Bug 2223907 - All traffic duplicates to tap-interfaces on the same provider network without port security enabled on the same compute node.
Summary: All traffic duplicates to tap-interfaces on the same provider network without...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-networking-ovn
Version: 16.1 (Train)
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
: ---
Assignee: OSP Team
QA Contact: Eran Kuris
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-07-19 08:52 UTC by Alexey
Modified: 2023-07-24 14:57 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-07-24 14:57:13 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
All information can be seen here (45.77 KB, text/plain)
2023-07-19 08:52 UTC, Alexey
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-26725 0 None None None 2023-07-19 08:53:47 UTC

Description Alexey 2023-07-19 08:52:05 UTC
Created attachment 1976470 [details]
All information can be seen here

Description of problem:
It happens only with virtual machines in the same provider network without any security groups on their ports on the same compute node. Packets are not sending to virtual machines in this network on another compute nodes, but for such network in ovn-trace you can see that this packets must go to another compute into ports of the same network to, but it wasn't happening. (I didn't save output of trace, take my word for it.)

It independent by compute node or provider network. It might different provider network without port security enabled and different compute node. The main it happens as I wrote above when VMs in the same compute node and in the same network.

Version-Release number of selected component (if applicable):
OVN-2.13-20.06.1
Neutron v15.1.1-0.20200611111910

How reproducible:
You need create several VMs on the same compute node and the same provider network. On ports of VMs disable port security.


Additional info:
In the attached file I have tried to show all the points related to this problem.

Comment 1 Alexey 2023-07-20 07:10:23 UTC
I recon it happens because of all version till OVN v21.03.0 unable to have special flows for learning mac and don't work with fdb table. I assume this commit fix this issue - https://github.com/ovn-org/ovn/commit/dd94f1266ca4f3c750bc59c474ea342ef3ff9983


Note You need to log in before you can comment on or make changes to this bug.