Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2232221,
    "url": "http://patchwork.ozlabs.org/api/patches/2232221/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/ovn/patch/20260504000641.86477-1-enginrect@gmail.com/",
    "project": {
        "id": 68,
        "url": "http://patchwork.ozlabs.org/api/projects/68/?format=api",
        "name": "Open Virtual Network development",
        "link_name": "ovn",
        "list_id": "ovs-dev.openvswitch.org",
        "list_email": "ovs-dev@openvswitch.org",
        "web_url": "http://openvswitch.org/",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260504000641.86477-1-enginrect@gmail.com>",
    "list_archive_url": null,
    "date": "2026-05-04T00:06:41",
    "name": "[ovs-dev] northd: Generate HM reply punt lflow for type=external backends.",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "25383ead479d3e529f398f23eca7218283636b64",
    "submitter": {
        "id": 93318,
        "url": "http://patchwork.ozlabs.org/api/people/93318/?format=api",
        "name": "JayGue Lee",
        "email": "enginrect@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/ovn/patch/20260504000641.86477-1-enginrect@gmail.com/mbox/",
    "series": [
        {
            "id": 502597,
            "url": "http://patchwork.ozlabs.org/api/series/502597/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/ovn/list/?series=502597",
            "date": "2026-05-04T00:06:41",
            "name": "[ovs-dev] northd: Generate HM reply punt lflow for type=external backends.",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/502597/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2232221/comments/",
    "check": "fail",
    "checks": "http://patchwork.ozlabs.org/api/patches/2232221/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<ovs-dev-bounces@openvswitch.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "ovs-dev@openvswitch.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@legolas.ozlabs.org",
            "ovs-dev@lists.linuxfoundation.org"
        ],
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=nr09122G;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)",
            "smtp3.osuosl.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key,\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=nr09122G",
            "smtp1.osuosl.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com",
            "smtp1.osuosl.org;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.a=rsa-sha256 header.s=20251104 header.b=nr09122G"
        ],
        "Received": [
            "from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g824r06Jgz1yJ0\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 04 May 2026 10:06:51 +1000 (AEST)",
            "from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 51012612B8;\n\tMon,  4 May 2026 00:06:50 +0000 (UTC)",
            "from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id OpAtOy1yPVvg; Mon,  4 May 2026 00:06:48 +0000 (UTC)",
            "from lists.linuxfoundation.org (lf-lists.osuosl.org\n [IPv6:2605:bc80:3010:104::8cd3:938])\n\tby smtp3.osuosl.org (Postfix) with ESMTPS id DDA77612B3;\n\tMon,  4 May 2026 00:06:47 +0000 (UTC)",
            "from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id B2973C04EA;\n\tMon,  4 May 2026 00:06:47 +0000 (UTC)",
            "from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n by lists.linuxfoundation.org (Postfix) with ESMTP id 0B6A6C04E9\n for <ovs-dev@openvswitch.org>; Mon,  4 May 2026 00:06:46 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n by smtp1.osuosl.org (Postfix) with ESMTP id EB46784317\n for <ovs-dev@openvswitch.org>; Mon,  4 May 2026 00:06:45 +0000 (UTC)",
            "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id VvERCYhsfPva for <ovs-dev@openvswitch.org>;\n Mon,  4 May 2026 00:06:45 +0000 (UTC)",
            "from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com\n [IPv6:2607:f8b0:4864:20::1034])\n by smtp1.osuosl.org (Postfix) with ESMTPS id 1A80184313\n for <ovs-dev@openvswitch.org>; Mon,  4 May 2026 00:06:44 +0000 (UTC)",
            "by mail-pj1-x1034.google.com with SMTP id\n 98e67ed59e1d1-35fb262f92cso804810a91.2\n for <ovs-dev@openvswitch.org>; Sun, 03 May 2026 17:06:44 -0700 (PDT)",
            "from localhost ([1.234.165.150]) by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2b9cae366c7sm84954355ad.55.2026.05.03.17.06.42\n for <ovs-dev@openvswitch.org>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Sun, 03 May 2026 17:06:43 -0700 (PDT)"
        ],
        "X-Virus-Scanned": [
            "amavis at osuosl.org",
            "amavis at osuosl.org"
        ],
        "X-Comment": "SPF check N/A for local connections -\n client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN> ",
        "DKIM-Filter": [
            "OpenDKIM Filter v2.11.0 smtp3.osuosl.org DDA77612B3",
            "OpenDKIM Filter v2.11.0 smtp1.osuosl.org 1A80184313"
        ],
        "Received-SPF": "Pass (mailfrom) identity=mailfrom;\n client-ip=2607:f8b0:4864:20::1034; helo=mail-pj1-x1034.google.com;\n envelope-from=enginrect@gmail.com; receiver=<UNKNOWN>",
        "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp1.osuosl.org 1A80184313",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1777853204; x=1778458004; darn=openvswitch.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:from:to:cc:subject:date:message-id:reply-to;\n bh=QQ301uRC055cMBKhWKAQ05L/Qn/It6pTlIRWcy7sKVc=;\n b=nr09122GJh7aKZO/51SfyezgeInuYirXSuyERCwgx+y+yrjTNsjZpjJhcJerlynaYX\n XSXnq5/QFuivCMboeLHbNQDTuzfCHOI6Rtxdk6OS52ETKh8IFQV/RaYh+T1RUOeo7POu\n p5CSTmiGc31kTk1qxuegiTxf987h41YjZUCuDxsW126ogrXJdBAMXInWQV/9NHEL8gom\n I4ihHjToN8Luv3Jo9PwklhO4hNF1r7cF9Wkr5r22m92/BT0GQZoaq79ocGYl2/WhMP1b\n ps2mNHPm19x0pw0INUA26n73SCBFcIBxSmr+JjGHjo3kzKd+EDjVG5EpswcwdSqg/AXW\n gpUg==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777853204; x=1778458004;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=QQ301uRC055cMBKhWKAQ05L/Qn/It6pTlIRWcy7sKVc=;\n b=IgdDz4H1CIaJxngo+9XdDgaWaGnqT78w40YSaZM1gs9HoDUCZNQReMpl5oJ6oirugk\n tV36dqO7hylZz+gccSCQGeSS3XVnc+j0nGB+F7vFOcJHklj0almQXi1E6DfVHZ0aBVgP\n nqv33XoL2d/K6KytI7i4O3G2AsD+kewOCua2+C7LUtIxphiFNDLoYZ3fVMP7m04KU4cG\n fCMXbtZYnF/EWqUTGccd+OT+TCeZGO88e4vHyrhJczMYAnJ9GSXlDch6myxxegveZBbF\n f0KFbLLVhVz+9D+X6e4wuoEhbCE7HAPKDoNgC4f1cSgX8JdZUWi6/1tFKyulqwnd2P26\n hUFw==",
        "X-Gm-Message-State": "AOJu0Yx0ekVMAGL2G3JwTV+IxRDldSiGasYDmOopFeYmNqrPm4/TaUJT\n tuCCjIucrX79YVYidcvN31xerhfQaWhzikpE9BT24MZFejIFQAFhGmd0rEnNkQ==",
        "X-Gm-Gg": "AeBDieuqGvDlOfRF3+J1AD9IeTfmzO+/W6W2TSBeyGuCrzS4pVNW99jVQxgOyBxStz8\n 2gDPXYdMIHdmtndtFZDLSf/6epWq8RU79c7ATB70iiVIE6lzhcJORFBZ/3Vl0lDi1myG+TNzp2s\n VE+Le92A+gryKnMB+rhwwjwrYbbbTFCiKh42vy+Sp1mh17sarAoIH9ahsJec8VEMH6YWnc+Mo7l\n leF1KCIuvhUHn4IDbTJkSMRS+AkCM7RaZ4spaRetO4sUs39OPJyCS04U209ep1LTpxX948JlpEe\n MUJ2IRyu1NEgy/+IVGWvTsDUQDV+EWx/4iPrP4qDih5bpyrzuNrYni6JCMawHJbxj++Uq5sBW1C\n 5az82j23tqK60YsLJxsRjhJXyMrgtEXKDijV12bQbMlqaGKj83w0Ui0a3ng5M3DQe2DnYneporE\n +4cCGAtvrFTtyYQTtvXyugN9Ht7QeaHxI8y/Nd19xGLCBD",
        "X-Received": "by 2002:a17:902:e784:b0:2b0:4c89:7b3b with SMTP id\n d9443c01a7336-2b9f25ebf53mr33170555ad.4.1777853203649;\n Sun, 03 May 2026 17:06:43 -0700 (PDT)",
        "From": "JayGue Lee <enginrect@gmail.com>",
        "To": "ovs-dev@openvswitch.org",
        "Date": "Mon,  4 May 2026 09:06:41 +0900",
        "Message-ID": "<20260504000641.86477-1-enginrect@gmail.com>",
        "X-Mailer": "git-send-email 2.49.0",
        "MIME-Version": "1.0",
        "Subject": "[ovs-dev] [PATCH ovn] northd: Generate HM reply punt lflow for\n type=external backends.",
        "X-BeenThere": "ovs-dev@openvswitch.org",
        "X-Mailman-Version": "2.1.30",
        "Precedence": "list",
        "List-Id": "<ovs-dev.openvswitch.org>",
        "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>",
        "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>",
        "List-Post": "<mailto:ovs-dev@openvswitch.org>",
        "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>",
        "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "ovs-dev-bounces@openvswitch.org",
        "Sender": "\"dev\" <ovs-dev-bounces@openvswitch.org>"
    },
    "content": "build_lb_health_check_response_lflows() builds a per-backend\nservice_monitor reply punt lflow with the match:\n\n    inport == \"<backend_lsp>\" && ip4.dst == <svc_mon_src_ip> &&\n    ip4.src == <backend_ip>   && eth.dst == <svc_mon_lrp_mac> &&\n    tcp.src == <backend_port>\n\nWhen the backend's LSP is type=external on a Logical_Switch that has\na localnet port (the typical configuration produced by Neutron /\novn-octavia-provider for baremetal pool members on a provider VLAN),\nthe response packet re-enters br-int through the localnet LSP, so\nMFF_LOG_INPORT at S_SWITCH_IN_L2_LKUP is set to the localnet LSP's\ntunnel_key, not the backend LSP's.  The existing inport == \"...\"\nclause therefore never matches, the response is never punted to\novn-controller via ACTION_OPCODE_HANDLE_SVC_CHECK, and the\nService_Monitor.status of those backends stays \"offline\"\nindefinitely -- even though the backend physically replies on the\nwire.\n\nFix this by emitting an additional reply punt lflow on every\npeer_switch_od that has a localnet port AND a type=external backend\nLSP.  The new lflow drops the inport == \"...\" constraint, replaces\nit with eth.src == <backend_mac>, and uses\n\n    outport = \"<backend_lsp>\";\n    handle_svc_check(outport);\n    outport = \"\";\n\nso MFF_LOG_INPORT is loaded with the backend LSP's tunnel_key for\nthe controller dispatch (handle_svc_check(outport) borrows reg15\ninto reg14 via push/pop), and outport is then cleared to prevent\nthe cleared MFF_LOG_OUTPORT from leaking into egress and reflecting\nthe reply back to the backend.\n\nThe patch does not introduce or change any OVN action, so\nOVN_INTERNAL_MINOR_VER is not bumped.\n\nSigned-off-by: JayGue Lee <enginrect@gmail.com>\n---\n NEWS                |  7 ++++\n northd/northd.c     | 73 ++++++++++++++++++++++++++++++++++++++\n tests/ovn-northd.at | 86 +++++++++++++++++++++++++++++++++++++++++++++\n 3 files changed, 166 insertions(+)",
    "diff": "diff --git a/NEWS b/NEWS\nindex 8633ba8..b2a956c 100644\n--- a/NEWS\n+++ b/NEWS\n@@ -3,6 +3,13 @@ Post v26.03.0\n    - Dynamic Routing:\n      * Add support for hub-and-spoke propagation via the \"hub-spoke\" option\n        in dynamic-routing-redistribute settings.\n+   - Fixed Load_Balancer health checks for backends referenced via a\n+     Logical_Switch_Port whose type is \"external\" on a Logical_Switch that\n+     also has a localnet port (typical Neutron / ovn-octavia-provider\n+     baremetal pool member configuration).  Previously such backends\n+     remained permanently offline in Service_Monitor.status because the\n+     per-backend reply punt lflow's \"inport == <backend_lsp>\" match did\n+     not fit traffic that re-enters br-int through the localnet port.\n \n OVN v26.03.0 - xxx xx xxxx\n --------------------------\ndiff --git a/northd/northd.c b/northd/northd.c\nindex 0b52db6..11596a0 100644\n--- a/northd/northd.c\n+++ b/northd/northd.c\n@@ -8962,6 +8962,79 @@ build_lb_health_check_response_lflows(\n             ovn_lflow_add(lflows, peer_switch_od, S_SWITCH_IN_L2_LKUP, 110,\n                           ds_cstr(match), \"handle_svc_check(inport);\",\n                           lb_dps->lflow_ref, WITH_CTRL_METER(meter));\n+\n+            /* The lflow above only matches replies whose ingress logical\n+             * inport is the backend LSP itself.  This holds for backends\n+             * behind tunnels or local OVS ports.  For backends whose LSP\n+             * is type=external on a Logical_Switch that has a localnet\n+             * port (typical for Neutron / ovn-octavia-provider baremetal\n+             * pool members on a provider VLAN), the reply re-enters\n+             * br-int through the localnet port; MFF_LOG_INPORT therefore\n+             * holds the localnet LSP's tunnel_key and the lflow above\n+             * never matches.  pinctrl_handle_svc_check() then fails its\n+             * (dp_key, port_key) lookup and Service_Monitor.status stays\n+             * 'offline' indefinitely, even though the backend is fully\n+             * reachable on the wire.\n+             *\n+             * Emit an additional reply punt lflow that:\n+             *  - identifies the backend by eth.src instead of inport,\n+             *  - loads the backend LSP's tunnel_key into MFF_LOG_INPORT\n+             *    via 'outport = \"<lsp>\"; handle_svc_check(outport);'\n+             *    (the latter borrows MFF_LOG_OUTPORT's value into\n+             *    MFF_LOG_INPORT for the controller dispatch),\n+             *  - resets outport to \"\" so the cleared MFF_LOG_OUTPORT\n+             *    does not leak into egress and reflect the reply back\n+             *    to the backend.\n+             */\n+            if (vector_is_empty(&peer_switch_od->localnet_ports)) {\n+                continue;\n+            }\n+            struct ovn_port *backend_op = ovn_port_find(\n+                &peer_switch_od->ports, backend_nb->logical_port);\n+            if (!backend_op || !backend_op->nbsp || !backend_op->nbsp->type\n+                || strcmp(backend_op->nbsp->type, \"external\")\n+                || !backend_op->n_lsp_addrs) {\n+                continue;\n+            }\n+\n+            ds_clear(match);\n+            ds_clear(action);\n+\n+            const char *bm_mac = backend_op->lsp_addrs[0].ea_s;\n+            if (addr_is_ipv6(backend_nb->svc_mon_src_ip)) {\n+                ds_put_format(match, \"eth.src == %s && ip6.dst == %s && \"\n+                              \"ip6.src == %s && eth.dst == %s && \",\n+                              bm_mac,\n+                              backend_nb->svc_mon_src_ip,\n+                              backend->ip_str,\n+                              backend_nb->svc_mon_lrp->lrp_networks.ea_s);\n+                if (!strcmp(protocol, \"tcp\")) {\n+                    ds_put_format(match, \"tcp.src == %s\",\n+                                  backend->port_str);\n+                } else {\n+                    ds_put_cstr(match, \"icmp6.type == 1\");\n+                }\n+            } else {\n+                ds_put_format(match, \"eth.src == %s && ip4.dst == %s && \"\n+                              \"ip4.src == %s && eth.dst == %s && \",\n+                              bm_mac,\n+                              backend_nb->svc_mon_src_ip,\n+                              backend->ip_str,\n+                              backend_nb->svc_mon_lrp->lrp_networks.ea_s);\n+                if (!strcmp(protocol, \"tcp\")) {\n+                    ds_put_format(match, \"tcp.src == %s\",\n+                                  backend->port_str);\n+                } else {\n+                    ds_put_cstr(match, \"icmp4.type == 3\");\n+                }\n+            }\n+            ds_put_format(action,\n+                          \"outport = \\\"%s\\\"; handle_svc_check(outport); \"\n+                          \"outport = \\\"\\\";\",\n+                          backend_nb->logical_port);\n+            ovn_lflow_add(lflows, peer_switch_od, S_SWITCH_IN_L2_LKUP, 110,\n+                          ds_cstr(match), ds_cstr(action),\n+                          lb_dps->lflow_ref, WITH_CTRL_METER(meter));\n         }\n     }\n }\ndiff --git a/tests/ovn-northd.at b/tests/ovn-northd.at\nindex 1d7bd6c..c95ce39 100644\n--- a/tests/ovn-northd.at\n+++ b/tests/ovn-northd.at\n@@ -20672,3 +20672,89 @@ check_column \"$global_svc_mon_mac\" sb:Service_Monitor src_mac port=2\n OVN_CLEANUP_NORTHD\n AT_CLEANUP\n ])\n+\n+OVN_FOR_EACH_NORTHD_NO_HV_PARALLELIZATION([\n+AT_SETUP([Load balancer health checks - external LSP backend on localnet LS])\n+ovn_start\n+\n+dnl Topology:\n+dnl   lr0  --  ls-tenant (vm-port: type=\"\", 10.0.0.10)\n+dnl     \\---  ls-prov   (bm-port: type=external, 192.168.0.10\n+dnl                       MAC 02:bb:bb:00:00:01;\n+dnl                      provnet-physnet1: type=localnet)\n+dnl\n+dnl LB lb0 attached to lr0:\n+dnl   vip 10.10.10.10:80 -> 10.0.0.10:80,192.168.0.10:80 (tcp)\n+dnl   ip_port_mappings: 10.0.0.10  = vm-port:10.0.0.1\n+dnl                     192.168.0.10 = bm-port:192.168.0.1\n+dnl\n+dnl Expectation:\n+dnl   1) On ls-tenant the existing per-backend reply lflow is emitted\n+dnl      with `inport == \"vm-port\"`.\n+dnl   2) On ls-prov  the existing per-backend reply lflow is emitted\n+dnl      with `inport == \"bm-port\"` AND, additionally, the new lflow\n+dnl      added by this commit is emitted with `eth.src == <bm-mac>`\n+dnl      and action `outport = \"bm-port\"; handle_svc_check(outport);\n+dnl      outport = \"\";`.\n+\n+check ovn-nbctl                                                 \\\n+    -- lr-add lr0                                               \\\n+      -- lrp-add lr0 lr0-tenant 02:00:00:00:01:01 10.0.0.1/24   \\\n+      -- lrp-add lr0 lr0-prov   02:00:00:00:02:01 192.168.0.1/24\n+\n+check ovn-nbctl                                                 \\\n+    -- ls-add ls-tenant                                         \\\n+      -- lsp-add ls-tenant ls-tenant-lr0                        \\\n+      -- lsp-set-type      ls-tenant-lr0 router                 \\\n+      -- lsp-set-options   ls-tenant-lr0 router-port=lr0-tenant \\\n+      -- lsp-set-addresses ls-tenant-lr0 router                 \\\n+      -- lsp-add ls-tenant vm-port                              \\\n+      -- lsp-set-addresses vm-port \"02:aa:aa:00:00:01 10.0.0.10\"\n+\n+check ovn-nbctl                                                 \\\n+    -- ls-add ls-prov                                           \\\n+      -- lsp-add ls-prov ls-prov-lr0                            \\\n+      -- lsp-set-type      ls-prov-lr0 router                   \\\n+      -- lsp-set-options   ls-prov-lr0 router-port=lr0-prov     \\\n+      -- lsp-set-addresses ls-prov-lr0 router                   \\\n+      -- lsp-add ls-prov bm-port                                \\\n+      -- lsp-set-type      bm-port external                     \\\n+      -- lsp-set-addresses bm-port \"02:bb:bb:00:00:01 192.168.0.10\" \\\n+      -- lsp-add ls-prov provnet-physnet1                       \\\n+      -- lsp-set-type      provnet-physnet1 localnet            \\\n+      -- lsp-set-addresses provnet-physnet1 unknown             \\\n+      -- lsp-set-options   provnet-physnet1 network_name=physnet1\n+\n+check ovn-nbctl --wait=sb lb-add lb0 \\\n+    10.10.10.10:80 10.0.0.10:80,192.168.0.10:80 tcp\n+lb0=$(fetch_column nb:Load_Balancer _uuid name=lb0)\n+check ovn-nbctl                                                          \\\n+    -- set load_balancer $lb0 ip_port_mappings:10.0.0.10=vm-port:10.0.0.1 \\\n+    -- set load_balancer $lb0 ip_port_mappings:192.168.0.10=bm-port:192.168.0.1\n+\n+check_uuid ovn-nbctl --id=@hc create Load_Balancer_Health_Check    \\\n+    vip=\"10.10.10.10\\:80\" -- add Load_Balancer $lb0 health_check @hc\n+check ovn-nbctl --wait=sb lr-lb-add lr0 lb0\n+\n+dnl Existing per-backend reply lflow on the tenant (VM) datapath.\n+AT_CHECK([ovn-sbctl lflow-list ls-tenant | grep handle_svc_check | ovn_strip_lflows], [0], [dnl\n+  table=??(ls_in_l2_lkup      ), priority=110  , match=(eth.dst == $svc_monitor_mac && (tcp || icmp || icmp6)), action=(handle_svc_check(inport);)\n+  table=??(ls_in_l2_lkup      ), priority=110  , match=(inport == \"vm-port\" && ip4.dst == 10.0.0.1 && ip4.src == 10.0.0.10 && eth.dst == 02:00:00:00:01:01 && tcp.src == 80), action=(handle_svc_check(inport);)\n+])\n+\n+dnl On the provider datapath, BOTH the existing per-backend reply lflow\n+dnl AND the new external-LSP reply lflow added by this commit must be\n+dnl present.  The new lflow uses eth.src to identify the backend (so it\n+dnl matches replies that re-enter via the localnet port) and forces\n+dnl MFF_LOG_INPORT to the backend LSP's tunnel_key by going through\n+dnl outport, then resets outport to \"\" to avoid reflecting the reply\n+dnl back to the backend.\n+AT_CHECK([ovn-sbctl lflow-list ls-prov | grep handle_svc_check | ovn_strip_lflows], [0], [dnl\n+  table=??(ls_in_l2_lkup      ), priority=110  , match=(eth.dst == $svc_monitor_mac && (tcp || icmp || icmp6)), action=(handle_svc_check(inport);)\n+  table=??(ls_in_l2_lkup      ), priority=110  , match=(eth.src == 02:bb:bb:00:00:01 && ip4.dst == 192.168.0.1 && ip4.src == 192.168.0.10 && eth.dst == 02:00:00:00:02:01 && tcp.src == 80), action=(outport = \"bm-port\"; handle_svc_check(outport); outport = \"\";)\n+  table=??(ls_in_l2_lkup      ), priority=110  , match=(inport == \"bm-port\" && ip4.dst == 192.168.0.1 && ip4.src == 192.168.0.10 && eth.dst == 02:00:00:00:02:01 && tcp.src == 80), action=(handle_svc_check(inport);)\n+])\n+\n+OVN_CLEANUP_NORTHD\n+AT_CLEANUP\n+])\n",
    "prefixes": [
        "ovs-dev"
    ]
}