On Wed, Dec 14, 2022 at 7:22 PM Xavier Simonart <[email protected]> wrote:
> The first ping from pod to external (through patch port) might fail.
> The icmp packet is properly sent by pinctrl (after L2 resolution) to OVS,
> and OVS receives the packet with in_port set to the patch port (on br-int
> side).
> OVS drops it with the following warning: "received packet on
> unassociated datapath", as it fails to find a datapath port associated to
> it.
> Setting the in_port to OFPP_CONTROLLER fixes the issue.
> Note that this (almost) reverts
> 8f1c38ef ("pinctrl: fix IP buffering with connection-tracking") which was
> needed before 323ae1e8 (in ovs)
> ("ofproto-dpif-xlate: Fix recirculation when in_port is OFPP_CONTROLLER.")
>
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2129283
> Signed-off-by: Xavier Simonart <[email protected]>
> ---
> controller/pinctrl.c | 4 +-
> tests/system-ovn.at | 111 +++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 112 insertions(+), 3 deletions(-)
>
> diff --git a/controller/pinctrl.c b/controller/pinctrl.c
> index 82da6ae73..e4d530138 100644
> --- a/controller/pinctrl.c
> +++ b/controller/pinctrl.c
> @@ -1419,7 +1419,6 @@ prepare_ipv6_prefixd(struct ovsdb_idl_txn
> *ovnsb_idl_txn,
>
> struct buffer_info {
> struct ofpbuf ofpacts;
> - ofp_port_t ofp_port;
> struct dp_packet *p;
> };
>
> @@ -1495,7 +1494,6 @@ buffered_push_packet(struct buffered_packets *bp,
> union mf_value pkt_mark_value;
> mf_get_value(pkt_mark_field, &md->flow, &pkt_mark_value);
> ofpact_put_set_field(&bi->ofpacts, pkt_mark_field, &pkt_mark_value,
> NULL);
> - bi->ofp_port = md->flow.in_port.ofp_port;
>
> struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&bi->ofpacts);
> resubmit->in_port = OFPP_CONTROLLER;
> @@ -1531,7 +1529,7 @@ buffered_send_packets(struct rconn *swconn, struct
> buffered_packets *bp,
> .ofpacts = bi->ofpacts.data,
> .ofpacts_len = bi->ofpacts.size,
> };
> - match_set_in_port(&po.flow_metadata, bi->ofp_port);
> + match_set_in_port(&po.flow_metadata, OFPP_CONTROLLER);
> queue_msg(swconn, ofputil_encode_packet_out(&po, proto));
>
> ofpbuf_uninit(&bi->ofpacts);
> diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> index b99578b9e..cf602228d 100644
> --- a/tests/system-ovn.at
> +++ b/tests/system-ovn.at
> @@ -9511,3 +9511,114 @@ NS_CHECK_EXEC([vm3], [nc 6666::1 666 -z], [0],
> [ignore], [ignore])
>
> AT_CLEANUP
> ])
> +
> +###########################################################
> +## ls1 -- cluster-router -- join - gr1 -- public1 -- ln1 ##
> +###########################################################
> +OVN_FOR_EACH_NORTHD([
> +AT_SETUP([Gateway router with dynamic_neigh_routers])
> +
> +CHECK_CONNTRACK()
> +CHECK_CONNTRACK_NAT()
> +ovn_start
> +OVS_TRAFFIC_VSWITCHD_START()
> +ADD_BR([br-int])
> +ADD_BR([br-ex], [set Bridge br-ex fail-mode=standalone])
> +
> +check ovs-vsctl set Open_vSwitch .
> external-ids:ovn-bridge-mappings=provider:br-ex
> +
> +# Set external-ids in br-int needed for ovn-controller
> +ovs-vsctl \
> + -- set Open_vSwitch . external-ids:system-id=hv1 \
> + -- set Open_vSwitch .
> external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
> + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
> + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
> + -- set bridge br-int fail-mode=secure
> other-config:disable-in-band=true
> +
> +# Start ovn-controller
> +start_daemon ovn-controller
> +
> +# Add routers
> +check ovn-nbctl lr-add gr1
> +check ovn-nbctl lr-add cluster-router
> +
> +# Add switches
> +check ovn-nbctl ls-add join
> +check ovn-nbctl ls-add public1
> +check ovn-nbctl ls-add ls1
> +
> +# Add ls1 ports
> +check ovn-nbctl lsp-add ls1 ls1p1 \
> + -- lsp-set-addresses ls1p1 "00:00:00:00:01:11 10.244.2.11"
> +
> +check ovn-nbctl lsp-add ls1 ls1-to-cluster-router \
> + -- lsp-set-type ls1-to-cluster-router router \
> + -- lsp-set-options ls1-to-cluster-router
> router-port=cluster-router-to-ls1 \
> + -- lsp-set-addresses ls1-to-cluster-router router
> +
> +# Add cluster-router ports
> +check ovn-nbctl lrp-add cluster-router cluster-router-to-ls1
> "00:00:00:0f:01:01" 10.244.2.1/24 \
> + -- lrp-add cluster-router cluster-router-to-join "00:00:00:0f:02:01"
> 100.64.0.1/16 \
> + -- lrp-set-gateway-chassis cluster-router-to-ls1 hv1 10 \
> + -- --policy=src-ip lr-route-add cluster-router 10.244.2.0/24
> 100.64.0.3
> +
> +# Add join ports
> +check ovn-nbctl lsp-add join join-to-cluster-router \
> + -- lsp-set-type join-to-cluster-router router \
> + -- lsp-set-options join-to-cluster-router
> router-port=cluster-router-to-join \
> + -- lsp-set-addresses join-to-cluster-router router \
> + -- lsp-add join join-to-gr1 \
> + -- lsp-set-type join-to-gr1 router \
> + -- lsp-set-options join-to-gr1 router-port=gr1-to-join \
> + -- lsp-set-addresses join-to-gr1 router
> +
> +check ovn-nbctl set logical_router gr1 options:lb_force_snat_ip=router_ip
> \
> + -- set logical_router gr1 options:snat-ct-zone=0 \
> + -- set logical_router gr1 options:dynamic_neigh_routers=true
> +
> +# Add gr1 ports and set natting
> +check ovn-nbctl lrp-add gr1 gr1-to-join "00:00:00:0f:02:03" 100.64.0.3/16
> \
> + -- lr-route-add gr1 10.244.0.0/16 100.64.0.1 \
> + -- lr-nat-add gr1 snat 10.89.189.12 10.244.0.0/16 \
> + -- lrp-add gr1 gr1-to-public1 "0a:0a:b6:fc:03:12" 10.89.189.12/24 \
> + -- set logical_router gr1 options:chassis=hv1
> +
> +# Add public1 ports
> +check ovn-nbctl lsp-add public1 public1-to-gr1 \
> + -- lsp-set-type public1-to-gr1 router \
> + -- lsp-set-options public1-to-gr1 router-port=gr1-to-public1 \
> + -- lsp-set-addresses public1-to-gr1 router \
> + -- lsp-add public1 ln1 \
> + -- lsp-set-type ln1 localnet \
> + -- lsp-set-options ln1 network_name=provider \
> + -- lsp-set-addresses ln1 unknown
> +
> +check ovn-nbctl --wait=hv sync
> +
> +ADD_NAMESPACES(ns_ls1p1)
> +ADD_VETH(ls1p1, ns_ls1p1, br-int, "10.244.2.11/24", "00:00:00:00:01:11",
> "10.244.2.1")
> +
> +ADD_NAMESPACES(ns_ext1)
> +ADD_VETH(ln1, ns_ext1, br-ex, "10.89.189.1/24", "0a:0a:b6:fc:03:01")
> +
> +NS_CHECK_EXEC([ns_ls1p1], [ping -q -c 3 -i 0.3 -w 2 10.89.189.1 |
> FORMAT_PING], \
> +[0], [dnl
> +3 packets transmitted, 3 received, 0% packet loss, time 0ms
> +])
> +
> +OVS_APP_EXIT_AND_WAIT([ovn-controller])
> +
> +as ovn-sb
> +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> +
> +as ovn-nb
> +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> +
> +as northd
> +OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE])
> +
> +as
> +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
> +/connection dropped.*/d"])
> +AT_CLEANUP
> +])
> --
> 2.31.1
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
Looks good to me, thanks.
Reviewed-by: Ales Musil <[email protected]>
--
Ales Musil
Senior Software Engineer - OVN Core
Red Hat EMEA <https://www.redhat.com>
[email protected] IM: amusil
<https://red.ht/sig>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
