Bug 2203013
| Summary: | "SNAT in separate zone from DNAT" test fails due to OVN issues | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | OVN Bot <ovn-bot> |
| Component: | ovn23.06 | Assignee: | Ales Musil <amusil> |
| Status: | CLOSED ERRATA | QA Contact: | Jianlin Shi <jishi> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | high | ||
| Version: | FDP 22.H | CC: | amusil, ctrautma, dcbw, jiji, mmichels |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovn23.06-23.06.0-beta.118.el9fdp | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-01-24 11:17:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OVN Bot
2023-05-11 04:09:52 UTC
reproducer:
systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:127.0.0.1:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=127.0.0.1
systemctl restart ovn-controller
ovn-nbctl ls-add public
ovn-nbctl lr-add r1
ovn-nbctl lrp-add r1 r1_public 00:de:ad:ff:00:01 172.16.0.1/16
ovn-nbctl lrp-add r1 r1_s1 00:de:ad:fe:00:01 173.0.1.1/24
ovn-nbctl lrp-set-gateway-chassis r1_public hv1
ovn-nbctl lb-add r1_lb 30.0.0.1 172.16.0.102
ovn-nbctl lr-lb-add r1 r1_lb
ovn-nbctl ls-add s1
ovn-nbctl lsp-add s1 s1_r1
ovn-nbctl lsp-set-type s1_r1 router
ovn-nbctl lsp-set-addresses s1_r1 router
ovn-nbctl lsp-set-options s1_r1 router-port=r1_s1
ovn-nbctl lsp-add s1 vm1
ovn-nbctl lsp-set-addresses vm1 "00:de:ad:01:00:01 173.0.1.2"
ovn-nbctl lsp-add public public_r1
ovn-nbctl lsp-set-type public_r1 router
ovn-nbctl lsp-set-addresses public_r1 router
ovn-nbctl lsp-set-options public_r1 router-port=r1_public nat-addresses=router
ovn-nbctl lr-add r2
ovn-nbctl lrp-add r2 r2_public 00:de:ad:ff:00:02 172.16.0.2/16
ovn-nbctl lrp-add r2 r2_s2 00:de:ad:fe:00:02 173.0.2.1/24
ovn-nbctl lr-nat-add r2 dnat_and_snat 172.16.0.102 173.0.2.2
ovn-nbctl lrp-set-gateway-chassis r2_public hv1
ovn-nbctl ls-add s2
ovn-nbctl lsp-add s2 s2_r2
ovn-nbctl lsp-set-type s2_r2 router
ovn-nbctl lsp-set-addresses s2_r2 router
ovn-nbctl lsp-set-options s2_r2 router-port=r2_s2
ovn-nbctl lsp-add s2 vm2
ovn-nbctl lsp-set-addresses vm2 "00:de:ad:01:00:02 173.0.2.2"
ovn-nbctl lsp-add public public_r2
ovn-nbctl lsp-set-type public_r2 router
ovn-nbctl lsp-set-addresses public_r2 router
ovn-nbctl lsp-set-options public_r2 router-port=r2_public nat-addresses=router
ovn-nbctl lr-nat-add r1 dnat_and_snat 172.16.0.101 173.0.1.2 vm1 00:00:00:01:02:03
ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal external_ids:iface-id=vm1
ip netns add vm1
ip link set vm1 netns vm1
ip netns exec vm1 ip link set vm1 address 00:de:ad:01:00:01
ip netns exec vm1 ip link set vm1 up
ip netns exec vm1 ip addr add 173.0.1.2/24 dev vm1
ip netns exec vm1 ip route add default via 173.0.1.1
ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal external_ids:iface-id=vm2
ip netns add vm2
ip link set vm2 netns vm2
ip netns exec vm2 ip link set vm2 address 00:de:ad:01:00:02
ip netns exec vm2 ip link set vm2 up
ip netns exec vm2 ip addr add 173.0.2.2/24 dev vm2
ip netns exec vm2 ip route add default via 173.0.2.1
ip netns exec vm1 ping -q -c 3 -i 0.3 -w 2 30.0.0.1
reproduced on ovn23.03-23.03.0-106.el9:
[root@kvm-03-guest20 bz2161281]# rpm -qa | grep -E "ovn23.03|openvswitch3.1"
openvswitch3.1-3.1.0-70.el9fdp.x86_64
ovn23.03-23.03.0-106.el9fdp.x86_64
ovn23.03-central-23.03.0-106.el9fdp.x86_64
ovn23.03-host-23.03.0-106.el9fdp.x86_64
[root@kvm-03-guest20 bz2161281]# ip netns exec vm1 ping 30.0.0.1 -c 1
PING 30.0.0.1 (30.0.0.1) 56(84) bytes of data.
--- 30.0.0.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
[root@kvm-03-guest20 ~]# ip netns exec vm1 tcpdump -i vm1 -nnle -v not ip6
dropped privs to tcpdump
tcpdump: listening on vm1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:13:18.197923 00:de:ad:01:00:01 > 00:de:ad:fe:00:01, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 19174, offset 0, flags [DF], proto ICMP (1), length 84)
173.0.1.2 > 30.0.0.1: ICMP echo request, id 44394, seq 1, length 64
[root@kvm-03-guest20 ~]# ip netns exec vm2 tcpdump -i vm2 -nnle -v not ip6
dropped privs to tcpdump
tcpdump: listening on vm2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:13:18.197961 00:de:ad:fe:00:02 > 00:de:ad:01:00:02, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 19174, offset 0, flags [DF], proto ICMP (1), length 84)
172.16.0.101 > 173.0.2.2: ICMP echo request, id 44394, seq 1, length 64
22:13:18.197988 00:de:ad:01:00:02 > 00:de:ad:fe:00:02, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 21675, offset 0, flags [none], proto ICMP (1), length 84)
173.0.2.2 > 172.16.0.101: ICMP echo reply, id 44394, seq 1, length 64
Verified on ovn23.06-23.06.1-60.el9:
[root@kvm-03-guest20 bz2161281]# ip netns exec vm1 ping 30.0.0.1 -c 1
PING 30.0.0.1 (30.0.0.1) 56(84) bytes of data.
64 bytes from 30.0.0.1: icmp_seq=1 ttl=62 time=14.1 ms
--- 30.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 14.093/14.093/14.093/0.000 ms
[root@kvm-03-guest20 bz2161281]# rpm -qa | grep -E "ovn23.06"
ovn23.06-23.06.1-60.el9fdp.x86_64
ovn23.06-central-23.06.1-60.el9fdp.x86_64
ovn23.06-host-23.06.1-60.el9fdp.x86_64
[root@kvm-03-guest20 ~]# ip netns exec vm1 tcpdump -i vm1 -nnle -v not ip6
dropped privs to tcpdump
tcpdump: listening on vm1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:15:40.721686 00:de:ad:01:00:01 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 173.0.1.1 tell 173.0.1.2, length 28
22:15:40.721994 00:de:ad:fe:00:01 > 00:de:ad:01:00:01, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 173.0.1.1 is-at 00:de:ad:fe:00:01, length 28
22:15:40.722003 00:de:ad:01:00:01 > 00:de:ad:fe:00:01, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 30770, offset 0, flags [DF], proto ICMP (1), length 84)
173.0.1.2 > 30.0.0.1: ICMP echo request, id 60309, seq 1, length 64
22:15:40.735753 00:de:ad:fe:00:01 > 00:de:ad:01:00:01, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 59364, offset 0, flags [none], proto ICMP (1), length 84)
30.0.0.1 > 173.0.1.2: ICMP echo reply, id 60309, seq 1, length 64
[root@kvm-03-guest20 ~]# ip netns exec vm2 tcpdump -i vm2 -nnle -v not ip6
dropped privs to tcpdump
tcpdump: listening on vm2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:15:40.726791 00:de:ad:fe:00:02 > 00:de:ad:01:00:02, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 30770, offset 0, flags [DF], proto ICMP (1), length 84)
172.16.0.101 > 173.0.2.2: ICMP echo request, id 60309, seq 1, length 64
22:15:40.726819 00:de:ad:01:00:02 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 173.0.2.1 tell 173.0.2.2, length 28
22:15:40.726890 00:de:ad:fe:00:02 > 00:de:ad:01:00:02, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 173.0.2.1 is-at 00:de:ad:fe:00:02, length 28
22:15:40.726895 00:de:ad:01:00:02 > 00:de:ad:fe:00:02, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 59364, offset 0, flags [none], proto ICMP (1), length 84)
173.0.2.2 > 172.16.0.101: ICMP echo reply, id 60309, seq 1, length 64
[root@kvm-03-guest20 bz2161281]# ovn-nbctl --wait=hv set nb_global . options:use_common_zone=true
[root@kvm-03-guest20 bz2161281]# ip netns exec vm1 ping 30.0.0.1 -c 1
PING 30.0.0.1 (30.0.0.1) 56(84) bytes of data.
--- 30.0.0.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
[root@kvm-03-guest20 ~]# ip netns exec vm1 tcpdump -i vm1 -nnle -v not ip6
dropped privs to tcpdump
tcpdump: listening on vm1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:16:51.478945 00:de:ad:01:00:01 > 00:de:ad:fe:00:01, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 10289, offset 0, flags [DF], proto ICMP (1), length 84)
173.0.1.2 > 30.0.0.1: ICMP echo request, id 4248, seq 1, length 64
[root@kvm-03-guest20 ~]# ip netns exec vm2 tcpdump -i vm2 -nnle -v not ip6
dropped privs to tcpdump
tcpdump: listening on vm2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:16:51.479685 00:de:ad:fe:00:02 > 00:de:ad:01:00:02, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 10289, offset 0, flags [DF], proto ICMP (1), length 84)
172.16.0.101 > 173.0.2.2: ICMP echo request, id 4248, seq 1, length 64
22:16:51.479707 00:de:ad:01:00:02 > 00:de:ad:fe:00:02, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 61466, offset 0, flags [none], proto ICMP (1), length 84)
173.0.2.2 > 172.16.0.101: ICMP echo reply, id 4248, seq 1, length 64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn23.06 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:0391 |