Bug 2102482
| Summary: | VM is unable to ping itself via stateless DNAT on a gateway router | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | OVN Bot <ovn-bot> |
| Component: | ovn22.03 | Assignee: | lorenzo bianconi <lorenzo.bianconi> |
| Status: | CLOSED ERRATA | QA Contact: | Jianlin Shi <jishi> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | FDP 22.E | CC: | ctrautma, jiji, lorenzo.bianconi, mmichels |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovn22.03-22.03.0-61.el9fdp | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-01 15:58:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OVN Bot
2022-06-30 04:09:28 UTC
This issue is fixed in ovn22.03-22.03.0-61.el9fdp tested with following script:
systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:127.0.0.1:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=127.0.0.1
systemctl restart ovn-controller
ovn-nbctl ls-add ls1
ovn-nbctl lsp-add ls1 vm1 -- lsp-set-addresses vm1 "00:00:00:00:00:05 192.168.100.5"
ovn-nbctl lsp-add ls1 vm2 -- lsp-set-addresses vm2 "00:00:00:00:00:06 192.168.100.6"
ovn-nbctl ls-add ls-pub
ovn-nbctl lsp-add ls-pub ext-router -- lsp-set-addresses ext-router "00:00:00:00:01:02 172.18.1.2"
ovn-nbctl lr-add lr1
ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.100.1/24
ovn-nbctl lsp-add ls1 ls1-lr1 \
-- lsp-set-type ls1-lr1 router \
-- lsp-set-addresses ls1-lr1 00:00:00:00:00:01 \
-- lsp-set-options ls1-lr1 router-port=lr1-ls1
ovn-nbctl lrp-add lr1 lr1-ls-pub 00:00:00:00:01:01 172.18.1.1/24
ovn-nbctl lrp-set-gateway-chassis lr1-ls-pub hv1
ovn-nbctl lsp-add ls-pub ls-pub-lr1 \
-- lsp-set-type ls-pub-lr1 router \
-- lsp-set-addresses ls-pub-lr1 00:00:00:00:01:01 \
-- lsp-set-options ls-pub-lr1 router-port=lr1-ls-pub
#ovn-nbctl lr-nat-add lr1 snat 172.18.1.1 192.168.100.0/24
ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.18.2.10 192.168.100.6
ovn-nbctl lr-route-add lr1 0.0.0.0/0 172.18.1.2
ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal external_ids:iface-id=vm1
ip netns add vm1
ip link set vm1 netns vm1
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:05
ip netns exec vm1 ip link set vm1 up
ip netns exec vm1 ip addr add 192.168.100.5/24 dev vm1
ip netns exec vm1 ip route add default via 192.168.100.1
ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal external_ids:iface-id=vm2
ip netns add vm2
ip link set vm2 netns vm2
ip netns exec vm2 ip link set vm2 address 00:00:00:00:00:06
ip netns exec vm2 ip link set vm2 up
ip netns exec vm2 ip addr add 192.168.100.6/24 dev vm2
ip netns exec vm2 ip route add default via 192.168.100.1
ovn-nbctl --wait=hv sync
ip netns exec vm1 ping 172.18.2.10 -c 1
ip netns exec vm2 ping 172.18.2.10 -c 1
nat_uuid=$(ovn-nbctl find nat external_ip=172.18.2.10 | awk '/_uuid/{print $3}')
ovn-nbctl set nat $nat_uuid options:stateless=true
ip netns exec vm1 ping 172.18.2.10 -c 1
ip netns exec vm2 ping 172.18.2.10 -c 1
result on ovn22.03-22.03.0-62.el9:
+ ovn-nbctl --wait=hv sync
+ ip netns exec vm1 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
<=== ping failed
+ ip netns exec vm2 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
64 bytes from 172.18.2.10: icmp_seq=1 ttl=62 time=2.16 ms
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.158/2.158/2.158/0.000 ms
++ ovn-nbctl find nat external_ip=172.18.2.10
++ awk '/_uuid/{print $3}'
+ nat_uuid=293d2cba-3eea-46e1-b8bf-0594bdb3ed5a
+ ovn-nbctl set nat 293d2cba-3eea-46e1-b8bf-0594bdb3ed5a options:stateless=true
+ ip netns exec vm1 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
<=== ping still fail
+ ip netns exec vm2 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
64 bytes from 172.18.2.10: icmp_seq=1 ttl=62 time=0.051 ms
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms
[root@dell-per740-34 bz2102480]# rpm -qa | grep -E "openvswitch|ovn22.03"
kernel-kernel-networking-openvswitch-ovn-common-1.0-31.noarch
openvswitch-selinux-extra-policy-1.0-31.el9fdp.noarch
openvswitch2.17-2.17.0-30.el9fdp.x86_64
ovn22.03-22.03.0-62.el9fdp.x86_64
ovn22.03-central-22.03.0-62.el9fdp.x86_64
ovn22.03-host-22.03.0-62.el9fdp.x86_64
Loreno, could you help to check the failure?
confirmed that the packet is replied to vm1, and the ping failed because of system configuration. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn22.03 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:5796 |