Bug 2223907
| Summary: | All traffic duplicates to tap-interfaces on the same provider network without port security enabled on the same compute node. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Alexey <akashavkin> | ||||
| Component: | python-networking-ovn | Assignee: | OSP Team <rhos-maint> | ||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | Eran Kuris <ekuris> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 16.1 (Train) | CC: | apevec, lhh, majopela, mlavalle, scohen | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2023-07-24 14:57:13 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
I recon it happens because of all version till OVN v21.03.0 unable to have special flows for learning mac and don't work with fdb table. I assume this commit fix this issue - https://github.com/ovn-org/ovn/commit/dd94f1266ca4f3c750bc59c474ea342ef3ff9983 |
Created attachment 1976470 [details] All information can be seen here Description of problem: It happens only with virtual machines in the same provider network without any security groups on their ports on the same compute node. Packets are not sending to virtual machines in this network on another compute nodes, but for such network in ovn-trace you can see that this packets must go to another compute into ports of the same network to, but it wasn't happening. (I didn't save output of trace, take my word for it.) It independent by compute node or provider network. It might different provider network without port security enabled and different compute node. The main it happens as I wrote above when VMs in the same compute node and in the same network. Version-Release number of selected component (if applicable): OVN-2.13-20.06.1 Neutron v15.1.1-0.20200611111910 How reproducible: You need create several VMs on the same compute node and the same provider network. On ports of VMs disable port security. Additional info: In the attached file I have tried to show all the points related to this problem.