Bug 2060552
| Summary: | Userspace datapath drops the encapsulated packet with inner vlan if sent to the access port | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | Ilya Maximets <i.maximets> |
| Component: | openvswitch2.15 | Assignee: | Open vSwitch development team <ovs-team> |
| Status: | CLOSED ERRATA | QA Contact: | Hekai Wang <hewang> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | FDP 22.A | CC: | ctrautma, hewang, jhsiao, ralongi, tredaelli |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openvswitch2.13-2.13.0-178.el8fdp openvswitch2.15-2.15.0-97.el8fdp openvswitch2.15-2.15.0-54.el9fdp openvswitch2.16-2.16.0-72.el8fdp openvswitch2.16-2.16.0-56.el9fdp openvswitch2.17-2.17.0-13.el8fdp | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-02-09 00:27:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: openvswitch2.15 security, bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:0687 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |
Assuming the following setup: Bridge br-int datapath_type: netdev Port vmPort tag: 7 Interface vmPort Port gre0 Interface gre0 type: gre Bridge br-ex datapath_type: netdev Port br-ex tag: 2020 Interface br-ex Port phyPort Interface phyPort Both bridges with action NORMAL. IP of br-ex is in the subnet of the remote ip of gre0 so encapsulated packet is routed to the br-ex. Packet received on vmPort. Expected result: 1. Packet enters br-int. 2. vlan 7 pushed to the packet. 3. Packet sent to the gre0 port. 4. GRE header pushed to the packet. 5. Packet routed to br-ex. 6. vlan 2020 pushed to the packet (outer header) 7. Packet [VLAN 2020 | GRE | VLAN 7 | <origingal packet> ] sent to the phyPort. Actual result: Packet is dropped by OVS after the step 5: bridge("br-ex") --------------- 0. priority 0 NORMAL >>>> dropping VLAN 7 tagged packet received on port br-ex configured as VLAN 2020 access port <<<< >> disallowed VLAN VID for this input port, dropping --- The same configuration is working as expected with the kernel datapath, but doesn't with the userspace one. It seems like OVS doesn't clear the vlan metadata after encapsulation while processing output to the native tunnel, so it thinks that the packet is still in vlan 7.