Bug 2102480
| Summary: | VM is unable to ping itself via stateless DNAT on a gateway router | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Fast Datapath | Reporter: | OVN Bot <ovn-bot> |
| Component: | ovn-2021 | Assignee: | lorenzo bianconi <lorenzo.bianconi> |
| Status: | CLOSED UPSTREAM | QA Contact: | Jianlin Shi <jishi> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | FDP 22.E | CC: | ctrautma, jiji, lorenzo.bianconi, mmichels |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovn-2021-21.12.0-81.el9fdp | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-02-10 04:01:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OVN Bot
2022-06-30 04:09:10 UTC
This issue is fixed in ovn-2021-21.12.0-81.el9fdp tested with following script:
systemctl start openvswitch
systemctl start ovn-northd
ovn-nbctl set-connection ptcp:6641
ovn-sbctl set-connection ptcp:6642
ovs-vsctl set open . external_ids:system-id=hv1 external_ids:ovn-remote=tcp:1.1.9.25:6642 external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=1.1.9.25
systemctl restart ovn-controller
ovn-nbctl ls-add ls1
ovn-nbctl lsp-add ls1 vm1 -- lsp-set-addresses vm1 "00:00:00:00:00:05 192.168.100.5"
ovn-nbctl lsp-add ls1 vm2 -- lsp-set-addresses vm2 "00:00:00:00:00:06 192.168.100.6"
ovn-nbctl ls-add ls-pub
ovn-nbctl lsp-add ls-pub ext-router -- lsp-set-addresses ext-router "00:00:00:00:01:02 172.18.1.2"
ovn-nbctl lr-add lr1
ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:00:01 192.168.100.1/24
ovn-nbctl lsp-add ls1 ls1-lr1 \
-- lsp-set-type ls1-lr1 router \
-- lsp-set-addresses ls1-lr1 00:00:00:00:00:01 \
-- lsp-set-options ls1-lr1 router-port=lr1-ls1
ovn-nbctl lrp-add lr1 lr1-ls-pub 00:00:00:00:01:01 172.18.1.1/24
ovn-nbctl lrp-set-gateway-chassis lr1-ls-pub hv1
ovn-nbctl lsp-add ls-pub ls-pub-lr1 \
-- lsp-set-type ls-pub-lr1 router \
-- lsp-set-addresses ls-pub-lr1 00:00:00:00:01:01 \
-- lsp-set-options ls-pub-lr1 router-port=lr1-ls-pub
#ovn-nbctl lr-nat-add lr1 snat 172.18.1.1 192.168.100.0/24
ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.18.2.10 192.168.100.6
ovn-nbctl lr-route-add lr1 0.0.0.0/0 172.18.1.2
ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal external_ids:iface-id=vm1
ip netns add vm1
ip link set vm1 netns vm1
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:05
ip netns exec vm1 ip link set vm1 up
ip netns exec vm1 ip addr add 192.168.100.5/24 dev vm1
ip netns exec vm1 ip route add default via 192.168.100.1
ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal external_ids:iface-id=vm2
ip netns add vm2
ip link set vm2 netns vm2
ip netns exec vm2 ip link set vm2 address 00:00:00:00:00:06
ip netns exec vm2 ip link set vm2 up
ip netns exec vm2 ip addr add 192.168.100.6/24 dev vm2
ip netns exec vm2 ip route add default via 192.168.100.1
ovn-nbctl --wait=hv sync
ip netns exec vm1 ping 172.18.2.10 -c 1
ip netns exec vm2 ping 172.18.2.10 -c 1
nat_uuid=$(ovn-nbctl find nat external_ip=172.18.2.10 | awk '/_uuid/{print $3}')
ovn-nbctl set nat $nat_uuid options:stateless=true
ip netns exec vm1 ping 172.18.2.10 -c 1
ip netns exec vm2 ping 172.18.2.10 -c 1
reproduced on ovn-2021-21.12.0-73.el8:
+ ip netns exec vm1 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
64 bytes from 192.168.100.6: icmp_seq=1 ttl=64 time=0.785 ms
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.785/0.785/0.785/0.000 ms
+ ip netns exec vm2 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
64 bytes from 172.18.2.10: icmp_seq=1 ttl=62 time=0.701 ms
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.701/0.701/0.701/0.000 ms
++ ovn-nbctl find nat external_ip=172.18.2.10
++ awk '/_uuid/{print $3}'
+ nat_uuid=8b197c49-4582-4269-aa5d-3abad567d9ac
+ ovn-nbctl set nat 8b197c49-4582-4269-aa5d-3abad567d9ac options:stateless=true
+ ip netns exec vm1 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
+ ip netns exec vm2 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
<=== ping failed after set stateless=true for nat
Verified on ovn-2021-21.12.0-82.el8:
[root@dell-per730-20 bz2102480]# rpm -qa | grep -E "ovn-2021|openvswitch2.17"
openvswitch2.17-2.17.0-31.el8fdp.x86_64
ovn-2021-21.12.0-82.el8fdp.x86_64
ovn-2021-host-21.12.0-82.el8fdp.x86_64
ovn-2021-central-21.12.0-82.el8fdp.x86_64
+ ip netns exec vm1 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
64 bytes from 192.168.100.6: icmp_seq=1 ttl=64 time=1.13 ms
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.129/1.129/1.129/0.000 ms
+ ip netns exec vm2 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
64 bytes from 172.18.2.10: icmp_seq=1 ttl=62 time=0.885 ms
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.885/0.885/0.885/0.000 ms
++ ovn-nbctl find nat external_ip=172.18.2.10
++ awk '/_uuid/{print $3}'
+ nat_uuid=2f3dd8ee-73f8-4b30-887a-2fd5f152414b
+ ovn-nbctl set nat 2f3dd8ee-73f8-4b30-887a-2fd5f152414b options:stateless=true
+ ip netns exec vm1 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
64 bytes from 192.168.100.6: icmp_seq=1 ttl=64 time=0.044 ms
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms
+ ip netns exec vm2 ping 172.18.2.10 -c 1
PING 172.18.2.10 (172.18.2.10) 56(84) bytes of data.
64 bytes from 172.18.2.10: icmp_seq=1 ttl=62 time=0.035 ms
--- 172.18.2.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.035/0.035/0.035/0.000 ms
<=== ping passed
This product has been discontinued or is no longer tracked in Red Hat Bugzilla. |