Description of problem: --may-exist doesn't work well when used with --stateless Version-Release number of selected component (if applicable): ovn-2021-21.12.0-32.el8 How reproducible: Always Steps to Reproduce: systemctl start openvswitch systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.178.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.178.25 systemctl restart ovn-controller ovn-nbctl lr-add r1 ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 Actual results: + ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 + ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 ovn-nbctl: 172.16.1.10, 192.168.1.10: External ip cannot be shared across stateless and stateful NATs Expected results: pass Additional info: [root@wsfd-advnetlab16 nat_test]# rpm -qa | grep -E "openvswitch2.15|ovn-2021" ovn-2021-21.12.0-32.el8fdp.x86_64 openvswitch2.15-2.15.0-84.el8fdp.x86_64 ovn-2021-host-21.12.0-32.el8fdp.x86_64 ovn-2021-central-21.12.0-32.el8fdp.x86_64 python3-openvswitch2.15-2.15.0-84.el8fdp.x86_64
upstream patch: https://patchwork.ozlabs.org/project/ovn/patch/176d789ffd7c7ecda1350694799c6411f2b27d11.1649697218.git.lorenzo.bianconi@redhat.com/
Verified on ovn22.03-22.03.0-52: [root@dell-per740-12 bz2066551]# rpm -qa | grep -E "openvswitch2.15|ovn22.03" ovn22.03-22.03.0-52.el8fdp.x86_64 ovn22.03-central-22.03.0-52.el8fdp.x86_64 openvswitch2.15-2.15.0-104.el8fdp.x86_64 ovn22.03-host-22.03.0-52.el8fdp.x86_64 + systemctl start openvswitch + systemctl start ovn-northd + ovn-nbctl set-connection ptcp:6641 + ovn-sbctl set-connection ptcp:6642 + ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.39.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.39.25 + systemctl restart ovn-controller + ovn-nbctl lr-add r1 + ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 + ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 [root@dell-per740-12 bz2066551]# ovn-nbctl list nat _uuid : 2007afd9-13d2-4abe-86c2-6a41222e7cac allowed_ext_ips : [] exempted_ext_ips : [] external_ids : {} external_ip : "172.16.1.10" external_mac : [] external_port_range : "" logical_ip : "192.168.1.10" logical_port : [] options : {stateless="true"} type : dnat_and_snat
Verified on ovn-2021-21.12.0-73: [root@dell-per740-12 bz2066551]# rpm -qa | grep ovn ovn-2021-central-21.12.0-73.el8fdp.x86_64 ovn-2021-21.12.0-73.el8fdp.x86_64 ovn-2021-host-21.12.0-73.el8fdp.x86_64 + systemctl start openvswitch + systemctl start ovn-northd + ovn-nbctl set-connection ptcp:6641 + ovn-sbctl set-connection ptcp:6642 + ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.39.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.39.25 + systemctl restart ovn-controller + ovn-nbctl lr-add r1 + ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 + ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 [root@dell-per740-12 bz2066551]# ovn-nbctl list nat _uuid : d3c76547-a63e-4dfe-b347-922688a86eb4 allowed_ext_ips : [] exempted_ext_ips : [] external_ids : {} external_ip : "172.16.1.10" external_mac : [] external_port_range : "" logical_ip : "192.168.1.10" logical_port : [] options : {stateless="true"} type : dnat_and_snat
also verified on ovn22.03-22.03.0-52.el9: + systemctl start openvswitch + systemctl start ovn-northd + ovn-nbctl set-connection ptcp:6641 + ovn-sbctl set-connection ptcp:6642 + ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.39.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.39.25 + systemctl restart ovn-controller + ovn-nbctl lr-add r1 + ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 + ovn-nbctl --stateless --may-exist lr-nat-add r1 dnat_and_snat 172.16.1.10 192.168.1.10 [root@wsfd-advnetlab18 bz2066551]# ovn-nbctl list nat _uuid : d74c7b02-15d0-4469-8e8b-36a2ca68bb06 allowed_ext_ips : [] exempted_ext_ips : [] external_ids : {} external_ip : "172.16.1.10" external_mac : [] external_port_range : "" logical_ip : "192.168.1.10" logical_port : [] options : {stateless="true"} type : dnat_and_snat [root@wsfd-advnetlab18 bz2066551]# rpm -qa | grep -E "openvswitch|ovn" ovn22.03-22.03.0-52.el9fdp.x86_64 openvswitch-selinux-extra-policy-1.0-31.el9fdp.noarch openvswitch2.17-2.17.0-21.el9fdp.x86_64 ovn22.03-central-22.03.0-52.el9fdp.x86_64 ovn22.03-host-22.03.0-52.el9fdp.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:5446