Do not send Neighbor Discovery packets to conntrack module if load balancing rules have been added to NB db since otherwise Neighbor Advertisement frames will be discarded by OVN. In order to reproduce the issue it is enough to add 2 logical ports to a single logical switch, assign an IPv6 address to each VIF, and define a load balance rule on the logical switch. After a while the ping6 from VIF1 to VIF2 will stop since the vm will not receive any NA packet
Signed-off-by: Lorenzo Bianconi <[email protected]> --- ovn/northd/ovn-northd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c index 0e06776ad..aa9298d3b 100644 --- a/ovn/northd/ovn-northd.c +++ b/ovn/northd/ovn-northd.c @@ -2977,6 +2977,12 @@ ls_has_dns_records(const struct nbrec_logical_switch *nbs) static void build_pre_lb(struct ovn_datapath *od, struct hmap *lflows) { + /* Do not send ND packets to conntrack */ + ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110, + "nd || nd_rs || nd_ra", "next;"); + ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 110, + "nd || nd_rs || nd_ra", "next;"); + /* Allow all packets to go to next tables by default. */ ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 0, "1", "next;"); ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 0, "1", "next;"); -- 2.14.3 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
