1813046 – Health check for load balancer is broken if ACLs are defined

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1813046 - Health check for load balancer is broken if ACLs are defined

Summary: Health check for load balancer is broken if ACLs are defined

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	ovn2.13
Sub Component:
Version:	RHEL 7.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Numan Siddique
QA Contact:	ying xu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1813050
TreeView+	depends on / blocked

Reported:	2020-03-12 19:30 UTC by Numan Siddique
Modified:	2020-07-08 08:47 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1813050 (view as bug list)
Environment:
Last Closed:	2020-03-23 11:41:48 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:0925	0	None	None	None	2020-03-23 11:41:57 UTC

Description Numan Siddique 2020-03-12 19:30:45 UTC

Description of problem:

The service monitor packets generated by ovn-controller are dropped by ovs-vswitchd if the packet goes through conntrack.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 5 ying xu 2020-03-16 05:02:35 UTC

Hi, numan,
could you help me to reproduce it? I have no idea how to reproduce it.
Thanks!

Comment 6 Numan Siddique 2020-03-16 09:41:44 UTC

Hi Ying Xu,

This is the patch which fixes the issue - https://github.com/ovn-org/ovn/commit/cd4843cf10ff6e85dd8599a6345acf2c1be7b53c#diff-97d4cf929e4894ef95c4bfde3f896c34

And if you see changes in tests/ovn.at or tests/system-ovn.at, you need to add similar port groups/ACLs to the existing health check tests to reproduce it.

Please let me know if you've face any issues.

Thanks

Comment 7 ying xu 2020-03-18 10:24:12 UTC

reproduced on version:
# rpm -qa|grep ovn
ovn2.13-2.13.0-0.20200217git7886ac9.el8fdp.el8fdp.x86_64
ovn2.13-host-2.13.0-0.20200217git7886ac9.el8fdp.el8fdp.x86_64
ovn2.13-central-2.13.0-0.20200217git7886ac9.el8fdp.el8fdp.x86_64

the reproducer :/kernel/networking/openvswitch/ovn/load_balance

before the acl:
Running 'ovn-sbctl list service_monitor'
_uuid               : e436cd11-526e-4e3d-af3c-25f78bf94485
external_ids        : {}
ip                  : "172.16.103.11"
logical_port        : hv0_vm00_vnet1
options             : {failure_count="3", interval="5", success_count="3", timeout="20"}
port                : 80
protocol            : tcp
src_ip              : "172.16.103.1"
src_mac             : "fe:a0:65:a2:01:03"
status              : online
after the acl:
Running 'ovn-sbctl list service_monitor'
_uuid               : e436cd11-526e-4e3d-af3c-25f78bf94485
external_ids        : {}
ip                  : "172.16.103.11"
logical_port        : hv0_vm00_vnet1
options             : {failure_count="3", interval="5", success_count="3", timeout="20"}
port                : 80
protocol            : tcp
src_ip              : "172.16.103.1"
src_mac             : "fe:a0:65:a2:01:03"
status              : offline                         ------------------health check dropped



verified on version:
# rpm -qa|grep ovn
ovn2.13-host-2.13.0-4.el8fdp.x86_64
ovn2.13-central-2.13.0-4.el8fdp.x86_64
ovn2.13-2.13.0-4.el8fdp.x86_64

after acl:

Running 'ovn-sbctl list service_monitor'
_uuid               : 0b4ef763-74cd-4bb5-8510-a4942856f553
external_ids        : {}
ip                  : "172.16.103.11"
logical_port        : hv0_vm00_vnet1
options             : {failure_count="3", interval="5", success_count="3", timeout="20"}
port                : 80
protocol            : tcp
src_ip              : "172.16.103.1"
src_mac             : "fe:a0:65:a2:01:03"
status              : online                          ------------------------also online, health check works!

Comment 9 errata-xmlrpc 2020-03-23 11:41:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0925

Note You need to log in before you can comment on or make changes to this bug.