On Tue, May 9, 2023 at 1:29 PM Ilya Maximets via discuss <[email protected]> wrote: > > On 5/5/23 10:22, 张祖建 via discuss wrote: > > Hi, all: > > > > I'm using OVN ACL with address set. Sometimes an ACL rule does not work as > > expected after updating address set addresses, and ovn-northd reports the > > following warning: > > > > 2023-05-05T08:00:07.298Z|00217|ovsdb_idl|WARN|Trying to delete a key that > > doesn't exist in the set. > > > > After some investigation, I found the reason is that ovn-northd tries to > > delete an address 0.0.0.0/4 <http://0.0.0.0/4> from the addresses column > > while the existing addresses are 10.16.0.47/4 <http://10.16.0.47/4> and > > 10.16.3.48/32 <http://10.16.3.48/32>. > > > > I added some debug logging and found that there are two functions > > responsible for updating ovn sb address_set, update_sb_addr_set() and > > sync_addr_set(). In update_sb_addr_set(), ovn-northd formats 10.16.0.47/4 > > <http://10.16.0.47/4> to 0.0.0.0/4 <http://0.0.0.0/4> and writes the later > > to ovn sb. While in sync_addr_set(), ovn-northd writes 10.16.0.47/4 > > <http://10.16.0.47/4> to sb directly. > > > > I believe this is a bug. > > > > OVN version: v22.12 > > CC: Numan > > Thanks for the report! This indeed looks like a bug in the > address set incremental processing in northd. > > If address set doesn't already exist, sync_addr_set() function > just copies to Sb without any processing on the addresses, but > during the update all addresses are going through expression > parsing and formatting that is getting rid of bits that are not > part of the mask. And that creates a difference and inability > to remove the address from Sb as a result. > > Best regards, Ilya Maximets.
Thanks for the report. Is it possible to enable jsonrpc dbg in ovn-northd and share the logs when you see this issue ? (ovn-appctl -t ovn-northd vlog/set jsonrpc:dbg) Or if you can share a simple ovn-nbctl script to reproduce this issue and/or attach the OVN Northbound db that would be great. Thanks Numan > _______________________________________________ > discuss mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
