Bug 1858878 - [OVN] Port range filtering sometimes does not allow traffic to the entire range
Summary: [OVN] Port range filtering sometimes does not allow traffic to the entire range
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux Fast Datapath
Classification: Red Hat
Component: ovn2.13
Version: RHEL 8.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: ---
Assignee: Numan Siddique
QA Contact: Jianlin Shi
URL:
Whiteboard:
Depends On:
Blocks: 1842876
TreeView+ depends on / blocked
 
Reported: 2020-07-20 16:39 UTC by Numan Siddique
Modified: 2020-10-27 09:49 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 09:49:12 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4356 None None None 2020-10-27 09:49:48 UTC

Description Numan Siddique 2020-07-20 16:39:46 UTC
This bug was initially created as a copy of Bug #1842876

I am copying this bug because: 



Description of problem:

Etcd leader change is happening more constantly causing the Network Policy tests
to fail. The tests failed in different points, but with the following errors:

should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy-10] [BeforeEach]
    /home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:488

    Jun  1 22:12:08.856: Pod did not finish as expected.
    Unexpected error:
        <*errors.StatusError | 0xc0013c4c80>: {
            ErrStatus: {
                TypeMeta: {Kind: "", APIVersion: ""},
                ListMeta: {
                    SelfLink: "",
                    ResourceVersion: "",
                    Continue: "",
                    RemainingItemCount: nil,
                },
                Status: "Failure",
                Message: "rpc error: code = Unavailable desc = etcdserver: leader changed",
                Reason: "",
                Details: nil,
                Code: 500,
            },
        }
        rpc error: code = Unavailable desc = etcdserver: leader changed
    occurred

 should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy-08] [BeforeEach]
    /home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:382

    Jun  1 22:16:30.619: Pod did not finish as expected.
    Unexpected error:
        <*url.Error | 0xc002f52360>: {
            Op: "Get",
            URL: "https://api.ostest.shiftstack.com:6443/api/v1/namespaces/network-policy-7642/pods/client-can-connect-80-4gp4f",
            Err: {s: "EOF"},
        }
        Get https://api.ostest.shiftstack.com:6443/api/v1/namespaces/network-policy-7642/pods/client-can-connect-80-4gp4f: EOF
    occurred

The list of failed tests is:

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [BeforeEach] should allow ingress access on one named port [Feature:NetworkPolicy-12] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:62

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [BeforeEach] should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy-05] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:62

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [BeforeEach] should support a 'default-deny' policy [Feature:NetworkPolicy-01] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:62

[Fail] [sig-network] NetworkPolicy [LinuxOnly] [BeforeEach] NetworkPolicy between server and client should allow egress access to server in CIDR block [Feature:NetworkPolicy-22] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:210

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [BeforeEach] should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy-02] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:62

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [It] should allow ingress access from updated pod [Feature:NetworkPolicy-17] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:1427

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [BeforeEach] should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy-10] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:1427

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [BeforeEach] should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:Net
workPolicy-18] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:62

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [BeforeEach] should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:Networ
kPolicy-08] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:1427

[Fail] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client [BeforeEach] should support allow-all policy [Feature:NetworkPolicy-11] 
/home/stack/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/network/network_policy.go:62

Ran 23 of 4843 Specs in 8205.748 seconds
FAIL! -- 13 Passed | 10 Failed | 0 Pending | 4820 Skipped

Version-Release number of selected component (if applicable):
Red Hat OpenStack Platform release 16.0.2 (Train)
4.3.0-0.nightly-2020-06-01-043839
Octavia Amphoras + Ceph + OVN are used.

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Numan Siddique 2020-08-20 08:40:14 UTC
Submitted the patch for review - https://patchwork.ozlabs.org/project/openvswitch/patch/20200820083912.3240721-1-numans@ovn.org/

Comment 2 Maysa Macedo 2020-08-28 14:29:06 UTC
The etcd issue reported here didn't happen when using the patch attached in this BZ combine with this patch https://patchwork.ozlabs.org/project/openvswitch/patch/20200826114143.2696189-1-numans@ovn.org/.
It was tested with OpenShift 4.5 and 4.6 on Red Hat OpenStack Platform release 16.1.1 GA (Train) with the custom ovn build.

Comment 7 Jianlin Shi 2020-09-17 03:23:28 UTC
test with following script:

systemctl start openvswitch                                           
systemctl start ovn-northd                                 
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642                                    
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.1.19:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.1.19
systemctl restart ovn-controller
                   
ovn-nbctl ls-add sw0           
ovn-nbctl lsp-add sw0 sw0-p1                                     
ovn-nbctl lsp-set-addresses sw0-p1 "10:14:00:00:00:03 10.0.0.3"
ovn-nbctl lsp-set-port-security sw0-p1 "10:14:00:00:00:03 10.0.0.3"

ovn-nbctl lsp-add sw0 sw0-p2
ovn-nbctl lsp-set-addresses sw0-p2 "10:14:00:00:00:04 10.0.0.4"
ovn-nbctl lsp-set-port-security sw0-p2 "10:14:00:00:00:04 10.0.0.4"
                                          
ovn-nbctl lsp-add sw0 sw0-p3                           
ovn-nbctl lsp-set-addresses sw0-p3 "10:14:00:00:00:05 10.0.0.5"
ovn-nbctl lsp-set-port-security sw0-p3 "10:14:00:00:00:05 10.0.0.5"
                                
ovn-nbctl lsp-add sw0 sw0-p4                                     
ovn-nbctl lsp-set-addresses sw0-p4 "10:14:00:00:00:06 10.0.0.6"
ovn-nbctl lsp-set-port-security sw0-p4 "10:14:00:00:00:06 10.0.0.6"

ovs-vsctl add-port br-int sw0-p1 -- set interface sw0-p1 type=internal
ovs-vsctl set interface sw0-p1 external_ids:iface-id=sw0-p1
                                                                 
ovs-vsctl add-port br-int sw0-p2 -- set interface sw0-p2 type=internal
ovs-vsctl set interface sw0-p2 external_ids:iface-id=sw0-p2

ovs-vsctl add-port br-int sw0-p3 -- set interface sw0-p3 type=internal
ovs-vsctl set interface sw0-p3 external_ids:iface-id=sw0-p3

ovs-vsctl add-port br-int sw0-p4 -- set interface sw0-p4 type=internal                                
ovs-vsctl set interface sw0-p4 external_ids:iface-id=sw0-p4
                                  
ip netns add sw0-p1                                                                                  
ip link set sw0-p1 netns sw0-p1               
ip netns exec sw0-p1 ip link set sw0-p1 address 10:14:00:00:00:03                    
ip netns exec sw0-p1 ip link set sw0-p1 up
ip netns exec sw0-p1 ip addr add 10.0.0.3/24 dev sw0-p1
ip netns add sw0-p2                                            
ip link set sw0-p2 netns sw0-p2                                    
ip netns exec sw0-p2 ip link set sw0-p2 address 10:14:00:00:00:04
ip netns exec sw0-p2 ip link set sw0-p2 up             
ip netns exec sw0-p2 ip addr add 10.0.0.4/24 dev sw0-p2        
                                                                   
ip netns add sw0-p3             
ip link set sw0-p3 netns sw0-p3                                  
ip netns exec sw0-p3 ip link set sw0-p3 address 10:14:00:00:00:05
ip netns exec sw0-p3 ip link set sw0-p3 up                         
ip netns exec sw0-p3 ip addr add 10.0.0.5/24 dev sw0-p3
                                                                      
ip netns add sw0-p4                                        
ip link set sw0-p4 netns sw0-p4                                  
ip netns exec sw0-p4 ip link set sw0-p4 address 10:14:00:00:00:06     
ip netns exec sw0-p4 ip link set sw0-p4 up                 
ip netns exec sw0-p4 ip addr add 10.0.0.6/24 dev sw0-p4
                                                                      
                                                           
ovn-sbctl show
                                                                                                      
ovn-nbctl create Address_Set name=set1 addresses="\"10.0.0.3\",\"10.0.0.4\",\"10.0.0.5\",\"10.0.0.6\""
                                  
ovn-nbctl pg-add pg0 sw0-p1 sw0-p2                                                                   
#ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && tcp.dst >= 80 && tcp.dst <= 82" allow
ovn-nbctl acl-add pg0 to-lport 1001 "ip4" drop                                       
ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && ip4.src==\$set1" allow
ovn-nbctl --wait=hv sync                               
ip netns exec sw0-p1 ping 10.0.0.4 &> ping.log &
sleep 5            
                               
                                                                 
ovs-ofctl dump-flows br-int table=44      
                                                       
ovn-nbctl pg-set-ports pg0 sw0-p1 sw0-p2 sw0-p3
ovn-nbctl --wait=hv sync            
ovs-ofctl dump-flows br-int table=44
                                                                 
ovs-vsctl set open . external_ids:ovn-enable-lflow-cache=false
ovn-nbctl pg-set-ports pg0 sw0-p1 sw0-p2 sw0-p3 sw0-p4 
ovn-nbctl --wait=hv sync            
ovs-ofctl dump-flows br-int table=44
                               
pkill -2 ping

reproduced on ovn20.06.2-4:

[root@wsfd-advnetlab19 bz1858878]# rpm -qa | grep -E "openvswitch|ovn"
ovn2.13-host-20.06.2-4.el7fdp.x86_64
openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch                 
kernel-kernel-networking-openvswitch-ovn-common-1.0-8.noarch
ovn2.13-central-20.06.2-4.el7fdp.x86_64                          
openvswitch2.13-2.13.0-48.el7fdp.x86_64                               
ovn2.13-20.06.2-4.el7fdp.x86_64

+ ovs-ofctl dump-flows br-int table=44                                                                                                  
 cookie=0x4a1d5450, duration=5.020s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=f2:15:96:8a:64:0d actions=resubmit(,45)
 cookie=0x0, duration=5.020s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.020s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.019s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.019s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.019s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0x0, duration=5.019s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0x56e29bc1, duration=5.019s, table=44, n_packets=10, n_bytes=980, priority=2002,conj_id=2,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0x65d5b7, duration=5.020s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0xab4e24f7, duration=5.019s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)
+ ovn-nbctl pg-set-ports pg0 sw0-p1 sw0-p2 sw0-p3              
+ ovn-nbctl --wait=hv sync                                            
+ ovs-ofctl dump-flows br-int table=44
 cookie=0x4a1d5450, duration=5.063s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=f2:15:96:8a:64:0d actions=resubmit(,45)
 cookie=0x0, duration=5.063s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.063s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.062s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.062s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.062s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0x0, duration=5.062s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0x0, duration=0.026s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x3,metadata=0x1 actions=conjunction(3,2/2)

<==== conjunction changed

 cookie=0x56e29bc1, duration=0.026s, table=44, n_packets=2, n_bytes=196, priority=2002,conj_id=3,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0x65d5b7, duration=5.063s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0xab4e24f7, duration=5.062s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)                                          
+ ovs-vsctl set open . external_ids:ovn-enable-lflow-cache=false
+ ovn-nbctl pg-set-ports pg0 sw0-p1 sw0-p2 sw0-p3 sw0-p4                                             
+ ovn-nbctl --wait=hv sync                    
+ ovs-ofctl dump-flows br-int table=44                                               
 cookie=0x4a1d5450, duration=5.118s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=f2:15:96:8a:64:0d actions=resubmit(,45)
 cookie=0x0, duration=5.118s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(4,1/2)
 cookie=0x0, duration=5.118s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(4,1/2)
 cookie=0x0, duration=5.117s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(4,1/2)
 cookie=0x0, duration=5.117s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(4,1/2)
 cookie=0x0, duration=0.081s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x3,metadata=0x1 actions=conjunction(4,2/2)
 cookie=0x0, duration=5.117s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(4,2/2)
 cookie=0x0, duration=5.117s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(4,2/2)
 cookie=0x0, duration=0.026s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x4,metadata=0x1 actions=conjunction(4,2/2)
 cookie=0x56e29bc1, duration=0.026s, table=44, n_packets=0, n_bytes=0, priority=2002,conj_id=4,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0x65d5b7, duration=5.118s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0xab4e24f7, duration=5.117s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)
+ pkill -2 ping

Verified on ovn20.06.2-11:

[root@wsfd-advnetlab19 bz1858878]# rpm -qa | grep -E "openvswitch|ovn"
openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch
kernel-kernel-networking-openvswitch-ovn-common-1.0-8.noarch
ovn2.13-20.06.2-11.el7fdp.x86_64
ovn2.13-host-20.06.2-11.el7fdp.x86_64
openvswitch2.13-2.13.0-48.el7fdp.x86_64
ovn2.13-central-20.06.2-11.el7fdp.x86_64

+ ovs-ofctl dump-flows br-int table=44
 cookie=0x49a6562b, duration=5.021s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=0e:ff:46:6f:bf:cc actions=resubmit(,45)
 cookie=0x0, duration=5.021s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.021s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.020s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.019s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.020s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0x0, duration=5.020s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0xc53873df, duration=5.020s, table=44, n_packets=10, n_bytes=980, priority=2002,conj_id=2,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0x2bb912e6, duration=5.021s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0x7e3b6e84, duration=5.020s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)
+ ovn-nbctl pg-set-ports pg0 sw0-p1 sw0-p2 sw0-p3
+ ovn-nbctl --wait=hv sync
+ ovs-ofctl dump-flows br-int table=44
 cookie=0x49a6562b, duration=5.065s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=0e:ff:46:6f:bf:cc actions=resubmit(,45)
 cookie=0x0, duration=5.065s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.065s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.064s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.063s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.064s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0x0, duration=5.064s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0x0, duration=0.026s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x3,metadata=0x1 actions=conjunction(2,2/2)

<==== conjunction not change

 cookie=0xc53873df, duration=5.064s, table=44, n_packets=12, n_bytes=1176, priority=2002,conj_id=2,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0x2bb912e6, duration=5.065s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0x7e3b6e84, duration=5.064s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)
+ ovs-vsctl set open . external_ids:ovn-enable-lflow-cache=false
+ ovn-nbctl pg-set-ports pg0 sw0-p1 sw0-p2 sw0-p3 sw0-p4
+ ovn-nbctl --wait=hv sync
+ ovs-ofctl dump-flows br-int table=44
 cookie=0x49a6562b, duration=5.119s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=0e:ff:46:6f:bf:cc actions=resubmit(,45)
 cookie=0x0, duration=5.119s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.119s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.118s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.117s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(3,1/2)
 cookie=0x0, duration=0.080s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x3,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0x0, duration=5.118s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0x0, duration=5.118s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0x0, duration=0.023s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x4,metadata=0x1 actions=conjunction(3,2/2)

<=== conjunction changed if ovn-enable-lflow-cache is false

 cookie=0xc53873df, duration=0.023s, table=44, n_packets=0, n_bytes=0, priority=2002,conj_id=3,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0x2bb912e6, duration=5.119s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0x7e3b6e84, duration=5.118s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)
+ pkill -2 ping

Comment 8 Jianlin Shi 2020-09-17 03:33:21 UTC
Verified on fdp8:

+ ip netns exec sw0-p1 ping 10.0.0.4                                                                  
+ ovs-ofctl dump-flows br-int table=44                                                                
 cookie=0xc5b26af6, duration=5.022s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=7e:54:14:b7:91:9c actions=resubmit(,45)
 cookie=0x0, duration=5.023s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.023s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.022s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.021s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.022s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0x0, duration=5.022s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0xe3d3851a, duration=5.022s, table=44, n_packets=10, n_bytes=980, priority=2002,conj_id=2,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0xf7f8782f, duration=5.023s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0x916db10a, duration=5.022s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)
+ ovn-nbctl pg-set-ports pg0 sw0-p1 sw0-p2 sw0-p3                                                     
+ ovn-nbctl --wait=hv sync                                                                            
+ ovs-ofctl dump-flows br-int table=44
 cookie=0xc5b26af6, duration=5.058s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=7e:54:14:b7:91:9c actions=resubmit(,45)
 cookie=0x0, duration=5.059s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.059s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.058s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.057s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(2,1/2)
 cookie=0x0, duration=5.058s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0x0, duration=5.058s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0x0, duration=0.021s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x3,metadata=0x1 actions=conjunction(2,2/2)
 cookie=0xe3d3851a, duration=5.058s, table=44, n_packets=10, n_bytes=980, priority=2002,conj_id=2,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0xf7f8782f, duration=5.059s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0x916db10a, duration=5.058s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)
+ ovs-vsctl set open . external_ids:ovn-enable-lflow-cache=false
+ ovn-nbctl pg-set-ports pg0 sw0-p1 sw0-p2 sw0-p3 sw0-p4                                              
+ ovn-nbctl --wait=hv sync
+ ovs-ofctl dump-flows br-int table=44                                                                
 cookie=0xc5b26af6, duration=5.112s, table=44, n_packets=0, n_bytes=0, priority=34000,metadata=0x1,dl_src=7e:54:14:b7:91:9c actions=resubmit(,45)
 cookie=0x0, duration=5.113s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.3 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.113s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.112s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(3,1/2)
 cookie=0x0, duration=5.111s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(3,1/2)
 cookie=0x0, duration=0.075s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x3,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0x0, duration=5.112s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x1,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0x0, duration=5.112s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x2,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0x0, duration=0.023s, table=44, n_packets=0, n_bytes=0, priority=2002,ip,reg15=0x4,metadata=0x1 actions=conjunction(3,2/2)
 cookie=0xe3d3851a, duration=0.023s, table=44, n_packets=0, n_bytes=0, priority=2002,conj_id=3,ip,metadata=0x1 actions=resubmit(,45)
 cookie=0xf7f8782f, duration=5.113s, table=44, n_packets=0, n_bytes=0, priority=2001,ip,metadata=0x1 actions=drop
 cookie=0x916db10a, duration=5.112s, table=44, n_packets=2, n_bytes=84, priority=0,metadata=0x1 actions=resubmit(,45)
+ pkill -2 ping                                                                                       
[root@wsfd-advnetlab16 bz1858878]# rpm -qa | grep -E "openvswitch|ovn"
kernel-kernel-networking-openvswitch-ovn-common-1.0-8.noarch
openvswitch2.11-2.11.0-3.el7fdp.x86_64
ovn2.13-host-20.06.2-11.el8fdp.x86_64
python-openvswitch2.11-2.11.0-3.el7fdp.x86_64
openvswitch-selinux-extra-policy-1.0-23.el8fdp.noarch
openvswitch2.13-2.13.0-59.el8fdp.x86_64
ovn2.13-20.06.2-11.el8fdp.x86_64
python3-openvswitch2.13-2.13.0-59.el8fdp.x86_64
ovn2.13-central-20.06.2-11.el8fdp.x86_64

Comment 10 errata-xmlrpc 2020-10-27 09:49:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4356


Note You need to log in before you can comment on or make changes to this bug.