2054394 – [RFE][OVN] Add an option to disable GARPs for LB IPs on router port

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2054394 - [RFE][OVN] Add an option to disable GARPs for LB IPs on router port

Summary: [RFE][OVN] Add an option to disable GARPs for LB IPs on router port

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	OVN
Sub Component:
Version:	FDP 21.C
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	high
Target Milestone:	---
Target Release:	FDP 22.B
Assignee:	lorenzo bianconi
QA Contact:	ying xu
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2053013 (view as bug list)
Depends On:
Blocks:	2052975
TreeView+	depends on / blocked

Reported:	2022-02-14 21:10 UTC by Surya Seetharaman
Modified:	2022-03-30 16:28 UTC (History)
CC List:	9 users (show)
Fixed In Version:	ovn2.13-20.12.0-195.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-30 16:28:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FD-1772	0	None	None	None	2022-02-14 21:15:28 UTC
Red Hat Product Errata	RHBA-2022:1143	0	None	None	None	2022-03-30 16:28:18 UTC

Description Surya Seetharaman 2022-02-14 21:10:32 UTC

Description of problem:

When we set the nat-addresses=router option on the lsp of external switch;

sh-5.1# ovn-nbctl find logical-switch-port name=etor-GR_ovn-worker
_uuid               : 08101a36-07e3-4d69-a95e-2cb9f5ff1398
addresses           : ["02:42:ac:12:00:03"]
dhcpv4_options      : []
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : []
external_ids        : {}
ha_chassis_group    : []
name                : etor-GR_ovn-worker
options             : {nat-addresses=router, router-port=rtoe-GR_ovn-worker}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : router
up                  : true

We end up sending GARPs for all LB IPs in addition to the externalIPs configured for SNAT/DNAT. This could mean lots of GARPs and each of the nodes in the cluster would reply to all these GARPs.

Even in a cluster with 50 nodes that have lots of clusterIPs this is unnecessary noise:

20:22:33.975158 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.62.25 tell 172.30.62.25, length 28
20:22:33.975181   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.62.25 tell 172.30.62.25, length 28
20:22:33.975330 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.245.223 tell 172.30.245.223, length 28
20:22:33.975336   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.245.223 tell 172.30.245.223, length 28
20:22:33.975407 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.186.95 tell 172.30.186.95, length 28
20:22:33.975413   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.186.95 tell 172.30.186.95, length 28
20:22:33.975494 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.162.199 tell 172.30.162.199, length 28
20:22:33.975502   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.162.199 tell 172.30.162.199, length 28


....
20:22:33.976436  In 00:50:56:af:95:af ethertype ARP (0x0806), length 62: Reply 172.30.232.240 is-at 00:50:56:af:95:af, length 46
20:22:33.976448  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.186.95 is-at 00:50:56:af:8d:9a, length 46
20:22:33.976480 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.139.44 tell 172.30.139.44, length 28
20:22:33.976490  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.29.243 is-at 00:50:56:af:8d:9a, length 46
20:22:33.976489   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44: Request who-has 172.30.139.44 tell 172.30.139.44, length 28
20:22:33.976533  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.245.223 is-at 00:50:56:af:8d:9a, length 46
20:22:33.976549  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.24.0 is-at 00:50:56:af:8d:9a, length 46
20:22:33.986088  In 00:50:56:af:95:af ethertype ARP (0x0806), length 62: Reply 172.30.139.44 is-at 00:50:56:af:95:af, length 46
20:22:33.986101  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62: Reply 172.30.201.166 is-at 00:50:56:af:4f:8f, length 46
20:22:33.986114  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62: Reply 172.30.214.109 is-at 00:50:56:af:4f:8f, length 46
20:22:33.986126  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.62.25 is-at 00:50:56:af:f7:95, length 46
20:22:33.986139  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62: Reply 172.30.232.240 is-at 00:50:56:af:4f:8f, length 46
20:22:33.986152  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.139.44 is-at 00:50:56:af:8d:9a, length 46
20:22:33.986168  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.245.223 is-at 00:50:56:af:f7:95, length 46
20:22:33.986187  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.186.95 is-at 00:50:56:af:f7:95, length 46
20:22:33.986203  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62: Reply 172.30.139.44 is-at 00:50:56:af:4f:8f, length 46
20:22:33.986227  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.162.199 is-at 00:50:56:af:f7:95, length 46
20:22:33.986243  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.29.243 is-at 00:50:56:af:f7:95, length 46
20:22:33.986257  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.214.109 is-at 00:50:56:af:f7:95, length 46
20:22:33.986301  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.24.0 is-at 00:50:56:af:f7:95, length 46
20:22:33.986322  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.232.240 is-at 00:50:56:af:f7:95, length 46
20:22:33.986336  In 00:50:56:af:6f:d9 ethertype ARP (0x0806), length 62: Reply 172.30.62.25 is-at 00:50:56:af:6f:d9, length 46
20:22:33.986349  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62: Reply 172.30.229.216 is-at 00:50:56:af:f7:95, length 46
20:22:33.993610  In 00:50:56:af:3a:7e ethertype ARP (0x0806), length 62: Reply 172.30.117.195 is-at 00:50:56:af:3a:7e, length 46
20:22:33.993669  In 00:50:56:af:3a:7e ethertype ARP (0x0806), length 62: Reply 172.30.0.10 is-at 00:50:56:af:3a:7e, length 46
20:22:33.998298  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.166.64 is-at 00:50:56:af:8d:9a, length 46
20:22:33.998325  In 00:50:56:af:95:af ethertype ARP (0x0806), length 62: Reply 172.30.166.64 is-at 00:50:56:af:95:af, length 46
20:22:33.998345  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62: Reply 172.30.166.64 is-at 00:50:56:af:4f:8f, length 46
20:22:33.998361  In 00:50:56:af:bd:fa ethertype ARP (0x0806), length 62: Reply 172.30.0.1 is-at 00:50:56:af:bd:fa, length 46
20:22:33.998386  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.175.252 is-at 00:50:56:af:8d:9a, length 46
20:22:33.998412  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62: Reply 172.30.175.252 is-at 00:50:56:af:4f:8f, length 46
20:22:34.015138  In 00:50:56:af:6f:d9 ethertype ARP (0x0806), length 62: Reply 172.30.21.212 is-at 00:50:56:af:6f:d9, length 46
20:22:34.015169  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.21.212 is-at 00:50:56:af:8d:9a, length 46
20:22:34.015187  In 00:50:56:af:6f:d9 ethertype ARP (0x0806), length 62: Reply 172.30.239.184 is-at 00:50:56:af:6f:d9, length 46
20:22:34.015204  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62: Reply 172.30.239.184 is-at 00:50:56:af:8d:9a, length 46
20:22:34.015220  In 00:50:56:af:95:af ethertype ARP (0x0806), length 62: Reply 172.30.239.184 is-at 00:50:56:af:95:af, length 46
20:22:34.015235  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62: Reply 172.30.239.184 is-at 00:50:56:af:4f:8f, length 46
20:22:34.015257  In 00:50:56:af:6f:d9 ethertype ARP (0x0806), length 62: Reply 172.30.19.125 is-at 00:50:56:af:6f:d9, length 46


Version-Release number of selected component (if applicable):
All OVN versions where nat-addresses is supported.


How reproducible:
Always


Actual results:

RFE request. It would be good to have an option to disable the GARPs for the LB IPs and have that separate from the externalIPs configured for SNAT and DNAT so that use cases that need us to do GARPs for externalIPs don't get hampered by all these GARPs from LB IPs.

Comment 1 lorenzo bianconi 2022-02-15 14:31:05 UTC

(In reply to Surya Seetharaman from comment #0)
> Description of problem:
> 
> When we set the nat-addresses=router option on the lsp of external switch;
> 
> sh-5.1# ovn-nbctl find logical-switch-port name=etor-GR_ovn-worker
> _uuid               : 08101a36-07e3-4d69-a95e-2cb9f5ff1398
> addresses           : ["02:42:ac:12:00:03"]
> dhcpv4_options      : []
> dhcpv6_options      : []
> dynamic_addresses   : []
> enabled             : []
> external_ids        : {}
> ha_chassis_group    : []
> name                : etor-GR_ovn-worker
> options             : {nat-addresses=router, router-port=rtoe-GR_ovn-worker}
> parent_name         : []
> port_security       : []
> tag                 : []
> tag_request         : []
> type                : router
> up                  : true
> 
> We end up sending GARPs for all LB IPs in addition to the externalIPs
> configured for SNAT/DNAT. This could mean lots of GARPs and each of the
> nodes in the cluster would reply to all these GARPs.
> 
> Even in a cluster with 50 nodes that have lots of clusterIPs this is
> unnecessary noise:
> 
> 20:22:33.975158 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.62.25 tell 172.30.62.25, length 28
> 20:22:33.975181   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.62.25 tell 172.30.62.25, length 28
> 20:22:33.975330 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.245.223 tell 172.30.245.223, length 28
> 20:22:33.975336   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.245.223 tell 172.30.245.223, length 28
> 20:22:33.975407 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.186.95 tell 172.30.186.95, length 28
> 20:22:33.975413   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.186.95 tell 172.30.186.95, length 28
> 20:22:33.975494 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.162.199 tell 172.30.162.199, length 28
> 20:22:33.975502   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.162.199 tell 172.30.162.199, length 28
> 
> 
> ....
> 20:22:33.976436  In 00:50:56:af:95:af ethertype ARP (0x0806), length 62:
> Reply 172.30.232.240 is-at 00:50:56:af:95:af, length 46
> 20:22:33.976448  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.186.95 is-at 00:50:56:af:8d:9a, length 46
> 20:22:33.976480 Out 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.139.44 tell 172.30.139.44, length 28
> 20:22:33.976490  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.29.243 is-at 00:50:56:af:8d:9a, length 46
> 20:22:33.976489   B 00:50:56:af:7f:8f ethertype ARP (0x0806), length 44:
> Request who-has 172.30.139.44 tell 172.30.139.44, length 28
> 20:22:33.976533  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.245.223 is-at 00:50:56:af:8d:9a, length 46
> 20:22:33.976549  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.24.0 is-at 00:50:56:af:8d:9a, length 46
> 20:22:33.986088  In 00:50:56:af:95:af ethertype ARP (0x0806), length 62:
> Reply 172.30.139.44 is-at 00:50:56:af:95:af, length 46
> 20:22:33.986101  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62:
> Reply 172.30.201.166 is-at 00:50:56:af:4f:8f, length 46
> 20:22:33.986114  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62:
> Reply 172.30.214.109 is-at 00:50:56:af:4f:8f, length 46
> 20:22:33.986126  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.62.25 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.986139  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62:
> Reply 172.30.232.240 is-at 00:50:56:af:4f:8f, length 46
> 20:22:33.986152  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.139.44 is-at 00:50:56:af:8d:9a, length 46
> 20:22:33.986168  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.245.223 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.986187  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.186.95 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.986203  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62:
> Reply 172.30.139.44 is-at 00:50:56:af:4f:8f, length 46
> 20:22:33.986227  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.162.199 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.986243  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.29.243 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.986257  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.214.109 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.986301  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.24.0 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.986322  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.232.240 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.986336  In 00:50:56:af:6f:d9 ethertype ARP (0x0806), length 62:
> Reply 172.30.62.25 is-at 00:50:56:af:6f:d9, length 46
> 20:22:33.986349  In 00:50:56:af:f7:95 ethertype ARP (0x0806), length 62:
> Reply 172.30.229.216 is-at 00:50:56:af:f7:95, length 46
> 20:22:33.993610  In 00:50:56:af:3a:7e ethertype ARP (0x0806), length 62:
> Reply 172.30.117.195 is-at 00:50:56:af:3a:7e, length 46
> 20:22:33.993669  In 00:50:56:af:3a:7e ethertype ARP (0x0806), length 62:
> Reply 172.30.0.10 is-at 00:50:56:af:3a:7e, length 46
> 20:22:33.998298  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.166.64 is-at 00:50:56:af:8d:9a, length 46
> 20:22:33.998325  In 00:50:56:af:95:af ethertype ARP (0x0806), length 62:
> Reply 172.30.166.64 is-at 00:50:56:af:95:af, length 46
> 20:22:33.998345  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62:
> Reply 172.30.166.64 is-at 00:50:56:af:4f:8f, length 46
> 20:22:33.998361  In 00:50:56:af:bd:fa ethertype ARP (0x0806), length 62:
> Reply 172.30.0.1 is-at 00:50:56:af:bd:fa, length 46
> 20:22:33.998386  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.175.252 is-at 00:50:56:af:8d:9a, length 46
> 20:22:33.998412  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62:
> Reply 172.30.175.252 is-at 00:50:56:af:4f:8f, length 46
> 20:22:34.015138  In 00:50:56:af:6f:d9 ethertype ARP (0x0806), length 62:
> Reply 172.30.21.212 is-at 00:50:56:af:6f:d9, length 46
> 20:22:34.015169  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.21.212 is-at 00:50:56:af:8d:9a, length 46
> 20:22:34.015187  In 00:50:56:af:6f:d9 ethertype ARP (0x0806), length 62:
> Reply 172.30.239.184 is-at 00:50:56:af:6f:d9, length 46
> 20:22:34.015204  In 00:50:56:af:8d:9a ethertype ARP (0x0806), length 62:
> Reply 172.30.239.184 is-at 00:50:56:af:8d:9a, length 46
> 20:22:34.015220  In 00:50:56:af:95:af ethertype ARP (0x0806), length 62:
> Reply 172.30.239.184 is-at 00:50:56:af:95:af, length 46
> 20:22:34.015235  In 00:50:56:af:4f:8f ethertype ARP (0x0806), length 62:
> Reply 172.30.239.184 is-at 00:50:56:af:4f:8f, length 46
> 20:22:34.015257  In 00:50:56:af:6f:d9 ethertype ARP (0x0806), length 62:
> Reply 172.30.19.125 is-at 00:50:56:af:6f:d9, length 46
> 
> 
> Version-Release number of selected component (if applicable):
> All OVN versions where nat-addresses is supported.
> 
> 
> How reproducible:
> Always
> 
> 
> Actual results:
> 
> RFE request. It would be good to have an option to disable the GARPs for the
> LB IPs and have that separate from the externalIPs configured for SNAT and
> DNAT so that use cases that need us to do GARPs for externalIPs don't get
> hampered by all these GARPs from LB IPs.

According to ovn-nb.xml, in the "nat-addresses" option you can specify the <mac IPs> to advertise in GARPs sent by ovn logical router. Are you running a gw router or a gw router port?

Comment 2 Surya Seetharaman 2022-02-16 17:34:33 UTC

(In reply to lorenzo bianconi from comment #1)
> (In reply to Surya Seetharaman from comment #0)
>
> 
> According to ovn-nb.xml, in the "nat-addresses" option you can specify the
> <mac IPs> to advertise in GARPs sent by ovn logical router. Are you running
> a gw router or a gw router port?

Not sure what you mean, so we are running an external switch and GW router with a router port that connects them:

sh-5.1# ovn-nbctl find logical-switch-port name=etor-GR_ovn-worker
_uuid               : 08101a36-07e3-4d69-a95e-2cb9f5ff1398
addresses           : ["02:42:ac:12:00:03"]
dhcpv4_options      : []
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : []
external_ids        : {}
ha_chassis_group    : []
name                : etor-GR_ovn-worker
options             : {nat-addresses=router, router-port=rtoe-GR_ovn-worker}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : router
up                  : true

On this we set the nat-address option, the problem is we don't know which MACIPs we want to advertise to.... We only know we want to send GARPs for externalIPs used for the SNATs on the GWR, and not advertise all the LB VIPs on the router.

Comment 3 lorenzo bianconi 2022-02-17 17:37:45 UTC

upstream patch: https://patchwork.ozlabs.org/project/ovn/patch/00d7b6da2c63cabbb4cad719786bdd8c86755214.1645119140.git.lorenzo.bianconi@redhat.com/

Comment 8 Jianlin Shi 2022-03-04 01:36:46 UTC

*** Bug 2053013 has been marked as a duplicate of this bug. ***

Comment 9 ying xu 2022-03-12 01:52:35 UTC

reproducer:
   systemctl start openvswitch
    systemctl start ovn-northd
    ovn-nbctl set-connection ptcp:6641
    ovn-sbctl set-connection ptcp:6642
    ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:127.0.0.1:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=127.0.0.1
    systemctl restart ovn-controller

    ovn-nbctl lr-add R1

    ovn-nbctl ls-add sw0
    ovn-nbctl ls-add sw1
    ovn-nbctl ls-add public

    ovn-nbctl lrp-add R1 rp-sw0 00:00:01:01:02:03 192.168.1.1/24
    ovn-nbctl lrp-add R1 rp-sw1 00:00:03:01:02:03 192.168.2.1/24
    ovn-nbctl lrp-add R1 rp-public 00:00:02:01:02:03 172.16.1.1/24 1000::a/64 \
        -- lrp-set-gateway-chassis rp-public hv1

    ovs-vsctl add-br br-ext
    ovn-nbctl lsp-add sw0 sw0-rp -- set Logical_Switch_Port sw0-rp \
        type=router options:router-port=rp-sw0 \
        -- lsp-set-addresses sw0-rp router
    ovn-nbctl lsp-add sw1 sw1-rp -- set Logical_Switch_Port sw1-rp \
        type=router options:router-port=rp-sw1 \
        -- lsp-set-addresses sw1-rp router

    ovn-nbctl lsp-add public public-rp -- set Logical_Switch_Port public-rp \
        type=router options:router-port=rp-public \
        -- lsp-set-addresses public-rp router

    ovs-vsctl add-port br-int sw01 -- set interface sw01 type=internal external_ids:iface-id=sw01
    ip netns add sw01
    ip link set sw01 netns sw01
    ip netns exec sw01 ip link set sw01 address f0:00:00:01:02:03
    ip netns exec sw01 ip link set sw01 up
    ip netns exec sw01 ip addr add 192.168.1.2/24 dev sw01
    ip netns exec sw01 ip route add default via 192.168.1.1 dev sw01
    ovn-nbctl lsp-add sw0 sw01 \
        -- lsp-set-addresses sw01 "f0:00:00:01:02:03 192.168.1.2"

    ovs-vsctl add-port br-int sw11 -- set interface sw11 type=internal external_ids:iface-id=sw11
    ip netns add sw11
    ip link set sw11 netns sw11
    ip netns exec sw11 ip link set sw11 address f0:00:00:02:02:03
    ip netns exec sw11 ip link set sw11 up
    ip netns exec sw11 ip addr add 192.168.2.2/24 dev sw11
    ip netns exec sw11 ip route add default via 192.168.2.1 dev sw11
    ovn-nbctl lsp-add sw1 sw11 \
        -- lsp-set-addresses sw11 "f0:00:00:02:02:03 192.168.2.2"

    ovs-vsctl add-port br-ext server -- set interface server type=internal
    ip netns add server
    ip netns exec server ip link set lo up
    ip link set server netns server
    ip netns exec server ip link set server up
    ip netns exec server ip addr add 172.16.1.50/24 dev server
    ip netns exec server ip route add default via 172.16.1.1 dev server

    ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=phynet:br-ext
    ovn-nbctl lsp-add public public1 \
            -- lsp-set-addresses public1 unknown \
            -- lsp-set-type public1 localnet \
            -- lsp-set-options public1 network_name=phynet
        ip netns exec server tcpdump -U -i any -w router.pcap&
    ovn-nbctl lr-nat-add R1 snat 172.16.1.200 192.168.1.0/24
    ovn-nbctl lr-nat-add R1 dnat 172.16.1.110 192.168.1.2/24
sleep 2
    ovn-nbctl set logical_switch_port public-rp options:nat-addresses=router
    ovn-sbctl find port_binding logical_port=public-rp

    ovn-nbctl lb-add lb0 192.168.1.100 192.168.1.2
    ovn-nbctl ls-lb-add sw0 lb0
    ovn-nbctl --wait=hv lr-lb-add R1 lb0

    ovn-sbctl find port_binding logical_port=public-rp

sleep 30
pkill -9 tcpdump


when set the option nat-addresses=router:
# tcpdump -r router.pcap arp -nn -v
reading from file router.pcap, link-type LINUX_SLL (Linux cooked v1)
dropped privs to tcpdump
20:39:14.644165 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:39:16.433691 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28
20:39:16.468757 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell 192.168.1.100, length 28
20:39:16.643996 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:39:18.435917 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28
20:39:18.468957 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell 192.168.1.100, length 28
20:39:20.646239 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:39:22.437128 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28
20:39:22.468201 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell 192.168.1.100, length 28
20:39:28.652511 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:39:30.438369 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28
20:39:30.468437 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell 192.168.1.100, length 28
20:39:44.661817 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28

when set the option nat-addresses=nat-only-router:
# tcpdump -r natonly.pcap arp -nn -v
reading from file natonly.pcap, link-type LINUX_SLL (Linux cooked v1)
dropped privs to tcpdump
20:33:41.416583 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:33:43.418693 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:33:47.422750 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:33:55.425202 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:34:11.441295 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28


I'm not sure it is right to verify this bug?
I think with nat-only-router,there should be arp of 172.16.1.200(this is from the nat rule),but it's only 172.16.1.1. 
and it is no difference from without nat-addresses option.

or I made some misstake in my script?

Comment 10 Luis Tomas Bolivar 2022-03-14 15:12:11 UTC

As far as I know the final flag name was "exclude-lb-vips-from-garp" instead of "nat-only-router (https://patchwork.ozlabs.org/project/ovn/patch/183edfc446633c5c38d7d7361089d34432c527dd.1645793899.git.lorenzo.bianconi@redhat.com/)

Comment 12 ying xu 2022-03-15 01:19:20 UTC

as comment10 &11 said, I update the options in my script, and it works!

ovn-nbctl set logical_switch_port public-rp options:nat-addresses=router
    ovn-nbctl set logical_switch_port public-rp options:exclude-lb-vips-from-garp=true

# tcpdump -r nat-only-router.pcap arp -nn -v
reading from file nat-only-router.pcap, link-type LINUX_SLL (Linux cooked v1)
dropped privs to tcpdump
20:55:25.408348 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.110 tell 172.16.1.110, length 28
20:55:25.408461 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:55:25.408550 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28
20:55:27.410337 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.110 tell 172.16.1.110, length 28
20:55:27.410451 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:55:27.410542 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28
20:55:31.414496 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.110 tell 172.16.1.110, length 28
20:55:31.414617 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:55:31.414715 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28
20:55:39.422552 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.110 tell 172.16.1.110, length 28
20:55:39.422672 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:55:39.422762 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28
20:55:55.429373 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.110 tell 172.16.1.110, length 28
20:55:55.429491 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.1 tell 172.16.1.1, length 28
20:55:55.429588 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.200 tell 172.16.1.200, length 28

now there are arps of nat but no LB ip.

set verified.

Comment 14 errata-xmlrpc 2022-03-30 16:28:12 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1143

Note You need to log in before you can comment on or make changes to this bug.