This is an automatically-generated clone of issue https://bugzilla.redhat.com/show_bug.cgi?id=2062431
Reproduced On: [root@wsfd-advnetlab155 xs]# rpm -qa | grep -E 'ovn|openvswitch' ovn22.12-central-22.12.0-34.el8fdp.x86_64 openvswitch-selinux-extra-policy-1.0-30.el8fdp.noarch ovn22.12-host-22.12.0-34.el8fdp.x86_64 openvswitch2.17-2.17.0-95.el8fdp.x86_64 ovn22.12-22.12.0-34.el8fdp.x86_64 Here is the reproducer: systemctl start ovn-northd ovn-nbctl set-connection ptcp:6641 ovn-sbctl set-connection ptcp:6642 systemctl start openvswitch ovs-vsctl set open . external_ids:system-id=hv1 # IP address configuration to physical interface ifconfig ens1f0 42.42.42.2 netmask 255.0.0.0 ovs-vsctl set open . external_ids:ovn-remote=tcp:42.42.42.2:6642 ovs-vsctl set open . external_ids:ovn-encap-type=geneve ovs-vsctl set open . external_ids:ovn-encap-ip=42.42.42.2 systemctl restart ovn-controller ovn-nbctl lr-add rtr ovn-nbctl lrp-add rtr rtr-ls1 00:00:00:00:01:00 42.42.42.1/24 2001::1/64 ovn-nbctl lrp-add rtr rtr-ls2 00:00:00:00:02:00 77.77.77.1/24 2002::1/64 ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1-rtr ovn-nbctl lsp-set-addresses ls1-rtr 00:00:00:00:01:00 ovn-nbctl lsp-set-type ls1-rtr router ovn-nbctl lsp-set-options ls1-rtr router-port=rtr-ls1 ovn-nbctl ls-add ls2 ovn-nbctl lsp-add ls2 ls2-rtr ovn-nbctl lsp-set-addresses ls2-rtr 00:00:00:00:02:00 ovn-nbctl lsp-set-type ls2-rtr router ovn-nbctl lsp-set-options ls2-rtr router-port=rtr-ls2 ovn-nbctl lsp-add ls1 vm1 ovn-nbctl lsp-set-addresses vm1 "00:00:00:00:01:01 42.42.42.2 2001::2" ovn-nbctl lsp-add ls2 vm2 ovn-nbctl lsp-set-addresses vm2 "00:00:00:00:02:01 77.77.77.2 2002::2" ovn-nbctl lsp-add ls2 vm3 ovn-nbctl lsp-set-addresses vm3 "00:00:00:00:03:01 77.77.77.3 2002::3" ip netns add vm1 ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal ip link set vm1 netns vm1 ip netns exec vm1 ip link set vm1 address 00:00:00:00:01:01 ip netns exec vm1 ip addr add 42.42.42.2/24 dev vm1 ip netns exec vm1 ip -6 addr add 2001::2/64 dev vm1 ip netns exec vm1 ip link set vm1 up ip netns exec vm1 ip route add default via 42.42.42.1 ip netns exec vm1 ip -6 route add default via 2001::1 ovs-vsctl set Interface vm1 external_ids:iface-id=vm1 ip netns add vm2 ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal ip link set vm2 netns vm2 ip netns exec vm2 ip link set vm2 address 00:00:00:00:02:01 ip netns exec vm2 ip addr add 77.77.77.2/24 dev vm2 ip netns exec vm2 ip -6 addr add 2002::2/64 dev vm2 ip netns exec vm2 ip link set vm2 up ip netns exec vm2 ip link set lo up ip netns exec vm2 ip route add default via 77.77.77.1 ip netns exec vm2 ip -6 route add default via 2002::1 ovs-vsctl set Interface vm2 external_ids:iface-id=vm2 ip netns add vm3 ovs-vsctl add-port br-int vm3 -- set interface vm3 type=internal ip link set vm3 netns vm3 ip netns exec vm3 ip link set vm3 address 00:00:00:00:03:01 ip netns exec vm3 ip addr add 77.77.77.3/24 dev vm3 ip netns exec vm3 ip -6 addr add 2002::3/64 dev vm3 ip netns exec vm3 ip link set vm3 up ip netns exec vm3 ip link set lo up ip netns exec vm3 ip route add default via 77.77.77.1 ip netns exec vm3 ip -6 route add default via 2002::1 ovs-vsctl set Interface vm3 external_ids:iface-id=vm3 ovn-nbctl lb-add lb1 30.0.0.1:80 77.77.77.2:80 udp ovn-nbctl lb-add lb2 20.0.0.1:80 42.42.42.2:80 udp ovn-nbctl lb-add lb1 30.0.0.1 77.77.77.2 ovn-nbctl lb-add lb2 77.77.77.100 42.42.42.3 ovn-nbctl ls-lb-add ls1 lb1 ovn-nbctl ls-lb-add ls2 lb2 ovn-nbctl acl-add ls1 from-lport 1001 "ip" allow ovn-nbctl acl-add ls1 to-lport 1002 "ip" allow ovn-nbctl acl-add ls2 from-lport 1003 "ip" allow ovn-nbctl acl-add ls2 to-lport 1004 "ip" allow ovn-nbctl --wait=hv sync ip netns exec vm1 ping 30.0.0.1 -c 10000 > icmp.txt & zone_id=$(ovn-appctl -t ovn-controller ct-zone-list | grep vm1 | cut -d ' ' -f2) while : ; do ovs-appctl dpctl/dump-flows | grep "commit,zone=$zone_id" n=$(ovs-appctl dpctl/dump-flows | grep "commit,zone=$zone_id" | wc -l) echo "$n commit flows" [[ $n < 1 ]] || break done ########### non Fixed OUTPUT: (commit twice (or zero) to conntrack) 0 commit flows 0 commit flows 0 commit flows recirc_id(0x4),in_port(2),ct_state(+new-est-rel-rpl-inv+trk),ct_mark(0x2/0x3),eth(src=00:00:00:00:01:01,dst=00:00:00:00:01:00),eth_type(0x0800),ipv4(src=42.42.42.2,dst=77.77.77.2,proto=1,ttl=64,frag=no), packets:0, bytes:0, used:never, actions:ct(commit,zone=2,mark=0/0x1,nat(src)),set(eth(src=00:00:00:00:02:00,dst=00:00:00:00:02:01)),set(ipv4(ttl=63)),ct(zone=1,nat),recirc(0x5) recirc_id(0x3),dp_hash(0x7/0xf),in_port(2),eth(),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:ct(commit,zone=2,mark=0x2/0x2,nat(dst=77.77.77.2)),recirc(0x4) 2 commit flows Verified on: [root@wsfd-advnetlab155 xs]# rpm -qa | grep -E 'ovn|openvswitch' ovn22.12-central-22.12.0-51.el8fdp.x86_64 openvswitch-selinux-extra-policy-1.0-30.el8fdp.noarch openvswitch2.17-2.17.0-95.el8fdp.x86_64 ovn22.12-22.12.0-51.el8fdp.x86_64 ovn22.12-host-22.12.0-51.el8fdp.x86_64 ########### Fixed OUTPUT: (commit once to conntrack) 0 commit flows 0 commit flows 0 commit flows recirc_id(0x15),dp_hash(0x7/0xf),in_port(2),eth(),eth_type(0x0800),ipv4(frag=no), packets:0, bytes:0, used:never, actions:ct(commit,zone=3,mark=0x2/0x2,nat(dst=77.77.77.2)),recirc(0x16) 1 commit flows
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn22.12 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:3203