Description of problem: When port security is not set for a logical port, presently OVN allows any source MAC from the logical port. But OVN doesn't learn this MAC i.e this MAC belongs to this logical port, because of which OVN doesn't deliver the traffic to that logical port if eth.dst is the MAC. More details are in this BZ - https://bugzilla.redhat.com/show_bug.cgi?id=1671809 This BZ is raised since it is a feature for OVN and QE can plan for the testing accordingly. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: See https://bugzilla.redhat.com/show_bug.cgi?id=1671809 Actual results: Expected results: Additional info:
There seems to me no requirement from any of the layered products for this RFE. Closing the BZ. we can reopen it if there is any such requirement.
Looks like we may need this feature to address this issue - https://bugzilla.redhat.com/show_bug.cgi?id=1888441 Reopening it.
tested with following script: systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.39.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.39.25 systemctl restart ovn-controller ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1p1 ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:01 192.168.1.1" unknown ovn-nbctl lsp-add ls1 ls1p2 ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:01:01:02 192.168.1.2" unknown ovn-nbctl lsp-add ls1 ls1p3 ovn-nbctl lsp-set-addresses ls1p3 "00:00:00:01:01:03 192.168.1.3" unknown ovn-nbctl lr-add lr1 ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/24 ovn-nbctl lsp-add ls1 ls1-lr1 ovn-nbctl lsp-set-addresses ls1-lr1 "00:00:00:00:00:01 192.168.1.254" ovn-nbctl lsp-set-type ls1-lr1 router ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1 ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:00:00:02 192.168.2.254/24 ovn-nbctl ls-add ls2 ovn-nbctl lsp-add ls2 ls2-lr1 ovn-nbctl lsp-set-addresses ls2-lr1 "00:00:00:00:00:02 192.168.2.254" ovn-nbctl lsp-set-type ls2-lr1 router ovn-nbctl lsp-set-options ls2-lr1 router-port=lr1-ls2 ovn-nbctl lsp-add ls2 ls2p1 ovn-nbctl lsp-set-addresses ls2p1 "00:00:00:01:02:01 192.168.2.1" ovs-vsctl add-port br-int ls1p1 -- set interface ls1p1 type=internal external_ids:iface-id=ls1p1 ovs-vsctl add-port br-int ls1p2 -- set interface ls1p2 type=internal external_ids:iface-id=ls1p2 ovs-vsctl add-port br-int ls1p3 -- set interface ls1p3 type=internal external_ids:iface-id=ls1p3 ovs-vsctl add-port br-int ls2p1 -- set interface ls2p1 type=internal external_ids:iface-id=ls2p1 ip netns add ls1p1 ip link set ls1p1 netns ls1p1 ip netns exec ls1p1 sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls1p1 ip link set ls1p1 address 00:00:00:02:01:01 ip netns exec ls1p1 ip link set ls1p1 up #ip netns exec ls1p1 ip addr add 192.168.1.1/24 dev ls1p1 ip netns exec ls1p1 ip addr add 192.168.1.5/24 dev ls1p1 ip netns exec ls1p1 ip route add default via 192.168.1.254 dev ls1p1 #ip netns exec ls1p1 ip addr add 2001::1/64 dev ls1p1 ip netns add ls1p2 ip link set ls1p2 netns ls1p2 ip netns exec ls1p2 sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls1p2 ip link set ls1p2 address 00:00:00:01:01:02 ip netns exec ls1p2 ip link set ls1p2 up ip netns exec ls1p2 ip addr add 192.168.1.2/24 dev ls1p2 #ip netns exec ls1p2 ip addr add 2001::2/64 dev ls1p2 ip netns add ls1p3 ip link set ls1p3 netns ls1p3 ip netns exec ls1p3 sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls1p3 ip link set ls1p3 address 00:00:00:01:01:03 ip netns exec ls1p3 ip link set ls1p3 up ip netns exec ls1p3 ip addr add 192.168.1.3/24 dev ls1p3 #ip netns exec ls1p3 ip addr add 2001::3/64 dev ls1p3 ip netns add ls2p1 ip link set ls2p1 netns ls2p1 ip netns exec ls2p1 sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls2p1 ip link set ls2p1 address 00:00:00:01:02:01 ip netns exec ls2p1 ip link set ls2p1 up ip netns exec ls2p1 ip addr add 192.168.2.1/24 dev ls2p1 ip netns exec ls2p1 ip route add default via 192.168.2.254 dev ls2p1 ip netns exec ls1p2 ip neigh add 192.168.1.5 lladdr 00:00:00:02:01:01 dev ls1p2 ip netns exec ls1p1 tcpdump -i any -w ls1p1.pcap & ip netns exec ls1p3 tcpdump -i any -w ls1p3.pcap & sleep 2 ip netns exec ls1p2 ping 192.168.1.5 -c 2 sleep 2 pkill tcpdump sleep 2 tcpdump -r ls1p1.pcap -nnle -v tcpdump -r ls1p3.pcap -nnle -v ip netns exec ls1p2 ip neigh del 192.168.1.5 lladdr 00:00:00:02:01:01 dev ls1p2 ip netns exec ls1p1 tcpdump -i any -w ls1p1.pcap & ip netns exec ls1p2 tcpdump -i any -w ls1p2.pcap & sleep 2 ip netns exec ls2p1 ping 192.168.1.5 -c 2 sleep 2 pkill tcpdump sleep 2 tcpdump -r ls1p1.pcap -nnle -v tcpdump -r ls1p2.pcap -nnle -v ovn-sbctl list fdb ovn-sbctl list mac_binding ip netns exec ls1p2 ip link set ls1p2 address 00:00:00:02:01:01 ip netns exec ls1p2 ip addr del 192.168.1.2/24 dev ls1p2 ip netns exec ls1p2 ip addr add 192.168.1.6/24 dev ls1p2 ip netns exec ls1p3 ip neigh add 192.168.1.6 lladdr 00:00:00:02:01:01 dev ls1p3 ip netns exec ls1p1 tcpdump -i any -w ls1p1.pcap & ip netns exec ls1p2 tcpdump -i any -w ls1p2.pcap & ip netns exec ls1p3 tcpdump -i any -w ls1p3.pcap & sleep 2 ip netns exec ls1p3 ping 192.168.1.6 -c 2 ip netns exec ls1p2 ping 192.168.1.3 -c 1 ip netns exec ls1p3 ping 192.168.1.6 -c 2 sleep 1 pkill tcpdump sleep 2 tcpdump -r ls1p1.pcap -nnle -v tcpdump -r ls1p2.pcap -nnle -v tcpdump -r ls1p3.pcap -nnle -v ovn-sbctl list fdb ovn-sbctl --all destroy fdb ip netns exec ls1p1 ip addr del 192.168.1.5/24 dev ls1p1 ip netns exec ls1p1 ip addr add 192.168.1.1/24 dev ls1p1 ip netns exec ls1p2 ip link set ls1p2 address 00:00:00:01:01:02 ip netns exec ls1p2 ip addr del 192.168.1.6/24 dev ls1p2 ip netns exec ls1p2 ip addr add 192.168.1.2/24 dev ls1p2 ip netns exec ls1p1 tcpdump -i any -w ls1p1.pcap & ip netns exec ls1p2 tcpdump -i any -w ls1p2.pcap & ip netns exec ls1p3 tcpdump -i any -w ls1p3.pcap & sleep 2 ip netns exec ls1p1 ping 192.168.1.3 -c 1 ip netns exec ls1p2 ping 192.168.1.1 -c 1 sleep 1 pkill tcpdump sleep 2 tcpdump -r ls1p1.pcap -nnle -v tcpdump -r ls1p2.pcap -nnle -v tcpdump -r ls1p3.pcap -nnle -v result on 20.12.0-24: + ip netns exec ls1p1 tcpdump -i any -w ls1p1.pcap + ip netns exec ls1p3 tcpdump -i any -w ls1p3.pcap tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes + ip netns exec ls1p2 ping 192.168.1.5 -c 2 PING 192.168.1.5 (192.168.1.5) 56(84) bytes of data. 64 bytes from 192.168.1.5: icmp_seq=1 ttl=64 time=2.37 ms 64 bytes from 192.168.1.5: icmp_seq=2 ttl=64 time=0.065 ms --- 192.168.1.5 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.065/1.220/2.376/1.156 ms + sleep 2 + pkill tcpdump 6 packets captured3 packets captured 6 packets received by filter3 packets received by filter 0 packets dropped by kernel0 packets dropped by kernel + sleep 2 + tcpdump -r ls1p1.pcap -nnle -v reading from file ls1p1.pcap, link-type LINUX_SLL (Linux cooked) 03:19:50.347250 In 00:00:00:01:01:02 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 38522, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.2 > 192.168.1.5: ICMP echo request, id 12754, seq 1, length 64 03:19:50.347334 Out 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.2 tell 192.168.1.5, length 28 03:19:50.348417 In 00:00:00:01:01:02 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.2 is-at 00:00:00:01:01:02, length 28 03:19:50.348433 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 46056, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.5 > 192.168.1.2: ICMP echo reply, id 12754, seq 1, length 64 03:19:51.349102 In 00:00:00:01:01:02 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 39163, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.2 > 192.168.1.5: ICMP echo request, id 12754, seq 2, length 64 <=== the second packet is only sent to ls1p1 as mac is already learned 03:19:51.349127 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 46586, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.5 > 192.168.1.2: ICMP echo reply, id 12754, seq 2, length 64 + tcpdump -r ls1p3.pcap -nnle -v reading from file ls1p3.pcap, link-type LINUX_SLL (Linux cooked) 03:19:50.347252 P 00:00:00:01:01:02 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 38522, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.2 > 192.168.1.5: ICMP echo request, id 12754, seq 1, length 64 <== first packet is broadcasted as mac is not learning 03:19:50.347961 B 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.2 tell 192.168.1.5, length 28 03:19:50.348418 P 00:00:00:01:01:02 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.2 is-at 00:00:00:01:01:02, length 28 ...... + ip netns exec ls1p1 tcpdump -i any -w ls1p1.pcap + sleep 2 + ip netns exec ls1p2 tcpdump -i any -w ls1p2.pcap tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes + ip netns exec ls2p1 ping 192.168.1.5 -c 2 PING 192.168.1.5 (192.168.1.5) 56(84) bytes of data. 64 bytes from 192.168.1.5: icmp_seq=1 ttl=63 time=1.35 ms 64 bytes from 192.168.1.5: icmp_seq=2 ttl=63 time=0.075 ms --- 192.168.1.5 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1003ms rtt min/avg/max/mdev = 0.075/0.717/1.359/0.642 ms + sleep 2 + pkill tcpdump 0 packets captured 0 packets received by filter 0 packets dropped by kernel 6 packets captured 6 packets received by filter 0 packets dropped by kernel + sleep 2 + tcpdump -r ls1p1.pcap -nnle -v reading from file ls1p1.pcap, link-type LINUX_SLL (Linux cooked) 03:19:57.466980 In 00:00:00:00:00:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 60306, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.2.1 > 192.168.1.5: ICMP echo request, id 12771, seq 1, length 64 <=== packet is only forwarded to ls1p1 03:19:57.467052 Out 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.5, length 28 03:19:57.467240 In 00:00:00:00:00:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 00:00:00:00:00:01, length 28 03:19:57.467251 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 58121, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.5 > 192.168.2.1: ICMP echo reply, id 12771, seq 1, length 64 03:19:58.469397 In 00:00:00:00:00:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 60787, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.2.1 > 192.168.1.5: ICMP echo request, id 12771, seq 2, length 64 03:19:58.469425 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 58281, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.5 > 192.168.2.1: ICMP echo reply, id 12771, seq 2, length 64 + tcpdump -r ls1p2.pcap -nnle -v reading from file ls1p2.pcap, link-type LINUX_SLL (Linux cooked) + ovn-sbctl list fdb _uuid : fb87b158-2f88-44bb-aeea-69a9a7991849 dp_key : 1 mac : "00:00:00:01:01:02" port_key : 2 _uuid : 7e5e5eae-d8e4-416a-8dce-033d74c0b2ae dp_key : 1 mac : "00:00:00:02:01:01" port_key : 1 <=== fdb table + ovn-sbctl list mac_binding _uuid : e2157232-0f55-41b6-8584-bb78159f4a46 datapath : 3c8286e9-036f-4476-a7f1-16676dd4e907 ip : "192.168.1.5" logical_port : lr1-ls1 mac : "00:00:00:02:01:01" + ip netns exec ls1p2 ip link set ls1p2 address 00:00:00:02:01:01 + ip netns exec ls1p2 ip addr del 192.168.1.2/24 dev ls1p2 + ip netns exec ls1p2 ip addr add 192.168.1.6/24 dev ls1p2 + ip netns exec ls1p3 ip neigh add 192.168.1.6 lladdr 00:00:00:02:01:01 dev ls1p3 + ip netns exec ls1p1 tcpdump -i any -w ls1p1.pcap + sleep 2 + ip netns exec ls1p2 tcpdump -i any -w ls1p2.pcap + ip netns exec ls1p3 tcpdump -i any -w ls1p3.pcap tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes + ip netns exec ls1p3 ping 192.168.1.6 -c 2 PING 192.168.1.6 (192.168.1.6) 56(84) bytes of data. 64 bytes from 192.168.1.6: icmp_seq=2 ttl=64 time=0.966 ms --- 192.168.1.6 ping statistics --- 2 packets transmitted, 1 received, 50% packet loss, time 1002ms rtt min/avg/max/mdev = 0.966/0.966/0.966/0.000 ms + ip netns exec ls1p2 ping 192.168.1.3 -c 1 PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data. 64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.109 ms --- 192.168.1.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.109/0.109/0.109/0.000 ms + ip netns exec ls1p3 ping 192.168.1.6 -c 2 PING 192.168.1.6 (192.168.1.6) 56(84) bytes of data. 64 bytes from 192.168.1.6: icmp_seq=1 ttl=64 time=0.096 ms 64 bytes from 192.168.1.6: icmp_seq=2 ttl=64 time=0.047 ms --- 192.168.1.6 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.047/0.071/0.096/0.025 ms + sleep 1 + pkill tcpdump 12 packets captured 12 packets received by filter 0 packets dropped by kernel 5 packets captured 5 packets received by filter 0 packets dropped by kernel 12 packets captured 12 packets received by filter 0 packets dropped by kernel + sleep 2 + tcpdump -r ls1p1.pcap -nnle -v reading from file ls1p1.pcap, link-type LINUX_SLL (Linux cooked) 03:20:04.679564 In 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 32424, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12793, seq 1, length 64 03:20:04.679640 Out 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.6 tell 192.168.1.5, length 28 03:20:04.680412 In 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.6 is-at 00:00:00:02:01:01, length 28 03:20:04.680426 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 32424, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12793, seq 1, length 64 03:20:05.681860 B 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.3 tell 192.168.1.6, length 28 + tcpdump -r ls1p2.pcap -nnle -v reading from file ls1p2.pcap, link-type LINUX_SLL (Linux cooked) 03:20:04.679926 B 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.6 tell 192.168.1.5, length 28 03:20:04.679963 Out 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.6 is-at 00:00:00:02:01:01, length 28 03:20:05.681375 In 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 32555, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12793, seq 2, length 64 03:20:05.681429 Out 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.3 tell 192.168.1.6, length 28 03:20:05.682123 In 00:00:00:01:01:03 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.3 is-at 00:00:00:01:01:03, length 28 03:20:05.682132 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 57009, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.6 > 192.168.1.3: ICMP echo reply, id 12793, seq 2, length 64 03:20:15.706087 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 63064, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.6 > 192.168.1.3: ICMP echo request, id 12803, seq 1, length 64 03:20:15.706153 In 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 33962, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo reply, id 12803, seq 1, length 64 03:20:15.731087 In 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 33974, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12804, seq 1, length 64 03:20:15.731125 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 63071, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.6 > 192.168.1.3: ICMP echo reply, id 12804, seq 1, length 64 03:20:16.731056 In 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 34710, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12804, seq 2, length 64 03:20:16.731074 Out 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 63780, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.6 > 192.168.1.3: ICMP echo reply, id 12804, seq 2, length 64 + tcpdump -r ls1p3.pcap -nnle -v reading from file ls1p3.pcap, link-type LINUX_SLL (Linux cooked) 03:20:04.679095 Out 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 32424, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12793, seq 1, length 64 03:20:04.679928 B 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.6 tell 192.168.1.5, length 28 03:20:05.681364 Out 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 32555, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12793, seq 2, length 64 03:20:05.681861 B 00:00:00:02:01:01 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.3 tell 192.168.1.6, length 28 03:20:05.681880 Out 00:00:00:01:01:03 ethertype ARP (0x0806), length 44: Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.3 is-at 00:00:00:01:01:03, length 28 03:20:05.682301 In 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 57009, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.6 > 192.168.1.3: ICMP echo reply, id 12793, seq 2, length 64 03:20:15.706101 In 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 63064, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.6 > 192.168.1.3: ICMP echo request, id 12803, seq 1, length 64 03:20:15.706148 Out 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 33962, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo reply, id 12803, seq 1, length 64 03:20:15.731076 Out 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 33974, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12804, seq 1, length 64 03:20:15.731129 In 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 63071, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.6 > 192.168.1.3: ICMP echo reply, id 12804, seq 1, length 64 03:20:16.731050 Out 00:00:00:01:01:03 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 34710, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.1.3 > 192.168.1.6: ICMP echo request, id 12804, seq 2, length 64 03:20:16.731078 In 00:00:00:02:01:01 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 63780, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.6 > 192.168.1.3: ICMP echo reply, id 12804, seq 2, length 64 + ovn-sbctl list fdb _uuid : fb87b158-2f88-44bb-aeea-69a9a7991849 dp_key : 1 mac : "00:00:00:01:01:02" port_key : 2 _uuid : 8e669962-e750-46df-a526-c7190310a9b5 dp_key : 1 mac : "00:00:00:01:01:03" port_key : 3 _uuid : 7e5e5eae-d8e4-416a-8dce-033d74c0b2ae dp_key : 1 mac : "00:00:00:02:01:01" port_key : 2 <==== "00:00:00:02:01:01" is bound to ls1p2
run stress test on 20.12.0-25. ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1p1 ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:01 192.168.1.1" unknown ovn-nbctl lsp-add ls1 ls1p2 ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:01:01:02 192.168.1.2" unknown ovn-nbctl lsp-add ls1 ls1p3 ovn-nbctl lsp-set-addresses ls1p3 "00:00:00:01:01:03 192.168.1.3" unknown for i in {4..99} do ovn-nbctl lsp-add ls1 ls1p$i ovn-nbctl lsp-set-addresses ls1p$i "00:00:00:01:01:$i" unknown ip netns add ls1p$i ovs-vsctl add-port br-int ls1p$i -- set interface ls1p$i type=internal external_ids:iface-id=ls1p$i ip link set ls1p$i netns ls1p$i ip netns exec ls1p$i ip link set ls1p$i address 00:00:00:02:01:01 ip netns exec ls1p$i sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls1p$i ip link set ls1p$i up ip netns exec ls1p$i ip addr add 192.168.1.$i/24 dev ls1p$i done ovn-nbctl lr-add lr1 ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/24 ovn-nbctl lsp-add ls1 ls1-lr1 ovn-nbctl lsp-set-addresses ls1-lr1 "00:00:00:00:00:01 192.168.1.254" ovn-nbctl lsp-set-type ls1-lr1 router ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1 ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:00:00:02 192.168.2.254/24 ovn-nbctl ls-add ls2 ovn-nbctl lsp-add ls2 ls2-lr1 ovn-nbctl lsp-set-addresses ls2-lr1 "00:00:00:00:00:02 192.168.2.254" ovn-nbctl lsp-set-type ls2-lr1 router ovn-nbctl lsp-set-options ls2-lr1 router-port=lr1-ls2 ovn-nbctl lsp-add ls2 ls2p1 ovn-nbctl lsp-set-addresses ls2p1 "00:00:00:01:02:01 192.168.2.1" ovs-vsctl add-port br-int ls1p1 -- set interface ls1p1 type=internal external_ids:iface-id=ls1p1 ovs-vsctl add-port br-int ls1p2 -- set interface ls1p2 type=internal external_ids:iface-id=ls1p2 ovs-vsctl add-port br-int ls1p3 -- set interface ls1p3 type=internal external_ids:iface-id=ls1p3 ovs-vsctl add-port br-int ls2p1 -- set interface ls2p1 type=internal external_ids:iface-id=ls2p1 ip netns add ls1p1 ip link set ls1p1 netns ls1p1 ip netns exec ls1p1 sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls1p1 ip link set ls1p1 address 00:00:00:02:01:01 ip netns exec ls1p1 ip link set ls1p1 up #ip netns exec ls1p1 ip addr add 192.168.1.1/24 dev ls1p1 ip netns exec ls1p1 ip addr add 192.168.1.5/24 dev ls1p1 ip netns exec ls1p1 ip route add default via 192.168.1.254 dev ls1p1 #ip netns exec ls1p1 ip addr add 2001::1/64 dev ls1p1 ip netns add ls1p2 ip link set ls1p2 netns ls1p2 ip netns exec ls1p2 sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls1p2 ip link set ls1p2 address 00:00:00:01:01:02 ip netns exec ls1p2 ip link set ls1p2 up ip netns exec ls1p2 ip addr add 192.168.1.2/24 dev ls1p2 #ip netns exec ls1p2 ip addr add 2001::2/64 dev ls1p2 ip netns add ls1p3 ip link set ls1p3 netns ls1p3 ip netns exec ls1p3 sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls1p3 ip link set ls1p3 address 00:00:00:01:01:03 ip netns exec ls1p3 ip link set ls1p3 up ip netns exec ls1p3 ip addr add 192.168.1.3/24 dev ls1p3 #ip netns exec ls1p3 ip addr add 2001::3/64 dev ls1p3 ip netns add ls2p1 ip link set ls2p1 netns ls2p1 ip netns exec ls2p1 sysctl -w net.ipv6.conf.all.disable_ipv6=1 ip netns exec ls2p1 ip link set ls2p1 address 00:00:00:01:02:01 ip netns exec ls2p1 ip link set ls2p1 up ip netns exec ls2p1 ip addr add 192.168.2.1/24 dev ls2p1 ip netns exec ls2p1 ip route add default via 192.168.2.254 dev ls2p1 ip netns exec ls2p1 ping 192.168.1.5 -f & ip netns exec ls1p3 ping 192.168.1.5 -f & for i in {4..99} do ip netns exec ls1p$i ping 192.168.1.2 -c 100 & done sleep 120 jobs -p | xargs kill no issue found. set VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0839
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days