Bug 2179942

Summary: Add FDB aging mechanism.
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Dumitru Ceara <dceara>
Component: ovn23.09Assignee: Ales Musil <amusil>
Status: MODIFIED --- QA Contact: Jianlin Shi <jishi>
Severity: unspecified Docs Contact:
Priority: medium    
Version: FDP 23.ACC: amusil, bcafarel, ctrautma, dalvarez, echaudro, jiji, ltomasbo, mmichels, ovn-bot, rhayakaw
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovn23.09-23.09.0-alpha.89.el9fdp Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2224492    

Description Dumitru Ceara 2023-03-20 12:45:23 UTC 
Description of problem:

OVN supports FDB learning on localnet ports since https://github.com/ovn-org/ovn/commit/93514df0d4c8fe7986dc5f287d7011f420d1be6d

If this is enabled it may lead to an unbounded ("very large" to be more precise) number of FDB entries to be learnt on the localnet port (usually connected to an external network).

We probably need a mechanism in place to protect OVN against that.  A potential idea is to implement FDB aging (similar to MAC binding - ARP - aging that's available since https://github.com/ovn-org/ovn/commit/1a947dd3073628d2f2655f46ee7d3db62ed15b55).
Comment 1 Bernard Cafarelli 2023-03-20 13:15:34 UTC 
For reference, bug for MAC_Binding entries aging: https://bugzilla.redhat.com/show_bug.cgi?id=2084668
Comment 2 Ales Musil 2023-05-18 11:34:45 UTC 
Patches posted u/s: https://patchwork.ozlabs.org/project/ovn/list/?series=355569
Comment 9 OVN Bot 2023-07-20 17:02:55 UTC 
ovn23.09 fast-datapath-rhel-9 clone created at https://bugzilla.redhat.com/show_bug.cgi?id=2224401
Comment 10 Mark Michelson 2023-08-15 16:58:02 UTC 
*** Bug 2224401 has been marked as a duplicate of this bug. ***