On Tue, Mar 20, 2018 at 12:51 AM, Numan Siddique <[email protected]> wrote: > > > > On Tue, Mar 20, 2018 at 4:33 AM, Han Zhou <[email protected]> wrote: >> >> >> >> On Mon, Mar 19, 2018 at 12:52 PM, <[email protected]> wrote: >> > >> > From: Numan Siddique <[email protected]> >> > >> > ovn-controller is not considering Port_Binding option "requested-chassis" >> > when adding flows in table 0 and table 65. This patch adds this check. >> >> Hi Numan, >> >> The check looks good, but sorry that I didn't understand the problem. E.g. there are 2 host A and B, and lsp1 is set as iface-id on both hosts. When requested-chassis for lsp1 is A, then in SB DB the port-binding should be on A. Then in physical.c when processing the port binding for lsp1, it should always point to host A. So how could the VIF on B be reachable? Could you help explain a little bit? >> > > Sorry. I should have updated the commit message with more details. So I sent out a v2 with the updated commit message - https://patchwork.ozlabs.org/patch/888106/ > In this case what is happening is that ovn-controller on A is updating the lsp1's Port_Binding.chassis to A which is as expected and it also considers lsp1 is residing on it. But ovn-controller running on B is also adding the OF flows in table 0 and table 65 for lsp1's vif interface instead of considering lsp1 as a remote port. This is because the simap "localvif_to_ofport" will have an entry for lsp1 and the code here never gets hit - https://github.com/openvswitch/ovs/blob/master/ovn/controller/physical.c#L480 and instead this gets hit - https://github.com/openvswitch/ovs/blob/master/ovn/controller/physical.c#L507 . > > You could run the updated test in this patch without the fix and can see the failures. > > I see. So the wrong VIF is reachable ONLY from the local HV when this happens, but from other HVs the correct VIF will be reached. I thought it as some security problem if requested-chassis didn't work, but it turns out to be more of a correctness problem rather than security :) Thanks for the explain!
Acked-by: Han Zhou <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
