Bug 1942877
Summary: | [ovn] Traffic between localnet and localport ports should be dropped | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | Daniel Alvarez Sanchez <dalvarez> |
Component: | ovn2.13 | Assignee: | lorenzo bianconi <lorenzo.bianconi> |
Status: | CLOSED ERRATA | QA Contact: | Jianlin Shi <jishi> |
Severity: | high | Docs Contact: | |
Priority: | urgent | ||
Version: | FDP 21.I | CC: | ctrautma, dcbw, ffernand, jishi, lorenzo.bianconi, ralongi |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ovn2.13-20.12.0-122.el8fdp | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-06-21 14:44:39 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Daniel Alvarez Sanchez
2021-03-25 09:24:10 UTC
Upstream patch: http://patchwork.ozlabs.org/project/ovn/patch/8008fa9867d210cf18ad31f912535f2c14e85c43.1620151078.git.lorenzo.bianconi@redhat.com/ tested with following script: systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.25 systemctl restart ovn-controller ovs-vsctl add-br br-phys ip link set br-phys up ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys ovn-nbctl ls-add ls \ -- lsp-add ls lp \ -- lsp-set-type lp localport \ -- lsp-set-addresses lp "00:00:00:00:00:01 10.0.0.1 2001::1" \ -- lsp-add ls ln \ -- lsp-set-type ln localnet \ -- lsp-set-addresses ln unknown \ -- lsp-set-options ln network_name=phys \ -- lsp-add ls lsp \ -- lsp-set-addresses lsp "00:00:00:00:00:02 10.0.0.2 2001::2" ovs-vsctl add-port br-int lp -- set interface lp type=internal external_ids:iface-id=lp ip netns add lp ip link set lp netns lp ip netns exec lp ip link set lp address 00:00:00:00:00:01 ip netns exec lp ip link set lp up ip netns exec lp ip addr add 10.0.0.1/24 dev lp ip netns exec lp ip addr add 2001::1/64 dev lp ovn-nbctl --wait=hv sync ovs-vsctl add-port br-int lsp -- set interface lsp type=internal external_ids:iface-id=lsp options:tx_pcap=lsp.pcap options:rxq_pcap=lsp-rx.pcap ip netns add lsp ip link set lsp netns lsp ip netns exec lsp ip link set lsp address 00:00:00:00:00:02 ip netns exec lsp ip link set lsp up ip netns exec lsp ip addr add 10.0.0.2/24 dev lsp ip netns exec lsp ip addr add 2001::2/64 dev lsp ovs-vsctl add-port br-phys ext1 -- set interface ext1 type=internal ip netns add ext1 ip link set ext1 netns ext1 ip netns exec ext1 ip link set ext1 up ip netns exec ext1 ip addr add 10.0.0.101/24 dev ext1 ip netns exec ext1 ip addr add 2001::101/64 dev ext1 sleep 2 ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 ip netns exec lsp ping 10.0.0.101 -c 1 ip netns exec lsp ping6 2001::101 -c 1 reproduced on ovn2.13-20.12.0-104: [root@dell-per740-12 bz1942877]# rpm -qa | grep -E "openvswitch2.13|ovn2.13" openvswitch2.13-2.13.0-96.el7fdp.x86_64 ovn2.13-20.12.0-104.el7fdp.x86_64 ovn2.13-host-20.12.0-104.el7fdp.x86_64 ovn2.13-central-20.12.0-104.el7fdp.x86_64 + ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.28 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.289/1.289/1.289/0.000 ms + ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.066 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.066/0.066/0.066/0.000 ms + ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 PING 2001::1(2001::1) 56 data bytes 64 bytes from 2001::1: icmp_seq=1 ttl=64 time=1.22 ms --- 2001::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.221/1.221/1.221/0.000 ms + ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.068 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.068/0.068/0.068/0.000 ms <=== traffic between localnet and localport passed + ip netns exec lsp ping 10.0.0.101 -c 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.891 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.891/0.891/0.891/0.000 ms + ip netns exec lsp ping6 2001::101 -c 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=1.14 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.148/1.148/1.148/0.000 ms Verified on ovn2.13-20.12.0-135: [root@dell-per740-12 bz1942877]# rpm -qa | grep -E "openvswitch2.13|ovn2.13" openvswitch2.13-2.13.0-96.el7fdp.x86_64 ovn2.13-20.12.0-135.el7fdp.x86_64 ovn2.13-central-20.12.0-135.el7fdp.x86_64 ovn2.13-host-20.12.0-135.el7fdp.x86_64 + ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. --- 10.0.0.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. --- 10.0.0.101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 PING 2001::1(2001::1) 56 data bytes --- 2001::1 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms + ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 PING 2001::101(2001::101) 56 data bytes --- 2001::101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms <== traffic between localnet and localport failed + ip netns exec lsp ping 10.0.0.101 -c 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=1.00 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.007/1.007/1.007/0.000 ms + ip netns exec lsp ping6 2001::101 -c 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=1.37 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.370/1.370/1.370/0.000 ms Verified on ovn-2021-21.03.0-40.el8fdp.x86_64: [root@dell-per730-03 bz1942877]# rpm -qa | grep -E "openvswitch2.15|ovn-2021" openvswitch2.15-2.15.0-23.el8fdp.x86_64 ovn-2021-central-21.03.0-40.el8fdp.x86_64 ovn-2021-21.03.0-40.el8fdp.x86_64 ovn-2021-host-21.03.0-40.el8fdp.x86_64 + ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. --- 10.0.0.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. --- 10.0.0.101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 PING 2001::1(2001::1) 56 data bytes --- 2001::1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 PING 2001::101(2001::101) 56 data bytes --- 2001::101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lsp ping 10.0.0.101 -c 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.749 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.749/0.749/0.749/0.000 ms + ip netns exec lsp ping6 2001::101 -c 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.611 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.611/0.611/0.611/0.000 ms reproduced on ovn2.13-20.12.0-104.el8: [root@dell-per730-03 bz1942877]# rpm -qa | grep -E "openvswitch2.15|ovn2.13" openvswitch2.15-2.15.0-23.el8fdp.x86_64 ovn2.13-host-20.12.0-104.el8fdp.x86_64 ovn2.13-central-20.12.0-104.el8fdp.x86_64 ovn2.13-20.12.0-104.el8fdp.x86_64 + ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.686 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.686/0.686/0.686/0.000 ms + ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.034 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.034/0.034/0.034/0.000 ms + ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 PING 2001::1(2001::1) 56 data bytes 64 bytes from 2001::1: icmp_seq=1 ttl=64 time=0.476 ms --- 2001::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.476/0.476/0.476/0.000 ms + ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.028 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.028/0.028/0.028/0.000 ms + ip netns exec lsp ping 10.0.0.101 -c 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.436 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.436/0.436/0.436/0.000 ms + ip netns exec lsp ping6 2001::101 -c 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.562 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.562/0.562/0.562/0.000 ms Verified on ovn2.13-20.12.0-135.el8: + ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. --- 10.0.0.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. --- 10.0.0.101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 PING 2001::1(2001::1) 56 data bytes --- 2001::1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 PING 2001::101(2001::101) 56 data bytes --- 2001::101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lsp ping 10.0.0.101 -c 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.742 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.742/0.742/0.742/0.000 ms + ip netns exec lsp ping6 2001::101 -c 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.576 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.576/0.576/0.576/0.000 ms Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2507 |