Bug 1927540
| Summary: | [RFE] Allow for lb_force_snat_ip on a per LB basis | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | Tim Rozet <trozet> |
| Component: | OVN | Assignee: | lorenzo bianconi <lorenzo.bianconi> |
| Status: | CLOSED ERRATA | QA Contact: | Jianlin Shi <jishi> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | RHEL 8.0 | CC: | astoycos, ctrautma, lorenzo.bianconi, mark.d.gray |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovn2.13-20.12.0-101.el8fdp | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-20 19:28:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1903408 | ||
|
Description
Tim Rozet
2021-02-10 22:54:39 UTC
Another approach which may be more acceptable is to keep lb_force_snat_ip as a per GR config and then be able to configure an option on the LB to say "disable_snat: true". That will allow us to indicate which LBs we dont want to SNAT on. tested with following script:
#!/bin/bash
# Logical network:
# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
# to it. R3 has bob (172.16.1.0/24) connected to it. Note how both alice and
# bob have the same subnet behind it.
# foo -- R1 -- join - R2 -- alice
# | |
# bar ---- - R3 --- bob
#
systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.175.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.175.25
systemctl restart ovn-controller
ovs-vsctl add-br br-nat
ovs-vsctl set open . external_ids:ovn-bridge-mappings=nattest:br-nat
ip link set br-nat up
ovn-nbctl lr-add R1
ovn-nbctl lr-add R2
ovn-nbctl lr-add R3
ovn-nbctl set logical_router R2 options:chassis=hv1
ovn-nbctl set logical_router R3 options:chassis=hv1
ovn-nbctl ls-add foo
ovn-nbctl ls-add bar
ovn-nbctl ls-add alice
ovn-nbctl ls-add bob
ovn-nbctl ls-add join
ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24 2001::1/64
ovn-nbctl lsp-add foo rp-foo -- set logical_switch_port rp-foo \
type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24 2002::1/64
ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24 3001::1/64
ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 172.16.1.2/24 3001::2/64
ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24 4000::1/64
ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24 4000::2/64
ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24 4000::3/64
ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.1.0/24 20.0.0.2
ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.2.0/24 20.0.0.3
ovn-nbctl --policy="src-ip" lr-route-add R1 2001::/64 4000::2
ovn-nbctl --policy="src-ip" lr-route-add R1 2002::/64 4000::3
ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
ovn-nbctl lr-route-add R3 192.168.0.0/16 20.0.0.1
ovn-nbctl lr-route-add R2 2001::/64 4000::1
ovn-nbctl lr-route-add R2 2002::/64 4000::1
ovn-nbctl lr-route-add R3 2001::/64 4000::1
ovn-nbctl lr-route-add R3 2002::/64 4000::1
# add load balancer
ovn-nbctl lb-add lb0 30.0.0.1 192.168.1.2,192.168.2.2
ovn-nbctl lb-add lb0 6010::1 2001::2,2002::2
uuid=`ovn-nbctl lb-list | grep lb0 | awk '{print $1}'`
ovn-nbctl set logical_router R2 load_balancer=$uuid
ovn-nbctl set logical_router R3 load_balancer=$uuid
ovn-nbctl show
ip netns add foo1
ovs-vsctl add-port br-int foo1 -- set interface foo1 type=internal
ip link set foo1 netns foo1
ip netns exec foo1 ip link set foo1 address f0:00:00:01:02:03
ip netns exec foo1 ip link set foo1 up
ip netns exec foo1 ip addr add 192.168.1.2/24 dev foo1
ip netns exec foo1 ip -6 addr add 2001::2/64 dev foo1
ip netns exec foo1 ip route add default via 192.168.1.1 dev foo1
ip netns exec foo1 ip -6 route add default via 2001::1 dev foo1
ovs-vsctl set interface foo1 external_ids:iface-id=foo1
ovn-nbctl lsp-add foo foo1 -- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2 2001::2"
ip netns add alice1
ovs-vsctl add-port br-int alice1 -- set interface alice1 type=internal
ip link set alice1 netns alice1
ip netns exec alice1 ip link set alice1 address f0:00:00:01:02:04
ip netns exec alice1 ip link set alice1 up
ip netns exec alice1 ip addr add 172.16.1.3/24 dev alice1
ip netns exec alice1 ip -6 addr add 3001::3/64 dev alice1
ip netns exec alice1 ip route add default via 172.16.1.1 dev alice1
ip netns exec alice1 ip -6 route add default via 3001::1 dev alice1
ovs-vsctl set interface alice1 external_ids:iface-id=alice1
ovn-nbctl lsp-add alice alice1 -- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.3 3001::3"
ip netns add bob1
ip link add bob1 netns bob1 type veth peer name bob1_br
ip netns exec bob1 ip link set bob1 address f0:00:00:01:02:06
ip netns exec bob1 ip link set bob1 up
ip netns exec bob1 ip addr add 172.16.1.4/24 dev bob1
ip netns exec bob1 ip -6 addr add 3001::4/64 dev bob1
ip netns exec bob1 ip route add default via 172.16.1.2 dev bob1
ip netns exec bob1 ip -6 route add default via 3001::2 dev bob1
ip link set bob1_br up
ovs-vsctl add-port br-int bob1_br
ovs-vsctl set interface bob1_br external_ids:iface-id=bob1
ovn-nbctl lsp-add bob bob1 -- lsp-set-addresses bob1 "f0:00:00:01:02:06 172.16.1.4 3001::4"
ovn-nbctl set logical_router R2 options:lb_force_snat_ip="20.0.0.2 4000::2"
ovn-nbctl set logical_router R3 options:lb_force_snat_ip="20.0.0.3 4000::3"
# add load balancer
ovn-nbctl lb-add lb1 30.0.0.2 192.168.1.2
ovn-nbctl lb-add lb1 30.0.0.3 192.168.2.2
ovn-nbctl lb-add lb1 6010::2 2001::2
ovn-nbctl lb-add lb1 6010::3 2002::2
ovn-nbctl lr-lb-add R2 lb1
ovn-nbctl lr-lb-add R3 lb1
sleep 2
ip netns exec alice1 ping 30.0.0.1 -c 1
ip netns exec bob1 ping 30.0.0.1 -c 1
ip netns exec alice1 ping6 6010::1 -c 1
ip netns exec bob1 ping6 6010::1 -c 1
ip netns exec alice1 ping 30.0.0.2 -c 1
ip netns exec bob1 ping 30.0.0.3 -c 1
ip netns exec alice1 ping6 6010::2 -c 1
ip netns exec bob1 ping6 6010::3 -c 1
ip netns exec foo1 tcpdump -U -i foo1 -nnle -v &> foo1.log &
tcpdump_pid=$!
sleep 1
ip netns exec alice1 ping 30.0.0.2 -c 1
ip netns exec alice1 ping6 6010::2 -c 1
ovn-nbctl set load_balancer lb1 options:skip_snat=true
ip netns exec alice1 ping 30.0.0.2 -c 1
ip netns exec alice1 ping6 6010::2 -c 1
sleep 2
kill $tcpdump_pid
cat foo1.log
result on ovn-2021-host-21.03.0-21.el8fdp.x86_64:
[root@wsfd-advnetlab21 bz1927540]# rpm -qa | grep -E "openvswitch2.15|ovn"
ovn-2021-host-21.03.0-21.el8fdp.x86_64
openvswitch2.15-2.15.0-15.el8fdp.x86_64
ovn-2021-central-21.03.0-21.el8fdp.x86_64
ovn-2021-21.03.0-21.el8fdp.x86_64
+ ip netns exec alice1 ping 30.0.0.2 -c 1
PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data.
64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=0.121 ms
--- 30.0.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.121/0.121/0.121/0.000 ms
+ ip netns exec alice1 ping6 6010::2 -c 1
PING 6010::2(6010::2) 56 data bytes
64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.75 ms
--- 6010::2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.752/1.752/1.752/0.000 ms
+ ovn-nbctl set load_balancer lb1 options:skip_snat=true
+ ip netns exec alice1 ping 30.0.0.2 -c 1
PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data.
64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=0.131 ms
--- 30.0.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.131/0.131/0.131/0.000 ms
+ ip netns exec alice1 ping6 6010::2 -c 1
PING 6010::2(6010::2) 56 data bytes
64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.92 ms
--- 6010::2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.924/1.924/1.924/0.000 ms
+ sleep 2
+ kill 29629
+ cat foo1.log
dropped privs to tcpdump
tcpdump: listening on foo1, link-type EN10MB (Ethernet), capture size 262144 bytes
21:52:21.224441 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 6217, offset 0, flags [DF], proto ICMP (1), length 84)
20.0.0.2 > 192.168.1.2: ICMP echo request, id 29631, seq 1, length 64
21:52:21.224459 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 15379, offset 0, flags [none], proto ICMP (1), length 84)
192.168.1.2 > 20.0.0.2: ICMP echo reply, id 29631, seq 1, length 64
21:52:21.254644 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xc2419, hlim 62, next-header ICMPv6 (58) payload length: 64) 4000::2 > 2001::2: [icmp6 sum ok] ICMP6, echo request, seq 1
21:52:21.254683 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xedce6, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 4000::2: [icmp6 sum ok] ICMP6, echo reply, seq 1
<== snated before set skip_snat
21:52:21.297739 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 6243, offset 0, flags [DF], proto ICMP (1), length 84)
20.0.0.2 > 192.168.1.2: ICMP echo request, id 29634, seq 1, length 64
21:52:21.297760 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 15439, offset 0, flags [none], proto ICMP (1), length 84)
192.168.1.2 > 20.0.0.2: ICMP echo reply, id 29634, seq 1, length 64
21:52:21.323561 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xc2419, hlim 62, next-header ICMPv6 (58) payload length: 64) 3001::3 > 2001::2: [icmp6 sum ok] ICMP6, echo request, seq 1
21:52:21.323597 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xe1bc7, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 3001::3: [icmp6 sum ok] ICMP6, echo reply, seq 1
<=== not snated after set skip_snat=true
21:52:23.141960 f0:00:00:01:02:03 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f200:ff:fe01:203 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
source link-address option (1), length 8 (1): f0:00:00:01:02:03
9 packets captured
9 packets received by filter
0 packets dropped by kernel
set hairpin_snat_ip and skip_snat at the same time, and hairpin_snat_ip is not affected:
systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.175.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.175.25
systemctl restart ovn-controller
ip netns add server0
ip link add veth0_s0 netns server0 type veth peer name veth0_s0_p
ip netns exec server0 ip link set lo up
ip netns exec server0 ip link set veth0_s0 up
ip netns exec server0 ip link set veth0_s0 address 00:00:00:01:01:02
ip netns exec server0 ip addr add 192.168.1.1/24 dev veth0_s0
ip netns exec server0 ip -6 addr add 2001::1/64 dev veth0_s0
ip netns exec server0 ip route add default via 192.168.1.254 dev veth0_s0
ip netns exec server0 ip -6 route add default via 2001::a dev veth0_s0
ovs-vsctl add-port br-int veth0_s0_p
ip link set veth0_s0_p up
ovs-vsctl set interface veth0_s0_p external_ids:iface-id=ls1p1
ip netns exec server0 nc -l -k 1100 &
ovn-nbctl ls-add ls1
ovn-nbctl lsp-add ls1 ls1p1
ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:02 192.168.1.1 2001::1"
ovn-nbctl lr-add lr1
ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/24 2001::a/64
ovn-nbctl lsp-add ls1 ls1-lr1
ovn-nbctl lsp-set-addresses ls1-lr1 "00:00:00:00:00:01 192.168.1.254 2001::a"
ovn-nbctl lsp-set-type ls1-lr1 router
ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1
ovn-nbctl lb-add lb0-tcp4 8.8.8.8:1234 192.168.1.1:1100 tcp
ovn-nbctl ls-lb-add ls1 lb0-tcp4
ovn-nbctl set load_balancer lb0-tcp4 options:hairpin_snat_ip="8.8.8.7"
ovn-nbctl set load_balancer lb0-tcp4 options:skip_snat=true
ovn-nbctl lb-add lb0-tcp6 [8888::1]:1234 [2001::1]:1100 tcp
ovn-nbctl ls-lb-add ls1 lb0-tcp6
ovn-nbctl set load_balancer lb0-tcp6 options:hairpin_snat_ip="8888::7"
ovs-ofctl dump-flows br-int table=69
sleep 2
ip netns exec server0 tcpdump -i any -w server0.pcap &
ip netns exec server0 nc 8.8.8.8 1234 <<< h
ip netns exec server0 nc 8888::1 1234 <<< h
ovs-ofctl dump-flows br-int table=69
sleep 2
pkill tcpdump
+ ip netns exec server0 nc 8.8.8.8 1234
+ ip netns exec server0 tcpdump -i any -w server0.pcap
h
22:16:41.279560 Out 00:00:00:01:01:02 ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 7182, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.1.51364 > 8.8.8.8.1234: Flags [S], cksum 0xd1e7 (incorrect -> 0x02b0), seq 1624203772, win 29200, options [mss 1460,sackOK,TS val 114649711 ecr 0,nop,wscale 7], length 0
22:16:41.280703 In 00:00:00:00:00:01 ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 7182, offset 0, flags [DF], proto TCP (6), length 60)
8.8.8.7.51364 > 192.168.1.1.1100: Flags [S], cksum 0x0337 (correct), seq 1624203772, win 29200, options [mss 1460,sackOK,TS val 114649711 ecr 0,nop,wscale 7], length 0
<=== still snated
so skip_snat would only affect lb_force_snat_ip shown in comment 6. and won't affect hairpin_snat_ip shown in comment 7. Is it right? Verified on ovn2.13-20.12.0-104.el8fdp.x86_64: [root@wsfd-advnetlab21 bz1927540]# rpm -qa | grep ovn2.13 ovn2.13-20.12.0-104.el8fdp.x86_64 ovn2.13-host-20.12.0-104.el8fdp.x86_64 ovn2.13-central-20.12.0-104.el8fdp.x86_64 + ip netns exec alice1 ping 30.0.0.2 -c 1 [2/1912] PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=0.143 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.143/0.143/0.143/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.88 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.879/1.879/1.879/0.000 ms + ovn-nbctl --wait=hv set load_balancer lb1 options:skip_snat=true + ip netns exec alice1 ping 30.0.0.2 -c 1 PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=1.59 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.589/1.589/1.589/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.87 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.868/1.868/1.868/0.000 ms + sleep 2 + kill 35154 + cat foo1.log dropped privs to tcpdump tcpdump: listening on foo1, link-type EN10MB (Ethernet), capture size 262144 bytes 23:08:18.612799 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 31808, offset 0, flags [DF], proto ICMP (1), length 84) 20.0.0.2 > 192.168.1.2: ICMP echo request, id 35159, seq 1, length 64 23:08:18.612823 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 62390, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 20.0.0.2: ICMP echo reply, id 35159, seq 1, length 64 23:08:18.639877 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xc2419, hlim 62, next-header ICMPv6 (58) payload length: 64) 4000::2 > 2001::2: [icmp6 sum ok] ICMP6 , echo request, seq 1 23:08:18.639918 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xedce6, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 4000::2: [icmp6 sum ok] ICMP6 , echo reply, seq 1 23:08:18.703513 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 31855, offset 0, flags [DF], proto ICMP (1), length 84) 172.16.1.3 > 192.168.1.2: ICMP echo request, id 35162, seq 1, length 64 23:08:18.703553 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 40051, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 172.16.1.3: ICMP echo reply, id 35162, seq 1, length 64 23:08:18.729705 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xc2419, hlim 62, next-header ICMPv6 (58) payload length: 64) 3001::3 > 2001::2: [icmp6 sum ok] ICMP6 , echo request, seq 1 23:08:18.729745 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xe1bc7, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 3001::3: [icmp6 sum ok] ICMP6 , echo reply, seq 1 <=== not snated after skip_snat=true 23:08:19.941701 f0:00:00:01:02:03 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f200:ff:fe01:203 > ff02::2: [icmp6 sum ok] ICMP6, ro uter solicitation, length 16 source link-address option (1), length 8 (1): f0:00:00:01:02:03 9 packets captured 9 packets received by filter 0 packets dropped by kernel Verified on ovn2.13-host-20.12.0-104.el7fdp.x86_64: [root@wsfd-advnetlab16 bz1927540]# rpm -qa | grep -E "openvswitch2.13|ovn2.13" ovn2.13-host-20.12.0-104.el7fdp.x86_64 openvswitch2.13-2.13.0-90.el7fdp.x86_64 ovn2.13-central-20.12.0-104.el7fdp.x86_64 ovn2.13-20.12.0-104.el7fdp.x86_64 + ip netns exec alice1 ping 30.0.0.2 -c 1 [0/1835] PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=0.140 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.140/0.140/0.140/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.69 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.690/1.690/1.690/0.000 ms + ovn-nbctl --wait=hv set load_balancer lb1 options:skip_snat=true + ip netns exec alice1 ping 30.0.0.2 -c 1 PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=1.43 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.436/1.436/1.436/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.57 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.570/1.570/1.570/0.000 ms + sleep 2 + kill 25423 + cat foo1.log tcpdump: listening on foo1, link-type EN10MB (Ethernet), capture size 262144 bytes 23:15:12.990167 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 63042, offset 0, flags [DF], proto ICMP (1), length 84) 20.0.0.2 > 192.168.1.2: ICMP echo request, id 25427, seq 1, length 64 23:15:12.990201 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 40197, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 20.0.0.2: ICMP echo reply, id 25427, seq 1, length 64 23:15:13.019953 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (hlim 62, next-header ICMPv6 (58) payload length: 64) 4000::2 > 2001::2: [icmp6 sum ok] ICMP6, echo request, seq 1 23:15:13.020007 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 4000::2: [icmp6 sum ok] ICMP6, echo reply, seq 1 23:15:13.084375 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 63052, offset 0, flags [DF], proto ICMP (1), length 84) 172.16.1.3 > 192.168.1.2: ICMP echo request, id 25434, seq 1, length 64 23:15:13.084413 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 29325, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 172.16.1.3: ICMP echo reply, id 25434, seq 1, length 64 23:15:13.117808 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (hlim 62, next-header ICMPv6 (58) payload length: 64) 3001::3 > 2001::2: [icmp6 sum ok] ICMP6, echo request, seq 1 23:15:13.117858 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 3001::3: [icmp6 sum ok] ICMP6, echo reply, seq 1 <=== not snated after skip_snat=true 23:15:14.090046 f0:00:00:01:02:03 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f200:ff:fe01:203 > ff02::2: [icmp6 sum ok] ICMP6, ro uter solicitation, length 16 source link-address option (1), length 8 (1): f0:00:00:01:02:03 9 packets captured 9 packets received by filter 0 packets dropped by kernel Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2080 |