Patch v11 was finally ACKed, and I have merged it into upstream master. I am going to work on creating a backport for ovn2.13 and when that is complete, I will update the state of this issue to "MODIFIED"
I have successfully backported this patch series to ovn2.13. I am setting the status to MODIFIED and I have set the fixed-in version. This fix will be present in FDP 21.G.
This is fantastic news! Our hotfixes from March are possible just starting to show some cracks in the seams - any chance a brew-web rpm build will be available for testing in our engineering/test clusters?
with Mark's help, get following reproducer: systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.170.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.170.25 systemctl restart ovn-controller ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 vm1 -- lsp-set-addresses vm1 "00:00:00:00:01:05 192.168.100.5" ovn-nbctl ls-add ls2 ovn-nbctl lsp-add ls2 vm2 -- lsp-set-addresses vm2 "00:00:00:00:02:05 192.168.200.5" ovn-nbctl ls-add ls-pub ovn-nbctl lr-add lr1 ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:01:01 192.168.100.1/24 ovn-nbctl lsp-add ls1 ls1-lr1 \ -- lsp-set-type ls1-lr1 router \ -- lsp-set-addresses ls1-lr1 router \ -- lsp-set-options ls1-lr1 router-port=lr1-ls1 ovn-nbctl lr-add lr2 ovn-nbctl lrp-add lr2 lr2-ls2 00:00:00:00:02:01 192.168.200.1/24 ovn-nbctl lsp-add ls2 ls2-lr2 \ -- lsp-set-type ls2-lr2 router \ -- lsp-set-addresses ls2-lr2 router \ -- lsp-set-options ls2-lr2 router-port=lr2-ls2 ovn-nbctl lrp-add lr1 lr1-ls-pub 00:00:00:00:03:01 172.18.2.110/24 ovn-nbctl lrp-set-gateway-chassis lr1-ls-pub hv1 ovn-nbctl lsp-add ls-pub ls-pub-lr1 \ -- lsp-set-type ls-pub-lr1 router \ -- lsp-set-addresses ls-pub-lr1 router \ -- lsp-set-options ls-pub-lr1 router-port=lr1-ls-pub ovn-nbctl lrp-add lr2 lr2-ls-pub 00:00:00:00:03:02 172.18.1.173/24 ovn-nbctl lrp-set-gateway-chassis lr2-ls-pub hv1 ovn-nbctl lsp-add ls-pub ls-pub-lr2 \ -- lsp-set-type ls-pub-lr2 router \ -- lsp-set-addresses ls-pub-lr2 router \ -- lsp-set-options ls-pub-lr2 router-port=lr2-ls-pub # Putting --add-route on these NAT rules means there is no need to # add any static routes. ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.18.2.11 192.168.100.5 vm1 00:00:00:00:03:01 ovn-nbctl lr-nat-add lr2 dnat_and_snat 172.18.2.12 192.168.200.5 vm2 00:00:00:00:03:02 ovn-nbctl lr-route-add lr1 172.18.2.0/24 172.18.2.110 lr2-ls-pub ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal external_ids:iface-id=vm1 ip netns add vm1 ip link set vm1 netns vm1 ip netns exec vm1 ip link set vm1 address 00:00:00:00:01:05 ip netns exec vm1 ip link set vm1 up ip netns exec vm1 ip addr add 192.168.100.5/24 dev vm1 ip netns exec vm1 ip route add default via 192.168.100.1 dev vm1 ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal external_ids:iface-id=vm2 ip netns add vm2 ip link set vm2 netns vm2 ip netns exec vm2 ip link set vm2 address 00:00:00:00:02:05 ip netns exec vm2 ip link set vm2 up ip netns exec vm2 ip addr add 192.168.200.5/24 dev vm2 ip netns exec vm2 ip route add default via 192.168.200.1 dev vm2 ip netns exec vm2 ping -c 3 -i 0.3 -w 2 172.18.2.12 reproduced on ovn2.13-20.12.0-140.el7: + ip netns exec vm2 ping -c 3 -i 0.3 -w 2 172.18.2.12 PING 172.18.2.12 (172.18.2.12) 56(84) bytes of data. --- 172.18.2.12 ping statistics --- 7 packets transmitted, 0 received, 100% packet loss, time 1809ms Verified on ovn2.13-20.12.0-173.el7: [root@wsfd-advnetlab16 bz1929901]# rpm -qa | grep -E "openvswitch2.13|ovn2.13" openvswitch2.13-2.13.0-102.el7fdp.x86_64 ovn2.13-20.12.0-173.el7fdp.x86_64 ovn2.13-central-20.12.0-173.el7fdp.x86_64 ovn2.13-host-20.12.0-173.el7fdp.x86_64 + ip netns exec vm2 ping -c 3 -i 0.3 -w 2 172.18.2.12 PING 172.18.2.12 (172.18.2.12) 56(84) bytes of data. 64 bytes from 172.18.2.12: icmp_seq=2 ttl=62 time=704 ms 64 bytes from 172.18.2.12: icmp_seq=5 ttl=62 time=0.098 ms 64 bytes from 172.18.2.12: icmp_seq=6 ttl=62 time=0.066 ms --- 172.18.2.12 ping statistics --- 6 packets transmitted, 3 received, 50% packet loss, time 1511ms
also verified on ovn2.13-20.12.0-173.el8: + ip netns exec vm2 ping -c 3 -i 0.3 -w 2 172.18.2.12 PING 172.18.2.12 (172.18.2.12) 56(84) bytes of data. 64 bytes from 172.18.2.12: icmp_seq=3 ttl=62 time=418 ms 64 bytes from 172.18.2.12: icmp_seq=1 ttl=62 time=1030 ms 64 bytes from 172.18.2.12: icmp_seq=5 ttl=62 time=0.114 ms --- 172.18.2.12 ping statistics --- 5 packets transmitted, 3 received, 40% packet loss, time 1217ms rtt min/avg/max/mdev = 0.114/483.032/1030.485/423.115 ms, pipe 4 [root@dell-per740-12 bz1929901]# rpm -qa | grep -E "openvswitch2.15|ovn2.13" ovn2.13-20.12.0-173.el8fdp.x86_64 openvswitch2.15-2.15.0-35.el8fdp.x86_64 ovn2.13-host-20.12.0-173.el8fdp.x86_64 ovn2.13-central-20.12.0-173.el8fdp.x86_64
also verified on ovn-2021-20.06.0-18.el8: + ip netns exec vm2 ping -c 3 -i 0.3 -w 2 172.18.2.12 PING 172.18.2.12 (172.18.2.12) 56(84) bytes of data. 64 bytes from 172.18.2.12: icmp_seq=3 ttl=62 time=427 ms 64 bytes from 172.18.2.12: icmp_seq=4 ttl=62 time=123 ms 64 bytes from 172.18.2.12: icmp_seq=2 ttl=62 time=731 ms --- 172.18.2.12 ping statistics --- 4 packets transmitted, 3 received, 25% packet loss, time 909ms rtt min/avg/max/mdev = 122.770/426.760/730.784/248.220 ms, pipe 3 [root@dell-per740-12 bz1929901]# rpm -qa | grep -E "openvswitch2.15|ovn-2021" ovn-2021-21.06.0-18.el8fdp.x86_64 openvswitch2.15-2.15.0-35.el8fdp.x86_64 ovn-2021-central-21.06.0-18.el8fdp.x86_64 ovn-2021-host-21.06.0-18.el8fdp.x86_64
*** Bug 1945506 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:9044