Bug 1936475
Summary: | Change vlan-limit default value to 0 to support multiple vlans with OVN. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | Flavio Leitner <fleitner> |
Component: | ovn-2021 | Assignee: | Mark Michelson <mmichels> |
Status: | CLOSED ERRATA | QA Contact: | ying xu <yinxu> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | FDP 20.H | CC: | ctrautma, jhsiao, jiji, jishi, kfida, mmichels, nusiddiq, ralongi, sputhenp |
Target Milestone: | --- | Keywords: | CustomerScenariosInitiative, Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-12-09 15:37:27 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1904141, 1990872, 1991998 |
Comment 5
Mark Michelson
2021-10-18 16:44:24 UTC
Changing back to MODIFIED so this gets QE attention. reproduced on version: ovn-2021-host-21.06.0-29.el8fdp.x86_64 ovn-2021-central-21.06.0-29.el8fdp.x86_64 ovn-2021-21.06.0-29.el8fdp.x86_64 server: ovn-nbctl ls-add lsw1 ovn-nbctl --wait=sb add Logical-Switch lsw1 other_config vlan-passthru=true ovn-nbctl lsp-add lsw1 lp1 ovn-nbctl lsp-set-addresses lp1 "f0:00:00:00:00:01 10.0.0.1" ovn-nbctl lsp-add lsw1 lp2 ovn-nbctl lsp-set-addresses lp2 "f0:00:00:00:00:02 10.0.0.2" ovs-vsctl add-port br-int vm3 -- set interface vm3 type=internal ip netns add vm3 ip link set vm3 netns vm3 ip netns exec vm3 ip link set lo up ip netns exec vm3 ip link set vm3 up ip netns exec vm3 ip link set vm3 address f0:00:00:00:00:01 ip netns exec vm3 ip addr add 10.0.0.1/24 dev vm3 ovs-vsctl set Interface vm3 external_ids:iface-id=lp1 ovn-nbctl acl-add lsw1 to-lport 1000 udp drop client: ovs-vsctl add-port br-int vm4 -- set interface vm4 type=internal ip netns add vm4 ip link set vm4 netns vm4 ip netns exec vm4 ip link set lo up ip netns exec vm4 ip link set vm4 up ip netns exec vm4 ip link set vm4 address f0:00:00:00:00:02 ip netns exec vm4 ip addr add 10.0.0.2/24 dev vm4 ovs-vsctl set Interface vm4 external_ids:iface-id=lp2 from vm4 send packet: #! /usr/bin/python import sys from scapy.all import * def main(): conf.checkIPaddr = False fam,hw =get_if_raw_hwaddr(conf.iface) sendp(Ether(src="f0:00:00:00:00:02", dst="f0:00:00:00:00:01")/Dot1Q(vlan=1)/Dot1Q(vlan=2)/IP(src="10.0.0.2",dst="10.0.0.1")/UDP(sport=12345,dport=23456)/"aaaaaaaaaaaaaa",iface="vm4") if __name__ == "__main__": main() at this time ,vm3 also can recieve the udp packet. it didn't match acl. # tcpdump -r vm3.pcap -nnle reading from file vm3.pcap, link-type LINUX_SLL (Linux cooked v1) dropped privs to tcpdump 04:22:30.089222 In f0:00:00:00:00:02 ethertype 802.1Q (0x8100), length 66: vlan 1, p 0, ethertype 802.1Q, vlan 2, p 0, ethertype IPv4, 10.0.0.2.12345 > 10.0.0.1.23456: UDP, length 14 set vlan-limit=0.then send vlan packet again. at this time ,vm3 can't recieve the udp packet .it matched the acl. ip netns exec vm3 tcpdump -i any -w vm3.pcap ^C0 packets captured 0 packets received by filter 0 packets dropped by kernel verified on version: ovn-2021-21.09.0-20.el8fdp.x86_64 ovn-2021-host-21.09.0-20.el8fdp.x86_64 ovn-2021-central-21.09.0-20.el8fdp.x86_64 no need to set vlan-limit=0,send vlan packet ,vm3 can't recieve the udp packet .it matched the acl. ip netns exec vm3 tcpdump -i any -w vm3.pcap ^C0 packets captured 0 packets received by filter 0 packets dropped by kernel Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:5059 |