The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.
Bug 1757086 - [RHEL8] Disable conjunction flows in OVN
Summary: [RHEL8] Disable conjunction flows in OVN
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux Fast Datapath
Classification: Red Hat
Component: ovn2.11
Version: FDP 19.E
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Numan Siddique
QA Contact: ying xu
URL:
Whiteboard:
Depends On: 1756466
Blocks: 1751942
TreeView+ depends on / blocked
 
Reported: 2019-09-30 14:22 UTC by Flavio Leitner
Modified: 2020-01-21 15:21 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1756466
Environment:
Last Closed: 2020-01-21 15:21:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0169 0 None None None 2020-01-21 15:21:55 UTC

Comment 4 haidong li 2019-10-16 09:13:28 UTC 
reproduced on the old version:
[root@dell-per730-42 ovn]# rpm -qa | grep ovn
kernel-kernel-networking-openvswitch-ovn-1.0-148.noarch
ovn2.11-central-2.11.0-36.el8fdp.x86_64
ovn2.11-host-2.11.0-36.el8fdp.x86_64
ovn2.11-2.11.0-36.el8fdp.x86_64
[root@dell-per730-42 ovn]# 

[root@dell-per730-42 ovn]# ovn-nbctl acl-add s2 to-lport 1  " ip4.src == {10.0.0.4, 10.0.0.5, 10.0.0.6} && tcp.dst >= 1000 && tcp.dst <= 2000" allow
[root@dell-per730-42 ovn]# ovs-ofctl dump-flows br-int | grep conj
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(2,1/2)
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(2,1/2)
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(2,1/2)
 cookie=0x3f455c27, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,conj_id=2,tcp,metadata=0x1 actions=resubmit(,45)
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,tp_dst=0x600/0xff00 actions=conjunction(2,2/2)
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,tp_dst=2000 actions=conjunction(2,2/2)
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,tp_dst=1001 actions=conjunction(2,2/2)
 cookie=0x0, duration=9.997s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,tp_dst=1000 actions=conjunction(2,2/2)
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,tp_dst=0x3ea/0xfffe actions=conjunction(2,2/2)
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,tp_dst=0x700/0xff80 actions=conjunction(2,2/2)
 cookie=0x0, duration=9.998s, table=44, n_packets=0, n_bytes=0, idle_age=9, priority=1001,tcp,metadata=0x1,tp_dst=0x780/0xffc0 actions=conjunction(2,2/2)

======================================================================
This bug is verified on the fixed version:

[root@dell-per730-42 ovn]# rpm -qa | grep ovn
kernel-kernel-networking-openvswitch-ovn-1.0-148.noarch
ovn2.11-2.11.1-3.el8fdp.x86_64
ovn2.11-central-2.11.1-3.el8fdp.x86_64
ovn2.11-host-2.11.1-3.el8fdp.x86_64
[root@dell-per730-42 ovn]# ovn-nbctl show
switch 36ecba42-042d-4819-b785-56d6aea6f261 (s2)
    port hv0_vm00_vnet1
        addresses: ["00:de:ad:00:00:01 172.16.102.21 2001:db8:102::21"]
    port hv1_vm00_vnet1
        addresses: ["00:de:ad:01:00:01 172.16.102.11 2001:db8:102::11"]
    port hv0_vm01_vnet1
        addresses: ["00:de:ad:00:01:01 172.16.102.22 2001:db8:102::22"]
    port hv1_vm01_vnet1
        addresses: ["00:de:ad:01:01:01 172.16.102.12 2001:db8:102::12"]
[root@dell-per730-42 ovn]# ovs-ofctl dump-flows br-int | grep conj
[root@dell-per730-42 ovn]# ovn-nbctl acl-add s2 to-lport 1 "outport == \"hv0_vm01_vnet1\" && ip4.src == {10.0.0.4, 10.0.0.5, 10.0.0.6} && tcp.dst >= 1000 && tcp.dst <= 2000" allow
[root@dell-per730-42 ovn]# ovs-ofctl dump-flows br-int | grep conj
[root@dell-per730-42 ovn]# ovs-ofctl dump-flows br-int | grep conj
[root@dell-per730-42 ovn]# ovs-ofctl dump-flows br-int | grep conj
[root@dell-per730-42 ovn]# ovn-nbctl acl-add s2 to-lport 1 "outport == \"hv0_vm01_vnet1\" && ip4.src == {172.16.102.11,172.16.102.12} && tcp.dst >= 1000 && tcp.dst <= 2000" allow
[root@dell-per730-42 ovn]# ovs-ofctl dump-flows br-int | grep conj
[root@dell-per730-42 ovn]# ovs-ofctl dump-flows br-int | grep conj
[root@dell-per730-42 ovn]# ovs-ofctl dump-flows br-int | grep conj
[root@dell-per730-42 ovn]#
Comment 7 errata-xmlrpc 2020-01-21 15:21:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0169
Note You need to log in before you can comment on or make changes to this bug.