Bug 2179942 - Add FDB aging mechanism.
Summary: Add FDB aging mechanism.
Keywords:
Status: MODIFIED
Alias: None
Product: Red Hat Enterprise Linux Fast Datapath
Classification: Red Hat
Component: ovn23.09
Version: FDP 23.A
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
: ---
Assignee: Ales Musil
QA Contact: Jianlin Shi
URL:
Whiteboard:
: 2224401 (view as bug list)
Depends On:
Blocks: 2224492
TreeView+ depends on / blocked
 
Reported: 2023-03-20 12:45 UTC by Dumitru Ceara
Modified: 2023-08-15 16:58 UTC (History)
10 users (show)

Fixed In Version: ovn23.09-23.09.0-alpha.89.el9fdp
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FD-2753 0 None None None 2023-03-20 12:46:29 UTC

Internal Links: 2173575

Description Dumitru Ceara 2023-03-20 12:45:23 UTC 
Description of problem:

OVN supports FDB learning on localnet ports since https://github.com/ovn-org/ovn/commit/93514df0d4c8fe7986dc5f287d7011f420d1be6d

If this is enabled it may lead to an unbounded ("very large" to be more precise) number of FDB entries to be learnt on the localnet port (usually connected to an external network).

We probably need a mechanism in place to protect OVN against that.  A potential idea is to implement FDB aging (similar to MAC binding - ARP - aging that's available since https://github.com/ovn-org/ovn/commit/1a947dd3073628d2f2655f46ee7d3db62ed15b55).
Comment 1 Bernard Cafarelli 2023-03-20 13:15:34 UTC 
For reference, bug for MAC_Binding entries aging: https://bugzilla.redhat.com/show_bug.cgi?id=2084668
Comment 2 Ales Musil 2023-05-18 11:34:45 UTC 
Patches posted u/s: https://patchwork.ozlabs.org/project/ovn/list/?series=355569
Comment 9 OVN Bot 2023-07-20 17:02:55 UTC 
ovn23.09 fast-datapath-rhel-9 clone created at https://bugzilla.redhat.com/show_bug.cgi?id=2224401
Comment 10 Mark Michelson 2023-08-15 16:58:02 UTC 
*** Bug 2224401 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.