Description of problem: When the logical router has always_learn_from_arp_request="false" option set, it still learns MAC/IP when an instance sends out Neighbor Advertisement using its IPv6 LLA. With plenty of instances in a network connected to the router, it leads to huge growth of mac binding table. Version-Release number of selected component (if applicable): ovn-2021-21.12.0-116.el8fdp.x86_64 How reproducible: Always Steps to Reproduce: 1. Have a router connected to a network 2. Spawn a VM on the network 3. Send NA packet with its LLA address Actual results: mac binding is created Expected results: OVN can calculate LLAs of known ports by its own and avoid creating unnecessary entries Additional info: The entry is created even if the LLA is configured in LSP addresses and port security columns. I used following script to send the NA from within the guest instance. from scapy.all import * # Craft the ND broadcast packet na_packet = Ether(dst="ff:ff:ff:ff:ff:ff")/IPv6(dst="fe80::1")/ICMPv6ND_NA(tgt="fe80::f816:3eff:fe55:a747") # Send the packet sendp(na_packet, iface="eth0")
Fix in u/s: https://patchwork.ozlabs.org/project/ovn/patch/20230530095953.170545-1-amusil@redhat.com/
ovn-2021 fast-datapath-rhel-9 clone created at https://bugzilla.redhat.com/show_bug.cgi?id=2213612
Tested with script in https://bugzilla.redhat.com/show_bug.cgi?id=2213612#c6 reproduced on ovn-2021-21.12.0-103.el8: + sleep 5 + ip netns exec ls1p1 python3 test.py . Sent 1 packets. + ovn-sbctl list mac_binding _uuid : 9278324e-9960-45de-bbaf-2d64c646d13c datapath : ea7777ea-e196-4bd0-9f7c-835468c34545 ip : "fe80::f816:3eff:fe55:a747" logical_port : lr1-ls1 mac : "00:00:00:01:01:02" [root@sweetpig-8 bz2213612]# rpm -qa | grep -E "openvswitch2.17|ovn-2021" ovn-2021-central-21.12.0-103.el8fdp.x86_64 ovn-2021-21.12.0-103.el8fdp.x86_64 ovn-2021-host-21.12.0-103.el8fdp.x86_64 openvswitch2.17-2.17.0-106.el8fdp.x86_64 Verified on ovn-2021-21.12.0-134.el8: + ip netns exec ls2p1 ip -6 route add default via 2002::a + sleep 5 + ip netns exec ls1p1 python3 test.py . Sent 1 packets. + ovn-sbctl list mac_binding [root@sweetpig-8 bz2213612]# rpm -qa | grep -E "openvswitch2.17|ovn-2021" ovn-2021-host-21.12.0-134.el8fdp.x86_64 ovn-2021-central-21.12.0-134.el8fdp.x86_64 openvswitch2.17-2.17.0-106.el8fdp.x86_64 ovn-2021-21.12.0-134.el8fdp.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn-2021 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:3995