Description of problem: Similar to the recently additional reject per LB behavior it would be nice to be able to specify lb_force_snat on a per LB basis. The reason is in ovn-kubernetes sometimes when traffic is coming into our GR to a load balancer we may not want to SNAT the packet (when kubernetes externalTrafficPolicy is local). It would be even better to do this on a per VIP basis, but I doubt that is possible.
Another approach which may be more acceptable is to keep lb_force_snat_ip as a per GR config and then be able to configure an option on the LB to say "disable_snat: true". That will allow us to indicate which LBs we dont want to SNAT on.
tested with following script: #!/bin/bash # Logical network: # Three LRs - R1, R2 and R3 that are connected to each other via LS "join" # in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and # bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected # to it. R3 has bob (172.16.1.0/24) connected to it. Note how both alice and # bob have the same subnet behind it. # foo -- R1 -- join - R2 -- alice # | | # bar ---- - R3 --- bob # systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.175.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.175.25 systemctl restart ovn-controller ovs-vsctl add-br br-nat ovs-vsctl set open . external_ids:ovn-bridge-mappings=nattest:br-nat ip link set br-nat up ovn-nbctl lr-add R1 ovn-nbctl lr-add R2 ovn-nbctl lr-add R3 ovn-nbctl set logical_router R2 options:chassis=hv1 ovn-nbctl set logical_router R3 options:chassis=hv1 ovn-nbctl ls-add foo ovn-nbctl ls-add bar ovn-nbctl ls-add alice ovn-nbctl ls-add bob ovn-nbctl ls-add join ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24 2001::1/64 ovn-nbctl lsp-add foo rp-foo -- set logical_switch_port rp-foo \ type=router options:router-port=foo addresses=\"00:00:01:01:02:03\" ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24 2002::1/64 ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \ type=router options:router-port=bar addresses=\"00:00:01:01:02:04\" ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24 3001::1/64 ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \ type=router options:router-port=alice addresses=\"00:00:02:01:02:03\" ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 172.16.1.2/24 3001::2/64 ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \ type=router options:router-port=bob addresses=\"00:00:03:01:02:03\" ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24 4000::1/64 ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \ type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"' ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24 4000::2/64 ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \ type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"' ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24 4000::3/64 ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \ type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"' ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.1.0/24 20.0.0.2 ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.2.0/24 20.0.0.3 ovn-nbctl --policy="src-ip" lr-route-add R1 2001::/64 4000::2 ovn-nbctl --policy="src-ip" lr-route-add R1 2002::/64 4000::3 ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1 ovn-nbctl lr-route-add R3 192.168.0.0/16 20.0.0.1 ovn-nbctl lr-route-add R2 2001::/64 4000::1 ovn-nbctl lr-route-add R2 2002::/64 4000::1 ovn-nbctl lr-route-add R3 2001::/64 4000::1 ovn-nbctl lr-route-add R3 2002::/64 4000::1 # add load balancer ovn-nbctl lb-add lb0 30.0.0.1 192.168.1.2,192.168.2.2 ovn-nbctl lb-add lb0 6010::1 2001::2,2002::2 uuid=`ovn-nbctl lb-list | grep lb0 | awk '{print $1}'` ovn-nbctl set logical_router R2 load_balancer=$uuid ovn-nbctl set logical_router R3 load_balancer=$uuid ovn-nbctl show ip netns add foo1 ovs-vsctl add-port br-int foo1 -- set interface foo1 type=internal ip link set foo1 netns foo1 ip netns exec foo1 ip link set foo1 address f0:00:00:01:02:03 ip netns exec foo1 ip link set foo1 up ip netns exec foo1 ip addr add 192.168.1.2/24 dev foo1 ip netns exec foo1 ip -6 addr add 2001::2/64 dev foo1 ip netns exec foo1 ip route add default via 192.168.1.1 dev foo1 ip netns exec foo1 ip -6 route add default via 2001::1 dev foo1 ovs-vsctl set interface foo1 external_ids:iface-id=foo1 ovn-nbctl lsp-add foo foo1 -- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2 2001::2" ip netns add alice1 ovs-vsctl add-port br-int alice1 -- set interface alice1 type=internal ip link set alice1 netns alice1 ip netns exec alice1 ip link set alice1 address f0:00:00:01:02:04 ip netns exec alice1 ip link set alice1 up ip netns exec alice1 ip addr add 172.16.1.3/24 dev alice1 ip netns exec alice1 ip -6 addr add 3001::3/64 dev alice1 ip netns exec alice1 ip route add default via 172.16.1.1 dev alice1 ip netns exec alice1 ip -6 route add default via 3001::1 dev alice1 ovs-vsctl set interface alice1 external_ids:iface-id=alice1 ovn-nbctl lsp-add alice alice1 -- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.3 3001::3" ip netns add bob1 ip link add bob1 netns bob1 type veth peer name bob1_br ip netns exec bob1 ip link set bob1 address f0:00:00:01:02:06 ip netns exec bob1 ip link set bob1 up ip netns exec bob1 ip addr add 172.16.1.4/24 dev bob1 ip netns exec bob1 ip -6 addr add 3001::4/64 dev bob1 ip netns exec bob1 ip route add default via 172.16.1.2 dev bob1 ip netns exec bob1 ip -6 route add default via 3001::2 dev bob1 ip link set bob1_br up ovs-vsctl add-port br-int bob1_br ovs-vsctl set interface bob1_br external_ids:iface-id=bob1 ovn-nbctl lsp-add bob bob1 -- lsp-set-addresses bob1 "f0:00:00:01:02:06 172.16.1.4 3001::4" ovn-nbctl set logical_router R2 options:lb_force_snat_ip="20.0.0.2 4000::2" ovn-nbctl set logical_router R3 options:lb_force_snat_ip="20.0.0.3 4000::3" # add load balancer ovn-nbctl lb-add lb1 30.0.0.2 192.168.1.2 ovn-nbctl lb-add lb1 30.0.0.3 192.168.2.2 ovn-nbctl lb-add lb1 6010::2 2001::2 ovn-nbctl lb-add lb1 6010::3 2002::2 ovn-nbctl lr-lb-add R2 lb1 ovn-nbctl lr-lb-add R3 lb1 sleep 2 ip netns exec alice1 ping 30.0.0.1 -c 1 ip netns exec bob1 ping 30.0.0.1 -c 1 ip netns exec alice1 ping6 6010::1 -c 1 ip netns exec bob1 ping6 6010::1 -c 1 ip netns exec alice1 ping 30.0.0.2 -c 1 ip netns exec bob1 ping 30.0.0.3 -c 1 ip netns exec alice1 ping6 6010::2 -c 1 ip netns exec bob1 ping6 6010::3 -c 1 ip netns exec foo1 tcpdump -U -i foo1 -nnle -v &> foo1.log & tcpdump_pid=$! sleep 1 ip netns exec alice1 ping 30.0.0.2 -c 1 ip netns exec alice1 ping6 6010::2 -c 1 ovn-nbctl set load_balancer lb1 options:skip_snat=true ip netns exec alice1 ping 30.0.0.2 -c 1 ip netns exec alice1 ping6 6010::2 -c 1 sleep 2 kill $tcpdump_pid cat foo1.log result on ovn-2021-host-21.03.0-21.el8fdp.x86_64: [root@wsfd-advnetlab21 bz1927540]# rpm -qa | grep -E "openvswitch2.15|ovn" ovn-2021-host-21.03.0-21.el8fdp.x86_64 openvswitch2.15-2.15.0-15.el8fdp.x86_64 ovn-2021-central-21.03.0-21.el8fdp.x86_64 ovn-2021-21.03.0-21.el8fdp.x86_64 + ip netns exec alice1 ping 30.0.0.2 -c 1 PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=0.121 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.121/0.121/0.121/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.75 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.752/1.752/1.752/0.000 ms + ovn-nbctl set load_balancer lb1 options:skip_snat=true + ip netns exec alice1 ping 30.0.0.2 -c 1 PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=0.131 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.131/0.131/0.131/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.92 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.924/1.924/1.924/0.000 ms + sleep 2 + kill 29629 + cat foo1.log dropped privs to tcpdump tcpdump: listening on foo1, link-type EN10MB (Ethernet), capture size 262144 bytes 21:52:21.224441 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 6217, offset 0, flags [DF], proto ICMP (1), length 84) 20.0.0.2 > 192.168.1.2: ICMP echo request, id 29631, seq 1, length 64 21:52:21.224459 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 15379, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 20.0.0.2: ICMP echo reply, id 29631, seq 1, length 64 21:52:21.254644 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xc2419, hlim 62, next-header ICMPv6 (58) payload length: 64) 4000::2 > 2001::2: [icmp6 sum ok] ICMP6, echo request, seq 1 21:52:21.254683 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xedce6, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 4000::2: [icmp6 sum ok] ICMP6, echo reply, seq 1 <== snated before set skip_snat 21:52:21.297739 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 6243, offset 0, flags [DF], proto ICMP (1), length 84) 20.0.0.2 > 192.168.1.2: ICMP echo request, id 29634, seq 1, length 64 21:52:21.297760 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 15439, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 20.0.0.2: ICMP echo reply, id 29634, seq 1, length 64 21:52:21.323561 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xc2419, hlim 62, next-header ICMPv6 (58) payload length: 64) 3001::3 > 2001::2: [icmp6 sum ok] ICMP6, echo request, seq 1 21:52:21.323597 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xe1bc7, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 3001::3: [icmp6 sum ok] ICMP6, echo reply, seq 1 <=== not snated after set skip_snat=true 21:52:23.141960 f0:00:00:01:02:03 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f200:ff:fe01:203 > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): f0:00:00:01:02:03 9 packets captured 9 packets received by filter 0 packets dropped by kernel
set hairpin_snat_ip and skip_snat at the same time, and hairpin_snat_ip is not affected: systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:20.0.175.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=20.0.175.25 systemctl restart ovn-controller ip netns add server0 ip link add veth0_s0 netns server0 type veth peer name veth0_s0_p ip netns exec server0 ip link set lo up ip netns exec server0 ip link set veth0_s0 up ip netns exec server0 ip link set veth0_s0 address 00:00:00:01:01:02 ip netns exec server0 ip addr add 192.168.1.1/24 dev veth0_s0 ip netns exec server0 ip -6 addr add 2001::1/64 dev veth0_s0 ip netns exec server0 ip route add default via 192.168.1.254 dev veth0_s0 ip netns exec server0 ip -6 route add default via 2001::a dev veth0_s0 ovs-vsctl add-port br-int veth0_s0_p ip link set veth0_s0_p up ovs-vsctl set interface veth0_s0_p external_ids:iface-id=ls1p1 ip netns exec server0 nc -l -k 1100 & ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1p1 ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:02 192.168.1.1 2001::1" ovn-nbctl lr-add lr1 ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/24 2001::a/64 ovn-nbctl lsp-add ls1 ls1-lr1 ovn-nbctl lsp-set-addresses ls1-lr1 "00:00:00:00:00:01 192.168.1.254 2001::a" ovn-nbctl lsp-set-type ls1-lr1 router ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1 ovn-nbctl lb-add lb0-tcp4 8.8.8.8:1234 192.168.1.1:1100 tcp ovn-nbctl ls-lb-add ls1 lb0-tcp4 ovn-nbctl set load_balancer lb0-tcp4 options:hairpin_snat_ip="8.8.8.7" ovn-nbctl set load_balancer lb0-tcp4 options:skip_snat=true ovn-nbctl lb-add lb0-tcp6 [8888::1]:1234 [2001::1]:1100 tcp ovn-nbctl ls-lb-add ls1 lb0-tcp6 ovn-nbctl set load_balancer lb0-tcp6 options:hairpin_snat_ip="8888::7" ovs-ofctl dump-flows br-int table=69 sleep 2 ip netns exec server0 tcpdump -i any -w server0.pcap & ip netns exec server0 nc 8.8.8.8 1234 <<< h ip netns exec server0 nc 8888::1 1234 <<< h ovs-ofctl dump-flows br-int table=69 sleep 2 pkill tcpdump + ip netns exec server0 nc 8.8.8.8 1234 + ip netns exec server0 tcpdump -i any -w server0.pcap h 22:16:41.279560 Out 00:00:00:01:01:02 ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 7182, offset 0, flags [DF], proto TCP (6), length 60) 192.168.1.1.51364 > 8.8.8.8.1234: Flags [S], cksum 0xd1e7 (incorrect -> 0x02b0), seq 1624203772, win 29200, options [mss 1460,sackOK,TS val 114649711 ecr 0,nop,wscale 7], length 0 22:16:41.280703 In 00:00:00:00:00:01 ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 7182, offset 0, flags [DF], proto TCP (6), length 60) 8.8.8.7.51364 > 192.168.1.1.1100: Flags [S], cksum 0x0337 (correct), seq 1624203772, win 29200, options [mss 1460,sackOK,TS val 114649711 ecr 0,nop,wscale 7], length 0 <=== still snated
so skip_snat would only affect lb_force_snat_ip shown in comment 6. and won't affect hairpin_snat_ip shown in comment 7. Is it right?
Verified on ovn2.13-20.12.0-104.el8fdp.x86_64: [root@wsfd-advnetlab21 bz1927540]# rpm -qa | grep ovn2.13 ovn2.13-20.12.0-104.el8fdp.x86_64 ovn2.13-host-20.12.0-104.el8fdp.x86_64 ovn2.13-central-20.12.0-104.el8fdp.x86_64 + ip netns exec alice1 ping 30.0.0.2 -c 1 [2/1912] PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=0.143 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.143/0.143/0.143/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.88 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.879/1.879/1.879/0.000 ms + ovn-nbctl --wait=hv set load_balancer lb1 options:skip_snat=true + ip netns exec alice1 ping 30.0.0.2 -c 1 PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=1.59 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.589/1.589/1.589/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.87 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.868/1.868/1.868/0.000 ms + sleep 2 + kill 35154 + cat foo1.log dropped privs to tcpdump tcpdump: listening on foo1, link-type EN10MB (Ethernet), capture size 262144 bytes 23:08:18.612799 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 31808, offset 0, flags [DF], proto ICMP (1), length 84) 20.0.0.2 > 192.168.1.2: ICMP echo request, id 35159, seq 1, length 64 23:08:18.612823 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 62390, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 20.0.0.2: ICMP echo reply, id 35159, seq 1, length 64 23:08:18.639877 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xc2419, hlim 62, next-header ICMPv6 (58) payload length: 64) 4000::2 > 2001::2: [icmp6 sum ok] ICMP6 , echo request, seq 1 23:08:18.639918 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xedce6, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 4000::2: [icmp6 sum ok] ICMP6 , echo reply, seq 1 23:08:18.703513 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 31855, offset 0, flags [DF], proto ICMP (1), length 84) 172.16.1.3 > 192.168.1.2: ICMP echo request, id 35162, seq 1, length 64 23:08:18.703553 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 40051, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 172.16.1.3: ICMP echo reply, id 35162, seq 1, length 64 23:08:18.729705 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xc2419, hlim 62, next-header ICMPv6 (58) payload length: 64) 3001::3 > 2001::2: [icmp6 sum ok] ICMP6 , echo request, seq 1 23:08:18.729745 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (flowlabel 0xe1bc7, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 3001::3: [icmp6 sum ok] ICMP6 , echo reply, seq 1 <=== not snated after skip_snat=true 23:08:19.941701 f0:00:00:01:02:03 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f200:ff:fe01:203 > ff02::2: [icmp6 sum ok] ICMP6, ro uter solicitation, length 16 source link-address option (1), length 8 (1): f0:00:00:01:02:03 9 packets captured 9 packets received by filter 0 packets dropped by kernel
Verified on ovn2.13-host-20.12.0-104.el7fdp.x86_64: [root@wsfd-advnetlab16 bz1927540]# rpm -qa | grep -E "openvswitch2.13|ovn2.13" ovn2.13-host-20.12.0-104.el7fdp.x86_64 openvswitch2.13-2.13.0-90.el7fdp.x86_64 ovn2.13-central-20.12.0-104.el7fdp.x86_64 ovn2.13-20.12.0-104.el7fdp.x86_64 + ip netns exec alice1 ping 30.0.0.2 -c 1 [0/1835] PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=0.140 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.140/0.140/0.140/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.69 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.690/1.690/1.690/0.000 ms + ovn-nbctl --wait=hv set load_balancer lb1 options:skip_snat=true + ip netns exec alice1 ping 30.0.0.2 -c 1 PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_seq=1 ttl=62 time=1.43 ms --- 30.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.436/1.436/1.436/0.000 ms + ip netns exec alice1 ping6 6010::2 -c 1 PING 6010::2(6010::2) 56 data bytes 64 bytes from 6010::2: icmp_seq=1 ttl=62 time=1.57 ms --- 6010::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.570/1.570/1.570/0.000 ms + sleep 2 + kill 25423 + cat foo1.log tcpdump: listening on foo1, link-type EN10MB (Ethernet), capture size 262144 bytes 23:15:12.990167 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 63042, offset 0, flags [DF], proto ICMP (1), length 84) 20.0.0.2 > 192.168.1.2: ICMP echo request, id 25427, seq 1, length 64 23:15:12.990201 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 40197, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 20.0.0.2: ICMP echo reply, id 25427, seq 1, length 64 23:15:13.019953 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (hlim 62, next-header ICMPv6 (58) payload length: 64) 4000::2 > 2001::2: [icmp6 sum ok] ICMP6, echo request, seq 1 23:15:13.020007 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 4000::2: [icmp6 sum ok] ICMP6, echo reply, seq 1 23:15:13.084375 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 63052, offset 0, flags [DF], proto ICMP (1), length 84) 172.16.1.3 > 192.168.1.2: ICMP echo request, id 25434, seq 1, length 64 23:15:13.084413 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 29325, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.2 > 172.16.1.3: ICMP echo reply, id 25434, seq 1, length 64 23:15:13.117808 00:00:01:01:02:03 > f0:00:00:01:02:03, ethertype IPv6 (0x86dd), length 118: (hlim 62, next-header ICMPv6 (58) payload length: 64) 3001::3 > 2001::2: [icmp6 sum ok] ICMP6, echo request, seq 1 23:15:13.117858 f0:00:00:01:02:03 > 00:00:01:01:02:03, ethertype IPv6 (0x86dd), length 118: (hlim 64, next-header ICMPv6 (58) payload length: 64) 2001::2 > 3001::3: [icmp6 sum ok] ICMP6, echo reply, seq 1 <=== not snated after skip_snat=true 23:15:14.090046 f0:00:00:01:02:03 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f200:ff:fe01:203 > ff02::2: [icmp6 sum ok] ICMP6, ro uter solicitation, length 16 source link-address option (1), length 8 (1): f0:00:00:01:02:03 9 packets captured 9 packets received by filter 0 packets dropped by kernel
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2080