1982551 – [RFE] Support on-link (no nexthop) static routes on logical routers

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1982551 - [RFE] Support on-link (no nexthop) static routes on logical routers

Summary: [RFE] Support on-link (no nexthop) static routes on logical routers

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	OVN
Sub Component:
Version:	RHEL 8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	lorenzo bianconi
QA Contact:	Jianlin Shi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-07-15 07:27 UTC by Jaime Caamaño Ruiz
Modified:	2022-09-09 08:00 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ovn2.13-20.12.0-178.el8fdp
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-04 15:08:59 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FD-1426	0	None	None	None	2021-08-25 10:47:15 UTC
Red Hat Product Errata	RHBA-2021:3717	0	None	None	None	2021-10-04 15:09:01 UTC

Description Jaime Caamaño Ruiz 2021-07-15 07:27:23 UTC

Description of problem:
With stateful DHCPv6 IA_NA address allocation, host allocated addresses might have an /128 prefix and no subnet information in them. These hosts acquire routing information through RA, including on-link subnet routes. 

OVN-Kubernetes replicates host networking with OVN logical routers and configures one of its ports with the host address but cannot add the host on-link routes as currently static routes require a nexthop in OVN. This forces OVN-Kubernetes to route on-link traffic through a gateway.

An alternative or additional welcomed enhancement would be to support incoming RA.

Comment 1 Dumitru Ceara 2021-07-15 07:35:09 UTC

(In reply to Jaime Caamaño Ruiz from comment #0)
> OVN-Kubernetes replicates host networking with OVN logical routers and
> configures one of its ports with the host address but cannot add the host
> on-link routes as currently static routes require a nexthop in OVN. This
> forces OVN-Kubernetes to route on-link traffic through a gateway.

To clarify, this would be the equivalent of
"ip route add 192.168.34.0/24 dev eth0", right?

Thanks!

Comment 2 Jaime Caamaño Ruiz 2021-07-15 08:46:22 UTC

That's right.

Comment 3 lorenzo bianconi 2021-08-06 12:59:41 UTC

upstream series: http://patchwork.ozlabs.org/project/ovn/list/?series=257019

Comment 6 Jianlin Shi 2021-09-18 06:02:03 UTC

tested with following script:

systemctl start openvswitch          
systemctl start ovn-northd                           
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642                           
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.25
systemctl restart ovn-controller                        
                                                        
ovn-nbctl ls-add ls1
ovn-nbctl lsp-add ls1 ls1p1
ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:01 192.168.1.1 2001::1"
ovn-nbctl lsp-add ls1 ls1p2
ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:01:01:02 192.168.1.2 2001::2"

ovn-nbctl lr-add lr1                                                                            
ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.1.254/32 2001::a/128                    
ovn-nbctl lsp-add ls1 ls1-lr1
ovn-nbctl lsp-set-addresses ls1-lr1 "00:00:00:00:00:01 192.168.1.254 2001::a"
ovn-nbctl lsp-set-type ls1-lr1 router
ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1          
                                        
ovn-nbctl --may-exist lr-route-add lr1 192.168.1.0/24 lr1-ls1
ovn-nbctl --may-exist lr-route-add lr1 192.168.1.0/24 lr1-ls1
ovn-nbctl --may-exist lr-route-add lr1 2001::/64 lr1-ls1            
ovn-nbctl --may-exist lr-route-add lr1 2001::/64 lr1-ls1         

ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:00:00:02 192.168.2.254/32 2002::a/128
                              
ovn-nbctl ls-add ls2                                           
ovn-nbctl lsp-add ls2 ls2-lr1           
ovn-nbctl lsp-set-addresses ls2-lr1 "00:00:00:00:00:02 192.168.2.254 2002::a"
ovn-nbctl lsp-set-type ls2-lr1 router               
ovn-nbctl lsp-set-options ls2-lr1 router-port=lr1-ls2               
                                                                 
ovn-nbctl --may-exist lr-route-add lr1 192.168.2.0/24 lr1-ls2
ovn-nbctl --may-exist lr-route-add lr1 192.168.2.0/24 lr1-ls2
ovn-nbctl --may-exist lr-route-add lr1 2002::/64 lr1-ls2
ovn-nbctl --may-exist lr-route-add lr1 2002::/64 lr1-ls2
                                      
ovn-nbctl lsp-add ls2 ls2p1       
ovn-nbctl lsp-set-addresses ls2p1 "00:00:00:01:02:01 192.168.2.1 2002::1"
ovn-nbctl lsp-add ls2 ls2p2 
ovn-nbctl lsp-set-addresses ls2p2 "00:00:00:01:02:02 192.168.2.2 2002::2"

ovs-vsctl add-port br-int ls1p1 -- set interface ls1p1 type=internal external_ids:iface-id=ls1p1
ovs-vsctl add-port br-int ls2p1 -- set interface ls2p1 type=internal external_ids:iface-id=ls2p1

ip netns add ls1p1
ip link set ls1p1 netns ls1p1
ip netns exec ls1p1 ip link set ls1p1 address 00:00:00:01:01:01
ip netns exec ls1p1 ip link set ls1p1 up
ip netns exec ls1p1 ip addr add 192.168.1.1/24 dev ls1p1
ip netns exec ls1p1 ip addr add 2001::1/64 dev ls1p1
ip netns exec ls1p1 ip route add default via 192.168.1.254 dev ls1p1
ip netns exec ls1p1 ip -6 route add default via 2001::a dev ls1p1

ip netns add ls2p1 
ip link set ls2p1 netns ls2p1
ip netns exec ls2p1 ip link set ls2p1 address 00:00:00:01:02:01
ip netns exec ls2p1 ip link set ls2p1 up
ip netns exec ls2p1 ip addr add 192.168.2.1/24 dev ls2p1
ip netns exec ls2p1 ip addr add 2002::1/64 dev ls2p1
ip netns exec ls2p1 ip route add default via 192.168.2.254 dev ls2p1
ip netns exec ls2p1 ip -6 route add default via 2002::a dev ls2p1

sleep 3

ip netns exec ls1p1 ping 192.168.2.1 -c 1
ip netns exec ls1p1 ping6 2002::1 -c 1

Verified on ovn-2021-21.06.0-29.e8:

[root@wsfd-advnetlab16 bz1982551]# rpm -qa | grep -E "openvswitch2.15|ovn-2021"
ovn-2021-21.06.0-29.el8fdp.x86_64
python3-openvswitch2.15-2.15.0-38.el8fdp.x86_64
ovn-2021-central-21.06.0-29.el8fdp.x86_64
openvswitch2.15-2.15.0-38.el8fdp.x86_64
ovn-2021-host-21.06.0-29.el8fdp.x86_64

+ ovn-nbctl --may-exist lr-route-add lr1 192.168.1.0/24 lr1-ls1
+ ovn-nbctl --may-exist lr-route-add lr1 192.168.1.0/24 lr1-ls1
+ ovn-nbctl --may-exist lr-route-add lr1 2001::/64 lr1-ls1
+ ovn-nbctl --may-exist lr-route-add lr1 2001::/64 lr1-ls1
+ ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:00:00:02 192.168.2.254/32 2002::a/128
+ ovn-nbctl ls-add ls2
+ ovn-nbctl lsp-add ls2 ls2-lr1
+ ovn-nbctl lsp-set-addresses ls2-lr1 '00:00:00:00:00:02 192.168.2.254 2002::a'
+ ovn-nbctl lsp-set-type ls2-lr1 router
+ ovn-nbctl lsp-set-options ls2-lr1 router-port=lr1-ls2
+ ovn-nbctl --may-exist lr-route-add lr1 192.168.2.0/24 lr1-ls2
+ ovn-nbctl --may-exist lr-route-add lr1 192.168.2.0/24 lr1-ls2
+ ovn-nbctl --may-exist lr-route-add lr1 2002::/64 lr1-ls2
+ ovn-nbctl --may-exist lr-route-add lr1 2002::/64 lr1-ls2
+ ovn-nbctl lsp-add ls2 ls2p1
+ ovn-nbctl lsp-set-addresses ls2p1 '00:00:00:01:02:01 192.168.2.1 2002::1'
+ ovn-nbctl lsp-add ls2 ls2p2
+ ovn-nbctl lsp-set-addresses ls2p2 '00:00:00:01:02:02 192.168.2.2 2002::2'
+ ovs-vsctl add-port br-int ls1p1 -- set interface ls1p1 type=internal external_ids:iface-id=ls1p1
+ ovs-vsctl add-port br-int ls2p1 -- set interface ls2p1 type=internal external_ids:iface-id=ls2p1
+ ip netns add ls1p1
+ ip link set ls1p1 netns ls1p1
+ ip netns exec ls1p1 ip link set ls1p1 address 00:00:00:01:01:01
+ ip netns exec ls1p1 ip link set ls1p1 up
+ ip netns exec ls1p1 ip addr add 192.168.1.1/24 dev ls1p1
+ ip netns exec ls1p1 ip addr add 2001::1/64 dev ls1p1
+ ip netns exec ls1p1 ip route add default via 192.168.1.254 dev ls1p1
+ ip netns exec ls1p1 ip -6 route add default via 2001::a dev ls1p1
+ ip netns add ls2p1
+ ip link set ls2p1 netns ls2p1
+ ip netns exec ls2p1 ip link set ls2p1 address 00:00:00:01:02:01
+ ip netns exec ls2p1 ip link set ls2p1 up
+ ip netns exec ls2p1 ip addr add 192.168.2.1/24 dev ls2p1
+ ip netns exec ls2p1 ip addr add 2002::1/64 dev ls2p1
+ ip netns exec ls2p1 ip route add default via 192.168.2.254 dev ls2p1
+ ip netns exec ls2p1 ip -6 route add default via 2002::a dev ls2p1
+ sleep 3
+ ip netns exec ls1p1 ping 192.168.2.1 -c 1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=63 time=5.02 ms

--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.016/5.016/5.016/0.000 ms
+ ip netns exec ls1p1 ping6 2002::1 -c 1
PING 2002::1(2002::1) 56 data bytes
64 bytes from 2002::1: icmp_seq=1 ttl=63 time=6.64 ms

--- 2002::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.644/6.644/6.644/0.000 ms

Comment 7 Jianlin Shi 2021-09-18 06:02:56 UTC

but there is warn in ovn-northd.log:

[root@wsfd-advnetlab16 ~]# grep WARN /var/log/ovn/ovn-northd.log
2021-09-18T06:01:37.909Z|00008|ovn_northd|WARN|bad ipv6 address

Comment 8 Jianlin Shi 2021-09-18 06:04:39 UTC

also verified on ovn2.13-20.12.0-178.el8:

+ ip netns exec ls1p1 ping 192.168.2.1 -c 1                                                           
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=63 time=6.26 ms
                                                                                                      
--- 192.168.2.1 ping statistics ---                                                                   
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.262/6.262/6.262/0.000 ms                                                     
+ ip netns exec ls1p1 ping6 2002::1 -c 1                                                              
PING 2002::1(2002::1) 56 data bytes                                                                   
64 bytes from 2002::1: icmp_seq=1 ttl=63 time=7.48 ms
                                                                                                      
--- 2002::1 ping statistics ---                                                                       
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 7.480/7.480/7.480/0.000 ms                                                     
[root@wsfd-advnetlab16 bz1982551]# rpm -qa | grep -E "openvswitch2.15|ovn2.13"
ovn2.13-central-20.12.0-178.el8fdp.x86_64                                                             
python3-openvswitch2.15-2.15.0-38.el8fdp.x86_64                                                       
ovn2.13-20.12.0-178.el8fdp.x86_64                                                                     
ovn2.13-host-20.12.0-178.el8fdp.x86_64                                                                
openvswitch2.15-2.15.0-38.el8fdp.x86_64

Comment 9 lorenzo bianconi 2021-09-22 10:50:01 UTC

(In reply to Jianlin Shi from comment #7)
> but there is warn in ovn-northd.log:
> 
> [root@wsfd-advnetlab16 ~]# grep WARN /var/log/ovn/ovn-northd.log
> 2021-09-18T06:01:37.909Z|00008|ovn_northd|WARN|bad ipv6 address

upstream fix: http://patchwork.ozlabs.org/project/ovn/patch/b1dacd1f521a44b4bb2de5104b90221499d54f61.1632307044.git.lorenzo.bianconi@redhat.com/

Comment 10 Jianlin Shi 2021-09-23 01:34:16 UTC

for issue in comment 7, submit another bug to track: https://bugzilla.redhat.com/show_bug.cgi?id=2007055

set VERIFIED for this one

Comment 12 errata-xmlrpc 2021-10-04 15:08:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3717

Note You need to log in before you can comment on or make changes to this bug.