Bug 2066551

Summary: --may-exist doesn't work well when used with --stateless
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Jianlin Shi <jishi>
Component: ovn-2021Assignee: lorenzo bianconi <lorenzo.bianconi>
Status: CLOSED ERRATA QA Contact: Jianlin Shi <jishi>
Severity: medium Docs Contact:
Priority: medium    
Version: FDP 22.BCC: ctrautma, jiji, lorenzo.bianconi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-06-30 17:59:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jianlin Shi 2022-03-22 03:52:10 UTC 
Description of problem:
--may-exist doesn't work well when used with --stateless

Version-Release number of selected component (if applicable):
ovn-2021-21.12.0-32.el8

How reproducible:
Always

Steps to Reproduce:

systemctl start openvswitch                          
systemctl start ovn-northd                                                                            
ovn-nbctl set-connection ptcp:6641                                                                    
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.178.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.178.25
systemctl restart ovn-controller
        
ovn-nbctl lr-add r1
ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10
ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10

Actual results:
+ ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10              
+ ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10              
ovn-nbctl: 172.16.1.10, 192.168.1.10: External ip cannot be shared across stateless and stateful NATs 

Expected results:
pass

Additional info:


[root@wsfd-advnetlab16 nat_test]# rpm -qa | grep -E "openvswitch2.15|ovn-2021"
ovn-2021-21.12.0-32.el8fdp.x86_64
openvswitch2.15-2.15.0-84.el8fdp.x86_64                                                               
ovn-2021-host-21.12.0-32.el8fdp.x86_64
ovn-2021-central-21.12.0-32.el8fdp.x86_64
python3-openvswitch2.15-2.15.0-84.el8fdp.x86_64
Comment 1 lorenzo bianconi 2022-04-11 17:21:35 UTC 
upstream patch: https://patchwork.ozlabs.org/project/ovn/patch/176d789ffd7c7ecda1350694799c6411f2b27d11.1649697218.git.lorenzo.bianconi@redhat.com/
Comment 4 Jianlin Shi 2022-06-06 07:57:53 UTC 
Verified on ovn22.03-22.03.0-52:

[root@dell-per740-12 bz2066551]# rpm -qa | grep -E "openvswitch2.15|ovn22.03"
ovn22.03-22.03.0-52.el8fdp.x86_64
ovn22.03-central-22.03.0-52.el8fdp.x86_64
openvswitch2.15-2.15.0-104.el8fdp.x86_64
ovn22.03-host-22.03.0-52.el8fdp.x86_64

+ systemctl start openvswitch
+ systemctl start ovn-northd
+ ovn-nbctl set-connection ptcp:6641
+ ovn-sbctl set-connection ptcp:6642
+ ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.39.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.39.25
+ systemctl restart ovn-controller
+ ovn-nbctl lr-add r1
+ ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10
+ ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10

[root@dell-per740-12 bz2066551]# ovn-nbctl list nat
_uuid               : 2007afd9-13d2-4abe-86c2-6a41222e7cac
allowed_ext_ips     : []
exempted_ext_ips    : []
external_ids        : {}
external_ip         : "172.16.1.10"
external_mac        : []
external_port_range : ""
logical_ip          : "192.168.1.10"
logical_port        : []
options             : {stateless="true"}
type                : dnat_and_snat
Comment 5 Jianlin Shi 2022-06-06 07:59:19 UTC 
Verified on ovn-2021-21.12.0-73:

[root@dell-per740-12 bz2066551]# rpm -qa | grep ovn
ovn-2021-central-21.12.0-73.el8fdp.x86_64
ovn-2021-21.12.0-73.el8fdp.x86_64
ovn-2021-host-21.12.0-73.el8fdp.x86_64

+ systemctl start openvswitch
+ systemctl start ovn-northd
+ ovn-nbctl set-connection ptcp:6641
+ ovn-sbctl set-connection ptcp:6642
+ ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.39.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.39.25
+ systemctl restart ovn-controller
+ ovn-nbctl lr-add r1
+ ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10
+ ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10
[root@dell-per740-12 bz2066551]# ovn-nbctl list nat
_uuid               : d3c76547-a63e-4dfe-b347-922688a86eb4
allowed_ext_ips     : []
exempted_ext_ips    : []
external_ids        : {}
external_ip         : "172.16.1.10"
external_mac        : []
external_port_range : ""
logical_ip          : "192.168.1.10"
logical_port        : []
options             : {stateless="true"}
type                : dnat_and_snat
Comment 6 Jianlin Shi 2022-06-07 07:13:43 UTC 
also verified on ovn22.03-22.03.0-52.el9:

+ systemctl start openvswitch
+ systemctl start ovn-northd
+ ovn-nbctl set-connection ptcp:6641
+ ovn-sbctl set-connection ptcp:6642
+ ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.39.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.39.25
+ systemctl restart ovn-controller
+ ovn-nbctl lr-add r1
+ ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10
+ ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10
[root@wsfd-advnetlab18 bz2066551]# ovn-nbctl list nat
_uuid               : d74c7b02-15d0-4469-8e8b-36a2ca68bb06
allowed_ext_ips     : []
exempted_ext_ips    : []
external_ids        : {}
external_ip         : "172.16.1.10"
external_mac        : []
external_port_range : ""
logical_ip          : "192.168.1.10"
logical_port        : []
options             : {stateless="true"}
type                : dnat_and_snat
[root@wsfd-advnetlab18 bz2066551]# rpm -qa | grep -E "openvswitch|ovn"
ovn22.03-22.03.0-52.el9fdp.x86_64
openvswitch-selinux-extra-policy-1.0-31.el9fdp.noarch
openvswitch2.17-2.17.0-21.el9fdp.x86_64
ovn22.03-central-22.03.0-52.el9fdp.x86_64
ovn22.03-host-22.03.0-52.el9fdp.x86_64
Comment 8 errata-xmlrpc 2022-06-30 17:59:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ovn bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:5446