0.5, length 28
08:36:47.885188 ARP, Request who-has 172.17.0.126 tell 172.17.0.5, length 28

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

I have provided the nbdb and sbdb in the attachments, please feel free to ask me for more information if necessary