On 1/23/23 16:36, Lorenzo Bianconi wrote: >> On Mon, 2023-01-23 at 10:01 +0100, Lorenzo Bianconi wrote: >>> Avoid learning Link-Local reserved multicast addresses if advertised in >>> a MLD reports since this interferes with Slaac IPv6 address resolution >>> implemented in OVN. >>> >>> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2154930 >>> Tested-by: Eduardo Olivares <eoliv...@redhat.com> >>> Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com> >>> --- >>> lib/mcast-snooping.c | 69 ++++++++++++++++++++++++++++++++------------ >>> lib/packets.c | 11 +++++++ >>> lib/packets.h | 13 +++++++++ >>> 3 files changed, 74 insertions(+), 19 deletions(-) >>> >>> diff --git a/lib/mcast-snooping.c b/lib/mcast-snooping.c >>> index 029ca2855..a9d2e7900 100644 >>> --- a/lib/mcast-snooping.c >>> +++ b/lib/mcast-snooping.c >>> @@ -38,6 +38,8 @@ >>> COVERAGE_DEFINE(mcast_snooping_learned); >>> COVERAGE_DEFINE(mcast_snooping_expired); >>> >>> +VLOG_DEFINE_THIS_MODULE(mcast_snooping); >>> + >>> static struct mcast_port_bundle * >>> mcast_snooping_port_lookup(struct ovs_list *list, void *port); >>> static struct mcast_mrouter_bundle * >>> @@ -489,6 +491,28 @@ mcast_snooping_add_report(struct mcast_snooping *ms, >>> return count; >>> } >>> >>> +static bool >>> +mcast_snooping_should_learn_mld_group(struct in6_addr *addr) >>> +{ >>> + /* we should learn multicast group from the following IPv6 multicast >> >> Is this supposed to be "should *not* learn multicast group"? > > yes, sorry :)
Hi, Lorenzo, Even in this form, I'm not sure this approach is correct. I thought some more about it and (even if these are reserved groups) an MLD snooping switch should probably learn them and only flood packets to hosts that registered. Moreover, with your patch, if we don't learn the groups we should at least make sure all traffic towards the group IPs is flooded and we're not actually doing that. But this brings me to the original OVN problem. I think the real issue is that in the bug report the user is expecting the logical router port to reply with "router advertisement" for a "router solicitation". The router solicitation packet is sent to ff02::2 but the OVN logical router port never sends an MLD report to join that group. That means that the OVN logical switch with MLD snoop enabled doesn't learn that it should forward traffic with dest IP ff02::2 towards the router port too. I think the best way to address this for OVN is to just skip generating logical flows in OVN for groups that correspond to IPv6 reserved multicast addresses. We currently only skip ff02::1 [0]. We probably need to change that to include all-routers/all-site-router/solicited-node too. What do you think? Regards, Dumitru [0] https://github.com/ovn-org/ovn/blob/main/northd/northd.c#L9022 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
