Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1899745

Summary: Further NM OVS cloned-mac-address problems
Product: Red Hat Enterprise Linux 8 Reporter: Dan Winship <danw>
Component: NetworkManagerAssignee: NetworkManager Development Team <nm-team>
Status: CLOSED DUPLICATE QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.2CC: acardace, atragler, bgalvani, danken, dcritch, fge, jmaxwell, lrintel, phoracek, ralavi, rkhan, sukulkar, till, trozet
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-06 06:59:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1899057    

Description Dan Winship 2020-11-19 21:47:11 UTC 
Bug 1852106 fixed MAC address cloning + DHCP on OVS bridge interfaces, but in a way that ends up causing spurious errors in the OVS logs:

  2020-11-17T12:20:50.895Z|00033|bridge|ERR|interface br-ex: ignoring mac in Interface record (use Bridge record to set local port's mac)

OVS wants us to set the MAC on the Bridge record, but NOT on the Interface record for the local port; NM is now setting it on both.

To reproduce:

  $ nmcli c add type ovs-bridge conn.interface br-ex con-name br-ex 802-3-ethernet.cloned-mac-address 12:34:56:78:9a:bc
  $ nmcli c add type ovs-port conn.interface enp0s31f6 master br-ex con-name ovs-port-phys0
  $ nmcli c add type ovs-port conn.interface br-ex master br-ex con-name ovs-port-br-ex
  $ nmcli c add type 802-3-ethernet conn.interface enp0s31f6 master ovs-port-phys0 con-name ovs-if-phys0
  $ nmcli c up ovs-if-phys0
  $ nmcli c add type ovs-interface slave-type ovs-port conn.interface br-ex master ovs-port-br-ex con-name ovs-if-br-ex 802-3-ethernet.cloned-mac-address 12:34:56:78:9a:bc

If you remove the "802-3-ethernet.cloned-mac-address 12:34:56:78:9a:bc" from the last line you won't get the errors in the OVS logs but apparently you no longer get the right MAC address in DHCP requests either.


(The bug is just that we get spurious errors, but those errors have already caused a bunch of confusion, where something is not working and then as soon as people see those error messages they assume that's what's wrong and stop investigating further.)
Comment 1 Tim Rozet 2020-11-20 14:05:56 UTC 
Beniamino, we discussed this in the past when you were helping me with the NetworkManager-OVS bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1853750#c3

Any ideas on fixing this in NM to use the bridge cloned mac?
Comment 2 Beniamino Galvani 2020-11-20 21:21:03 UTC 
Hi, which (In reply to Dan Winship from comment #0)
> Bug 1852106 fixed MAC address cloning + DHCP on OVS bridge interfaces, but
> in a way that ends up causing spurious errors in the OVS logs:
> 
>   2020-11-17T12:20:50.895Z|00033|bridge|ERR|interface br-ex: ignoring mac in
> Interface record (use Bridge record to set local port's mac)
> 
> OVS wants us to set the MAC on the Bridge record, but NOT on the Interface
> record for the local port; NM is now setting it on both.

Usually, if you set the cloned-mac-address in a OVS bridge or
interface connection, NM sets an hwaddr value in the matching ovsdb
table (Bridge or Interface).

However, if an OVS interface is local (i.e. it has the same name as
the bridge) OVS considers it special and wants the address configured
on the Bridge table, otherwise it complains with the errors you see in
logs.

Therefore, NM treats the cloned-mac-address specially for local
interfaces. When the property is set only on the interface or only on
the bridge, NM sets the mac in the Bridge table. If it's set in both
connections, NM sets each MAC in the matching table (Bridge and
Interface).

>   $ nmcli c add type ovs-bridge conn.interface br-ex con-name br-ex
> 802-3-ethernet.cloned-mac-address 12:34:56:78:9a:bc
>   $ nmcli c add type ovs-port conn.interface enp0s31f6 master br-ex con-name
> ovs-port-phys0
>   $ nmcli c add type ovs-port conn.interface br-ex master br-ex con-name
> ovs-port-br-ex
>   $ nmcli c add type 802-3-ethernet conn.interface enp0s31f6 master
> ovs-port-phys0 con-name ovs-if-phys0
>   $ nmcli c up ovs-if-phys0
>   $ nmcli c add type ovs-interface slave-type ovs-port conn.interface br-ex
> master ovs-port-br-ex con-name ovs-if-br-ex
> 802-3-ethernet.cloned-mac-address 12:34:56:78:9a:bc

Here NM sets the bridge MAC in the Bridge table and the interface MAC
in the Interface table, leading to errors in OVS logs.

But NM could be smarter and notice that the MAC addresses in the two
connections are the same, and could deduce that the user just wants to
set that address in the Bridge table. I will post a patch for that.

If the two addresses are different, it's not clear what the user wants
and probably it's fine to keep the current behavior.

> If you remove the "802-3-ethernet.cloned-mac-address 12:34:56:78:9a:bc" from
> the last line you won't get the errors in the OVS logs but apparently you no
> longer get the right MAC address in DHCP requests either.

Yes, that's because of the race condition of bug 1852106. Even if NM
tells OVS to create the interface with a given hardware address, OVS
first creates the kernel link and only later updates its address. The
fix for 1852106 was to also change the MAC of the interface via
netlink before starting IP configuration. However this works only when
the cloned address is set on the ovs-interface connection.

> (The bug is just that we get spurious errors, but those errors have already
> caused a bunch of confusion, where something is not working and then as soon
> as people see those error messages they assume that's what's wrong and stop
> investigating further.)

Did you try setting the cloned-mac-address only on the OVS interface?
That should avoid the error in logs and also the race condition,
assuming that you have NM >= 1.22.8-6.
Comment 3 Gris Ge 2021-03-03 05:25:28 UTC 
Hi Dan,

Any feedback base on the comment of Beniamino above?

Thank you!
Comment 4 Dan Winship 2021-03-03 12:44:49 UTC 
I'm not looking at this issue currently and I forget what Tim and I had decided about where the problem was.

(Tim, if you don't think this bz is useful any more feel free to close it.)
Comment 5 Tim Rozet 2021-03-03 14:28:06 UTC 
I'll try it out on OCP and see what I find.
Comment 8 Tim Rozet 2021-03-29 17:32:42 UTC 
I was able to test this out on a libvirt deployment. I tried:

while ./configure-ovs.sh OpenShiftSDN && sleep 5 && ./configure-ovs.sh OVNKubernetes && ip a show br-ex | grep 192.168.126.11 && ovs-vsctl list bridge br-ex |grep hwaddr=\"52:54:00:7E:3B:1F\"; do echo "good"; done

Ran that tons of times, never had a failure.

I then tried on reboot a handful of times, since that is where I have seen this race condition in the past. Seemed fine. I think we can go ahead and remove the cloned mac on the bridge, in at least 4.8, and probably close this bug as fixed.

The version of NM I was testing with was:
[root@test1-rgxt8-master-0 ~]# rpm -qa | grep Network
NetworkManager-ovs-1.26.0-13.1.rhaos4.7.el8.x86_64
NetworkManager-1.26.0-13.1.rhaos4.7.el8.x86_64
NetworkManager-cloud-setup-1.26.0-13.1.rhaos4.7.el8.x86_64
NetworkManager-team-1.26.0-13.1.rhaos4.7.el8.x86_64
NetworkManager-libnm-1.26.0-13.1.rhaos4.7.el8.x86_64
NetworkManager-tui-1.26.0-13.1.rhaos4.7.el8.x86_64
Comment 9 Petr Horáček 2021-03-30 17:14:10 UTC 
That helps a lot. Thank you.
Comment 12 David Critch 2021-04-21 19:53:12 UTC 
Thanks Tim.

The customer is using OpenShiftSDN, not OVNKubernetes, so I filed it against NetworkManager for now: https://bugzilla.redhat.com/show_bug.cgi?id=1952229
Comment 13 Gris Ge 2021-04-29 11:45:05 UTC 
Hi David,

Above bug comment shows issue been fixed. Any other issue should this bug be tracking?

Thank you!
Comment 14 David Critch 2021-05-04 13:38:28 UTC 
Hi Gris,

Not that I know of.
Comment 16 Gris Ge 2021-05-06 06:59:38 UTC 

*** This bug has been marked as a duplicate of bug 1952229 ***