[ovs-dev] OVN: do not mark ND packets for conntrack in PRE_LB stage

Message ID 8e8a65d47cd0d21118c455fd7636aba2fbec2429.1527778914.git.lorenzo.bianconi@redhat.com
State Superseded
Headers show
Series
  • [ovs-dev] OVN: do not mark ND packets for conntrack in PRE_LB stage
Related show

Commit Message

Lorenzo Bianconi May 31, 2018, 3:05 p.m.
Do not send Neighbor Discovery packets to conntrack module if
load balancing rules have been added to NB db since otherwise
Neighbor Advertisement frames will be discarded by OVN.
In order to reproduce the issue it is enough to add 2 logical ports
to a single logical switch, assign an IPv6 address to each VIF, and
define a load balance rule on the logical switch. After a while the
ping6 from VIF1 to VIF2 will stop since the vm will not receive any NA
packet

Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
 ovn/northd/ovn-northd.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Guru Shetty May 31, 2018, 3:38 p.m. | #1
On 31 May 2018 at 08:05, Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
wrote:

> Do not send Neighbor Discovery packets to conntrack module if
> load balancing rules have been added to NB db since otherwise
> Neighbor Advertisement frames will be discarded by OVN.
> In order to reproduce the issue it is enough to add 2 logical ports
> to a single logical switch, assign an IPv6 address to each VIF, and
> define a load balance rule on the logical switch. After a while the
> ping6 from VIF1 to VIF2 will stop since the vm will not receive any NA
> packet
>
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
> ---
>  ovn/northd/ovn-northd.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
> index 0e06776ad..aa9298d3b 100644
> --- a/ovn/northd/ovn-northd.c
> +++ b/ovn/northd/ovn-northd.c
> @@ -2977,6 +2977,12 @@ ls_has_dns_records(const struct
> nbrec_logical_switch *nbs)
>  static void
>  build_pre_lb(struct ovn_datapath *od, struct hmap *lflows)
>  {
> +    /* Do not send ND packets to conntrack */
> +    ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110,
> +                  "nd || nd_rs || nd_ra", "next;");
> +    ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 110,
> +                  "nd || nd_rs || nd_ra", "next;");
> +
>      /* Allow all packets to go to next tables by default. */
>      ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 0, "1", "next;");
>      ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 0, "1", "next;");
>

You will need to document this change in 'man ovn-northd' in the section
'LOGICAL FLOW TABLE STRUCTURE'.



> --
> 2.14.3
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>

Patch

diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 0e06776ad..aa9298d3b 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -2977,6 +2977,12 @@  ls_has_dns_records(const struct nbrec_logical_switch *nbs)
 static void
 build_pre_lb(struct ovn_datapath *od, struct hmap *lflows)
 {
+    /* Do not send ND packets to conntrack */
+    ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110,
+                  "nd || nd_rs || nd_ra", "next;");
+    ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 110,
+                  "nd || nd_rs || nd_ra", "next;");
+
     /* Allow all packets to go to next tables by default. */
     ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 0, "1", "next;");
     ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 0, "1", "next;");