Hi Ilya, Dumitru, I’ve tried latest OVS master branch with OOT OVS kmod and the problem still remains. It looks like the patch [1] does not fix the mentioned problem.
In ovs-vswitchd I see next error: 2021-12-03T15:31:39.797Z|00001|dpif(handler51)|WARN|system@ovs-system: execute ct(commit,zone=1,label=0/0x1),3 failed (Invalid argument) on packet icmp,vlan_tci=0x0000,dl_src=<MAC1>,dl_dst=<MAC2>,nw_src=<IP1>,nw_dst=<IP2>,nw_tos=0,nw_ecn=0,nw_ttl=49,icmp_type=8,icmp_code=0 icmp_csum:f056 with metadata skb_priority(0),tunnel(tun_id=0x10005000021,src=<IP3>,dst=<IP4>,ttl=61,tp_src=26080,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0x1),ct_tuple4(src=<IP1>,dst=<IP2>,proto=1,tp_src=8,tp_dst=0),in_port(1) mtu 0 In dmesg there are no errors. Though if I add this flow manually: ovs-dpctl add-flow 'skb_priority(0),tunnel(tun_id=0x10005000021,src=<IP3>,dst=<IP4>,ttl=61,tp_src=26080,tp_dst=7471,flags(csum|key)),skb_mark(0),ct_state(0x21),ct_zone(0x1),ct_tuple4(src=<IP1>,dst=<IP2>,proto=1,tp_src=8,tp_dst=0),in_port(1)' 'ct(commit,zone=1,label=0/0x1),3' The error in terminal: ovs-dpctl: updating flow table (Invalid argument) In dmesg I see: [Fri Dec 3 16:45:23 2021] openvswitch: netlink: Either Ethernet header or EtherType is required. This system runs CentOS 7.8 with kernel 3.10.0-1127.19.1.el7.x86_64 (if it matters). Can you suggest how we can try to solve this problem? What does these errors mean? Does it harm traffic somehow? 1: https://github.com/openvswitch/ovs/commit/4a6217fab1ae2e462fbe3db89e764418b6b55726 Thanks. Regards, Vladislav Odintsov On 3 Sep 2021, at 22:10, Odintsov Vladislav <[email protected]<mailto:[email protected]>> wrote: We do use OOT module. Looks like it’s a bugfix and can be backported..? Regards, Vladislav Odintsov On 3 Sep 2021, at 19:05, Numan Siddique <[email protected]<mailto:[email protected]>> wrote: On Fri, Sep 3, 2021 at 11:24 AM Odintsov Vladislav <[email protected]<mailto:[email protected]>> wrote: Hi Ilya, Dumitru, for some reason I’ve found your answer only today. From the link you’ve sent I see there is a patch in kernel OVS code, but current OVS master still has old version (if (err == NF_ACCEPT && ct->status & IPS_SRC_NAT && ct->status & IPS_DST_NAT)). Shouldn’t this fix be backported to OVS tree as well? Can it solve my initial problem? Just in case, the error is next: 2021-09-03T14:41:42.960Z|00006|dpif(handler3)|WARN|system@ovs-system: execute ct(commit,zone=1,label=0/0x1),set(tunnel(tun_id=0x1400160000f4,dst=<IP>,ttl=64,tp_dst=7471,flags(df|csum|key))),1 failed (Invalid argument) on packet tcp,vlan_tci=0x0000,dl_src=<MAC1>,dl_dst=<MAC2>,nw_src=<IP1>,nw_dst=<IP2>,nw_tos=0,nw_ecn=0,nw_ttl=63,tp_src=54136,tp_dst=5432,tcp_flags=psh|ack tcp_csum:206a with metadata skb_priority(0),skb_mark(0),ct_state(0x21),ct_zone(0x1),ct_tuple4(src=<IP1>,dst=<IP2>,proto=6,tp_src=54136,tp_dst=5432),in_port(4) mtu 0 Thanks. Do you use the OVS in-tree kernel module ? Please check out https://github.com/openvswitch/ovs/blob/master/NEWS#L159 OVS in-tree kernel module is deprecated. Thanks Numan Regards, Vladislav Odintsov _______________________________________________ discuss mailing list [email protected]<mailto:[email protected]> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
