The dynamically learned FBDs were using idle_timeout configured to
the same value as fdb_age_threshold for given LS. This could cause
an issue when the traffic was originated only from OVN, without the
reply the flow would be used, but OVN could be just blackholing
traffic.
Switch to hard_timeout instead, that means the flow will be removed
after the specified timeout regardless of the usage, however
this is still better than the blackhole that isn't recoverable.
Without the FDB we would flood instead, which might happen during the
period when hard_timeout expires before the workload replies back to
populate the FDB again.
Fixes: 53e0d5ac2a74 ("controller: Learn EVPN workload FDB from the ingress
traffic.")
Signed-off-by: Ales Musil <[email protected]>
---
controller/physical.c | 2 +-
tests/system-ovn.at | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/controller/physical.c b/controller/physical.c
index 6ac5dcd3f..2c314b7da 100644
--- a/controller/physical.c
+++ b/controller/physical.c
@@ -2965,7 +2965,7 @@ physical_consider_evpn_binding(const struct evpn_binding
*binding,
ol->flags = NX_LEARN_F_DELETE_LEARNED;
ol->priority = 150;
ol->table_id = OFTABLE_GET_REMOTE_FDB;
- ol->idle_timeout = binding->fdb_age_threshold;
+ ol->hard_timeout = binding->fdb_age_threshold;
/* Match the learned flow on the same metadata. */
ol_spec = ofpbuf_put_zeros(ofpacts, sizeof *ol_spec);
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index 76f73d96e..167281785 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -18653,9 +18653,9 @@ check ovn-nbctl --wait=hv set logical_switch ls-evpn
other_config:fdb_age_thresh
ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB
AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB
| grep priority | \
awk '{print $7, $8}' | strip_cookie | sort], [0], [dnl
-priority=100,reg14=0x80000001,metadata=0x$dp_key
actions=learn(table=OFTABLE_GET_REMOTE_FDB,idle_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
-priority=100,reg14=0x80000002,metadata=0x$dp_key
actions=learn(table=OFTABLE_GET_REMOTE_FDB,idle_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
-priority=100,reg14=0x80000003,metadata=0x$dp_key
actions=learn(table=OFTABLE_GET_REMOTE_FDB,idle_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
+priority=100,reg14=0x80000001,metadata=0x$dp_key
actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
+priority=100,reg14=0x80000002,metadata=0x$dp_key
actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
+priority=100,reg14=0x80000003,metadata=0x$dp_key
actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
priority=150,reg14=0x80000001,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:50
actions=drop
priority=150,reg14=0x80000002,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:60
actions=drop
priority=150,reg14=0x80000003,metadata=0x$dp_key,dl_src=00:00:00:00:00:01
actions=drop
--
2.51.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
