Bug 1936475

Summary: Change vlan-limit default value to 0 to support multiple vlans with OVN.
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Flavio Leitner <fleitner>
Component: ovn-2021Assignee: Mark Michelson <mmichels>
Status: CLOSED ERRATA QA Contact: ying xu <yinxu>
Severity: high Docs Contact:
Priority: high    
Version: FDP 20.HCC: ctrautma, jhsiao, jiji, jishi, kfida, mmichels, nusiddiq, ralongi, sputhenp
Target Milestone: ---Keywords: CustomerScenariosInitiative, Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-09 15:37:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1904141, 1990872, 1991998    

Comment 5 Mark Michelson 2021-10-18 16:44:24 UTC 
This was added to OVN in this patch:

https://github.com/ovn-org/ovn/commit/7e2c892c380aeddc4bbc9ceb5e759ee9ac62176d

The change is present in OVN 21.09.
Comment 6 Mark Michelson 2021-10-18 16:52:10 UTC 
Changing back to MODIFIED so this gets QE attention.
Comment 9 ying xu 2021-11-09 10:13:16 UTC 
reproduced on version:
ovn-2021-host-21.06.0-29.el8fdp.x86_64
ovn-2021-central-21.06.0-29.el8fdp.x86_64
ovn-2021-21.06.0-29.el8fdp.x86_64


server:
ovn-nbctl ls-add lsw1
ovn-nbctl --wait=sb add Logical-Switch lsw1 other_config vlan-passthru=true

ovn-nbctl lsp-add lsw1 lp1
ovn-nbctl lsp-set-addresses lp1 "f0:00:00:00:00:01 10.0.0.1"
ovn-nbctl lsp-add lsw1 lp2
ovn-nbctl lsp-set-addresses lp2 "f0:00:00:00:00:02 10.0.0.2"
ovs-vsctl add-port br-int vm3 -- set interface vm3 type=internal
ip netns add vm3
ip link set vm3 netns vm3
ip netns exec vm3 ip link set lo up
ip netns exec vm3 ip link set vm3 up
ip netns exec vm3 ip link set vm3 address f0:00:00:00:00:01
ip netns exec vm3 ip addr add 10.0.0.1/24 dev vm3
ovs-vsctl set Interface vm3 external_ids:iface-id=lp1
ovn-nbctl acl-add lsw1 to-lport 1000 udp drop


client:
ovs-vsctl add-port br-int vm4 -- set interface vm4 type=internal
ip netns add vm4
ip link set vm4 netns vm4
ip netns exec vm4 ip link set lo up
ip netns exec vm4 ip link set vm4 up
ip netns exec vm4 ip link set vm4 address f0:00:00:00:00:02
ip netns exec vm4 ip addr add 10.0.0.2/24 dev vm4
ovs-vsctl set Interface vm4 external_ids:iface-id=lp2


from vm4 send packet:
#! /usr/bin/python

import sys
from scapy.all import *

def main():
    conf.checkIPaddr = False
    fam,hw =get_if_raw_hwaddr(conf.iface)
    sendp(Ether(src="f0:00:00:00:00:02", dst="f0:00:00:00:00:01")/Dot1Q(vlan=1)/Dot1Q(vlan=2)/IP(src="10.0.0.2",dst="10.0.0.1")/UDP(sport=12345,dport=23456)/"aaaaaaaaaaaaaa",iface="vm4")


if __name__ == "__main__":
        main()

at this time ,vm3 also can recieve the udp packet. it didn't match acl.
# tcpdump -r vm3.pcap -nnle
reading from file vm3.pcap, link-type LINUX_SLL (Linux cooked v1)
dropped privs to tcpdump
04:22:30.089222  In f0:00:00:00:00:02 ethertype 802.1Q (0x8100), length 66: vlan 1, p 0, ethertype 802.1Q, vlan 2, p 0, ethertype IPv4, 10.0.0.2.12345 > 10.0.0.1.23456: UDP, length 14

set vlan-limit=0.then send vlan packet again.
at this time ,vm3 can't recieve the udp packet .it matched the acl.
ip netns exec vm3 tcpdump -i any -w vm3.pcap
^C0 packets captured
0 packets received by filter
0 packets dropped by kernel


verified on version:

ovn-2021-21.09.0-20.el8fdp.x86_64
ovn-2021-host-21.09.0-20.el8fdp.x86_64
ovn-2021-central-21.09.0-20.el8fdp.x86_64



no need to set vlan-limit=0,send vlan packet ,vm3 can't recieve the udp packet .it matched the acl.
ip netns exec vm3 tcpdump -i any -w vm3.pcap
^C0 packets captured
0 packets received by filter
0 packets dropped by kernel
Comment 13 errata-xmlrpc 2021-12-09 15:37:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ovn bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:5059