Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1809629

Summary:	[OVN] some icmp packets are passing through controller when pinging VM FIP in DVR environment
Product:	Red Hat Enterprise Linux Fast Datapath	Reporter:	lorenzo bianconi <lorenzo.bianconi>
Component:	ovn2.12	Assignee:	lorenzo bianconi <lorenzo.bianconi>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Jianlin Shi <jishi>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	RHEL 8.0	CC:	apevec, ctrautma, dalvarez, ffernand, jishi, jlibosva, lhh, lorenzo.bianconi, majopela, mmichels, ralongi, rsafrono, scohen
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ovn2.12-2.12.0-35.el7fdn	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:	1788193	Environment:
Last Closed:	2020-11-10 15:13:50 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1788193, 1845839
Bug Blocks:	1797685

Comment 3 Jianlin Shi 2020-03-18 10:23:17 UTC

reproduced on ovn2.12.0-33 with following steps:

on client:
#!/.bin/bash                                                                                          

systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641                                                                    
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.32.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.32.25                                        
systemctl restart ovn-controller
ip netns add server0                                                                                  
ip link add veth0_s0 netns server0 type veth peer name veth0_s0_p
ip netns exec server0 ip link set lo up                                                               
ip netns exec server0 ip link set veth0_s0 up
ip netns exec server0 ip link set veth0_s0 address 00:00:00:01:01:02
ip netns exec server0 ip addr add 192.168.1.1/24 dev veth0_s0
ip netns exec server0 ip addr add 2000::1/64 dev veth0_s0
ip netns exec server0 ip route add default via 192.168.1.254 dev veth0_s0
ip netns exec server0 ip -6 route add default via 2000::a dev veth0_s0


ovs-vsctl add-port br-int veth0_s0_p
ip link set veth0_s0_p up                                                                             
ovs-vsctl set interface veth0_s0_p external_ids:iface-id=ls1p1
ovn-nbctl ls-add ls1
ovn-nbctl lsp-add ls1 ls1p1                                                                           
ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:02 192.168.1.1"
ovn-nbctl lsp-add ls1 ls1p2                                                                           
ovn-nbctl lsp-set-addresses ls1p2 00:00:00:01:02:02
ovn-nbctl lr-add lr1                                                                                  
ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/24 2000::a/64
ovn-nbctl lsp-add ls1 ls1-lr1
ovn-nbctl lsp-set-type ls1-lr1 router                                                                 
ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1
ovn-nbctl lsp-set-addresses ls1-lr1 00:00:00:00:00:01
ovn-nbctl lsp-add ls1 ls1p3                                                                           
ovn-nbctl lsp-set-addresses ls1p3 00:00:00:01:03:02                                                   
                                                                                                      
ovn-nbctl lrp-add lr1 lr1-ls0 00:de:ad:ff:01:03 172.16.1.254/24 3000::a/64
ovn-nbctl ls-add ls0                                                                                  
ovn-nbctl lsp-add ls0 ls0-lr1                                                                         
ovn-nbctl lsp-set-addresses ls0-lr1 router                                                            
ovn-nbctl lsp-set-type ls0-lr1 router                                                                 
ovn-nbctl lsp-set-options ls0-lr1 router-port=lr1-ls0
                                                                                                      
ovn-nbctl lsp-add ls0 ln_port                                                                         
ovn-nbctl lsp-set-addresses ln_port unknown                                                           
ovn-nbctl lsp-set-type ln_port localnet                                                               
ovn-nbctl lsp-set-options ln_port network_name=nattest
                                                                                                      
ovn-nbctl set Logical_Router_Port lr1-ls0 options:redirect-chassis=hv1

ovs-vsctl add-br br-nat                            
ovs-vsctl set open . external_ids:ovn-bridge-mappings=nattest:br-nat
ip link set br-nat up                                                      
                             
ip netns add p1                      
ip link add v0_p1_p type veth peer name v0_p1 netns p1
ip netns exec p1 ip link set lo up                   
ip netns exec p1 ip link set v0_p1 up
ip netns exec p1 ip addr add 172.16.1.1/24 dev v0_p1
ip netns exec p1 ip addr add 3000::1/64 dev v0_p1
                                                                          
ovs-vsctl add-port br-nat v0_p1_p
ip link set v0_p1_p up       
ovs-vsctl add-port br-nat ens4f1          
                                     
ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.16.1.100 192.168.1.1 ls1p1 00:00:00:01:01:02
ovn-nbctl lr-nat-add lr1 dnat_and_snat 3000::100 2000::1 ls1p1 00:00:00:01:01:02

on server:

systemctl restart openvswitch
ovs-vsctl set open . external_ids:system-id=hv0 external_ids:ovn-remote=tcp:20.0.32.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.32.26
systemctl restart ovn-controller

ip netns add client0
ip link add veth0_c0 netns client0 type veth peer name veth0_c0_p
ip netns exec client0 ip link set lo up
ip netns exec client0 ip link set veth0_c0 address 00:00:00:01:02:02
ip netns exec client0 ip link set veth0_c0 up                                                         
ip netns exec client0 ip addr add 192.168.1.2/24 dev veth0_c0
ip netns exec client0 ip addr add 2000::2/64 dev veth0_c0
ip netns exec client0 ip route add default via 192.168.1.254 dev veth0_c0
ip netns exec client0 ip -6 route add default via 2000::a dev veth0_c0
                                                                                                      
ovs-vsctl add-port br-int veth0_c0_p
ip link set veth0_c0_p up
ovs-vsctl set interface veth0_c0_p external_ids:iface-id=ls1p2

ovs-vsctl add-br br-nat                                                                               
ovs-vsctl set open . external_ids:ovn-bridge-mappings=nattest:br-nat
ip link set br-nat up

ip netns add p2
ip link add v0_p2_p type veth peer name v0_p2 netns p2                                                
ip netns exec p2 ip link set lo up
ip netns exec p2 ip link set v0_p2 up                                                                 
ip netns exec p2 ip addr add 172.16.1.2/24 dev v0_p2                                                  
ip netns exec p2 ip addr add 3000::2/64 dev v0_p2                                                     
                                                                                                      
ovs-vsctl add-port br-nat v0_p2_p
ip link set v0_p2_p up
                                                                                                      
ovs-vsctl add-port br-nat ens4f4d1


[root@dell-per740-12 bz1809629]# rpm -qa | grep -E "openvswitch|ovn"                                  
kernel-kernel-networking-openvswitch-ovn-common-1.0-7.noarch                                          
openvswitch2.12-2.12.0-23.el8fdp.x86_64                                                               
ovn2.12-central-2.12.0-33.el8fdp.x86_64                                                               
ovn2.12-host-2.12.0-33.el8fdp.x86_64                                                                  
kernel-kernel-networking-openvswitch-ovn-acl-1.0-5.noarch                                             
ovn2.12-2.12.0-33.el8fdp.x86_64                                                                       
kernel-kernel-networking-openvswitch-ovn-basic-1.0-20.noarch                                          
openvswitch-selinux-extra-policy-1.0-22.el8fdp.noarch

[root@hp-dl380pg8-12 bz1809629]# rpm -qa | grep -E "openvswitch|ovn"
ovn2.12-host-2.12.0-33.el8fdp.x86_64
kernel-kernel-networking-openvswitch-ovn-common-1.0-7.noarch                                          
openvswitch2.12-2.12.0-23.el8fdp.x86_64                                                               
ovn2.12-2.12.0-33.el8fdp.x86_64
kernel-kernel-networking-openvswitch-ovn-acl-1.0-5.noarch
ovn2.12-central-2.12.0-33.el8fdp.x86_64
kernel-kernel-networking-openvswitch-ovn-basic-1.0-20.noarch
openvswitch-selinux-extra-policy-1.0-22.el8fdp.noarch

ping floating ip on server:

[root@hp-dl380pg8-12 bz1809629]# ip netns exec p2 ping 172.16.1.100 -c 3                              
PING 172.16.1.100 (172.16.1.100) 56(84) bytes of data.                                                
64 bytes from 172.16.1.100: icmp_seq=2 ttl=63 time=1.71 ms                                            
64 bytes from 172.16.1.100: icmp_seq=3 ttl=63 time=0.306 ms                                           

--- 172.16.1.100 ping statistics ---
3 packets transmitted, 2 received, 33.3333% packet loss, time 37ms                                    
rtt min/avg/max/mdev = 0.306/1.005/1.705/0.700 ms

destroy mac_binding for 172.16.1.2:

[root@dell-per740-12 bz1809629]# ovn-sbctl find mac_binding ip=172.16.1.2
_uuid               : 4d73b348-eff9-4793-a57c-105d38299483                                            
datapath            : 2c77507f-bb5b-4b03-a57a-e472a70b3598                                            
ip                  : "172.16.1.2"                                                                    
logical_port        : lr1-ls0                                                                         
mac                 : "ee:af:b4:c5:47:b6"                                                             
[root@dell-per740-12 bz1809629]# ovn-sbctl destroy mac_binding 4d73b348-eff9-4793-a57c-105d38299483

ping again:

[root@hp-dl380pg8-12 bz1809629]# ip netns exec p2 ping 172.16.1.100 -c 3                              
PING 172.16.1.100 (172.16.1.100) 56(84) bytes of data.                                                
64 bytes from 172.16.1.100: icmp_seq=2 ttl=63 time=1.70 ms                                            
64 bytes from 172.16.1.100: icmp_seq=3 ttl=63 time=0.299 ms                                           
                                                                                                      
--- 172.16.1.100 ping statistics ---                                                                  
3 packets transmitted, 2 received, 33.3333% packet loss, time 52ms                                    
rtt min/avg/max/mdev = 0.299/0.999/1.699/0.700 ms

<=== first packet lose

Verified on ovn2.12.0-36:

[root@hp-dl380pg8-12 bz1809629]# ip netns exec p2 ping 172.16.1.100 -c 3
PING 172.16.1.100 (172.16.1.100) 56(84) bytes of data.
64 bytes from 172.16.1.100: icmp_seq=1 ttl=63 time=6.13 ms                                            
64 bytes from 172.16.1.100: icmp_seq=2 ttl=63 time=1.46 ms                                            
64 bytes from 172.16.1.100: icmp_seq=3 ttl=63 time=0.248 ms                                           

--- 172.16.1.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms                                           
rtt min/avg/max/mdev = 0.248/2.611/6.125/2.533 ms

[root@dell-per740-12 bz1809629]# ovn-sbctl find mac_binding ip=172.16.1.2
_uuid               : 0fc48193-d425-4cea-aa73-d758003d90b1
datapath            : 1f102a52-1a6c-45d0-85f5-ff7baaeb6068
ip                  : "172.16.1.2"                                                                    
logical_port        : lr1-ls0                                                                         
mac                 : "0a:43:23:ec:79:f7"                                                             
[root@dell-per740-12 bz1809629]# ovn-sbctl destroy mac_binding 0fc48193-d425-4cea-aa73-d758003d90b1

[root@hp-dl380pg8-12 bz1809629]# ip netns exec p2 ping 172.16.1.100 -c 3                              
PING 172.16.1.100 (172.16.1.100) 56(84) bytes of data.                                                
64 bytes from 172.16.1.100: icmp_seq=1 ttl=63 time=4.84 ms                                            
64 bytes from 172.16.1.100: icmp_seq=2 ttl=63 time=1.59 ms                                            
64 bytes from 172.16.1.100: icmp_seq=3 ttl=63 time=0.282 ms                                           
                                                                                                      
--- 172.16.1.100 ping statistics ---                                                                  
3 packets transmitted, 3 received, 0% packet loss, time 6ms                                           
rtt min/avg/max/mdev = 0.282/2.235/4.836/1.914 ms 

<=== no packet lose

[root@hp-dl380pg8-12 bz1809629]# rpm -qa | grep -E "openvswitch|ovn"
kernel-kernel-networking-openvswitch-ovn-common-1.0-7.noarch                                          
ovn2.12-host-2.12.0-36.el8fdp.x86_64                                                                  
openvswitch2.12-2.12.0-23.el8fdp.x86_64                                                               
ovn2.12-central-2.12.0-36.el8fdp.x86_64                                                               
ovn2.12-2.12.0-36.el8fdp.x86_64                                                                       
kernel-kernel-networking-openvswitch-ovn-acl-1.0-5.noarch                                             
kernel-kernel-networking-openvswitch-ovn-basic-1.0-20.noarch                                          
openvswitch-selinux-extra-policy-1.0-22.el8fdp.noarch

Comment 4 Jianlin Shi 2020-03-19 03:07:32 UTC

also verified on rhel7 version:

[root@hp-dl380pg8-13 bz1809629]# rpm -qa | grep -E "openvswitch|ovn"                                  
openvswitch2.12-2.12.0-23.el7fdp.x86_64                                                               
ovn2.12-central-2.12.0-36.el7fdp.x86_64                                                               
openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch                                                 
ovn2.12-2.12.0-36.el7fdp.x86_64                                                                       
ovn2.12-host-2.12.0-36.el7fdp.x86_64

[root@hp-dl380pg8-13 bz1809629]# ip netns exec p2 ping 172.16.1.100 -c 3                              
PING 172.16.1.100 (172.16.1.100) 56(84) bytes of data.                                                
64 bytes from 172.16.1.100: icmp_seq=1 ttl=63 time=7.48 ms                                            
64 bytes from 172.16.1.100: icmp_seq=2 ttl=63 time=1.00 ms                                            
64 bytes from 172.16.1.100: icmp_seq=3 ttl=63 time=0.120 ms                                           
                                                                                                      
--- 172.16.1.100 ping statistics ---                                                                  
3 packets transmitted, 3 received, 0% packet loss, time 2002ms                                        
rtt min/avg/max/mdev = 0.120/2.871/7.489/3.285 ms 

[root@dell-per740-42 bz1809629]# ovn-sbctl find mac_binding ip=172.16.1.2
_uuid               : f4556e03-b56c-4c17-ba39-d7a0f4b36256
datapath            : cffdfc1c-faf6-4093-ac7c-7c7391455077
ip                  : "172.16.1.2"                                                                    
logical_port        : lr1-ls0                                                                         
mac                 : "42:a3:39:f8:eb:b6"                                                             
[root@dell-per740-42 bz1809629]# ovn-sbctl destroy mac_binding f4556e03-b56c-4c17-ba39-d7a0f4b36256

[root@hp-dl380pg8-13 bz1809629]# ip netns exec p2 ping 172.16.1.100 -c 3                              
PING 172.16.1.100 (172.16.1.100) 56(84) bytes of data.                                                
64 bytes from 172.16.1.100: icmp_seq=1 ttl=63 time=3.02 ms                                            
64 bytes from 172.16.1.100: icmp_seq=2 ttl=63 time=1.10 ms                                            
64 bytes from 172.16.1.100: icmp_seq=3 ttl=63 time=0.163 ms                                           
                                                                                                      
--- 172.16.1.100 ping statistics ---                                                                  
3 packets transmitted, 3 received, 0% packet loss, time 2002ms                                        
rtt min/avg/max/mdev = 0.163/1.430/3.025/1.191 ms 

<=== no packet loss

Comment 7 Dan Williams 2020-11-10 15:13:50 UTC

ovn2.12 has been superceded by ovn2.13.