1878451 – arp response would be sent from every chassis when send arp request to external id in nat on external network

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1878451 - arp response would be sent from every chassis when send arp request to external id in nat on external network

Summary: arp response would be sent from every chassis when send arp request to extern...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	ovn2.13
Sub Component:
Version:	FDP 20.E
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Numan Siddique
QA Contact:	Jianlin Shi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1879484
TreeView+	depends on / blocked

Reported:	2020-09-13 03:12 UTC by Jianlin Shi
Modified:	2020-10-27 09:49 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1879484 (view as bug list)
Environment:
Last Closed:	2020-10-27 09:49:14 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:4356	0	None	None	None	2020-10-27 09:49:35 UTC

Description Jianlin Shi 2020-09-13 03:12:25 UTC

Description of problem:
arp response would be sent from every chassis when send arp request to external id in nat on external network

Version-Release number of selected component (if applicable):
ovn20.06.2-4

How reproducible:
Always

Steps to Reproduce:
1. install podman-docker on rhel8
2. clone ovn-fake-multinode: git clone https://github.com/ovn-org/ovn-fake-multinode.git
3. install python3: yum install python3 -y
4. install podman registry:
mkdir /var/lib/registry -p
podman run --privileged -d --name registry -p 5000:5000  -v /var/lib/registry:/var/lib/registry --restart=always docker.io/library/registry:2
cat > /etc/containers/registries.conf << EOF                                                   
[registries.search]
registries = ['registry.access.redhat.com', 'registry.redhat.io']                                     
[registries.insecure]
registries = ['localhost:5000']
[registries.block]
registries = []
EOF
5. download openvswitch,openvswitch-selinux-extra-policy and ovn packages into ovn-fake-multinode
wget http://download-node-02.eng.bos.redhat.com/brewroot/packages/openvswitch-selinux-extra-policy/1.0/23.el8fdp/noarch/openvswitch-selinux-extra-policy-1.0-23.el8fdp.noarch.rpm
wget http://download-node-02.eng.bos.redhat.com/brewroot/packages/openvswitch2.13/2.13.0/58.el8fdp/x86_64/openvswitch2.13-2.13.0-58.el8fdp.x86_64.rpm
wget http://download-node-02.eng.bos.redhat.com/brewroot/packages/ovn2.13/20.06.2/4.el8fdp/x86_64/ovn2.13-20.06.2-4.el8fdp.x86_64.rpm
wget http://download-node-02.eng.bos.redhat.com/brewroot/packages/ovn2.13/20.06.2/4.el8fdp/x86_64/ovn2.13-central-20.06.2-4.el8fdp.x86_64.rpm
wget http://download-node-02.eng.bos.redhat.com/brewroot/packages/ovn2.13/20.06.2/4.el8fdp/x86_64/ovn2.13-host-20.06.2-4.el8fdp.x86_64.rpm 
6. build images
OS_IMAGE=registry.access.redhat.com/ubi8/ubi:8.2 ./ovn_cluster.sh build
7. install openvswitch on host and start ovs:
/usr/share/openvswitch/scripts/ovs-ctl --system-id=testovn start
8. start setup ovn chassis
./ovn_cluster.sh start
9. send arp
ip netns exec ovnfake-ext arping 172.16.0.100 -c1

Actual results:
[root@wsfd-advnetlab17 ovn-fake-multinode]# sudo ip netns exec ovnfake-ext arping 172.16.0.100 -c1    
ARPING 172.16.0.100 from 172.16.0.50 ovnfake-ext                                                      
Unicast reply from 172.16.0.100 [00:00:20:20:12:13]  1.477ms
Unicast reply from 172.16.0.100 [00:00:20:20:12:13]  1.779ms
Unicast reply from 172.16.0.100 [00:00:20:20:12:13]  1.833ms                                          
Sent 1 probes (1 broadcast(s))
Received 3 response(s)

<==== get 3 responses

Expected results:
should only get one response

Additional info:

after delete nat: 
docker exec -t ovn-central ovn-nbctl lr-nat-del lr0 snat 10.0.0.0/24 
docker exec -t ovn-central ovn-nbctl lr-nat-del lr0 snat 20.0.0.0/24
get only one response:

[root@wsfd-advnetlab17 ovn-fake-multinode]# sudo ip netns exec ovnfake-ext arping 172.16.0.100 -c1    
ARPING 172.16.0.100 from 172.16.0.50 ovnfake-ext                                                      
Unicast reply from 172.16.0.100 [00:00:20:20:12:13]  3.391ms                                          
Sent 1 probes (1 broadcast(s))                                                                        
Received 1 response(s)

[root@wsfd-advnetlab17 ~]# docker exec -t ovn-central rpm -qa | grep -E "openvswitch|ovn"             
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.                        
openvswitch-selinux-extra-policy-1.0-23.el8fdp.noarch                                                 
ovn2.13-central-20.06.2-4.el8fdp.x86_64                                                               
ovn2.13-20.06.2-4.el8fdp.x86_64                                                                       
openvswitch2.13-2.13.0-58.el8fdp.x86_64                                                               
ovn2.13-host-20.06.2-4.el8fdp.x86_64

Comment 1 Jianlin Shi 2020-09-13 03:19:23 UTC

the issue doesn't occur on 20.F 20.06.1-6:

[root@wsfd-advnetlab17 ~]# docker exec -t ovn-central rpm -qa | grep -E "openvswitch|ovn"             
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.                        
openvswitch-selinux-extra-policy-1.0-23.el8fdp.noarch                                                 
ovn2.13-central-20.06.1-6.el8fdp.x86_64                                                               
ovn2.13-20.06.1-6.el8fdp.x86_64
openvswitch2.13-2.13.0-58.el8fdp.x86_64                                                               
ovn2.13-host-20.06.1-6.el8fdp.x86_64

[root@wsfd-advnetlab17 ~]# docker exec -t ovn-central ovn-nbctl lr-nat-list lr0                       
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.                        
TYPE             EXTERNAL_IP        EXTERNAL_PORT    LOGICAL_IP            EXTERNAL_MAC         LOGICAL_PORT
dnat_and_snat    172.16.0.110                        10.0.0.3              30:54:00:00:00:03    sw0-port1
dnat_and_snat    172.16.0.120                        20.0.0.3              30:54:00:00:00:04    sw1-port1
dnat_and_snat    3000::c                             1000::3               40:54:00:00:00:03    sw0-port1
dnat_and_snat    3000::d                             2000::3               40:54:00:00:00:04    sw1-port1
snat             172.16.0.100                        10.0.0.0/24                                      
snat             172.16.0.100                        20.0.0.0/24


[root@wsfd-advnetlab17 ovn-fake-multinode]# sudo ip netns exec ovnfake-ext arping 172.16.0.100 -c1
ARPING 172.16.0.100 from 172.16.0.50 ovnfake-ext                                                      
Unicast reply from 172.16.0.100 [00:00:20:20:12:13]  1.785ms
Sent 1 probes (1 broadcast(s))                                                                        
Received 1 response(s)

Comment 5 Jianlin Shi 2020-09-16 08:44:07 UTC

Verified on ovn20.06.2-11:

[root@wsfd-advnetlab16 scenario]# ip netns exec ovnfake-ext arping 172.16.0.100 -c1
ARPING 172.16.0.100 from 172.16.0.50 ovnfake-ext
Unicast reply from 172.16.0.100 [00:00:20:20:12:13]  1.628ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
[root@wsfd-advnetlab16 scenario]# docker exec -it ovn-central rpm -qa | grep -E "openvswitch|ovn"
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
openvswitch-selinux-extra-policy-1.0-23.el8fdp.noarch
ovn2.13-central-20.06.2-11.el8fdp.x86_64
ovn2.13-20.06.2-11.el8fdp.x86_64
openvswitch2.13-2.13.0-59.el8fdp.x86_64
ovn2.13-host-20.06.2-11.el8fdp.x86_64

Comment 6 Jianlin Shi 2020-09-17 03:34:28 UTC

Verified on fdp7:

:: [ 23:31:52 ] :: [  BEGIN   ] :: Running 'docker exec -it ovn-central rpm -qa | grep -E "openvswitch|ovn"'                                                                                               
openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch                                                                                                                                                      
ovn2.13-central-20.06.2-11.el7fdp.x86_64                                                                                                                                                                   
ovn2.13-20.06.2-11.el7fdp.x86_64                                                                                                                                                                           
openvswitch2.13-2.13.0-48.el7fdp.x86_64                                                                                                                                                                    
ovn2.13-host-20.06.2-11.el7fdp.x86_64

:: [ 23:31:53 ] :: [  BEGIN   ] :: Running 'ip netns exec ovnfake-ext arping 172.16.0.100 -c1 | tee arping.log'                                                                                            
ARPING 172.16.0.100 from 172.16.0.50 ovnfake-ext                                                                                                                                                           
Unicast reply from 172.16.0.100 [00:00:20:20:12:13]  1.781ms                                                                                                                                               
Sent 1 probes (1 broadcast(s))                                                                                                                                                                             
Received 1 response(s)

Comment 8 errata-xmlrpc 2020-10-27 09:49:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4356

Note You need to log in before you can comment on or make changes to this bug.