Description of problem:
something wrong for distributed FIP when redirec-type is set as bridged
Version-Release number of selected component (if applicable):
ovn-2021-21.06.0-29.el8
How reproducible:
Always
Steps to Reproduce:
1. setup env
Server:
systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.25
systemctl restart ovn-controller
ovs-vsctl add-br br-provider
ovs-vsctl add-port br-provider ens5f0
ip link set ens5f0 up
ovs-vsctl add-br br-phys
ovs-vsctl add-port br-phys ens4f1
ip link set ens4f1 up
ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys,provider:br-provider
ovn-nbctl ls-add ls1
ovn-nbctl lsp-add ls1 ls1p1
ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:01 192.168.1.1"
ovn-nbctl lsp-add ls1 ls1p2
ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:01:01:02 192.168.1.2"
ovn-nbctl ls-add ls2
ovn-nbctl lsp-add ls2 ls2p1
ovn-nbctl lsp-set-addresses ls2p1 "00:00:00:01:02:01 192.168.2.1"
ovn-nbctl lsp-add ls2 ls2p2
ovn-nbctl lsp-set-addresses ls2p2 "00:00:00:01:02:02 192.168.2.2"
ovn-nbctl lr-add lr1
ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:ff:01:01 192.168.1.254/24
ovn-nbctl lsp-add ls1 ls1-lr1
ovn-nbctl lsp-set-type ls1-lr1 router -- lsp-set-options ls1-lr1 router-port=lr1-ls1 -- lsp-set-addresses ls1-lr1 router
ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:ff:02:01 192.168.2.254/24
ovn-nbctl lsp-add ls2 ls2-lr1 -- lsp-set-type ls2-lr1 router -- lsp-set-options ls2-lr1 router-port=lr1-ls2 -- lsp-set-addresses ls2-lr1 router
ovn-nbctl ls-add ls_ln
ovn-nbctl lsp-add ls_ln ln "" 10 -- lsp-set-options ln network_name=provider -- lsp-set-type ln localnet -- lsp-set-addresses ln unknown
ovn-nbctl lrp-add lr1 lr1-ln 00:00:00:ff:0f:01 172.1.1.254/24
ovn-nbctl lsp-add ls_ln ln-lr1 -- lsp-set-type ln-lr1 router -- lsp-set-options ln-lr1 router-port=lr1-ln -- lsp-set-addresses ln-lr1 router
ovn-nbctl lrp-set-gateway-chassis lr1-ln hv1 20
ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.1.1.112 192.168.1.2 ls1p2 00:00:00:ff:0f:12
ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.1.1.122 192.168.2.2
ovs-vsctl add-port br-int ls1p1 -- set interface ls1p1 type=internal external_ids:iface-id=ls1p1
ip netns add ls1p1
ip link set ls1p1 netns ls1p1
ip netns exec ls1p1 ip link set ls1p1 address 00:00:00:01:01:01
ip netns exec ls1p1 ip link set ls1p1 up
ip netns exec ls1p1 ip addr add 192.168.1.1/24 dev ls1p1
ip netns exec ls1p1 ip route add default via 192.168.1.254 dev ls1p1
ovs-vsctl add-port br-int ls2p1 -- set interface ls2p1 type=internal external_ids:iface-id=ls2p1
ip netns add ls2p1
ip link set ls2p1 netns ls2p1
ip netns exec ls2p1 ip link set ls2p1 address 00:00:00:01:02:01
ip netns exec ls2p1 ip link set ls2p1 up
ip netns exec ls2p1 ip addr add 192.168.2.1/24 dev ls2p1
ip netns exec ls2p1 ip route add default via 192.168.2.254 dev ls2p1
ovs-vsctl add-port br-provider ext2 -- set interface ext2 type=internal
ip netns add ext2
ip link set ext2 netns ext2
ip netns exec ext2 ip link set ext2 up
ip netns exec ext2 ip link add link ext2 name ext2.10 type vlan id 10
ip netns exec ext2 ip addr add 172.1.1.2/24 dev ext2.10
ip netns exec ext2 ip link set ext2.10 up
ip netns exec ext2 ip route add default via 172.1.1.254 dev ext2.10
ovn-nbctl lsp-add ls1 ln1 "" 11 -- lsp-set-options ln1 network_name=phys -- lsp-set-type ln1 localnet -- lsp-set-addresses ln1 unknown
ovn-nbctl lsp-add ls2 ln2 "" 12 -- lsp-set-options ln2 network_name=phys -- lsp-set-type ln2 localnet -- lsp-set-addresses ln2 unknown
ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:11,provider:aa:bb:cc:dd:11:11"
ovn-nbctl set logical_router_port lr1-ln options:redirect-type=bridged
Client:
systemctl start openvswitch
ovs-vsctl set open . external_ids:system-id=hv0 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.26
systemctl restart ovn-controller
ovs-vsctl add-br br-provider
ovs-vsctl add-port br-provider eno3
ip link set eno3 up
ovs-vsctl add-br br-phys
ovs-vsctl add-port br-phys ens2f1
ip link set ens2f1 up
ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys,provider:br-provider
ovs-vsctl add-port br-int ls1p2 -- set interface ls1p2 type=internal external_ids:iface-id=ls1p2
ip netns add ls1p2
ip link set ls1p2 netns ls1p2
ip netns exec ls1p2 ip link set ls1p2 address 00:00:00:01:01:02
ip netns exec ls1p2 ip link set ls1p2 up
ip netns exec ls1p2 ip addr add 192.168.1.2/24 dev ls1p2
ip netns exec ls1p2 ip route add default via 192.168.1.254 dev ls1p2
ovs-vsctl add-port br-int ls2p2 -- set interface ls2p2 type=internal external_ids:iface-id=ls2p2
ip netns add ls2p2
ip link set ls2p2 netns ls2p2
ip netns exec ls2p2 ip link set ls2p2 address 00:00:00:01:02:02
ip netns exec ls2p2 ip link set ls2p2 up
ip netns exec ls2p2 ip addr add 192.168.2.2/24 dev ls2p2
ip netns exec ls2p2 ip route add default via 192.168.2.254 dev ls2p2
ovs-vsctl add-port br-provider ext1 -- set interface ext1 type=internal
ip netns add ext1
ip link set ext1 netns ext1
ip netns exec ext1 ip link set ext1 up
ip netns exec ext1 ip link add link ext1 name ext1.10 type vlan id 10
ip netns exec ext1 ip link set ext1.10 up
ip netns exec ext1 ip addr add 172.1.1.1/24 dev ext1.10
ip netns exec ext1 ip route add default via 172.1.1.254 dev ext1.10
ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:22,provider:aa:bb:cc:dd:22:22"
sleep 2
ip netns exec ls1p2 ping 172.1.1.1 -c 1
ip netns exec ls1p2 ping 172.1.1.1 -c 1 -s 1500
ip netns exec ls1p2 ping 172.1.1.2 -c 1
ip netns exec ls1p2 ping 172.1.1.2 -c 1 -s 1500
ip netns exec ls2p2 ping 172.1.1.1 -c 1
ip netns exec ls2p2 ping 172.1.1.1 -c 1 -s 1500
ip netns exec ls2p2 ping 172.1.1.2 -c 1
ip netns exec ls2p2 ping 172.1.1.2 -c 1 -s 1500
2. capture packets on eno3 (connected to br-provider) and run ip netns exec ls1p2 ping 172.1.1.1 -c 1
Actual results:
[root@dell-per740-69 ~]# tcpdump -i eno3 -nnle -v icmp
dropped privs to tcpdump
tcpdump: listening on eno3, link-type EN10MB (Ethernet), capture size 262144 bytes
03:51:30.519613 00:00:00:ff:0f:12 > 00:00:00:ff:0f:01, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 63, id 23037, offset 0, flags [DF], proto ICMP (1), length 84)
172.1.1.112 > 172.1.1.1: ICMP echo request, id 36808, seq 1, length 64
03:51:30.520464 00:00:00:ff:0f:01 > 1e:1d:54:3f:16:a1, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 23037, offset 0, flags [DF], proto ICMP (1), length 84)
172.1.1.112 > 172.1.1.1: ICMP echo request, id 36808, seq 1, length 64
Expected results:
as the FIP for ls1p2 is distributed, the packet should not go through br-provider.
Additional info:
[root@dell-per740-69 ~]# rpm -qa | grep -E "openvswitch2.15|ovn-2021"
ovn-2021-host-21.06.0-29.el8fdp.x86_64
ovn-2021-central-21.06.0-29.el8fdp.x86_64
ovn-2021-21.06.0-29.el8fdp.x86_64
openvswitch2.15-2.15.0-38.el8fdp.x86_64
confirmed that the issue is fixed on ovn-2021-21.12.0-134.el8fdp.x86_64:
[root@wsfd-advnetlab16 nat]# rpm -qa | grep -E "ovn-2021|openvswitch2.17"
ovn-2021-host-21.12.0-134.el8fdp.x86_64
openvswitch2.17-2.17.0-98.el8fdp.x86_64
ovn-2021-21.12.0-134.el8fdp.x86_64
ovn-2021-central-21.12.0-134.el8fdp.x86_64
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (ovn-2021 bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2023:3995
Description of problem: something wrong for distributed FIP when redirec-type is set as bridged Version-Release number of selected component (if applicable): ovn-2021-21.06.0-29.el8 How reproducible: Always Steps to Reproduce: 1. setup env Server: systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.25 systemctl restart ovn-controller ovs-vsctl add-br br-provider ovs-vsctl add-port br-provider ens5f0 ip link set ens5f0 up ovs-vsctl add-br br-phys ovs-vsctl add-port br-phys ens4f1 ip link set ens4f1 up ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys,provider:br-provider ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1p1 ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:01 192.168.1.1" ovn-nbctl lsp-add ls1 ls1p2 ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:01:01:02 192.168.1.2" ovn-nbctl ls-add ls2 ovn-nbctl lsp-add ls2 ls2p1 ovn-nbctl lsp-set-addresses ls2p1 "00:00:00:01:02:01 192.168.2.1" ovn-nbctl lsp-add ls2 ls2p2 ovn-nbctl lsp-set-addresses ls2p2 "00:00:00:01:02:02 192.168.2.2" ovn-nbctl lr-add lr1 ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:ff:01:01 192.168.1.254/24 ovn-nbctl lsp-add ls1 ls1-lr1 ovn-nbctl lsp-set-type ls1-lr1 router -- lsp-set-options ls1-lr1 router-port=lr1-ls1 -- lsp-set-addresses ls1-lr1 router ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:ff:02:01 192.168.2.254/24 ovn-nbctl lsp-add ls2 ls2-lr1 -- lsp-set-type ls2-lr1 router -- lsp-set-options ls2-lr1 router-port=lr1-ls2 -- lsp-set-addresses ls2-lr1 router ovn-nbctl ls-add ls_ln ovn-nbctl lsp-add ls_ln ln "" 10 -- lsp-set-options ln network_name=provider -- lsp-set-type ln localnet -- lsp-set-addresses ln unknown ovn-nbctl lrp-add lr1 lr1-ln 00:00:00:ff:0f:01 172.1.1.254/24 ovn-nbctl lsp-add ls_ln ln-lr1 -- lsp-set-type ln-lr1 router -- lsp-set-options ln-lr1 router-port=lr1-ln -- lsp-set-addresses ln-lr1 router ovn-nbctl lrp-set-gateway-chassis lr1-ln hv1 20 ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.1.1.112 192.168.1.2 ls1p2 00:00:00:ff:0f:12 ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.1.1.122 192.168.2.2 ovs-vsctl add-port br-int ls1p1 -- set interface ls1p1 type=internal external_ids:iface-id=ls1p1 ip netns add ls1p1 ip link set ls1p1 netns ls1p1 ip netns exec ls1p1 ip link set ls1p1 address 00:00:00:01:01:01 ip netns exec ls1p1 ip link set ls1p1 up ip netns exec ls1p1 ip addr add 192.168.1.1/24 dev ls1p1 ip netns exec ls1p1 ip route add default via 192.168.1.254 dev ls1p1 ovs-vsctl add-port br-int ls2p1 -- set interface ls2p1 type=internal external_ids:iface-id=ls2p1 ip netns add ls2p1 ip link set ls2p1 netns ls2p1 ip netns exec ls2p1 ip link set ls2p1 address 00:00:00:01:02:01 ip netns exec ls2p1 ip link set ls2p1 up ip netns exec ls2p1 ip addr add 192.168.2.1/24 dev ls2p1 ip netns exec ls2p1 ip route add default via 192.168.2.254 dev ls2p1 ovs-vsctl add-port br-provider ext2 -- set interface ext2 type=internal ip netns add ext2 ip link set ext2 netns ext2 ip netns exec ext2 ip link set ext2 up ip netns exec ext2 ip link add link ext2 name ext2.10 type vlan id 10 ip netns exec ext2 ip addr add 172.1.1.2/24 dev ext2.10 ip netns exec ext2 ip link set ext2.10 up ip netns exec ext2 ip route add default via 172.1.1.254 dev ext2.10 ovn-nbctl lsp-add ls1 ln1 "" 11 -- lsp-set-options ln1 network_name=phys -- lsp-set-type ln1 localnet -- lsp-set-addresses ln1 unknown ovn-nbctl lsp-add ls2 ln2 "" 12 -- lsp-set-options ln2 network_name=phys -- lsp-set-type ln2 localnet -- lsp-set-addresses ln2 unknown ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:11,provider:aa:bb:cc:dd:11:11" ovn-nbctl set logical_router_port lr1-ln options:redirect-type=bridged Client: systemctl start openvswitch ovs-vsctl set open . external_ids:system-id=hv0 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.26 systemctl restart ovn-controller ovs-vsctl add-br br-provider ovs-vsctl add-port br-provider eno3 ip link set eno3 up ovs-vsctl add-br br-phys ovs-vsctl add-port br-phys ens2f1 ip link set ens2f1 up ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys,provider:br-provider ovs-vsctl add-port br-int ls1p2 -- set interface ls1p2 type=internal external_ids:iface-id=ls1p2 ip netns add ls1p2 ip link set ls1p2 netns ls1p2 ip netns exec ls1p2 ip link set ls1p2 address 00:00:00:01:01:02 ip netns exec ls1p2 ip link set ls1p2 up ip netns exec ls1p2 ip addr add 192.168.1.2/24 dev ls1p2 ip netns exec ls1p2 ip route add default via 192.168.1.254 dev ls1p2 ovs-vsctl add-port br-int ls2p2 -- set interface ls2p2 type=internal external_ids:iface-id=ls2p2 ip netns add ls2p2 ip link set ls2p2 netns ls2p2 ip netns exec ls2p2 ip link set ls2p2 address 00:00:00:01:02:02 ip netns exec ls2p2 ip link set ls2p2 up ip netns exec ls2p2 ip addr add 192.168.2.2/24 dev ls2p2 ip netns exec ls2p2 ip route add default via 192.168.2.254 dev ls2p2 ovs-vsctl add-port br-provider ext1 -- set interface ext1 type=internal ip netns add ext1 ip link set ext1 netns ext1 ip netns exec ext1 ip link set ext1 up ip netns exec ext1 ip link add link ext1 name ext1.10 type vlan id 10 ip netns exec ext1 ip link set ext1.10 up ip netns exec ext1 ip addr add 172.1.1.1/24 dev ext1.10 ip netns exec ext1 ip route add default via 172.1.1.254 dev ext1.10 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:22,provider:aa:bb:cc:dd:22:22" sleep 2 ip netns exec ls1p2 ping 172.1.1.1 -c 1 ip netns exec ls1p2 ping 172.1.1.1 -c 1 -s 1500 ip netns exec ls1p2 ping 172.1.1.2 -c 1 ip netns exec ls1p2 ping 172.1.1.2 -c 1 -s 1500 ip netns exec ls2p2 ping 172.1.1.1 -c 1 ip netns exec ls2p2 ping 172.1.1.1 -c 1 -s 1500 ip netns exec ls2p2 ping 172.1.1.2 -c 1 ip netns exec ls2p2 ping 172.1.1.2 -c 1 -s 1500 2. capture packets on eno3 (connected to br-provider) and run ip netns exec ls1p2 ping 172.1.1.1 -c 1 Actual results: [root@dell-per740-69 ~]# tcpdump -i eno3 -nnle -v icmp dropped privs to tcpdump tcpdump: listening on eno3, link-type EN10MB (Ethernet), capture size 262144 bytes 03:51:30.519613 00:00:00:ff:0f:12 > 00:00:00:ff:0f:01, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 63, id 23037, offset 0, flags [DF], proto ICMP (1), length 84) 172.1.1.112 > 172.1.1.1: ICMP echo request, id 36808, seq 1, length 64 03:51:30.520464 00:00:00:ff:0f:01 > 1e:1d:54:3f:16:a1, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 23037, offset 0, flags [DF], proto ICMP (1), length 84) 172.1.1.112 > 172.1.1.1: ICMP echo request, id 36808, seq 1, length 64 Expected results: as the FIP for ls1p2 is distributed, the packet should not go through br-provider. Additional info: [root@dell-per740-69 ~]# rpm -qa | grep -E "openvswitch2.15|ovn-2021" ovn-2021-host-21.06.0-29.el8fdp.x86_64 ovn-2021-central-21.06.0-29.el8fdp.x86_64 ovn-2021-21.06.0-29.el8fdp.x86_64 openvswitch2.15-2.15.0-38.el8fdp.x86_64