Bug 2060462
| Summary: | LR cannot do source based route correctly after packets SNATed by LB on previous LR | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | Peng Liu <pliu> | ||||
| Component: | OVN | Assignee: | OVN Team <ovnteam> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Jianlin Shi <jishi> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | FDP 21.C | CC: | ctrautma, dceara, jiji, mmichels | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2022-03-07 11:11:09 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Adding the ovn_cluster_router routes for reference:
$ ovn-nbctl lr-route-list ovn_cluster_router
IPv4 Routes
Route Table <main>:
100.64.0.5 100.64.0.5 dst-ip
192.168.111.1 10.131.0.3 src-ip <<< the reporter expected this route to be hit
10.131.0.0/23 100.64.0.5 src-ip
However, this expectation is not correct, based on the OVN configuration in the NB what happens is:
1. DNAT to 10.129.2.59:8080 for the LB, on GR_worker-0
2. SNAT to 100.64.0.5 because GR_worker-0 is configured with options:lb_force_snat_ip=router_ip, on GR_worker-0
3. Then the src-ip route: "192.168.111.1 via 10.131.0.3 src-ip" will not be hit because the src IP changed, it's now 100.64.0.5.
Closing as "not a bug".
Thanks!
|
Created attachment 1864011 [details] ovn-trace when source-based route is created with the SNATed src ip Description of problem: In an OCP cluster, create a source-based route at the cluster router using the gateway router's IP as the source IP. For packets get SNATed by LB at the gateway Router. When the packets get to the cluster router, they cannot be matched by the source-based route. However, if change the route to the original source IP before SNAT they can be matched. Version-Release number of selected component (if applicable): OVN: ovn21.12-21.12.0-24.el8fdp.x86_64 OCP: 4.10.0-0.nightly-2022-02-09-054720 Expected behavior: One LR can match the source IP after packets get SNATed by the previous LR.