Bug 1918004
| Summary: | [OVN] ACL fair log meters for Port_Group ACLs is not complete | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | ffernand <ffernand> |
| Component: | ovn2.13 | Assignee: | Dumitru Ceara <dceara> |
| Status: | CLOSED ERRATA | QA Contact: | ying xu <yinxu> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | FDP 20.H | CC: | ctrautma, jishi, ralongi |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovn2.13-20.12.0-6.el7fdn ovn2.13-20.12.0-6.el8fdn | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-03-15 14:36:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
ffernand
2021-01-19 19:49:00 UTC
Steps to replicate the issue: ovn-nbctl ls-add ls ovn-nbctl lsp-add ls vm1 ovn-nbctl lsp-add ls vm2 ovn-nbctl pg-add pg1 vm1 vm2 ovn-nbctl --fair meter-add meter_me drop 1 pktps ovn-nbctl --log --severity=info --meter=meter_me acl-add pg1 to-lport 1 ip allow ovn-nbctl --log --severity=info --meter=meter_me acl-add pg1 to-lport 2 udp allow ovs-vsctl add-port br-int vm1 -- set interface vm1 external_ids:iface-id=vm1 -- set interface vm1 type=internal ovs-vsctl add-port br-int vm2 -- set interface vm2 external_ids:iface-id=vm2 -- set interface vm2 type=internal ovn-nbctl --wait=hv sync Without fix (failing scenario): =============================== $ ovn-sbctl list meter _uuid : 06e138df-6c39-409c-b12c-2800bbf7a7e3 bands : [5df78c3f-0f57-4641-851d-d02a43ac1b96] name : meter_me unit : pktps $ ovn-sbctl --uuid lflow-list | grep meter_me uuid=0x3b944740, table=5 (ls_out_acl ), priority=1002 , match=(udp), action=(log(severity=info, verdict=allow, meter="meter_me__e7ddfedd-a5d3-41f3-a7af-3d614abfc99d"); next;) uuid=0xf8297357, table=5 (ls_out_acl ), priority=1001 , match=(ip), action=(log(severity=info, verdict=allow, meter="meter_me__0c8d94ad-5cb4-4805-958d-44f7b7fbb76f"); next;) $ ovs-ofctl dump-flows br-int | grep -e 3b944740 -e f8297357 cookie=0x3b944740, duration=83.287s, table=45, n_packets=0, n_bytes=0, idle_age=83, priority=1002,udp,metadata=0x1 actions=controller(userdata=00.00.00.07.00.00.00.00.00.06,meter_id=2),resubmit(,46) cookie=0x3b944740, duration=83.287s, table=45, n_packets=0, n_bytes=0, idle_age=83, priority=1002,udp6,metadata=0x1 actions=controller(userdata=00.00.00.07.00.00.00.00.00.06,meter_id=2),resubmit(,46) cookie=0xf8297357, duration=83.294s, table=45, n_packets=0, n_bytes=0, idle_age=83, priority=1001,ipv6,metadata=0x1 actions=controller(userdata=00.00.00.07.00.00.00.00.00.06,meter_id=1),resubmit(,46) cookie=0xf8297357, duration=83.294s, table=45, n_packets=0, n_bytes=0, idle_age=83, priority=1001,ip,metadata=0x1 actions=controller(userdata=00.00.00.07.00.00.00.00.00.06,meter_id=1),resubmit(,46) $ ovs-ofctl -OOpenFlow15 dump-meters br-int OFPST_METER_CONFIG reply (OF1.5) (xid=0x2): $ $ grep -rni "unknown meter" ovs-vswitchd.log 106:2021-02-01T09:44:35.959Z|00085|ofproto|INFO|br-int: controller action specified an unknown meter id: 1 108:2021-02-01T09:44:35.959Z|00087|ofproto|INFO|br-int: controller action specified an unknown meter id: 1 165:2021-02-01T09:44:35.966Z|00144|ofproto|INFO|br-int: controller action specified an unknown meter id: 2 167:2021-02-01T09:44:35.966Z|00146|ofproto|INFO|br-int: controller action specified an unknown meter id: 2 With fix: ========= $ ovn-sbctl list meter _uuid : e6348ca0-3d48-4efb-9f38-84f2a62af0af bands : [d0c68053-1f7f-4219-9a64-76a9f5427413] name : meter_me__5598e71a-3032-4b35-a91c-1b42b9552e2a unit : pktps _uuid : 933779e8-dc3a-44de-ab76-0677cf8f675c bands : [49d35590-729f-43f3-a41d-569e7d9fb2e9] name : meter_me__0b85c0ce-0b1b-4c4e-af90-1c20a9b08243 unit : pktps _uuid : 0b537d85-d788-419c-b989-8f6b0e7cac98 bands : [4c75e37a-9b5a-4821-b1ad-8119c5fc9d7c] name : meter_me unit : pktps $ ovn-sbctl --uuid lflow-list | grep meter_me uuid=0x75b3313a, table=5 (ls_out_acl ), priority=1002 , match=(udp), action=(log(severity=info, verdict=allow, meter="meter_me__0b85c0ce-0b1b-4c4e-af90-1c20a9b08243"); next;) uuid=0xc169dc98, table=5 (ls_out_acl ), priority=1001 , match=(ip), action=(log(severity=info, verdict=allow, meter="meter_me__5598e71a-3032-4b35-a91c-1b42b9552e2a"); next;) $ ovs-ofctl dump-flows br-int | grep -e 75b3313a -e c169dc98 cookie=0x75b3313a, duration=45.914s, table=45, n_packets=0, n_bytes=0, idle_age=45, priority=1002,udp,metadata=0x1 actions=controller(userdata=00.00.00.07.00.00.00.00.00.06,meter_id=2),resubmit(,46) cookie=0x75b3313a, duration=45.914s, table=45, n_packets=0, n_bytes=0, idle_age=45, priority=1002,udp6,metadata=0x1 actions=controller(userdata=00.00.00.07.00.00.00.00.00.06,meter_id=2),resubmit(,46) cookie=0xc169dc98, duration=178.137s, table=45, n_packets=0, n_bytes=0, idle_age=178, priority=1001,ipv6,metadata=0x1 actions=controller(userdata=00.00.00.07.00.00.00.00.00.06,meter_id=1),resubmit(,46) cookie=0xc169dc98, duration=178.136s, table=45, n_packets=0, n_bytes=0, idle_age=178, priority=1001,ip,metadata=0x1 actions=controller(userdata=00.00.00.07.00.00.00.00.00.06,meter_id=1),resubmit(,46) $ ovs-ofctl -OOpenFlow15 dump-meters br-int OFPST_METER_CONFIG reply (OF1.5) (xid=0x2): meter=1 pktps stats bands= type=drop rate=1 meter=2 pktps stats bands= type=drop rate=1 as Dumitru Ceara said in comment3, I can reproduced it on version: # rpm -qa|grep ovn ovn2.13-20.12.0-1.el8fdp.x86_64 ovn2.13-central-20.12.0-1.el8fdp.x86_64 ovn2.13-host-20.12.0-1.el8fdp.x86_64 and verified it on version: # rpm -qa|grep ovn ovn2.13-20.12.0-15.el8fdp.x86_64 ovn2.13-central-20.12.0-15.el8fdp.x86_64 ovn2.13-host-20.12.0-15.el8fdp.x86_64 # ovn-nbctl show switch 348357c9-4f4a-4d1b-b485-ca018282ea19 (ls) port vm2 addresses: ["00:00:00:00:00:02"] port vm3 addresses: ["00:00:00:00:00:03"] port vm1 addresses: ["00:00:00:00:00:01"] # ovn-nbctl list acl _uuid : 26769ec4-77ce-42c5-ac67-bd9d0ed3b1dd action : allow direction : to-lport external_ids : {} log : true match : ip meter : meter_me name : [] priority : 1 severity : info _uuid : 9fb5d77a-523d-4cf8-ad6c-96b26a8d6a30 action : allow direction : to-lport external_ids : {} log : true match : udp meter : meter_me name : [] priority : 2 severity : info # ovn-sbctl list meter _uuid : 4598b40c-df23-44cd-b6e5-590dc3a62b2e bands : [e076e120-4ce7-438e-8dd6-bc3acd4cd8c8] name : meter_me__9fb5d77a-523d-4cf8-ad6c-96b26a8d6a30 unit : pktps _uuid : 6098869e-fd83-4fed-853c-71645eb143d1 bands : [5fdd43c8-68ed-4a72-8382-4c0f547c9708] name : meter_me__26769ec4-77ce-42c5-ac67-bd9d0ed3b1dd unit : pktps _uuid : 7816e7cf-1fb0-4060-933c-334c824d4428 bands : [947cdc20-9025-4a3f-9a0a-6d38f0afae0d] name : meter_me unit : pktps # ovn-sbctl --uuid lflow-list | grep meter_me uuid=0xaee84611, table=5 (ls_out_acl ), priority=1002 , match=(udp), action=(log(severity=info, verdict=allow, meter="meter_me__9fb5d77a-523d-4cf8-ad6c-96b26a8d6a30"); next;) uuid=0x9184e7cb, table=5 (ls_out_acl ), priority=1001 , match=(ip), action=(log(severity=info, verdict=allow, meter="meter_me__26769ec4-77ce-42c5-ac67-bd9d0ed3b1dd"); next;) # ovs-ofctl -OOpenFlow15 dump-meters br-int OFPST_METER_CONFIG reply (OF1.5) (xid=0x2): meter=1 pktps stats bands= type=drop rate=1 meter=2 pktps stats bands= type=drop rate=1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0836 |