1916842 – --may-exist does not work correctly on lr-route-add

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1916842 - --may-exist does not work correctly on lr-route-add

Summary: --may-exist does not work correctly on lr-route-add

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	OVN
Sub Component:
Version:	RHEL 8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	lorenzo bianconi
QA Contact:	Jianlin Shi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-01-15 16:33 UTC by Tim Rozet
Modified:	2021-03-15 14:35 UTC (History)
CC List:	5 users (show)
Fixed In Version:	ovn2.13-20.12.0-18.el8fdn
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-03-15 14:34:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2021:0839	0	None	None	None	2021-03-15 14:34:59 UTC

Description Tim Rozet 2021-01-15 16:33:05 UTC

Description of problem:
When adding duplicate routes with --may-exist option, the routes should not be added if they already exist. However, this is not the case:

[root@ovn-control-plane ~]# ovn-nbctl lr-route-list GR_ovn-worker
IPv4 Routes
               10.244.0.5              172.18.0.199 src-ip
               10.244.0.5               172.18.0.99 src-ip
               10.244.0.7              172.18.0.199 src-ip
               10.244.0.7               172.18.0.99 src-ip
            10.244.0.0/16                100.64.0.1 dst-ip
                0.0.0.0/0                172.18.0.1 dst-ip rtoe-GR_ovn-worker


[root@ovn-control-plane ~]# ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add GR_ovn-worker 10.244.0.7/32 172.18.0.4
[root@ovn-control-plane ~]# ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add GR_ovn-worker 10.244.0.7/32 172.18.0.4
[root@ovn-control-plane ~]# ovn-nbctl lr-route-list GR_ovn-worker
IPv4 Routes
               10.244.0.5              172.18.0.199 src-ip
               10.244.0.5               172.18.0.99 src-ip
               10.244.0.7              172.18.0.199 src-ip
               10.244.0.7                172.18.0.4 src-ip
               10.244.0.7                172.18.0.4 src-ip
               10.244.0.7               172.18.0.99 src-ip
            10.244.0.0/16                100.64.0.1 dst-ip
                0.0.0.0/0                172.18.0.1 dst-ip rtoe-GR_ovn-worker
[root@ovn-control-plane ~]# 
[root@ovn-control-plane ~]# ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add GR_ovn-worker 10.244.0.7/32 172.18.0.4
[root@ovn-control-plane ~]# ovn-nbctl lr-route-list GR_ovn-worker
IPv4 Routes
               10.244.0.5              172.18.0.199 src-ip
               10.244.0.5               172.18.0.99 src-ip
               10.244.0.7              172.18.0.199 src-ip
               10.244.0.7                172.18.0.4 src-ip
               10.244.0.7                172.18.0.4 src-ip
               10.244.0.7                172.18.0.4 src-ip
               10.244.0.7               172.18.0.99 src-ip
            10.244.0.0/16                100.64.0.1 dst-ip
                0.0.0.0/0                172.18.0.1 dst-ip rtoe-GR_ovn-worker

Seen on:
[root@ovn-control-plane ~]#  rpm -qa | grep ovn
ovn-central-20.09.0-2.fc32.x86_64
ovn-20.09.0-2.fc32.x86_64
ovn-host-20.09.0-2.fc32.x86_64

Comment 1 Jianlin Shi 2021-02-20 01:59:22 UTC

tested with following script:

systemctl start openvswitch                          
systemctl start ovn-northd     
ovn-nbctl set-connection ptcp:6641                                         
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.175.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.175.25
systemctl restart ovn-controller                                         

ovn-nbctl ls-add ls1                         
ovn-nbctl lsp-add ls1 ls1p1                                         
ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:02 192.168.1.1 2001::1"
ovn-nbctl lr-add lr1                         
ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/24 2001::a/64
ovn-nbctl lsp-add ls1 ls1-lr1                                
ovn-nbctl lsp-set-addresses ls1-lr1 "00:00:00:00:00:01 192.168.1.254 2001::a"
ovn-nbctl lsp-set-type ls1-lr1 router                                    
ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1                 


ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4

ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1 10.1.0.7/32 172.18.0.4
ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1 10.1.0.7/32 172.18.0.4

ovn-nbctl lr-route-list lr1

result on 20.12.0-17:

[root@wsfd-advnetlab21 bz1916842]# rpm -qa | grep -E "openvswitch2.13|ovn2.13"
openvswitch2.13-2.13.0-82.el7fdp.x86_64
ovn2.13-20.12.0-17.el7fdp.x86_64
ovn2.13-host-20.12.0-17.el7fdp.x86_64
ovn2.13-central-20.12.0-17.el7fdp.x86_64

+ ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
+ ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
+ ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1 10.1.0.7/32 172.18.0.4
+ ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1 10.1.0.7/32 172.18.0.4
+ ovn-nbctl lr-route-list lr1
IPv4 Routes
                 10.1.0.7                172.18.0.4 src-ip
               10.244.0.7                172.18.0.4 src-ip ecmp ecmp-symmetric-reply
               10.244.0.7                172.18.0.4 src-ip ecmp ecmp-symmetric-reply

<=== duplicated route for ecmp

result on 20.12.0-20:

+ ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
+ ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
ovn-nbctl: duplicate nexthop for the same ECMP route

<=== error is reported

+ ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1 10.1.0.7/32 172.18.0.4
+ ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1 10.1.0.7/32 172.18.0.4
+ ovn-nbctl lr-route-list lr1
IPv4 Routes
                 10.1.0.7                172.18.0.4 src-ip
               10.244.0.7                172.18.0.4 src-ip ecmp-symmetric-reply
<=== no duplicated

lorenzo, error should not be reported if add duplicated route with --may-exist, right? how do you think?

Comment 5 lorenzo bianconi 2021-03-07 15:22:49 UTC

(In reply to Jianlin Shi from comment #1)
> tested with following script:
> 
> systemctl start openvswitch                          
> systemctl start ovn-northd     
> ovn-nbctl set-connection ptcp:6641                                         
> ovn-sbctl set-connection ptcp:6642
> ovs-vsctl set open . external_ids:system-id=hv1
> external_ids:ovn-remote=tcp:1.1.175.25:6642
> external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.175.25
> systemctl restart ovn-controller                                         
> 
> ovn-nbctl ls-add ls1                         
> ovn-nbctl lsp-add ls1 ls1p1                                         
> ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:02 192.168.1.1 2001::1"
> ovn-nbctl lr-add lr1                         
> ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/24 2001::a/64
> ovn-nbctl lsp-add ls1 ls1-lr1                                
> ovn-nbctl lsp-set-addresses ls1-lr1 "00:00:00:00:00:01 192.168.1.254 2001::a"
> ovn-nbctl lsp-set-type ls1-lr1 router                                    
> ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1                 
> 
> 
> ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply
> lr-route-add lr1 10.244.0.7/32 172.18.0.4
> ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip --ecmp-symmetric-reply
> lr-route-add lr1 10.244.0.7/32 172.18.0.4
> 
> ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1
> 10.1.0.7/32 172.18.0.4
> ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1
> 10.1.0.7/32 172.18.0.4
> 
> ovn-nbctl lr-route-list lr1
> 
> result on 20.12.0-17:
> 
> [root@wsfd-advnetlab21 bz1916842]# rpm -qa | grep -E
> "openvswitch2.13|ovn2.13"
> openvswitch2.13-2.13.0-82.el7fdp.x86_64
> ovn2.13-20.12.0-17.el7fdp.x86_64
> ovn2.13-host-20.12.0-17.el7fdp.x86_64
> ovn2.13-central-20.12.0-17.el7fdp.x86_64
> 
> + ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip
> --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
> + ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip
> --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
> + ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1
> 10.1.0.7/32 172.18.0.4
> + ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1
> 10.1.0.7/32 172.18.0.4
> + ovn-nbctl lr-route-list lr1
> IPv4 Routes
>                  10.1.0.7                172.18.0.4 src-ip
>                10.244.0.7                172.18.0.4 src-ip ecmp
> ecmp-symmetric-reply
>                10.244.0.7                172.18.0.4 src-ip ecmp
> ecmp-symmetric-reply
> 
> <=== duplicated route for ecmp
> 
> result on 20.12.0-20:
> 
> + ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip
> --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
> + ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip
> --ecmp-symmetric-reply lr-route-add lr1 10.244.0.7/32 172.18.0.4
> ovn-nbctl: duplicate nexthop for the same ECMP route
> 
> <=== error is reported
> 
> + ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1
> 10.1.0.7/32 172.18.0.4
> + ovn-nbctl --timeout=15 -- --may-exist --policy=src-ip lr-route-add lr1
> 10.1.0.7/32 172.18.0.4
> + ovn-nbctl lr-route-list lr1
> IPv4 Routes
>                  10.1.0.7                172.18.0.4 src-ip
>                10.244.0.7                172.18.0.4 src-ip
> ecmp-symmetric-reply
> <=== no duplicated
> 
> lorenzo, error should not be reported if add duplicated route with
> --may-exist, right? how do you think?

For ecmp routes (routes defined using --ecmp or --ecmp-symmetric-reply) an error is always reported for identical routes (routes defined using the same prefix, policy and next-hop) even if --may-exist is provided. For non-ecmp routes the check is performed just on prefix and policy so --may-exist allows to update the next-hop.

Comment 6 Jianlin Shi 2021-03-08 02:44:54 UTC

set VERIFIED per comment 5

Comment 8 errata-xmlrpc 2021-03-15 14:34:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0839

Note You need to log in before you can comment on or make changes to this bug.