Bug 1942877
| Summary: | [ovn] Traffic between localnet and localport ports should be dropped | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | Daniel Alvarez Sanchez <dalvarez> |
| Component: | ovn2.13 | Assignee: | lorenzo bianconi <lorenzo.bianconi> |
| Status: | CLOSED ERRATA | QA Contact: | Jianlin Shi <jishi> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | FDP 21.I | CC: | ctrautma, dcbw, ffernand, jishi, lorenzo.bianconi, ralongi |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovn2.13-20.12.0-122.el8fdp | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-06-21 14:44:39 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Daniel Alvarez Sanchez
2021-03-25 09:24:10 UTC
Upstream patch: http://patchwork.ozlabs.org/project/ovn/patch/8008fa9867d210cf18ad31f912535f2c14e85c43.1620151078.git.lorenzo.bianconi@redhat.com/ tested with following script:
systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.25
systemctl restart ovn-controller
ovs-vsctl add-br br-phys
ip link set br-phys up
ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
ovn-nbctl ls-add ls \
-- lsp-add ls lp \
-- lsp-set-type lp localport \
-- lsp-set-addresses lp "00:00:00:00:00:01 10.0.0.1 2001::1" \
-- lsp-add ls ln \
-- lsp-set-type ln localnet \
-- lsp-set-addresses ln unknown \
-- lsp-set-options ln network_name=phys \
-- lsp-add ls lsp \
-- lsp-set-addresses lsp "00:00:00:00:00:02 10.0.0.2 2001::2"
ovs-vsctl add-port br-int lp -- set interface lp type=internal external_ids:iface-id=lp
ip netns add lp
ip link set lp netns lp
ip netns exec lp ip link set lp address 00:00:00:00:00:01
ip netns exec lp ip link set lp up
ip netns exec lp ip addr add 10.0.0.1/24 dev lp
ip netns exec lp ip addr add 2001::1/64 dev lp
ovn-nbctl --wait=hv sync
ovs-vsctl add-port br-int lsp -- set interface lsp type=internal external_ids:iface-id=lsp options:tx_pcap=lsp.pcap options:rxq_pcap=lsp-rx.pcap
ip netns add lsp
ip link set lsp netns lsp
ip netns exec lsp ip link set lsp address 00:00:00:00:00:02
ip netns exec lsp ip link set lsp up
ip netns exec lsp ip addr add 10.0.0.2/24 dev lsp
ip netns exec lsp ip addr add 2001::2/64 dev lsp
ovs-vsctl add-port br-phys ext1 -- set interface ext1 type=internal
ip netns add ext1
ip link set ext1 netns ext1
ip netns exec ext1 ip link set ext1 up
ip netns exec ext1 ip addr add 10.0.0.101/24 dev ext1
ip netns exec ext1 ip addr add 2001::101/64 dev ext1
sleep 2
ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1
ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1
ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1
ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1
ip netns exec lsp ping 10.0.0.101 -c 1
ip netns exec lsp ping6 2001::101 -c 1
reproduced on ovn2.13-20.12.0-104:
[root@dell-per740-12 bz1942877]# rpm -qa | grep -E "openvswitch2.13|ovn2.13"
openvswitch2.13-2.13.0-96.el7fdp.x86_64
ovn2.13-20.12.0-104.el7fdp.x86_64
ovn2.13-host-20.12.0-104.el7fdp.x86_64
ovn2.13-central-20.12.0-104.el7fdp.x86_64
+ ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.28 ms
--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.289/1.289/1.289/0.000 ms
+ ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1
PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data.
64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.066 ms
--- 10.0.0.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.066/0.066/0.066/0.000 ms
+ ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1
PING 2001::1(2001::1) 56 data bytes
64 bytes from 2001::1: icmp_seq=1 ttl=64 time=1.22 ms
--- 2001::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.221/1.221/1.221/0.000 ms
+ ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1
PING 2001::101(2001::101) 56 data bytes
64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.068 ms
--- 2001::101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.068/0.068/0.068/0.000 ms
<=== traffic between localnet and localport passed
+ ip netns exec lsp ping 10.0.0.101 -c 1
PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data.
64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.891 ms
--- 10.0.0.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.891/0.891/0.891/0.000 ms
+ ip netns exec lsp ping6 2001::101 -c 1
PING 2001::101(2001::101) 56 data bytes
64 bytes from 2001::101: icmp_seq=1 ttl=64 time=1.14 ms
--- 2001::101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.148/1.148/1.148/0.000 ms
Verified on ovn2.13-20.12.0-135:
[root@dell-per740-12 bz1942877]# rpm -qa | grep -E "openvswitch2.13|ovn2.13"
openvswitch2.13-2.13.0-96.el7fdp.x86_64
ovn2.13-20.12.0-135.el7fdp.x86_64
ovn2.13-central-20.12.0-135.el7fdp.x86_64
ovn2.13-host-20.12.0-135.el7fdp.x86_64
+ ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
--- 10.0.0.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
+ ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1
PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data.
--- 10.0.0.101 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
+ ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1
PING 2001::1(2001::1) 56 data bytes
--- 2001::1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms
+ ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1
PING 2001::101(2001::101) 56 data bytes
--- 2001::101 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
<== traffic between localnet and localport failed
+ ip netns exec lsp ping 10.0.0.101 -c 1
PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data.
64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=1.00 ms
--- 10.0.0.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.007/1.007/1.007/0.000 ms
+ ip netns exec lsp ping6 2001::101 -c 1
PING 2001::101(2001::101) 56 data bytes
64 bytes from 2001::101: icmp_seq=1 ttl=64 time=1.37 ms
--- 2001::101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.370/1.370/1.370/0.000 ms
Verified on ovn-2021-21.03.0-40.el8fdp.x86_64: [root@dell-per730-03 bz1942877]# rpm -qa | grep -E "openvswitch2.15|ovn-2021" openvswitch2.15-2.15.0-23.el8fdp.x86_64 ovn-2021-central-21.03.0-40.el8fdp.x86_64 ovn-2021-21.03.0-40.el8fdp.x86_64 ovn-2021-host-21.03.0-40.el8fdp.x86_64 + ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. --- 10.0.0.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. --- 10.0.0.101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 PING 2001::1(2001::1) 56 data bytes --- 2001::1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 PING 2001::101(2001::101) 56 data bytes --- 2001::101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lsp ping 10.0.0.101 -c 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.749 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.749/0.749/0.749/0.000 ms + ip netns exec lsp ping6 2001::101 -c 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.611 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.611/0.611/0.611/0.000 ms reproduced on ovn2.13-20.12.0-104.el8: [root@dell-per730-03 bz1942877]# rpm -qa | grep -E "openvswitch2.15|ovn2.13" openvswitch2.15-2.15.0-23.el8fdp.x86_64 ovn2.13-host-20.12.0-104.el8fdp.x86_64 ovn2.13-central-20.12.0-104.el8fdp.x86_64 ovn2.13-20.12.0-104.el8fdp.x86_64 + ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.686 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.686/0.686/0.686/0.000 ms + ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.034 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.034/0.034/0.034/0.000 ms + ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 PING 2001::1(2001::1) 56 data bytes 64 bytes from 2001::1: icmp_seq=1 ttl=64 time=0.476 ms --- 2001::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.476/0.476/0.476/0.000 ms + ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.028 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.028/0.028/0.028/0.000 ms + ip netns exec lsp ping 10.0.0.101 -c 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.436 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.436/0.436/0.436/0.000 ms + ip netns exec lsp ping6 2001::101 -c 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.562 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.562/0.562/0.562/0.000 ms Verified on ovn2.13-20.12.0-135.el8: + ip netns exec ext1 ping 10.0.0.1 -c 1 -w 1 -W 1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. --- 10.0.0.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping 10.0.0.101 -c 1 -w 1 -W 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. --- 10.0.0.101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec ext1 ping6 2001::1 -c 1 -w 1 -W 1 PING 2001::1(2001::1) 56 data bytes --- 2001::1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lp ping6 2001::101 -c 1 -w 1 -W 1 PING 2001::101(2001::101) 56 data bytes --- 2001::101 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms + ip netns exec lsp ping 10.0.0.101 -c 1 PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data. 64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=0.742 ms --- 10.0.0.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.742/0.742/0.742/0.000 ms + ip netns exec lsp ping6 2001::101 -c 1 PING 2001::101(2001::101) 56 data bytes 64 bytes from 2001::101: icmp_seq=1 ttl=64 time=0.576 ms --- 2001::101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.576/0.576/0.576/0.000 ms Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2507 |