On 5/5/23 10:22, 张祖建 via discuss wrote: > Hi, all: > > I'm using OVN ACL with address set. Sometimes an ACL rule does not work as > expected after updating address set addresses, and ovn-northd reports the > following warning: > > 2023-05-05T08:00:07.298Z|00217|ovsdb_idl|WARN|Trying to delete a key that > doesn't exist in the set. > > After some investigation, I found the reason is that ovn-northd tries to > delete an address 0.0.0.0/4 <http://0.0.0.0/4> from the addresses column > while the existing addresses are 10.16.0.47/4 <http://10.16.0.47/4> and > 10.16.3.48/32 <http://10.16.3.48/32>. > > I added some debug logging and found that there are two functions responsible > for updating ovn sb address_set, update_sb_addr_set() and sync_addr_set(). > In update_sb_addr_set(), ovn-northd formats 10.16.0.47/4 > <http://10.16.0.47/4> to 0.0.0.0/4 <http://0.0.0.0/4> and writes the later to > ovn sb. While in sync_addr_set(), ovn-northd writes 10.16.0.47/4 > <http://10.16.0.47/4> to sb directly. > > I believe this is a bug. > > OVN version: v22.12
CC: Numan Thanks for the report! This indeed looks like a bug in the address set incremental processing in northd. If address set doesn't already exist, sync_addr_set() function just copies to Sb without any processing on the addresses, but during the update all addresses are going through expression parsing and formatting that is getting rid of bits that are not part of the mask. And that creates a difference and inability to remove the address from Sb as a result. Best regards, Ilya Maximets. _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
