Description of problem: When a load balancer is applied on a logical router OVN should only reply to ARP requests (and neighbor solicitation packets) for load balancer VIPs that are actually part of subnets configured on the logical router ports. In ovn-k8s deployments, cluster-wide service VIPs are not part of any gateway router subnet. Installing ARP responder flows for them is a waste of resources and significantly increases the SB size (due to the per-logical router LB IPs address_set).
Patch posted for review: http://patchwork.ozlabs.org/project/ovn/list/?series=272253&state=*
reproduced on version: # rpm -qa|grep ovn ovn-2021-21.09.1-24.el8fdp.x86_64 ovn-2021-host-21.09.1-24.el8fdp.x86_64 ovn-2021-central-21.09.1-24.el8fdp.x86_64 # ovn-nbctl lr-add lr -- lrp-add lr lrp 00:00:00:00:00:01 172.16.1.1/24 -- lb-add lb1 192.168.100.1 42.42.42.1 -- lr-lb-add lr lb1 [root@dell-per730-19 load_balance]# ovn-sbctl list address_set _uuid : 440b112c-54ea-4eb8-85c7-8bf9645a16de addresses : ["192.168.1.100", "192.168.1.110"] name : _rtr_lb_1_ip4 _uuid : 5f665ac9-cc76-41d8-9272-45eeb8b3dd71 addresses : ["a6:cf:33:ad:44:fd"] name : svc_monitor_mac _uuid : 1a2a5dd6-50d3-447d-bb5b-14d91096250a addresses : ["192.168.100.1"] ---------------------this should not be here name : _rtr_lb_5_ip4 [root@dell-per730-19 load_balance]# ovn-sbctl dump-flows|grep lb_5 ---------this flow should not installed. table=3 (lr_in_ip_input ), priority=90 , match=(inport == "lrp" && arp.op == 1 && arp.tpa == $_rtr_lb_5_ip4), action=(eth.dst = eth.src; eth.src = xreg0[0..47]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = xreg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;) verified on version: # rpm -qa|grep ovn ovn-2021-21.12.0-42.el8fdp.x86_64 ovn-2021-central-21.12.0-42.el8fdp.x86_64 ovn-2021-host-21.12.0-42.el8fdp.x86_64 # ovn-nbctl lb-add lb1 192.168.200.1 192.168.0.1 [root@dell-per730-19 load_balance]# ovn-nbctl --wait=hv lr-lb-add R1 lb1 [root@dell-per730-19 load_balance]# ovn-sbctl list address_set _uuid : 2c31b359-86d7-456b-8780-3e978b305a60 addresses : ["0a:ba:7a:08:56:47"] name : svc_monitor_mac _uuid : c3357576-456d-497b-9177-753f394fecf6 addresses : ["192.168.1.100", "192.168.1.110"] ---------------here is no 192.168.200.1 name : _rtr_lb_1_ip4
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn-2021 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:1523