Description of problem: nat between 2 vfs for mlx5_core in ovn setup is not conntrack offloaded Version-Release number of selected component (if applicable): openvswitch2.15-2.15.0-24.el8fdp.x86_64 4.18.0-315.el8.x86_64 How reproducible: Always Steps to Reproduce: 1. setup vf: echo 4 > /sys/bus/pci/devices/0000:3b:00.0/sriov_numvfs echo 0000:3b:00.2 > /sys/bus/pci/drivers/mlx5_core/unbind echo 0000:3b:00.3 > /sys/bus/pci/drivers/mlx5_core/unbind echo 0000:3b:00.4 > /sys/bus/pci/drivers/mlx5_core/unbind echo 0000:3b:00.5 > /sys/bus/pci/drivers/mlx5_core/unbind devlink dev eswitch set pci/0000:3b:00.0 mode switchdev 2. create guest and attach representer into guest: virt-install --name g0 --vcpus=2 --ram=2048 --disk path=/var/lib/libvirt/images/g0.qcow2,device=disk,bus=virtio,format=qcow2 --network bridge=virbr0,model=virtio --boot hd --accelerate --force --graphic s none --noautoconsole virt-install --name g2 --vcpus=2 --ram=2048 --disk path=/var/lib/libvirt/images/g2.qcow2,device=disk,bus=virtio,format=qcow2 --network bridge=virbr0,model=virtio --boot hd --accelerate --force --graphic s none --noautoconsole cat vf.xml <interface type='hostdev' managed='yes'> <source> <address type='pci' domain='0x0000' bus='0x3b' slot='0x00' function='0x2'/> </source> <mac address='00:00:00:01:01:13'/> </interface> virsh attach-device g0 vf.xml cat vf.xml <interface type='hostdev' managed='yes'> <source> <address type='pci' domain='0x0000' bus='0x3b' slot='0x00' function='0x4'/> </source> <mac address='00:00:00:01:02:13'/> </interface> virsh attach-device g2 vf.xml 3. add representer into ovn ip link set eth0 down ip link set eth0 name s_pf0vf0 ovs-vsctl add-port br-int s_pf0vf0 -- set interface s_pf0vf0 external_ids:iface-id=s_pf0vf0 ip link set s_pf0vf0 up ip link set eth2 down ip link set eth2 name s_pf0vf2 ovs-vsctl add-port br-int s_pf0vf2 -- set interface s_pf0vf2 external_ids:iface-id=s_pf0vf2 ip link set s_pf0vf2 up ovn-nbctl ls-add ls1 ovn-nbctl ls-add ls2 ovn-nbctl lr-add lr1 ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/24 2001::a/64 ovn-nbctl lsp-add ls1 ls1-lr1 ovn-nbctl lsp-set-type ls1-lr1 router ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1 ovn-nbctl lsp-set-addresses ls1-lr1 router ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:00:00:02 172.17.$ip_subnet.254/24 7777:$ip_subnet::a/64 ovn-nbctl lsp-add ls2 ls2-lr1 ovn-nbctl lsp-set-type ls2-lr1 router ovn-nbctl lsp-set-options ls2-lr1 router-port=lr1-ls2 ovn-nbctl lsp-set-addresses ls2-lr1 router ovn-nbctl lsp-add ls1 s_pf0vf0 ovn-nbctl lsp-set-addresses s_pf0vf0 "00:00:00:01:01:11 192.168.1.11 2001::11" ovn-nbctl lsp-add ls2 s_pf0vf2 ovn-nbctl lsp-set-addresses s_pf0vf2 "00:00:00:01:02:11 172.17.172.11 7777:172::11" ovn-nbctl set logical_router lr1 options:chassis=$chassis_id ovn-nbctl lr-nat-add lr1 dnat_and_snat 10.10.1.11 192.168.1.11 ovn-nbctl lr-nat-add lr1 dnat_and_snat 3010::11 2001::11 4. enable hw offload for ovs: ovs-vsctl set Open_vSwitch . other_config:hw-offload=true ovs-vsctl set Open_vSwitch . other_config:tc-policy=none systemctl restart openvswitch 5. run iperf3 -c 10.10.1.11 in vm g2 Actual results: tcpdump can capture packets on s_pf0vf2: not offloaded Expected results: tcpdump can't capture packets on s_pf0vf2: offloaded Additional info: [root@wsfd-advnetlab16 offload_func]# uname -a Linux wsfd-advnetlab16.anl.lab.eng.bos.redhat.com 4.18.0-315.el8.x86_64 #1 SMP Thu Jun 17 14:56:40 EDT 2021 x86_64 x86_64 x86_64 GNU/Linux [root@wsfd-advnetlab16 offload_func]# ethtool -i ens1f0 driver: mlx5e_rep version: 4.18.0-315.el8.x86_64 firmware-version: 16.30.1004 (MT_0000000013) expansion-rom-version: bus-info: 0000:3b:00.0 supports-statistics: yes supports-test: no supports-eeprom-access: no supports-register-dump: no supports-priv-flags: no [root@wsfd-advnetlab16 offload_func]# ip link sh ens1f0 87: ens1f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 0c:42:a1:08:0b:1a brd ff:ff:ff:ff:ff:ff vf 0 link/ether 00:00:00:01:01:11 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state disable, trust off, query_rss off vf 1 link/ether 00:00:00:01:01:12 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state disable, trust off, query_rss off vf 2 link/ether 00:00:00:01:02:11 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state disable, trust off, query_rss off vf 3 link/ether 00:00:00:01:02:12 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state disable, trust off, query_rss off [root@wsfd-advnetlab16 offload_func]# rpm -qa | grep -E "openvswitch2.15|ovn-2021" ovn-2021-21.03.0-40.el8fdp.x86_64 python3-openvswitch2.15-2.15.0-24.el8fdp.x86_64 ovn-2021-central-21.03.0-40.el8fdp.x86_64 openvswitch2.15-2.15.0-24.el8fdp.x86_64 ovn-2021-host-21.03.0-40.el8fdp.x86_64 [root@wsfd-advnetlab16 offload_func]# ovn-nbctl show switch 16c9b426-9247-4c2e-bd2c-9bca4efe0901 (ls1) port c_pf0vf0 addresses: ["00:00:00:01:01:13 192.168.1.13 2001::13"] port s_pf1vf1 addresses: ["00:00:00:01:01:16 192.168.1.16 2001::16"] port s_pf0vf0 addresses: ["00:00:00:01:01:11 192.168.1.11 2001::11"] port s_pf1vf0 addresses: ["00:00:00:01:01:15 192.168.1.15 2001::15"] port ls1-lr1 type: router router-port: lr1-ls1 port s_pf0vf1 addresses: ["00:00:00:01:01:12 192.168.1.12 2001::12"] port c_pf0vf1 addresses: ["00:00:00:01:01:14 192.168.1.14 2001::14"] port ls1_lp type: localport addresses: ["00:00:00:01:01:02 192.168.1.2 2001::2"] switch b678560e-2e8a-46f2-a2db-9795b4ad0b9c (ls2) port c_pf0vf2 addresses: ["00:00:00:01:02:13 172.17.172.13 7777:172::13"] port s_pf0vf3 addresses: ["00:00:00:01:02:12 172.17.172.12 7777:172::12"] port c_pf0vf3 addresses: ["00:00:00:01:02:14 172.17.172.14 7777:172::14"] port ls2-lr1 type: router router-port: lr1-ls2 port s_pf0vf2 addresses: ["00:00:00:01:02:11 172.17.172.11 7777:172::11"] port ls2_lp type: localport addresses: ["00:00:00:01:01:02 172.17.172.2 7777:172::2"] router 60505cd0-06d2-42dc-828d-0556dc664479 (lr1) port lr1-ls1 mac: "00:00:00:00:00:01" networks: ["192.168.1.254/24", "2001::a/64"] port lr1-ls2 mac: "00:00:00:00:00:02" networks: ["172.17.172.254/24", "7777:172::a/64"] nat 05cf1c0a-eefe-464d-9add-25168412f9e7 external ip: "10.10.1.14" logical ip: "192.168.1.14" type: "dnat" nat 27894146-6d4b-4c26-ac9a-c55892edf490 external ip: "3010::12" logical ip: "2001::12" type: "dnat" nat 34df5c8d-76e5-4aa3-a09a-60c3ced598db external ip: "3010::16" logical ip: "2001::16" type: "snat" nat 3ff37336-6200-434c-a5d5-4aca4d10c5a9 external ip: "10.10.1.11" logical ip: "192.168.1.11" type: "dnat_and_snat" nat 473480e2-3e72-4d69-a68b-37fe9e7c4504 external ip: "3010::15" logical ip: "2001::15" type: "dnat_and_snat" nat 64a0764b-4729-4be7-a064-a72452d11868 external ip: "3010::14" logical ip: "2001::14" type: "dnat" nat 69c3ed38-e7a0-4b6b-92a5-3d9b93b234df external ip: "10.10.1.12" logical ip: "192.168.1.12" type: "dnat" nat 831ad6aa-0e11-49e5-9be9-205dbe6ad652 external ip: "3010::13" logical ip: "2001::13" type: "dnat_and_snat" nat 88b177bf-2f20-41e6-8f7d-a8b215e9da84 external ip: "3010::11" logical ip: "2001::11" type: "dnat_and_snat" nat ad6efa9d-8728-46fd-827a-fc1dd21b7d95 external ip: "10.11.1.12" logical ip: "172.17.172.12" type: "snat" nat b5cf3a3c-478e-4f21-b107-7763994739dc external ip: "10.10.1.13" logical ip: "192.168.1.13" type: "dnat_and_snat" nat d8b8bdec-f126-408c-add6-7a670b7174a7 external ip: "10.10.1.16" logical ip: "192.168.1.16" type: "snat" nat f1f72413-1ab9-46be-a350-e97e03925014 external ip: "10.10.1.15" logical ip: "192.168.1.15" type: "dnat_and_snat" [root@wsfd-advnetlab16 offload_func]# ovs-vsctl show b96f738f-02a8-4e39-a498-16c2e58b1a13 Bridge br-int fail_mode: secure Port s_pf1vf1 Interface s_pf1vf1 Port s_pf0vf1 Interface s_pf0vf1 Port s_pf1vf0 Interface s_pf1vf0 Port br-int Interface br-int type: internal Port s_pf0vf3 Interface s_pf0vf3 Port ovn-48aaf6-0 Interface ovn-48aaf6-0 type: geneve options: {csum="true", key=flow, remote_ip="20.0.172.26"} Port s_pf0vf0 Interface s_pf0vf0 Port s_pf0vf2 Interface s_pf0vf2 ovs_version: "2.15.1" + ovs-appctl dpctl/dump-flows -m --names ufid:5e7036a9-f4cc-426b-a011-9bce0645dc62, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0,id=0/0),eth( src=00:00:00:01:01:11,dst=00:00:00:00:00:01),eth_type(0x0800),ipv4(src=192.168.1.0/255.255.255.128,dst=172.17.172.0/255.255.255.128,proto=0/0,tos=0/0,ttl=64,frag=no), packets:100128, bytes:6609640, used:0 .241s, offloaded:yes, dp:tc, actions:ct_clear,ct(zone=12,nat),recirc(0x11) ufid:846b95c5-2b71-4b34-b2c1-26961c920490, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x11),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:01:01:11,dst=00:00:00:00:00:01),eth_type(0x0800),ipv4(src=0.0.0.0/128.0.0.0,dst=172.17.172.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:100128, bytes:6609640, used:0.24 0s, offloaded:yes, dp:tc, actions:ct_clear,set(eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11)),set(ipv4(ttl=63)),s_pf0vf2 ufid:31b4be5d-9551-47c9-93da-137346f2b2fb, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),eth( src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=172.17.172.0/255.255.255.128,dst=10.10.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:5506594, bytes:7979586978, used:0.000s, offloaded:yes, dp:tc, actions:ct_clear,ct(zone=7,nat),recirc(0xb) ufid:4fdce626-9f51-459b-be4c-bf762f5fd4e0, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0xb),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),et h(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=10.10.1.11,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:5506639, bytes:79796 52190, used:0.000s, offloaded:yes, dp:tc, actions:ct(commit,zone=12,nat(dst=192.168.1.11)),recirc(0x2) ufid:8a2deffd-48f6-4ba8-931b-3abf97033266, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x2),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),et h(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=128.0.0.0/192.0.0.0,dst=192.168.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:5506684, bytes:7979717402, used: 0.000s, offloaded:yes, dp:tc, actions:ct_clear,set(eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11)),set(ipv4(ttl=63)),s_pf0vf0 + tc -s filter show dev s_pf0vf2 ingress filter protocol ip pref 2 flower chain 0 filter protocol ip pref 2 flower chain 0 handle 0x1 dst_mac 00:00:00:00:00:02 src_mac 00:00:00:01:02:11 eth_type ipv4 ip_proto tcp ip_ttl 64 dst_ip 10.10.1.11 src_ip 172.17.172.11/25 ip_flags nofrag in_hw in_hw_count 1 action order 1: ct clear pipe index 1 ref 1 bind 1 installed 3 sec firstused 3 sec Action statistics: Sent 8010302090 bytes 5527789 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 5dbeb431c94751957313da93fbb2f246 used_hw_stats delayed action order 2: ct zone 7 nat pipe index 2 ref 1 bind 1 installed 3 sec firstused 3 sec Action statistics: Sent 8010367302 bytes 5527834 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 5dbeb431c94751957313da93fbb2f246 used_hw_stats delayed action order 3: gact action goto chain 11 random type none pass val 0 index 1 ref 1 bind 1 installed 3 sec firstused 3 sec Action statistics: Sent 8010367302 bytes 5527834 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 5dbeb431c94751957313da93fbb2f246 used_hw_stats delayed filter protocol ip pref 2 flower chain 11 filter protocol ip pref 2 flower chain 11 handle 0x1 eth_type ipv4 dst_ip 10.10.1.11 ip_flags nofrag in_hw in_hw_count 1 action order 1: ct commit zone 12 nat dst addr 192.168.1.11 pipe index 3 ref 1 bind 1 installed 3 sec firstused 3 sec Action statistics: Sent 8010367302 bytes 5527834 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 26e6dc4f9b45519f76bf4cbee0d45f2f used_hw_stats delayed action order 2: gact action goto chain 2 random type none pass val 0 index 2 ref 1 bind 1 installed 3 sec firstused 3 sec Action statistics: Sent 8010432514 bytes 5527879 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 26e6dc4f9b45519f76bf4cbee0d45f2f used_hw_stats delayed filter protocol ip pref 2 flower chain 2 filter protocol ip pref 2 flower chain 2 handle 0x1 dst_mac 00:00:00:00:00:02 src_mac 00:00:00:01:02:11 eth_type ipv4 ip_proto tcp ip_ttl 64 dst_ip 192.168.1.11 src_ip 172.17.172.11/2 ip_flags nofrag in_hw in_hw_count 1 action order 1: ct clear pipe index 4 ref 1 bind 1 installed 3 sec firstused 3 sec Action statistics: Sent 8010432514 bytes 5527879 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie fdef2d8aa84bf648bf3a1b9366320397 used_hw_stats delayed action order 2: pedit action pipe keys 5 index 1 ref 1 bind 1 installed 3 sec firstused 3 sec key #0 at ipv4+8: val 3f000000 mask 00ffffff key #1 at eth+4: val 00000000 mask ffff0000 key #2 at eth+8: val 00000001 mask 00000000 key #3 at eth+0: val 00000001 mask 00000000 key #4 at eth+4: val 01110000 mask 0000ffff Action statistics: Sent 8010432514 bytes 5527879 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 used_hw_stats delayed action order 3: csum (iph, tcp) action pipe index 1 ref 1 bind 1 installed 3 sec firstused 3 sec Action statistics: Sent 8010497726 bytes 5527924 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 no_percpu used_hw_stats delayed action order 4: mirred (Egress Redirect to device s_pf0vf0) stolen index 1 ref 1 bind 1 installed 3 sec firstused 3 sec Action statistics: Sent 8010497726 bytes 5527924 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie fdef2d8aa84bf648bf3a1b9366320397 no_percpu used_hw_stats delayed + cat /proc/net/nf_conntrack ipv6 10 tcp 6 299 ESTABLISHED src=2620:0052:0000:423c:1260:4bff:fe74:de20 dst=2620:0052:0000:1380:e643:4bff:fe17:e16c sport=44882 dport=22 src=2620:0052:0000:1380:e643:4bff:fe17:e16c dst=2620:005 2:0000:423c:1260:4bff:fe74:de20 sport=22 dport=44882 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 tcp 6 431386 ESTABLISHED src=10.72.12.150 dst=10.19.128.35 sport=60855 dport=22 src=10.19.128.35 dst=10.72.12.150 sport=22 dport=60855 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t :s0 zone=0 use=2 ipv6 10 tcp 6 299 ESTABLISHED src=2620:0052:0000:423c:1260:4bff:fe74:de20 dst=2620:0052:0000:1380:e643:4bff:fe17:e16c sport=44724 dport=22 src=2620:0052:0000:1380:e643:4bff:fe17:e16c dst=2620:005 2:0000:423c:1260:4bff:fe74:de20 sport=22 dport=44724 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 tcp 6 src=172.17.172.11 dst=10.10.1.11 sport=57600 dport=5201 src=192.168.1.11 dst=172.17.172.11 sport=5201 dport=57600 [HW_OFFLOAD] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=12 use=3 ipv4 2 udp 17 20 src=0.0.0.0 dst=255.255.255.255 sport=68 dport=67 [UNREPLIED] src=255.255.255.255 dst=0.0.0.0 sport=67 dport=68 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 udp 17 7 src=10.19.128.35 dst=10.5.26.10 sport=40624 dport=123 src=10.5.26.10 dst=10.19.128.35 sport=123 dport=40624 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 unknown 2 565 src=10.19.129.254 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=10.19.129.254 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 tcp 6 src=172.17.172.11 dst=10.10.1.11 sport=57598 dport=5201 src=192.168.1.11 dst=172.17.172.11 sport=5201 dport=57598 [HW_OFFLOAD] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=12 use=3 ipv4 2 tcp 6 431995 ESTABLISHED src=20.0.172.26 dst=20.0.172.25 sport=58742 dport=6642 src=20.0.172.25 dst=20.0.172.26 sport=6642 dport=58742 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t :s0 zone=0 use=2 ipv4 2 tcp 6 431997 ESTABLISHED src=20.0.172.25 dst=20.0.172.25 sport=47926 dport=6642 src=20.0.172.25 dst=20.0.172.25 sport=6642 dport=47926 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t :s0 zone=0 use=2 ipv6 10 tcp 6 427963 ESTABLISHED src=2620:0052:0000:1380:e643:4bff:fe17:e16c dst=2620:0052:0000:423c:1260:4bff:fe74:de20 sport=22 dport=44570 src=2620:0052:0000:423c:1260:4bff:fe74:de20 dst=2620: 0052:0000:1380:e643:4bff:fe17:e16c sport=44570 dport=22 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2
the traffic is still not offloaded with ovn21.09-21.09.0-9.el8fdp: [root@wsfd-advnetlab16 ~]# rpm -qa | grep -E "openvswitch2.15|ovn21.09" ovn21.09-host-21.09.0-9.el8fdp.x86_64 openvswitch2.15-2.15.0-27.el8fdp.x86_64 ovn21.09-central-21.09.0-9.el8fdp.x86_64 python3-openvswitch2.15-2.15.0-27.el8fdp.x86_64 ovn21.09-21.09.0-9.el8fdp.x86_64 + ovs-appctl dpctl/dump-flows -m --names ufid:0543e504-1b0a-4bd5-b0a5-4fc3b0ba09a5, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=172.17.170.0/255.255.255.128,dst=10.10.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:3486946, bytes:505198232 3, used:1.200s, offloaded:yes, dp:tc, actions:ct_clear,ct(zone=12,nat),recirc(0x1) ufid:bbcfb152-4654-4862-9fe6-0a9c42b1a1c7, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x1),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),et h(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=10.10.1.11,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:3486946, bytes:50519 82323, used:1.200s, offloaded:yes, dp:tc, actions:ct(commit,zone=9,nat(dst=192.168.1.11)),recirc(0x2) ufid:b153b1a4-193c-43f6-926d-1c9c1b2a8273, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x2),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),et h(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=192.168.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:3486946, bytes:5051982323, used:1.20 0s, offloaded:yes, dp:tc, actions:set(eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11)),set(ipv4(ttl=63)),ct(zone=9,nat),recirc(0x3) ufid:8ba49c8b-1c3a-470c-acaf-92581b16e844, skb_priority(0/0),skb_mark(0/0),ct_state(0x21/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x3),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0 /0),eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11),eth_type(0x0800),ipv4(src=128.0.0.0/192.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:3, bytes:180, used:2.320s, dp:tc, actions :ct(commit,zone=9,nat(src)),ct_clear,s_pf0vf0 ufid:2b00e03b-7c67-418d-8e85-85ecf57bec70, skb_priority(0/0),skb_mark(0/0),ct_state(0x20/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x3),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0 /0),eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11),eth_type(0x0800),ipv4(src=128.0.0.0/192.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:3486941, bytes:5051982002, used:1.200s, o ffloaded:yes, dp:tc, actions:ct_clear,s_pf0vf0 ufid:6956db48-c250-45f0-bdd3-436ea7a3d25e, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:01:01:11,dst=00:00:00:00:00:01),eth_type(0x0800),ipv4(src=192.168.1.0/255.255.255.128,dst=172.17.170.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:64728, bytes:4273621, used:0.210s, offloaded:yes, dp:tc, actions:ct_clear,set(eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11)),set(ipv4(ttl=63)),ct(zone=9,nat),recirc(0x12) ufid:3a2a11f0-eaf2-4a10-9b39-9ae2e9800c95, skb_priority(0/0),skb_mark(0/0),ct_state(0x20/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x12),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0,id= 0/0),eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11),eth_type(0x0800),ipv4(src=0.0.0.0/128.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:64728, bytes:4273621, used:0.210s, offload ed:yes, dp:tc, actions:ct_clear,s_pf0vf2 ufid:1ae766a9-2b73-4113-81ff-ecef110026fa, skb_priority(0/0),tunnel(tun_id=0x2,src=20.0.170.26,dst=20.0.170.25,ttl=0/0,tp_dst=6081,geneve({class=0x102,type=0x80,len=4,0x50002/0x7fffffff}),flags(+key)),skb _mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(genev_sys_6081),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:01:02:13,dst=00:00:00:00:00:02),eth_type(0 x0800),ipv4(src=172.17.170.0/255.255.255.128,dst=16.0.0.0/240.0.0.0,proto=0/0,tos=0/0,ttl=64,frag=no), packets:0, bytes:0, used:never, dp:tc, actions:ct_clear ufid:4a2acbb6-3305-4463-91fc-3b72faa03688, skb_priority(0/0),tunnel(tun_id=0x2,src=20.0.170.26,dst=20.0.170.25,ttl=0/0,tp_dst=6081,geneve({class=0x102,type=0x80,len=4,0x60002/0x7fffffff}),flags(+key)),skb _mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(genev_sys_6081),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:01:02:14,dst=00:00:00:00:00:02),eth_type(0 x86dd),ipv6(src=7777:170::/ffff:ffff:ffff:ffff::,dst=2604:e8c0:3::5,label=0/0,proto=17,tclass=0/0,hlimit=64,frag=no),udp(src=0/0,dst=0/0), packets:0, bytes:0, used:never, dp:tc, actions:ct_clear + tc -s filter show dev s_pf0vf2 ingress filter protocol ip pref 2 flower chain 0 filter protocol ip pref 2 flower chain 0 handle 0x1 dst_mac 00:00:00:00:00:02 src_mac 00:00:00:01:02:11 eth_type ipv4 ip_proto tcp ip_ttl 64 dst_ip 10.10.1.11 src_ip 172.17.170.11/25 ip_flags nofrag ct_state -trk-new in_hw in_hw_count 1 action order 1: ct clear pipe index 1 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 04e54305d54b0a1bc34fa5b0a509bab0 used_hw_stats delayed action order 2: ct zone 12 nat pipe index 2 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 04e54305d54b0a1bc34fa5b0a509bab0 used_hw_stats delayed action order 3: gact action goto chain 1 random type none pass val 0 index 1 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 04e54305d54b0a1bc34fa5b0a509bab0 used_hw_stats delayed filter protocol ip pref 2 flower chain 1 filter protocol ip pref 2 flower chain 1 handle 0x1 eth_type ipv4 dst_ip 10.10.1.11 ip_flags nofrag in_hw in_hw_count 1 action order 1: ct commit zone 9 nat dst addr 192.168.1.11 pipe index 3 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 52b1cfbb624854469c0ae69fc7a1b142 used_hw_stats delayed action order 2: gact action goto chain 2 random type none pass val 0 index 2 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 52b1cfbb624854469c0ae69fc7a1b142 used_hw_stats delayed filter protocol ip pref 2 flower chain 2 filter protocol ip pref 2 flower chain 2 handle 0x1 dst_mac 00:00:00:00:00:02 src_mac 00:00:00:01:02:11 eth_type ipv4 ip_proto tcp ip_ttl 64 dst_ip 192.168.1.11 ip_flags nofrag in_hw in_hw_count 1 action order 1: pedit action pipe keys 5 index 1 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec key #0 at ipv4+8: val 3f000000 mask 00ffffff key #1 at eth+4: val 00000000 mask ffff0000 key #2 at eth+8: val 00000001 mask 00000000 key #3 at eth+0: val 00000001 mask 00000000 key #4 at eth+4: val 01110000 mask 0000ffff Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 used_hw_stats delayed action order 2: csum (iph, tcp) action pipe index 1 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 no_percpu used_hw_stats delayed action order 3: ct zone 9 nat pipe index 6 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie a4b153b1f6433c199c1c6d9273822a1b used_hw_stats delayed action order 4: gact action goto chain 3 random type none pass val 0 index 3 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982323 bytes 3486946 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie a4b153b1f6433c199c1c6d9273822a1b used_hw_stats delayed filter protocol ip pref 2 flower chain 3 filter protocol ip pref 2 flower chain 3 handle 0x1 dst_mac 00:00:00:01:01:11 src_mac 00:00:00:00:00:01 eth_type ipv4 src_ip 172.17.170.11/2 ip_flags nofrag ct_state +trk+new not_in_hw action order 1: ct commit zone 9 nat src pipe index 7 ref 1 bind 1 installed 12 sec used 2 sec firstused 12 sec Action statistics: Sent 180 bytes 3 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 8b9ca48b0c473a1c5892afac44e8161b action order 2: ct clear pipe index 8 ref 1 bind 1 installed 12 sec used 2 sec firstused 12 sec Action statistics: Sent 180 bytes 3 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 8b9ca48b0c473a1c5892afac44e8161b action order 3: mirred (Egress Redirect to device s_pf0vf0) stolen index 1 ref 1 bind 1 installed 12 sec used 2 sec firstused 12 sec Action statistics: Sent 180 bytes 3 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 8b9ca48b0c473a1c5892afac44e8161b no_percpu filter protocol ip pref 2 flower chain 3 handle 0x2 dst_mac 00:00:00:01:01:11 src_mac 00:00:00:00:00:01 eth_type ipv4 src_ip 172.17.170.11/2 ip_flags nofrag ct_state +trk-new in_hw in_hw_count 1 action order 1: ct clear pipe index 12 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982002 bytes 3486941 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 3be0002b8d41677cec85858e70ec7bf5 used_hw_stats delayed action order 2: mirred (Egress Redirect to device s_pf0vf0) stolen index 3 ref 1 bind 1 installed 12 sec used 1 sec firstused 12 sec Action statistics: Sent 5051982002 bytes 3486941 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 3be0002b8d41677cec85858e70ec7bf5 no_percpu used_hw_stats delayed + cat /proc/net/nf_conntrack ipv4 2 tcp 6 src=172.17.170.11 dst=10.10.1.11 sport=39808 dport=5201 src=192.168.1.11 dst=172.17.170.11 sport=5201 dport=39808 [OFFLOAD] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=9 use= 3 ipv4 2 tcp 6 8 CLOSE src=172.17.170.11 dst=10.10.1.11 sport=39810 dport=5201 src=192.168.1.11 dst=172.17.170.11 sport=5201 dport=39810 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zon e=9 use=2 ipv4 2 tcp 6 30 TIME_WAIT src=172.17.170.11 dst=10.10.1.11 sport=39800 dport=5201 src=192.168.1.11 dst=172.17.170.11 sport=5201 dport=39800 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s 0 zone=9 use=2 ipv4 2 udp 17 29 src=20.0.170.26 dst=20.0.170.25 sport=55134 dport=6081 [UNREPLIED] src=20.0.170.25 dst=20.0.170.26 sport=6081 dport=55134 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 us e=2 ipv6 10 tcp 6 431832 ESTABLISHED src=2620:0052:0000:1380:e643:4bff:fe17:e16c dst=2620:0052:0000:423c:1260:4bff:fe74:de20 sport=22 dport=36018 src=2620:0052:0000:423c:1260:4bff:fe74:de20 dst=2620: 0052:0000:1380:e643:4bff:fe17:e16c sport=36018 dport=22 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 udp 17 2 src=20.0.170.26 dst=20.0.170.25 sport=48837 dport=6081 [UNREPLIED] src=20.0.170.25 dst=20.0.170.26 sport=6081 dport=48837 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use =2 ipv4 2 tcp 6 108 TIME_WAIT src=172.17.170.11 dst=10.10.1.11 sport=39804 dport=5201 src=192.168.1.11 dst=172.17.170.11 sport=5201 dport=39804 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t: s0 zone=9 use=2 ipv6 10 tcp 6 299 ESTABLISHED src=2620:0052:0000:423c:1260:4bff:fe74:de20 dst=2620:0052:0000:1380:e643:4bff:fe17:e16c sport=37844 dport=22 src=2620:0052:0000:1380:e643:4bff:fe17:e16c dst=2620:005 2:0000:423c:1260:4bff:fe74:de20 sport=22 dport=37844 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 tcp 6 431999 ESTABLISHED src=20.0.170.26 dst=20.0.170.25 sport=46358 dport=6642 src=20.0.170.25 dst=20.0.170.26 sport=6642 dport=46358 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t :s0 zone=0 use=2 ipv6 10 tcp 6 431999 ESTABLISHED src=2620:0052:0000:423c:1260:4bff:fe74:de20 dst=2620:0052:0000:1380:e643:4bff:fe17:e16c sport=36556 dport=22 src=2620:0052:0000:1380:e643:4bff:fe17:e16c dst=2620: 0052:0000:423c:1260:4bff:fe74:de20 sport=22 dport=36556 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 unknown 2 578 src=10.19.129.254 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=10.19.129.254 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 udp 17 28 src=20.0.170.26 dst=20.0.170.25 sport=29784 dport=6081 [UNREPLIED] src=20.0.170.25 dst=20.0.170.26 sport=6081 dport=29784 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 us e=2 ipv4 2 tcp 6 431997 ESTABLISHED src=20.0.170.25 dst=20.0.170.25 sport=44302 dport=6642 src=20.0.170.25 dst=20.0.170.25 sport=6642 dport=44302 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t :s0 zone=0 use=2
+ ovs-appctl dpctl/dump-flows -m --names in_port(s_pf0vf0) ufid:6956db48-c250-45f0-bdd3-436ea7a3d25e, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:01:01:11,dst=00:00:00:00:00:01),eth_type(0x0800),ipv4(src=192.168.1.0/255.255.255.128,dst=172.17.170.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:64728, bytes:4273621, used:0.210s, offloaded:yes, dp:tc, actions:ct_clear,set(eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11)),set(ipv4(ttl=63)),ct(zone=9,nat),recirc(0x12) ufid:3a2a11f0-eaf2-4a10-9b39-9ae2e9800c95, skb_priority(0/0),skb_mark(0/0),ct_state(0x20/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x12),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0,id= 0/0),eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11),eth_type(0x0800),ipv4(src=0.0.0.0/128.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:64728, bytes:4273621, used:0.210s, offloaded:yes, dp:tc, actions:ct_clear,s_pf0vf2 in_port(s_pf0vf2) ufid:0543e504-1b0a-4bd5-b0a5-4fc3b0ba09a5, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=172.17.170.0/255.255.255.128,dst=10.10.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:3486946, bytes:5051982323, used:1.200s, offloaded:yes, dp:tc, actions:ct_clear,ct(zone=12,nat),recirc(0x1) ufid:bbcfb152-4654-4862-9fe6-0a9c42b1a1c7, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x1),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=10.10.1.11,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:3486946, bytes:5051982323, used:1.200s, offloaded:yes, dp:tc, actions:ct(commit,zone=9,nat(dst=192.168.1.11)),recirc(0x2) ufid:b153b1a4-193c-43f6-926d-1c9c1b2a8273,skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x2),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=192.168.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:3486946, bytes:5051982323, used:1.200s, offloaded:yes, dp:tc, actions:set(eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11)),set(ipv4(ttl=63)),ct(zone=9,nat),recirc(0x3) ufid:8ba49c8b-1c3a-470c-acaf-92581b16e844, skb_priority(0/0),skb_mark(0/0),ct_state(0x21/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x3),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0 /0),eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11),eth_type(0x0800),ipv4(src=128.0.0.0/192.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:3, bytes:180, used:2.320s, dp:tc, actions:ct(commit,zone=9,nat(src)),ct_clear,s_pf0vf0 ufid:2b00e03b-7c67-418d-8e85-85ecf57bec70, skb_priority(0/0),skb_mark(0/0),ct_state(0x20/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x3),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0 /0),eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11),eth_type(0x0800),ipv4(src=128.0.0.0/192.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:3486941, bytes:5051982002, used:1.200s, offloaded:yes, dp:tc, actions:ct_clear,s_pf0vf0 possibly unrelated: ufid:1ae766a9-2b73-4113-81ff-ecef110026fa, skb_priority(0/0),tunnel(tun_id=0x2,src=20.0.170.26,dst=20.0.170.25,ttl=0/0,tp_dst=6081,geneve({class=0x102,type=0x80,len=4,0x50002/0x7fffffff}),flags(+key)),skb _mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(genev_sys_6081),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:01:02:13,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=172.17.170.0/255.255.255.128,dst=16.0.0.0/240.0.0.0,proto=0/0,tos=0/0,ttl=64,frag=no), packets:0, bytes:0, used:never, dp:tc, actions:ct_clear ufid:4a2acbb6-3305-4463-91fc-3b72faa03688, skb_priority(0/0),tunnel(tun_id=0x2,src=20.0.170.26,dst=20.0.170.25,ttl=0/0,tp_dst=6081,geneve({class=0x102,type=0x80,len=4,0x60002/0x7fffffff}),flags(+key)),skb _mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(genev_sys_6081),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:01:02:14,dst=00:00:00:00:00:02),eth_type(0x86dd),ipv6(src=7777:170::/ffff:ffff:ffff:ffff::,dst=2604:e8c0:3::5,label=0/0,proto=17,tclass=0/0,hlimit=64,frag=no),udp(src=0/0,dst=0/0), packets:0, bytes:0, used:never, dp:tc, actions:ct_clear The first 2 flows in s_pf0vf2 seem to have mismatching zones. Also, there seems to be an unbalance between s_pf0vf2->s_pf0vf0 and s_pf0vf0->s_pf0vf2. Checking with Mark..
It looks a bit off. Can you get `ovs-vsctl get datapath ct_zones .` and `ovn-sbctl dump-flows lr1`
+ ovs-vsctl list datapath _uuid : f504602a-41c3-4f85-9353-9c6ee107d1a0 capabilities : {check_pkt_len="true", clone="true", ct_clear="true", ct_eventmask="true", ct_label="true", ct_mark="true", ct_orig_tuple="true", ct_orig_tuple6="true", ct_state="true", ct_state_nat ="true", ct_timeout="true", ct_zero_snat="true", ct_zone="true", explicit_drop_action="false", lb_output_action="false", masked_set_action="true", max_hash_alg="0", max_mpls_depth="3", max_vlan_headers="2 ", nd_ext="false", recirc="true", sample_nesting="true", tnl_push_pop="false", trunc="true", ufid="true"} ct_zones : {} datapath_version : "" external_ids : {} + ovn-sbctl dump-flows lr1 Datapath: "lr1" (5ac63cec-0b9f-4c49-98aa-f9ecb25eaa7b) Pipeline: ingress table=0 (lr_in_admission ), priority=100 , match=(vlan.present || eth.src[40]), action=(drop;) table=0 (lr_in_admission ), priority=50 , match=(eth.dst == 00:00:00:00:00:01 && inport == "lr1-ls1"), action=(xreg0[0..47] = 00:00:00:00:00:01; next;) table=0 (lr_in_admission ), priority=50 , match=(eth.dst == 00:00:00:00:00:02 && inport == "lr1-ls2"), action=(xreg0[0..47] = 00:00:00:00:00:02; next;) table=0 (lr_in_admission ), priority=50 , match=(eth.mcast && inport == "lr1-ls1"), action=(xreg0[0..47] = 00:00:00:00:00:01; next;) table=0 (lr_in_admission ), priority=50 , match=(eth.mcast && inport == "lr1-ls2"), action=(xreg0[0..47] = 00:00:00:00:00:02; next;) table=1 (lr_in_lookup_neighbor), priority=100 , match=(arp.op == 2), action=(reg9[2] = lookup_arp(inport, arp.spa, arp.sha); next;) table=1 (lr_in_lookup_neighbor), priority=100 , match=(inport == "lr1-ls1" && arp.spa == 192.168.1.0/24 && arp.op == 1), action=(reg9[2] = lookup_arp(inport, arp.spa, arp.sha); next;) table=1 (lr_in_lookup_neighbor), priority=100 , match=(inport == "lr1-ls2" && arp.spa == 172.17.170.0/24 && arp.op == 1), action=(reg9[2] = lookup_arp(inport, arp.spa, arp.sha); next;) table=1 (lr_in_lookup_neighbor), priority=100 , match=(nd_na), action=(reg9[2] = lookup_nd(inport, nd.target, nd.tll); next;) table=1 (lr_in_lookup_neighbor), priority=100 , match=(nd_ns), action=(reg9[2] = lookup_nd(inport, ip6.src, nd.sll); next;) table=1 (lr_in_lookup_neighbor), priority=0 , match=(1), action=(reg9[2] = 1; next;) table=2 (lr_in_learn_neighbor), priority=100 , match=(reg9[2] == 1), action=(next;) table=2 (lr_in_learn_neighbor), priority=90 , match=(arp), action=(put_arp(inport, arp.spa, arp.sha); next;) table=2 (lr_in_learn_neighbor), priority=90 , match=(nd_na), action=(put_nd(inport, nd.target, nd.tll); next;) table=2 (lr_in_learn_neighbor), priority=90 , match=(nd_ns), action=(put_nd(inport, ip6.src, nd.sll); next;) table=3 (lr_in_ip_input ), priority=100 , match=(ip4.src == {172.17.170.254, 172.17.170.255} && reg9[0] == 0), action=(drop;) table=3 (lr_in_ip_input ), priority=100 , match=(ip4.src == {192.168.1.254, 192.168.1.255} && reg9[0] == 0), action=(drop;) table=3 (lr_in_ip_input ), priority=100 , match=(ip4.src_mcast ||ip4.src == 255.255.255.255 || ip4.src == 127.0.0.0/8 || ip4.dst == 127.0.0.0/8 || ip4.src == 0.0.0.0/8 || ip4.dst == 0.0.0.0/8), act ion=(drop;) table=3 (lr_in_ip_input ), priority=100 , match=(ip6.dst == 2001::a && udp.src == 547 && udp.dst == 546), action=(reg0 = 0; handle_dhcpv6_reply;) table=3 (lr_in_ip_input ), priority=100 , match=(ip6.dst == 7777:170::a && udp.src == 547 && udp.dst == 546), action=(reg0 = 0; handle_dhcpv6_reply;) table=3 (lr_in_ip_input ), priority=100 , match=(ip6.dst == fe80::200:ff:fe00:1 && udp.src == 547 && udp.dst == 546), action=(reg0 = 0; handle_dhcpv6_reply;) table=3 (lr_in_ip_input ), priority=100 , match=(ip6.dst == fe80::200:ff:fe00:2 && udp.src == 547 && udp.dst == 546), action=(reg0 = 0; handle_dhcpv6_reply;) table=3 (lr_in_ip_input ), priority=90 , match=(arp.op == 1 && arp.tpa == 10.10.1.11), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = x reg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) table=3 (lr_in_ip_input ), priority=90 , match=(arp.op == 1 && arp.tpa == 10.10.1.12), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = x reg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) table=3 (lr_in_ip_input ), priority=90 , match=(arp.op == 1 && arp.tpa == 10.10.1.13), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = x reg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) table=3 (lr_in_ip_input ), priority=90 , match=(arp.op == 1 && arp.tpa == 10.10.1.14), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = x reg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) table=3 (lr_in_ip_input ), priority=90 , match=(arp.op == 1 && arp.tpa == 10.10.1.15), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = x reg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) table=3 (lr_in_ip_input ), priority=90 , match=(arp.op == 1 && arp.tpa == 10.10.1.16), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = x reg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) table=3 (lr_in_ip_input ), priority=90 , match=(inport == "lr1-ls1" && arp.op == 1 && arp.tpa == 192.168.1.254 && arp.spa == 192.168.1.0/24), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; arp .op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = xreg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) table=3 (lr_in_ip_input ), priority=90 , match=(inport == "lr1-ls1" && ip6.dst == {2001::a, ff02::1:ff00:a} && nd_ns && nd.target == 2001::a), action=(nd_na_router { eth.src = xreg0[0..47]; ip6.sr c = 2001::a; nd.target = 2001::a; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(inport == "lr1-ls1" && ip6.dst == {fe80::200:ff:fe00:1, ff02::1:ff00:1} && nd_ns && nd.target == fe80::200:ff:fe00:1), action=(nd_na_router { eth.sr c = xreg0[0..47]; ip6.src = fe80::200:ff:fe00:1; nd.target = fe80::200:ff:fe00:1; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(inport == "lr1-ls2" && arp.op == 1 && arp.tpa == 172.17.170.254 && arp.spa == 172.17.170.0/24), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; a rp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = xreg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) table=3 (lr_in_ip_input ), priority=90 , match=(inport == "lr1-ls2" && ip6.dst == {7777:170::a, ff02::1:ff00:a} && nd_ns && nd.target == 7777:170::a), action=(nd_na_router { eth.src = xreg0[0..47] ; ip6.src = 7777:170::a; nd.target = 7777:170::a; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(inport == "lr1-ls2" && ip6.dst == {fe80::200:ff:fe00:2, ff02::1:ff00:2} && nd_ns && nd.target == fe80::200:ff:fe00:2), action=(nd_na_router { eth.sr c = xreg0[0..47]; ip6.src = fe80::200:ff:fe00:2; nd.target = fe80::200:ff:fe00:2; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(ip4.dst == 172.17.170.254 && icmp4.type == 8 && icmp4.code == 0), action=(ip4.dst <-> ip4.src; ip.ttl = 255; icmp4.type = 0; flags.loopback = 1; nex t; ) table=3 (lr_in_ip_input ), priority=90 , match=(ip4.dst == 192.168.1.254 && icmp4.type == 8 && icmp4.code == 0), action=(ip4.dst <-> ip4.src; ip.ttl = 255; icmp4.type = 0; flags.loopback = 1; next ; ) table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst == {2001::a, fe80::200:ff:fe00:1} && icmp6.type == 128 && icmp6.code == 0), action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129; fla gs.loopback = 1; next; ) table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst == {3010::11, ff02::1:ff00:11} && nd_ns && nd.target == 3010::11), action=(nd_na { eth.src = xreg0[0..47]; ip6.src = 3010::11; nd.target = 3 010::11; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst == {3010::12, ff02::1:ff00:12} && nd_ns && nd.target == 3010::12), action=(nd_na { eth.src = xreg0[0..47]; ip6.src = 3010::12; nd.target = 3 010::12; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst == {3010::13, ff02::1:ff00:13} && nd_ns && nd.target == 3010::13), action=(nd_na { eth.src = xreg0[0..47]; ip6.src = 3010::13; nd.target = 3 010::13; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst == {3010::14, ff02::1:ff00:14} && nd_ns && nd.target == 3010::14), action=(nd_na { eth.src = xreg0[0..47]; ip6.src = 3010::14; nd.target = 3 010::14; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst == {3010::15, ff02::1:ff00:15} && nd_ns && nd.target == 3010::15), action=(nd_na { eth.src = xreg0[0..47]; ip6.src = 3010::15; nd.target = 3 010::15; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst == {3010::16, ff02::1:ff00:16} && nd_ns && nd.target == 3010::16), action=(nd_na { eth.src = xreg0[0..47]; ip6.src = 3010::16; nd.target = 3 010::16; nd.tll = xreg0[0..47]; outport = inport; flags.loopback = 1; output; };) table=3 (lr_in_ip_input ), priority=90 , match=(ip6.dst == {7777:170::a, fe80::200:ff:fe00:2} && icmp6.type == 128 && icmp6.code == 0), action=(ip6.dst <-> ip6.src; ip.ttl = 255; icmp6.type = 129; flags.loopback = 1; next; ) table=3 (lr_in_ip_input ), priority=85 , match=(arp || nd), action=(drop;) table=3 (lr_in_ip_input ), priority=84 , match=(nd_rs || nd_ra), action=(next;) table=3 (lr_in_ip_input ), priority=83 , match=(ip6.mcast_rsvd), action=(drop;) table=3 (lr_in_ip_input ), priority=82 , match=(ip4.mcast || ip6.mcast), action=(drop;) table=3 (lr_in_ip_input ), priority=60 , match=(ip4.dst == {172.17.170.254}), action=(drop;) table=3 (lr_in_ip_input ), priority=60 , match=(ip4.dst == {192.168.1.254}), action=(drop;) table=3 (lr_in_ip_input ), priority=60 , match=(ip6.dst == {2001::a, fe80::200:ff:fe00:1}), action=(drop;) table=3 (lr_in_ip_input ), priority=60 , match=(ip6.dst == {7777:170::a, fe80::200:ff:fe00:2}), action=(drop;) table=3 (lr_in_ip_input ), priority=50 , match=(eth.bcast), action=(drop;) table=3 (lr_in_ip_input ), priority=40 , match=(inport == "lr1-ls1" && ip4 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp4 {eth.dst <-> eth.src; icmp4.type = 11; /* Time exceeded */ icmp4.co de = 0; /* TTL exceeded in transit */ ip4.dst = ip4.src; ip4.src = 192.168.1.254; ip.ttl = 255; next; };) table=3 (lr_in_ip_input ), priority=40 , match=(inport == "lr1-ls1" && ip6 && ip6.src == 2001::/64 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp6 {eth.dst <-> eth.src; ip6.dst = ip6.src; ip 6.src = 2001::a; ip.ttl = 255; icmp6.type = 3; /* Time exceeded */ icmp6.code = 0; /* TTL exceeded in transit */ next; };) table=3 (lr_in_ip_input ), priority=40 , match=(inport == "lr1-ls2" && ip4 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp4 {eth.dst <-> eth.src; icmp4.type = 11; /* Time exceeded */ icmp4.co de = 0; /* TTL exceeded in transit */ ip4.dst = ip4.src; ip4.src = 172.17.170.254; ip.ttl = 255; next; };) table=3 (lr_in_ip_input ), priority=40 , match=(inport == "lr1-ls2" && ip6 && ip6.src == 7777:170::/64 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp6 {eth.dst <-> eth.src; ip6.dst = ip6.src ; ip6.src = 7777:170::a; ip.ttl = 255; icmp6.type = 3; /* Time exceeded */ icmp6.code = 0; /* TTL exceeded in transit */ next; };) table=3 (lr_in_ip_input ), priority=30 , match=(ip4 && ip.ttl == {0, 1}), action=(drop;) table=3 (lr_in_ip_input ), priority=0 , match=(1), action=(next;) table=4 (lr_in_unsnat ), priority=90 , match=(ip && ip4.dst == 10.10.1.11), action=(ct_snat;) table=4 (lr_in_unsnat ), priority=90 , match=(ip && ip4.dst == 10.10.1.13), action=(ct_snat;) table=4 (lr_in_unsnat ), priority=90 , match=(ip && ip4.dst == 10.10.1.15), action=(ct_snat;) table=4 (lr_in_unsnat ), priority=90 , match=(ip && ip4.dst == 10.10.1.16), action=(ct_snat;) table=4 (lr_in_unsnat ), priority=90 , match=(ip && ip6.dst == 3010::11), action=(ct_snat;) table=4 (lr_in_unsnat ), priority=90 , match=(ip && ip6.dst == 3010::13), action=(ct_snat;) table=4 (lr_in_unsnat ), priority=90 , match=(ip && ip6.dst == 3010::15), action=(ct_snat;) table=4 (lr_in_unsnat ), priority=90 , match=(ip && ip6.dst == 3010::16), action=(ct_snat;) table=4 (lr_in_unsnat ), priority=0 , match=(1), action=(next;) table=5 (lr_in_defrag ), priority=0 , match=(1), action=(next;) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip4.dst == 10.10.1.11), action=(flags.loopback = 1; ct_dnat(192.168.1.11);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip4.dst == 10.10.1.12), action=(flags.loopback = 1; ct_dnat(192.168.1.12);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip4.dst == 10.10.1.13), action=(flags.loopback = 1; ct_dnat(192.168.1.13);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip4.dst == 10.10.1.14), action=(flags.loopback = 1; ct_dnat(192.168.1.14);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip4.dst == 10.10.1.15), action=(flags.loopback = 1; ct_dnat(192.168.1.15);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip6.dst == 3010::11), action=(flags.loopback = 1; ct_dnat(2001::11);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip6.dst == 3010::12), action=(flags.loopback = 1; ct_dnat(2001::12);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip6.dst == 3010::13), action=(flags.loopback = 1; ct_dnat(2001::13);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip6.dst == 3010::14), action=(flags.loopback = 1; ct_dnat(2001::14);) table=6 (lr_in_dnat ), priority=100 , match=(ip && ip6.dst == 3010::15), action=(flags.loopback = 1; ct_dnat(2001::15);) table=6 (lr_in_dnat ), priority=0 , match=(1), action=(next;) table=7 (lr_in_ecmp_stateful), priority=0 , match=(1), action=(next;) table=8 (lr_in_nd_ra_options), priority=0 , match=(1), action=(next;) table=9 (lr_in_nd_ra_response), priority=0 , match=(1), action=(next;) table=10(lr_in_ip_routing ), priority=550 , match=(nd_rs || nd_ra), action=(drop;) table=10(lr_in_ip_routing ), priority=129 , match=(inport == "lr1-ls1" && ip6.dst == fe80::/64), action=(ip.ttl--; reg8[0..15] = 0; xxreg0 = ip6.dst; xxreg1 = fe80::200:ff:fe00:1; eth.src = 00:00:00: 00:00:01; outport = "lr1-ls1"; flags.loopback = 1; next;) table=10(lr_in_ip_routing ), priority=129 , match=(inport == "lr1-ls2" && ip6.dst == fe80::/64), action=(ip.ttl--; reg8[0..15] = 0; xxreg0 = ip6.dst; xxreg1 = fe80::200:ff:fe00:2; eth.src = 00:00:00: 00:00:02; outport = "lr1-ls2"; flags.loopback = 1; next;) table=10(lr_in_ip_routing ), priority=129 , match=(ip6.dst == 2001::/64), action=(ip.ttl--; reg8[0..15] = 0; xxreg0 = ip6.dst; xxreg1 = 2001::a; eth.src = 00:00:00:00:00:01; outport = "lr1-ls1"; flag s.loopback = 1; next;) table=10(lr_in_ip_routing ), priority=129 , match=(ip6.dst == 7777:170::/64), action=(ip.ttl--; reg8[0..15] = 0; xxreg0 = ip6.dst; xxreg1 = 7777:170::a; eth.src = 00:00:00:00:00:02; outport = "lr1-ls 2"; flags.loopback = 1; next;) table=10(lr_in_ip_routing ), priority=49 , match=(ip4.dst == 172.17.170.0/24), action=(ip.ttl--; reg8[0..15] = 0; reg0 = ip4.dst; reg1 = 172.17.170.254; eth.src = 00:00:00:00:00:02; outport = "lr1-l s2"; flags.loopback = 1; next;) table=10(lr_in_ip_routing ), priority=49 , match=(ip4.dst == 192.168.1.0/24), action=(ip.ttl--; reg8[0..15] = 0; reg0 = ip4.dst; reg1 = 192.168.1.254; eth.src = 00:00:00:00:00:01; outport = "lr1-ls1 "; flags.loopback = 1; next;) table=11(lr_in_ip_routing_ecmp), priority=150 , match=(reg8[0..15] == 0), action=(next;) table=12(lr_in_policy ), priority=0 , match=(1), action=(reg8[0..15] = 0; next;) table=13(lr_in_policy_ecmp ), priority=150 , match=(reg8[0..15] == 0), action=(next;) table=14(lr_in_arp_resolve ), priority=500 , match=(ip4.mcast || ip6.mcast), action=(next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && reg0 == 192.168.1.11), action=(eth.dst = 00:00:00:01:01:11; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && reg0 == 192.168.1.12), action=(eth.dst = 00:00:00:01:01:12; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && reg0 == 192.168.1.13), action=(eth.dst = 00:00:00:01:01:13; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && reg0 == 192.168.1.14), action=(eth.dst = 00:00:00:01:01:14; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && reg0 == 192.168.1.15), action=(eth.dst = 00:00:00:01:01:15; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && reg0 == 192.168.1.16), action=(eth.dst = 00:00:00:01:01:16; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && reg0 == 192.168.1.2), action=(eth.dst = 00:00:00:01:01:02; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && xxreg0 == 2001::11), action=(eth.dst = 00:00:00:01:01:11; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && xxreg0 == 2001::12), action=(eth.dst = 00:00:00:01:01:12; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && xxreg0 == 2001::13), action=(eth.dst = 00:00:00:01:01:13; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && xxreg0 == 2001::14), action=(eth.dst = 00:00:00:01:01:14; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && xxreg0 == 2001::15), action=(eth.dst = 00:00:00:01:01:15; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && xxreg0 == 2001::16), action=(eth.dst = 00:00:00:01:01:16; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls1" && xxreg0 == 2001::2), action=(eth.dst = 00:00:00:01:01:02; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && reg0 == 172.17.170.11), action=(eth.dst = 00:00:00:01:02:11; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && reg0 == 172.17.170.12), action=(eth.dst = 00:00:00:01:02:12; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && reg0 == 172.17.170.13), action=(eth.dst = 00:00:00:01:02:13; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && reg0 == 172.17.170.14), action=(eth.dst = 00:00:00:01:02:14; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && reg0 == 172.17.170.2), action=(eth.dst = 00:00:00:01:01:02; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && xxreg0 == 7777:170::11), action=(eth.dst = 00:00:00:01:02:11; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && xxreg0 == 7777:170::12), action=(eth.dst = 00:00:00:01:02:12; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && xxreg0 == 7777:170::13), action=(eth.dst = 00:00:00:01:02:13; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && xxreg0 == 7777:170::14), action=(eth.dst = 00:00:00:01:02:14; next;) table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr1-ls2" && xxreg0 == 7777:170::2), action=(eth.dst = 00:00:00:01:01:02; next;) table=14(lr_in_arp_resolve ), priority=0 , match=(ip4), action=(get_arp(outport, reg0); next;) table=14(lr_in_arp_resolve ), priority=0 , match=(ip6), action=(get_nd(outport, xxreg0); next;) table=15(lr_in_chk_pkt_len ), priority=0 , match=(1), action=(next;) table=16(lr_in_larger_pkts ), priority=0 , match=(1), action=(next;) table=17(lr_in_gw_redirect ), priority=0 , match=(1), action=(next;) table=18(lr_in_arp_request ), priority=100 , match=(eth.dst == 00:00:00:00:00:00 && ip4), action=(arp { eth.dst = ff:ff:ff:ff:ff:ff; arp.spa = reg1; arp.tpa = reg0; arp.op = 1; output; };) table=18(lr_in_arp_request ), priority=100 , match=(eth.dst == 00:00:00:00:00:00 && ip6), action=(nd_ns { nd.target = xxreg0; output; };) table=18(lr_in_arp_request ), priority=0 , match=(1), action=(output;) Datapath: "lr1" (5ac63cec-0b9f-4c49-98aa-f9ecb25eaa7b) Pipeline: egress table=0 (lr_out_undnat ), priority=50 , match=(ip), action=(flags.loopback = 1; ct_dnat;) table=0 (lr_out_undnat ), priority=0 , match=(1), action=(next;) table=1 (lr_out_post_undnat ), priority=50 , match=(ip && ct.new), action=(ct_commit { } ; next; ) table=1 (lr_out_post_undnat ), priority=0 , match=(1), action=(next;) table=2 (lr_out_snat ), priority=129 , match=(ip && ip6.src == 2001::11), action=(ct_snat(3010::11);) table=2 (lr_out_snat ), priority=129 , match=(ip && ip6.src == 2001::13), action=(ct_snat(3010::13);) table=2 (lr_out_snat ), priority=129 , match=(ip && ip6.src == 2001::15), action=(ct_snat(3010::15);) table=2 (lr_out_snat ), priority=129 , match=(ip && ip6.src == 2001::16), action=(ct_snat(3010::16);) table=2 (lr_out_snat ), priority=120 , match=(nd_ns), action=(next;) table=2 (lr_out_snat ), priority=33 , match=(ip && ip4.src == 192.168.1.11), action=(ct_snat(10.10.1.11);) table=2 (lr_out_snat ), priority=33 , match=(ip && ip4.src == 192.168.1.13), action=(ct_snat(10.10.1.13);) table=2 (lr_out_snat ), priority=33 , match=(ip && ip4.src == 192.168.1.15), action=(ct_snat(10.10.1.15);) table=2 (lr_out_snat ), priority=33 , match=(ip && ip4.src == 192.168.1.16), action=(ct_snat(10.10.1.16);) table=2 (lr_out_snat ), priority=0 , match=(1), action=(next;) table=3 (lr_out_egr_loop ), priority=0 , match=(1), action=(next;) table=4 (lr_out_delivery ), priority=100 , match=(outport == "lr1-ls1"), action=(output;) table=4 (lr_out_delivery ), priority=100 , match=(outport == "lr1-ls2"), action=(output;) [root@wsfd-advnetlab16 ~]# uname -a Linux wsfd-advnetlab16.anl.lab.eng.bos.redhat.com 4.18.0-328.el8.x86_64 #1 SMP Tue Aug 3 19:36:29 EDT 2021 x86_64 x86_64 x86_64 GNU/Linux [root@wsfd-advnetlab16 ~]# rpm -qa | grep -E "openvswitch2.15|ovn21.09" python3-openvswitch2.15-2.15.0-32.el8fdp.x86_64 openvswitch2.15-2.15.0-32.el8fdp.x86_64 ovn21.09-21.09.0-11.el8fdp.x86_64 ovn21.09-central-21.09.0-11.el8fdp.x86_64 ovn21.09-host-21.09.0-11.el8fdp.x86_64 [root@wsfd-advnetlab16 ~]# ovs-vsctl list open _uuid : b2775206-504a-4ace-9717-0dffe960ad6a bridges : [08d30258-8076-435c-a30e-9eb061a19c2b] cur_cfg : 12 datapath_types : [netdev, system] datapaths : {system=f504602a-41c3-4f85-9353-9c6ee107d1a0} db_version : "8.2.0" dpdk_initialized : false dpdk_version : "DPDK 20.11.1" external_ids : {hostname=wsfd-advnetlab16.anl.lab.eng.bos.redhat.com, ovn-encap-ip="20.0.170.25", ovn-encap-type=geneve, ovn-remote="tcp:20.0.170.25:6642", rundir="/var/run/openvswitch", system-id="c26c898e-e12e-49cc-be89-e5d8c9812b0e"} iface_types : [bareudp, erspan, geneve, gre, gtpu, internal, ip6erspan, ip6gre, lisp, patch, stt, system, tap, vxlan] manager_options : [] next_cfg : 12 other_config : {hw-offload="true", tc-policy=none, vlan-limit="0"} ovs_version : "2.15.2" ssl : [] statistics : {} system_type : rhel system_version : "8.5"
Hi Numan. Any news on this front?
Is it possible that Numan's fix on https://bugzilla.redhat.com/show_bug.cgi?id=1984953 would also solve this issue?
(In reply to Mark Michelson from comment #14) > Is it possible that Numan's fix on > https://bugzilla.redhat.com/show_bug.cgi?id=1984953 would also solve this > issue? It seems possible, but Numan will know better. Numan?
Ping?
Any news?
(In reply to Marcelo Ricardo Leitner from comment #18) > Any news? Sorry. Totally missed your comments. The bz 1984953 won't address this issue. The fix in 1984953 is applicable only for distributed routers (which OSP uses) and not in gateway routers (which OCP uses). Working on a similar fix for gateway routers to address this issue.
Apparently there is a CT zone issue in the flows on comment #23. + tc -s filter show dev s_pf0vf2 ingress filter protocol ip pref 2 flower chain 0 filter protocol ip pref 2 flower chain 0 handle 0x1 dst_mac 00:00:00:00:00:02 src_mac 00:00:00:01:02:11 eth_type ipv4 ip_proto tcp ip_ttl 64 dst_ip 10.10.1.11 src_ip 172.17.181.11/25 ip_flags nofrag ct_state -trk-new in_hw in_hw_count 1 action order 1: ct zone 3 nat pipe ^^^^^^ index 1 ref 1 bind 1 installed 3 sec used 0 sec firstused 3 sec Action statistics: Sent 4982618410 bytes 3438447 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 881825e3e04c279ac79970a31c2f901e used_hw_stats delayed action order 2: gact action goto chain 51 random type none pass val 0 index 1 ref 1 bind 1 installed 3 sec used 0 sec firstused 3 sec Action statistics: Sent 4982618410 bytes 3438447 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 881825e3e04c279ac79970a31c2f901e used_hw_stats delayed filter protocol ip pref 2 flower chain 51 filter protocol ip pref 2 flower chain 51 handle 0x1 eth_type ipv4 dst_ip 10.10.1.11 ip_flags nofrag in_hw in_hw_count 1 action order 1: ct commit zone 4 nat dst addr 192.168.1.11 pipe ^^^^^^^^^^^^^ And the OVS dp flows: ufid:e3251888-9a27-4ce0-a370-99c71e902f1c, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=172.17.181.0/255.255.255.128,dst=10.10.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:3438447, bytes:498261841 0, used:0.770s, offloaded:yes, dp:tc, actions:ct(zone=3,nat),recirc(0x33) Note this: ...,ct_state(0/0x21),ct_zone(0/0),... actions:ct(zone=3,nat),recirc(0x33) And then: ufid:09a3b027-c883-4f48-8c54-d887ffe8594c, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x33),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=10.10.1.11,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:3438447, bytes:4982 618410, used:0.770s, offloaded:yes, dp:tc, actions:ct(commit,zone=4,nat(dst=192.168.1.11)),recirc(0x34) From which we can highlight: ...,ct_state(0/0),ct_zone(0/0),...,recirc_id(0x33),... actions:ct(commit,zone=4,nat(dst=192.168.1.11)),recirc(0x34) I don't see a commit on zone=3, and thus it will not get offloaded.
Hi Jianlin, Can you please re-test this with current code? Maybe we already fixed this through some other bz. Thanks.
still not offloaded: [root@wsfd-advnetlab16 ~]# bash -x get_stat.sh + ovs-appctl dpctl/dump-flows -m --names ufid:943f81b2-e471-4c3b-b6e8-846e190db065, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=172.17.188.0/255.255.255.128,dst=10.10.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:13076211, bytes:18922560 938, used:0.000s, offloaded:yes, dp:tc, actions:ct(zone=11,nat),recirc(0x29) ufid:84b9789a-7c45-4c5e-830e-c2accdf1b2fb, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x29),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00:00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=10.10.1.11,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:13076256, bytes:189 22626150, used:0.000s, offloaded:yes, dp:tc, actions:ct(commit,zone=12,nat(dst=192.168.1.11)),recirc(0x2a) ufid:5ff1ae46-2234-4900-9e64-0674961b5e01, skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x2a),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=192.168.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:13076301, bytes:18922691362, used:0 .000s, offloaded:yes, dp:tc, actions:set(eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11)),set(ipv4(ttl=63)),ct(zone=12,nat),recirc(0x2b) ufid:2d1b96bc-8256-4567-adb2-92f84f09160e, skb_priority(0/0),skb_mark(0/0),ct_state(0x21/0x29),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x2b),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id= 0/0),eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11),eth_type(0x0800),ipv4(src=128.0.0.0/192.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:1, bytes:60, used:9.990s, dp:tc, actions :ct(commit,zone=12,nat(src)),s_pf0vf0 ufid:7495128d-1bae-4ddd-87c6-0498481e063c, skb_priority(0/0),skb_mark(0/0),ct_state(0x20/0x29),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x2b),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0,id= 0/0),eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11),eth_type(0x0800),ipv4(src=128.0.0.0/192.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:13076343, bytes:18922756373, used:0.000s , offloaded:yes, dp:tc, actions:ct_clear,s_pf0vf0 ufid:fd1b0c6a-45dd-4699-88da-cfb034842f9d, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0,id=0/0),e th(src=00:00:00:01:01:11,dst=00:00:00:00:00:01),eth_type(0x0800),ipv4(src=192.168.1.0/255.255.255.128,dst=172.17.188.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:99637, bytes:6576914, used:0.860s, offloaded:yes, dp:tc, actions:set(eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11)),set(ipv4(ttl=63)),ct(zone=12,nat),recirc(0x2c) ufid:495a8795-e48d-482a-bf2e-a8a2b2e2aae9, skb_priority(0/0),skb_mark(0/0),ct_state(0x28/0x29),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),recirc_id(0x2c),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0,id= 0/0),eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:99637, bytes:6576914, used:0.860s, offloaded :yes, dp:tc, actions:ct_clear,s_pf0vf2 ufid:b0b46898-de75-4234-89d6-c4a4a6769861, recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(s_pf0vf0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:01:01:11,ds t=00:00:00:00:00:01),eth_type(0x0806),arp(sip=192.168.1.11,tip=192.168.1.254,op=1/0xff,sha=00:00:00:01:01:11,tha=00:00:00:00:00:00), packets:0, bytes:0, used:never, dp:ovs, actions:userspace(pid=429496729 5,slow_path(action)) + tc -s filter show dev s_pf0vf2 ingress filter protocol ip pref 2 flower chain 0 filter protocol ip pref 2 flower chain 0 handle 0x1 dst_mac 00:00:00:00:00:02 src_mac 00:00:00:01:02:11 eth_type ipv4 ip_proto tcp ip_ttl 64 dst_ip 10.10.1.11 src_ip 172.17.188.11/25 ip_flags nofrag ct_state -trk-new in_hw in_hw_count 1 action order 1: ct zone 11 nat pipe index 1 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946559786 bytes 13092783 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie b2813f943b4c71e46e84e8b665b00d19 used_hw_stats delayed action order 2: gact action goto chain 41 random type none pass val 0 index 1 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946559786 bytes 13092783 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie b2813f943b4c71e46e84e8b665b00d19 used_hw_stats delayed filter protocol ip pref 2 flower chain 41 filter protocol ip pref 2 flower chain 41 handle 0x1 eth_type ipv4 dst_ip 10.10.1.11 ip_flags nofrag in_hw in_hw_count 1 action order 1: ct commit zone 12 nat dst addr 192.168.1.11 pipe index 2 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946559786 bytes 13092783 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 9a78b9845e4c457cacc20e83fbb2f1cd used_hw_stats delayed action order 2: gact action goto chain 42 random type none pass val 0 index 2 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946624998 bytes 13092828 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 9a78b9845e4c457cacc20e83fbb2f1cd used_hw_stats delayed filter protocol ip pref 2 flower chain 42 filter protocol ip pref 2 flower chain 42 handle 0x1 dst_mac 00:00:00:00:00:02 src_mac 00:00:00:01:02:11 eth_type ipv4 ip_proto tcp ip_ttl 64 dst_ip 192.168.1.11 ip_flags nofrag in_hw in_hw_count 1 action order 1: pedit action pipe keys 4 index 1 ref 1 bind 1 installed 10 sec firstused 10 sec key #0 at eth+4: val 00000000 mask ffff0000 key #1 at eth+8: val 00000001 mask 00000000 key #2 at eth+0: val 00000001 mask 00000000 key #3 at eth+4: val 01110000 mask 0000ffff Action statistics: Sent 18946624998 bytes 13092828 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 used_hw_stats delayed action order 2: pedit action pipe keys 1 index 2 ref 1 bind 1 installed 10 sec firstused 10 sec key #0 at ipv4+8: val 3f000000 mask 00ffffff Action statistics: Sent 18946624998 bytes 13092828 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 used_hw_stats delayed action order 3: csum (iph, tcp) action pipe index 1 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946690210 bytes 13092873 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 no_percpu used_hw_stats delayed action order 4: ct zone 12 nat pipe index 3 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946690210 bytes 13092873 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 46aef15f004934227406649e015e1b96 used_hw_stats delayed action order 5: gact action goto chain 43 random type none pass val 0 index 3 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946690210 bytes 13092873 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 46aef15f004934227406649e015e1b96 used_hw_stats delayed filter protocol ip pref 2 flower chain 43 filter protocol ip pref 2 flower chain 43 handle 0x1 dst_mac 00:00:00:01:01:11 src_mac 00:00:00:00:00:01 eth_type ipv4 src_ip 172.17.188.11/2 ip_flags nofrag ct_state +trk+new-rpl not_in_hw action order 1: ct commit zone 12 nat src pipe index 4 ref 1 bind 1 installed 10 sec used 10 sec firstused 10 sec Action statistics: Sent 60 bytes 1 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie bc961b2d67455682f892b2ad0e16094f action order 2: mirred (Egress Redirect to device s_pf0vf0) stolen index 1 ref 1 bind 1 installed 10 sec used 10 sec firstused 10 sec Action statistics: Sent 60 bytes 1 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie bc961b2d67455682f892b2ad0e16094f no_percpu filter protocol ip pref 2 flower chain 43 handle 0x2 dst_mac 00:00:00:01:01:11 src_mac 00:00:00:00:00:01 eth_type ipv4 src_ip 172.17.188.11/2 ip_flags nofrag ct_state +trk-new-rpl in_hw in_hw_count 1 action order 1: ct clear pipe index 7 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946755221 bytes 13092915 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 8d129574dd4dae1b9804c6873c061e48 used_hw_stats delayed action order 2: mirred (Egress Redirect to device s_pf0vf0) stolen index 3 ref 1 bind 1 installed 10 sec firstused 10 sec Action statistics: Sent 18946755221 bytes 13092915 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie 8d129574dd4dae1b9804c6873c061e48 no_percpu used_hw_stats delayed [root@wsfd-advnetlab16 ~]# uname -a Linux wsfd-advnetlab16.anl.lab.eng.bos.redhat.com 4.18.0-413.el8.x86_64 #1 SMP Thu Jul 28 12:06:06 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux [root@wsfd-advnetlab16 ~]# rpm -qa | grep -E "openvswitch2.17|ovn22.06" ovn22.06-host-22.06.0-24.el8fdp.x86_64 python3-openvswitch2.17-2.17.0-33.el8fdp.x86_64 ovn22.06-22.06.0-24.el8fdp.x86_64 ovn22.06-central-22.06.0-24.el8fdp.x86_64 openvswitch2.17-2.17.0-33.el8fdp.x86_64 [root@wsfd-advnetlab16 ~]# ethtool -i s_pf0vf2 driver: mlx5e_rep version: 4.18.0-413.el8.x86_64 firmware-version: 16.31.1014 (MT_0000000013) expansion-rom-version: bus-info: supports-statistics: yes supports-test: no supports-eeprom-access: no supports-register-dump: no supports-priv-flags: no [root@wsfd-advnetlab16 ~]# ethtool -i ens1f0 driver: mlx5_core version: 4.18.0-413.el8.x86_64 firmware-version: 16.31.1014 (MT_0000000013) expansion-rom-version: bus-info: 0000:3b:00.0 supports-statistics: yes supports-test: yes supports-eeprom-access: no supports-register-dump: no supports-priv-flags: yes
(In reply to Jianlin Shi from comment #29) > + ovs-appctl dpctl/dump-flows -m --names > > ufid:943f81b2-e471-4c3b-b6e8-846e190db065, > skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0), > ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf2),packet_type(ns=0/0, > id=0/0),e > th(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800), > ipv4(src=172.17.188.0/255.255.255.128,dst=10.10.1.11,proto=6,tos=0/0,ttl=64, > frag=no),tcp(src=0/0,dst=0/0), packets:13076211, bytes:18922560 > 938, used:0.000s, offloaded:yes, dp:tc, actions:ct(zone=11,nat),recirc(0x29) > > ufid:84b9789a-7c45-4c5e-830e-c2accdf1b2fb, > skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0), > ct_label(0/0),recirc_id(0x29),dp_hash(0/0),in_port(s_pf0vf2), > packet_type(ns=0/0,id=0/0),e > th(src=00:00:00:00:00:00/00:00:00:00:00:00,dst=00:00:00:00:00:00/00:00:00:00: > 00:00),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=10.10.1.11,proto=0/0, > tos=0/0,ttl=0/0,frag=no), packets:13076256, bytes:189 > 22626150, used:0.000s, offloaded:yes, dp:tc, > actions:ct(commit,zone=12,nat(dst=192.168.1.11)),recirc(0x2a) > ufid:5ff1ae46-2234-4900-9e64-0674961b5e01, > skb_priority(0/0),skb_mark(0/0),ct_state(0/0),ct_zone(0/0),ct_mark(0/0), > ct_label(0/0),recirc_id(0x2a),dp_hash(0/0),in_port(s_pf0vf2), > packet_type(ns=0/0,id=0/0),e > th(src=00:00:00:01:02:11,dst=00:00:00:00:00:02),eth_type(0x0800),ipv4(src=0. > 0.0.0/0.0.0.0,dst=192.168.1.11,proto=6,tos=0/0,ttl=64,frag=no),tcp(src=0/0, > dst=0/0), packets:13076301, bytes:18922691362, used:0 > .000s, offloaded:yes, dp:tc, > actions:set(eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11)), > set(ipv4(ttl=63)),ct(zone=12,nat),recirc(0x2b) > ufid:2d1b96bc-8256-4567-adb2-92f84f09160e, > skb_priority(0/0),skb_mark(0/0),ct_state(0x21/0x29),ct_zone(0/0),ct_mark(0/ > 0),ct_label(0/0),recirc_id(0x2b),dp_hash(0/0),in_port(s_pf0vf2), > packet_type(ns=0/0,id= > 0/0),eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11),eth_type(0x0800), > ipv4(src=128.0.0.0/192.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0, > frag=no), packets:1, bytes:60, used:9.990s, dp:tc, actions > :ct(commit,zone=12,nat(src)),s_pf0vf0 Not offloaded because it's ct_state +new, expected. > ufid:7495128d-1bae-4ddd-87c6-0498481e063c, > skb_priority(0/0),skb_mark(0/0),ct_state(0x20/0x29),ct_zone(0/0),ct_mark(0/ > 0),ct_label(0/0),recirc_id(0x2b),dp_hash(0/0),in_port(s_pf0vf2), > packet_type(ns=0/0,id= > 0/0),eth(src=00:00:00:00:00:01,dst=00:00:00:01:01:11),eth_type(0x0800), > ipv4(src=128.0.0.0/192.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0, > frag=no), packets:13076343, bytes:18922756373, used:0.000s > , offloaded:yes, dp:tc, actions:ct_clear,s_pf0vf0 > > ufid:fd1b0c6a-45dd-4699-88da-cfb034842f9d, > skb_priority(0/0),skb_mark(0/0),ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0), > ct_label(0/0),recirc_id(0),dp_hash(0/0),in_port(s_pf0vf0),packet_type(ns=0/0, > id=0/0),e > th(src=00:00:00:01:01:11,dst=00:00:00:00:00:01),eth_type(0x0800), > ipv4(src=192.168.1.0/255.255.255.128,dst=172.17.188.11,proto=6,tos=0/0, > ttl=64,frag=no),tcp(src=0/0,dst=0/0), packets:99637, bytes:6576914, > used:0.860s, offloaded:yes, dp:tc, > actions:set(eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11)), > set(ipv4(ttl=63)),ct(zone=12,nat),recirc(0x2c) > > ufid:495a8795-e48d-482a-bf2e-a8a2b2e2aae9, > skb_priority(0/0),skb_mark(0/0),ct_state(0x28/0x29),ct_zone(0/0),ct_mark(0/ > 0),ct_label(0/0),recirc_id(0x2c),dp_hash(0/0),in_port(s_pf0vf0), > packet_type(ns=0/0,id= > 0/0),eth(src=00:00:00:00:00:02,dst=00:00:00:01:02:11),eth_type(0x0800), > ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0, > frag=no), packets:99637, bytes:6576914, used:0.860s, offloaded > :yes, dp:tc, actions:ct_clear,s_pf0vf2 > > ufid:b0b46898-de75-4234-89d6-c4a4a6769861, > recirc_id(0),dp_hash(0/0),skb_priority(0/0),in_port(s_pf0vf0),skb_mark(0/0), > ct_state(0/0x21),ct_zone(0/0),ct_mark(0/0),ct_label(0/0),eth(src=00:00:00:01: > 01:11,ds > t=00:00:00:00:00:01),eth_type(0x0806),arp(sip=192.168.1.11,tip=192.168.1.254, > op=1/0xff,sha=00:00:00:01:01:11,tha=00:00:00:00:00:00), packets:0, bytes:0, > used:never, dp:ovs, actions:userspace(pid=429496729 > 5,slow_path(action)) dp:ovs because of the userspace() action. the +new can be seen here as well: > + tc -s filter show dev s_pf0vf2 ingress > filter protocol ip pref 2 flower chain 43 > filter protocol ip pref 2 flower chain 43 handle 0x1 > dst_mac 00:00:00:01:01:11 > src_mac 00:00:00:00:00:01 > eth_type ipv4 > src_ip 172.17.188.11/2 > ip_flags nofrag > ct_state +trk+new-rpl > not_in_hw > action order 1: ct commit zone 12 nat src pipe > index 4 ref 1 bind 1 installed 10 sec used 10 sec firstused 10 sec > Action statistics: > Sent 60 bytes 1 pkt (dropped 0, overlimits 0 requeues 0) > backlog 0b 0p requeues 0 > cookie bc961b2d67455682f892b2ad0e16094f > > action order 2: mirred (Egress Redirect to device s_pf0vf0) stolen > index 1 ref 1 bind 1 installed 10 sec used 10 sec firstused 10 sec > Action statistics: > Sent 60 bytes 1 pkt (dropped 0, overlimits 0 requeues 0) > backlog 0b 0p requeues 0 > cookie bc961b2d67455682f892b2ad0e16094f > no_percpu Apparently the same issue with commit as before, causing the flow to not go into Established state and thus not offload (which is reflected in all stats here)
This could be the same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1986662