Description of problem: something wrong for distributed FIP when redirec-type is set as bridged Version-Release number of selected component (if applicable): ovn-2021-21.06.0-29.el8 How reproducible: Always Steps to Reproduce: 1. setup env Server: systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.25 systemctl restart ovn-controller ovs-vsctl add-br br-provider ovs-vsctl add-port br-provider ens5f0 ip link set ens5f0 up ovs-vsctl add-br br-phys ovs-vsctl add-port br-phys ens4f1 ip link set ens4f1 up ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys,provider:br-provider ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1p1 ovn-nbctl lsp-set-addresses ls1p1 "00:00:00:01:01:01 192.168.1.1" ovn-nbctl lsp-add ls1 ls1p2 ovn-nbctl lsp-set-addresses ls1p2 "00:00:00:01:01:02 192.168.1.2" ovn-nbctl ls-add ls2 ovn-nbctl lsp-add ls2 ls2p1 ovn-nbctl lsp-set-addresses ls2p1 "00:00:00:01:02:01 192.168.2.1" ovn-nbctl lsp-add ls2 ls2p2 ovn-nbctl lsp-set-addresses ls2p2 "00:00:00:01:02:02 192.168.2.2" ovn-nbctl lr-add lr1 ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:ff:01:01 192.168.1.254/24 ovn-nbctl lsp-add ls1 ls1-lr1 ovn-nbctl lsp-set-type ls1-lr1 router -- lsp-set-options ls1-lr1 router-port=lr1-ls1 -- lsp-set-addresses ls1-lr1 router ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:ff:02:01 192.168.2.254/24 ovn-nbctl lsp-add ls2 ls2-lr1 -- lsp-set-type ls2-lr1 router -- lsp-set-options ls2-lr1 router-port=lr1-ls2 -- lsp-set-addresses ls2-lr1 router ovn-nbctl ls-add ls_ln ovn-nbctl lsp-add ls_ln ln "" 10 -- lsp-set-options ln network_name=provider -- lsp-set-type ln localnet -- lsp-set-addresses ln unknown ovn-nbctl lrp-add lr1 lr1-ln 00:00:00:ff:0f:01 172.1.1.254/24 ovn-nbctl lsp-add ls_ln ln-lr1 -- lsp-set-type ln-lr1 router -- lsp-set-options ln-lr1 router-port=lr1-ln -- lsp-set-addresses ln-lr1 router ovn-nbctl lrp-set-gateway-chassis lr1-ln hv1 20 ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.1.1.112 192.168.1.2 ls1p2 00:00:00:ff:0f:12 ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.1.1.122 192.168.2.2 ovs-vsctl add-port br-int ls1p1 -- set interface ls1p1 type=internal external_ids:iface-id=ls1p1 ip netns add ls1p1 ip link set ls1p1 netns ls1p1 ip netns exec ls1p1 ip link set ls1p1 address 00:00:00:01:01:01 ip netns exec ls1p1 ip link set ls1p1 up ip netns exec ls1p1 ip addr add 192.168.1.1/24 dev ls1p1 ip netns exec ls1p1 ip route add default via 192.168.1.254 dev ls1p1 ovs-vsctl add-port br-int ls2p1 -- set interface ls2p1 type=internal external_ids:iface-id=ls2p1 ip netns add ls2p1 ip link set ls2p1 netns ls2p1 ip netns exec ls2p1 ip link set ls2p1 address 00:00:00:01:02:01 ip netns exec ls2p1 ip link set ls2p1 up ip netns exec ls2p1 ip addr add 192.168.2.1/24 dev ls2p1 ip netns exec ls2p1 ip route add default via 192.168.2.254 dev ls2p1 ovs-vsctl add-port br-provider ext2 -- set interface ext2 type=internal ip netns add ext2 ip link set ext2 netns ext2 ip netns exec ext2 ip link set ext2 up ip netns exec ext2 ip link add link ext2 name ext2.10 type vlan id 10 ip netns exec ext2 ip addr add 172.1.1.2/24 dev ext2.10 ip netns exec ext2 ip link set ext2.10 up ip netns exec ext2 ip route add default via 172.1.1.254 dev ext2.10 ovn-nbctl lsp-add ls1 ln1 "" 11 -- lsp-set-options ln1 network_name=phys -- lsp-set-type ln1 localnet -- lsp-set-addresses ln1 unknown ovn-nbctl lsp-add ls2 ln2 "" 12 -- lsp-set-options ln2 network_name=phys -- lsp-set-type ln2 localnet -- lsp-set-addresses ln2 unknown ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:11,provider:aa:bb:cc:dd:11:11" ovn-nbctl set logical_router_port lr1-ln options:redirect-type=bridged Client: systemctl start openvswitch ovs-vsctl set open . external_ids:system-id=hv0 external_ids:ovn-remote=tcp:1.1.40.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.40.26 systemctl restart ovn-controller ovs-vsctl add-br br-provider ovs-vsctl add-port br-provider eno3 ip link set eno3 up ovs-vsctl add-br br-phys ovs-vsctl add-port br-phys ens2f1 ip link set ens2f1 up ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys,provider:br-provider ovs-vsctl add-port br-int ls1p2 -- set interface ls1p2 type=internal external_ids:iface-id=ls1p2 ip netns add ls1p2 ip link set ls1p2 netns ls1p2 ip netns exec ls1p2 ip link set ls1p2 address 00:00:00:01:01:02 ip netns exec ls1p2 ip link set ls1p2 up ip netns exec ls1p2 ip addr add 192.168.1.2/24 dev ls1p2 ip netns exec ls1p2 ip route add default via 192.168.1.254 dev ls1p2 ovs-vsctl add-port br-int ls2p2 -- set interface ls2p2 type=internal external_ids:iface-id=ls2p2 ip netns add ls2p2 ip link set ls2p2 netns ls2p2 ip netns exec ls2p2 ip link set ls2p2 address 00:00:00:01:02:02 ip netns exec ls2p2 ip link set ls2p2 up ip netns exec ls2p2 ip addr add 192.168.2.2/24 dev ls2p2 ip netns exec ls2p2 ip route add default via 192.168.2.254 dev ls2p2 ovs-vsctl add-port br-provider ext1 -- set interface ext1 type=internal ip netns add ext1 ip link set ext1 netns ext1 ip netns exec ext1 ip link set ext1 up ip netns exec ext1 ip link add link ext1 name ext1.10 type vlan id 10 ip netns exec ext1 ip link set ext1.10 up ip netns exec ext1 ip addr add 172.1.1.1/24 dev ext1.10 ip netns exec ext1 ip route add default via 172.1.1.254 dev ext1.10 ovs-vsctl set open . external-ids:ovn-chassis-mac-mappings="phys:aa:bb:cc:dd:ee:22,provider:aa:bb:cc:dd:22:22" sleep 2 ip netns exec ls1p2 ping 172.1.1.1 -c 1 ip netns exec ls1p2 ping 172.1.1.1 -c 1 -s 1500 ip netns exec ls1p2 ping 172.1.1.2 -c 1 ip netns exec ls1p2 ping 172.1.1.2 -c 1 -s 1500 ip netns exec ls2p2 ping 172.1.1.1 -c 1 ip netns exec ls2p2 ping 172.1.1.1 -c 1 -s 1500 ip netns exec ls2p2 ping 172.1.1.2 -c 1 ip netns exec ls2p2 ping 172.1.1.2 -c 1 -s 1500 2. capture packets on eno3 (connected to br-provider) and run ip netns exec ls1p2 ping 172.1.1.1 -c 1 Actual results: [root@dell-per740-69 ~]# tcpdump -i eno3 -nnle -v icmp dropped privs to tcpdump tcpdump: listening on eno3, link-type EN10MB (Ethernet), capture size 262144 bytes 03:51:30.519613 00:00:00:ff:0f:12 > 00:00:00:ff:0f:01, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 63, id 23037, offset 0, flags [DF], proto ICMP (1), length 84) 172.1.1.112 > 172.1.1.1: ICMP echo request, id 36808, seq 1, length 64 03:51:30.520464 00:00:00:ff:0f:01 > 1e:1d:54:3f:16:a1, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 62, id 23037, offset 0, flags [DF], proto ICMP (1), length 84) 172.1.1.112 > 172.1.1.1: ICMP echo request, id 36808, seq 1, length 64 Expected results: as the FIP for ls1p2 is distributed, the packet should not go through br-provider. Additional info: [root@dell-per740-69 ~]# rpm -qa | grep -E "openvswitch2.15|ovn-2021" ovn-2021-host-21.06.0-29.el8fdp.x86_64 ovn-2021-central-21.06.0-29.el8fdp.x86_64 ovn-2021-21.06.0-29.el8fdp.x86_64 openvswitch2.15-2.15.0-38.el8fdp.x86_64
upstream fix: https://patchwork.ozlabs.org/project/ovn/patch/308a75da796460cc3905e02387c46d57c4c4f529.1663593740.git.lorenzo.bianconi@redhat.com/
since this patch will not be backported, I guess we can close the bug as 'next-release'
Also, the reason for being centralized when using FIPs is due to this missing in core-ovn: https://bugzilla.redhat.com/show_bug.cgi?id=2007120
ovn-2021 fast-datapath-rhel-9 clone created at https://bugzilla.redhat.com/show_bug.cgi?id=2213610
confirmed that the issue is fixed on ovn-2021-21.12.0-134.el8fdp.x86_64: [root@wsfd-advnetlab16 nat]# rpm -qa | grep -E "ovn-2021|openvswitch2.17" ovn-2021-host-21.12.0-134.el8fdp.x86_64 openvswitch2.17-2.17.0-98.el8fdp.x86_64 ovn-2021-21.12.0-134.el8fdp.x86_64 ovn-2021-central-21.12.0-134.el8fdp.x86_64
set Verified per comment 12
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn-2021 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:3995