[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
** Changed in: openvswitch (Ubuntu Impish) Status: New => Won't Fix ** Changed in: ovn (Ubuntu Impish) Status: New => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Invalid Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Fix Released Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Won't Fix Status in openvswitch source package in Impish: Won't Fix Status in ovn source package in Impish: Won't Fix Status in linux source package in Jammy: Fix Released Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Invalid Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: [Impact] Users of Open vSwitch on Focal will not be able to upgrade to v2.16.0 or newer until this long standing kernel bug has been fixed. Users of Open vSwitch on Jammy will be affected by this bug and have no user space fix available. This bug currently blocks the OpenStack Engineering team's charm product gate. [Test Plan] Execute the OVN system testsuite utilizing the kernel data path with the test synthesis patch in comment #7 applied. In addition to that validating that the OpenStack charm test gate is unblocked would be valuable. [Regression Potential] The regression potential can be considered as low because: - The calls added in the openvswitch kernel datapath code would prior to Open vSwitch 2.16.0 have been initiated from the userspace code and by chance concealed this bug. - After an optimization done in 2.16.0 the kernel bug was revealed and these calls now must be made from the kernel datapath to retain functionality in use in the wild. [Original Bug Description] If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
This bug was fixed in the package linux - 5.4.0-124.140
---
linux (5.4.0-124.140) focal; urgency=medium
* CVE-2022-2586
- SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table
- SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another
chain
* CVE-2022-2588
- SAUCE: net_sched: cls_route: remove from list when handle is 0
* CVE-2022-34918
- netfilter: nf_tables: stricter validation of element data
linux (5.4.0-123.139) focal; urgency=medium
* focal/linux: 5.4.0-123.139 -proposed tracker (LP: #1981284)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.07.11)
* Hairpin traffic does not work with centralized NAT gw (LP: #1967856)
- net: openvswitch: fix misuse of the cached connection on tuple changes
* [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure
Execution (LP: #1979296)
- KVM: s390: pv: add macros for UVC CC values
- KVM: s390: pv: avoid stalls when making pages secure
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
* Focal update: v5.4.195 upstream stable release (LP: #1980407)
- batman-adv: Don't skb_split skbuffs with frag_list
- hwmon: (tmp401) Add OF device ID table
- mac80211: Reset MBSSID parameters upon connection
- net: Fix features skip in for_each_netdev_feature()
- ipv4: drop dst in multicast routing path
- drm/nouveau: Fix a potential theorical leak in
nouveau_get_backlight_name()
- netlink: do not reset transport header in netlink_recvmsg()
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
- dim: initialize all struct fields
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY
- s390/ctcm: fix variable dereferenced before check
- s390/ctcm: fix potential memory leak
- s390/lcs: fix variable dereferenced before check
- net/sched: act_pedit: really ensure the skb is writable
- net/smc: non blocking recvmsg() return -EAGAIN when no data and
signal_pending
- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
- gfs2: Fix filesystem block deallocation for short writes
- hwmon: (f71882fg) Fix negative temperature
- ASoC: max98090: Reject invalid values in custom control put()
- ASoC: max98090: Generate notifications on changes for custom control
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
- s390: disable -Warray-bounds
- net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
- tcp: resalt the secret every 10 seconds
- tty: n_gsm: fix mux activation issues in gsm_config()
- usb: cdc-wdm: fix reading stuck on device close
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
- USB: serial: pl2303: add device id for HP LM930 Display
- USB: serial: qcserial: add support for Sierra Wireless EM7590
- USB: serial: option: add Fibocom L610 modem
- USB: serial: option: add Fibocom MA510 modem
- slimbus: qcom: Fix IRQ check in qcom_slim_probe
- serial: 8250_mtk: Fix UART_EFR register address
- serial: 8250_mtk: Fix register address for XON/XOFF character
- drm/nouveau/tegra: Stop using iommu_present()
- i40e: i40e_main: fix a missing check on list iterator
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
- drm/vmwgfx: Initialize drm_mode_fb_cmd2
- MIPS: fix build with gcc-12
- net: phy: Fix race condition on link status change
- arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
- ping: fix address binding wrt vrf
- tty/serial: digicolor: fix possible null-ptr-deref in
digicolor_uart_probe()
- Linux 5.4.195
* Focal update: v5.4.194 upstream stable release (LP: #1980399)
- MIPS: Use address-of operator on section symbols
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version,
environment} types
- drm/i915: Cast remain to unsigned long in eb_relocate_vma
- nfp: bpf: silence bitwise vs. logical OR warning
- can: grcan: grcan_probe(): fix broken system id check for errata
workaround
needs
- can: grcan: only use the NAPI poll budget for RX
- arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
- [Config] updateconfigs for ARCH_HAS_HOLES_MEMORYMODEL
- KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
- x86/asm: Allow to pass macros to __ASM_FORM()
- x86: xen: kvm: Gather the definition of emulate prefixes
- x86: xen: insn: Decode Xen and KVM emulate-prefix signature
- x86: kprobes: Prohibit probing on instruction which has emulate prefix
- KVM: x86/svm: Account for family 17h event renumberings in
amd_pmc_perf_hw_id
- Bluetooth: Fix the creation of hdev->name
- mm: fix missing cache flush for all tail pages of compound page
- mm: hugetlb: fix missing
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
This bug was fixed in the package linux - 5.15.0-43.46 --- linux (5.15.0-43.46) jammy; urgency=medium * jammy/linux: 5.15.0-43.46 -proposed tracker (LP: #1981243) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/2022.07.11) * nbd: requests can become stuck when disconnecting from server with qemu-nbd (LP: #1896350) - nbd: don't handle response without a corresponding request message - nbd: make sure request completion won't concurrent - nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed - nbd: fix io hung while disconnecting device * Ubuntu 22.04 and 20.04 DPC Fixes for Failure Cases of DownPort Containment events (LP: #1965241) - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset - [Config] Enable config option CONFIG_PCIE_EDR * [SRU] Ubuntu 22.04 Feature Request-Add support for a NVMe-oF-TCP CDC Client - TP 8010 (LP: #1948626) - nvme: add CNTRLTYPE definitions for 'identify controller' - nvme: send uevent on connection up - nvme: expose cntrltype and dctype through sysfs * [UBUNTU 22.04] Kernel oops while removing device from cio_ignore list (LP: #1980951) - s390/cio: derive cdev information only for IO-subchannels * Jammy Charmed OpenStack deployment fails over connectivity issues when using converged OVS bridge for control and data planes (LP: #1978820) - net/mlx5e: TC NIC mode, fix tc chains miss table * Hairpin traffic does not work with centralized NAT gw (LP: #1967856) - net: openvswitch: fix misuse of the cached connection on tuple changes * alsa: asoc: amd: the internal mic can't be dedected on yellow carp machines (LP: #1980700) - ASoC: amd: Add driver data to acp6x machine driver - ASoC: amd: Add support for enabling DMIC on acp6x via _DSD * AMD ACP 6.x DMIC Supports (LP: #1949245) - ASoC: amd: add Yellow Carp ACP6x IP register header - ASoC: amd: add Yellow Carp ACP PCI driver - ASoC: amd: add acp6x init/de-init functions - ASoC: amd: add platform devices for acp6x pdm driver and dmic driver - ASoC: amd: add acp6x pdm platform driver - ASoC: amd: add acp6x irq handler - ASoC: amd: add acp6x pdm driver dma ops - ASoC: amd: add acp6x pci driver pm ops - ASoC: amd: add acp6x pdm driver pm ops - ASoC: amd: enable Yellow carp acp6x drivers build - ASoC: amd: create platform device for acp6x machine driver - ASoC: amd: add YC machine driver using dmic - ASoC: amd: enable Yellow Carp platform machine driver build - ASoC: amd: fix uninitialized variable in snd_acp6x_probe() - [Config] Enable AMD ACP 6 DMIC Support * [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure Execution (LP: #1979296) - KVM: s390: pv: add macros for UVC CC values - KVM: s390: pv: avoid stalls when making pages secure * [22.04 FEAT] KVM: Attestation support for Secure Execution (crypto) (LP: #1959973) - drivers/s390/char: Add Ultravisor io device - s390/uv_uapi: depend on CONFIG_S390 - [Config] CONFIG_S390_UV_UAPI=y for s390x * CVE-2022-1679 - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb * CVE-2022-28893 - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() - SUNRPC: Don't leak sockets in xs_local_connect() * CVE-2022-34918 - netfilter: nf_tables: stricter validation of element data * CVE-2022-1652 - floppy: use a statically allocated error counter -- Stefan Bader Tue, 12 Jul 2022 10:51:03 +0200 ** Changed in: linux (Ubuntu Jammy) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1652 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1679 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28893 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-34918 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Invalid Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Fix Committed Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Won't Fix Status in openvswitch source package in Impish: New Status in ovn source package in Impish: New Status in linux source package in Jammy: Fix Released Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Invalid Status in openvswitch source package in Kinetic:
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
In addition to the verification provided in comment #26 and #28 we've
taken the neutron-api-plugin-ovn e2e charm gate with an added hairpin
test for a spin for both Focal and Jammy where we found the control to
fail as expected and successful test with the updated kernel.
$ juju run --application nova-compute 'uname -a'
- Stdout: |
Linux civil-ibex 5.4.0-123-generic #139-Ubuntu SMP Mon Jul 11 16:02:31 UTC
2022 x86_64 x86_64 x86_64 GNU/Linux
UnitId: nova-compute/0
- Stdout: |
Linux pumped-pika 5.4.0-123-generic #139-Ubuntu SMP Mon Jul 11 16:02:31 UTC
2022 x86_64 x86_64 x86_64 GNU/Linux
UnitId: nova-compute/1
- Stdout: |
Linux moved-toucan 5.4.0-123-generic #139-Ubuntu SMP Mon Jul 11 16:02:31
UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
UnitId: nova-compute/2
...
2022-07-19 16:25:09 [INFO] XXX HAIRPIN
2022-07-19 16:25:09 [INFO] Attempting to ssh to instance-1(10.78.95.25)
2022-07-19 16:25:09 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:09 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:09 [INFO] Running ping -M do -s 1414 -c 1 10.78.95.25 on
instance-1
2022-07-19 16:25:10 [INFO] Attempting to ssh to instance-1(10.78.95.25)
2022-07-19 16:25:10 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:10 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:10 [INFO] Running ping -M do -s 1414 -c 1 10.78.95.25 on
instance-1
2022-07-19 16:25:10 [INFO] Attempting to ssh to instance-1(10.78.95.25)
2022-07-19 16:25:10 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:10 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:10 [INFO] Running ping -M do -s 1414 -c 1 10.78.95.25 on
instance-1
2022-07-19 16:25:11 [INFO] Attempting to ssh to instance(10.78.95.71)
2022-07-19 16:25:11 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:11 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:11 [INFO] Running ping -c 1 192.168.0.1 on instance
2022-07-19 16:25:11 [INFO] Attempting to ssh to instance(10.78.95.71)
2022-07-19 16:25:11 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:11 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:11 [INFO] Running ping -M do -s 1414 -c 1 192.168.0.1 on
instance
2022-07-19 16:25:12 [INFO] Attempting to ssh to instance(10.78.95.25)
2022-07-19 16:25:12 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:12 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:12 [INFO] Running ping -c 1 192.168.0.1 on instance
2022-07-19 16:25:12 [INFO] Attempting to ssh to instance(10.78.95.25)
2022-07-19 16:25:12 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:12 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:12 [INFO] Running ping -M do -s 1414 -c 1 192.168.0.1 on
instance
2022-07-19 16:25:13 [INFO] Running resource cleanup
2022-07-19 16:25:13 [INFO] Removing resources created by test
(zaza-neutrontests*)
2022-07-19 16:25:21 [INFO] ok
2022-07-19 16:25:21 [INFO]
--
2022-07-19 16:25:21 [INFO] Ran 1 test in 48.934s
2022-07-19 16:25:21 [INFO] OK
2022-07-19 16:25:21 [INFO] Events:
Test zaza.openstack.charm_tests.neutron.tests.NeutronNetworkingTest:
Start: 1658240672.1115046
Finish: 1658240721.410828
Elapsed Time: 49.29932355880737
PCT Of Run Time: 100
Metadata: {}
$ juju run --application nova-compute 'uname -a'
- Stdout: |
Linux casual-buck 5.15.0-43-generic #46-Ubuntu SMP Tue Jul 12 10:30:17 UTC
2022 x86_64 x86_64 x86_64 GNU/Linux
UnitId: nova-compute/0
- Stdout: |
Linux neat-serval 5.15.0-43-generic #46-Ubuntu SMP Tue Jul 12 10:30:17 UTC
2022 x86_64 x86_64 x86_64 GNU/Linux
UnitId: nova-compute/1
- Stdout: |
Linux brave-horse 5.15.0-43-generic #46-Ubuntu SMP Tue Jul 12 10:30:17 UTC
2022 x86_64 x86_64 x86_64 GNU/Linux
UnitId: nova-compute/2
...
2022-07-19 16:25:09 [INFO] XXX HAIRPIN
2022-07-19 16:25:09 [INFO] Attempting to ssh to instance-1(10.78.95.92)
2022-07-19 16:25:09 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:09 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:09 [INFO] Running ping -M do -s 1414 -c 1 10.78.95.92 on
instance-1
2022-07-19 16:25:09 [INFO] Attempting to ssh to instance-1(10.78.95.92)
2022-07-19 16:25:09 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:09 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:09 [INFO] Running ping -M do -s 1414 -c 1 10.78.95.92 on
instance-1
2022-07-19 16:25:09 [INFO] Attempting to ssh to instance-1(10.78.95.92)
2022-07-19 16:25:10 [INFO] Connected (version 2.0, client OpenSSH_7.6p1)
2022-07-19 16:25:10 [INFO] Authentication (publickey) successful!
2022-07-19 16:25:10 [INFO] Running ping -M do -s 1414 -c 1 10.78.95.92 on
instance-1
2022-07-19 16:25:10 [INFO] Attempting to ssh to instance(10.78.95.29)
2022-07-19 16:25:10 [INFO] Connected
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
** Description changed: - If you have two hvs where hv1 is the gateway chassis and you have an - instance running on hv2. + [Impact] + Users of Open vSwitch on Focal will not be able to upgrade to v2.16.0 or newer until this long standing kernel bug has been fixed. + + Users of Open vSwitch on Jammy will be affected by this bug and + have no user space fix available. This bug currently blocks the + OpenStack Engineering team's charm product gate. + + [Test Plan] + Execute the OVN system testsuite utilizing the kernel data path with the test synthesis patch in comment #7 applied. + + In addition to that validating that the OpenStack charm test gate is + unblocked would be valuable. + + [Regression Potential] + The regression potential can be considered as low because: + - The calls added in the openvswitch kernel datapath code would + prior to Open vSwitch 2.16.0 have been initiated from the + userspace code and by chance concealed this bug. + - After an optimization done in 2.16.0 the kernel bug was + revealed and these calls now must be made from the kernel + datapath to retain functionality in use in the wild. + + [Original Bug Description] + If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 - $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 - 0: https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmich...@redhat.com/ 1:
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
Control test: ubuntu@game-cicada:~/src/ovn$ uname -a Linux game-cicada 5.15.0-41-generic #44-Ubuntu SMP Wed Jun 22 14:20:53 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ubuntu@game-cicada:~/src/ovn$ git -C ./ovs status HEAD detached at 6f24c2bc7 nothing to commit, working tree clean ubuntu@game-cicada:~/src/ovn$ git status On branch main Your branch is up to date with 'origin/main'. nothing to commit, working tree clean ubuntu@game-cicada:~/src/ovn$ wget -qO - https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1967856/+attachment/5579267/+files/test-synthesis.patch|patch -p1 patching file tests/system-ovn.at Hunk #1 succeeded at 6699 (offset 15 lines). Hunk #2 succeeded at 6724 (offset 15 lines). Hunk #3 succeeded at 6750 (offset 15 lines). ubuntu@game-cicada:~/src/ovn$ make check-kernel SUDO=sudo TESTSUITEFLAGS=169 make all-am make[1]: Entering directory '/home/ubuntu/src/ovn' /bin/bash '/home/ubuntu/src/ovn/build-aux/missing' autom4te --language=autotest -I '.' -o tests/system-kmod-testsuite.tmp tests/system-kmod-testsuite.at mv tests/system-kmod-testsuite.tmp tests/system-kmod-testsuite /bin/bash '/home/ubuntu/src/ovn/build-aux/missing' autom4te --language=autotest -I '.' -o tests/system-userspace-testsuite.tmp tests/system-userspace-testsuite.at mv tests/system-userspace-testsuite.tmp tests/system-userspace-testsuite make[1]: Leaving directory '/home/ubuntu/src/ovn' set /bin/bash './tests/system-kmod-testsuite' -C tests AUTOTEST_PATH='/home/ubuntu/src/ovn/ovs/utilities:/home/ubuntu/src/ovn/ovs/vswitchd:/home/ubuntu/src/ovn/ovs/ovsdb:/home/ubuntu/src/ovn/ovs/vtep:tests:::controller-vtep:northd:utilities:controller:ic'; \ sudo "$@" 169 -j1 || (test X'' = Xyes && sudo "$@" --recheck) ## ## ## ovn 22.06.90 test suite. ## ## ## 169: DNAT LR hairpin IPv4 -- ovn-northd -- parallelization=yes -- ovn_monitor_all=yes FAILED (system-ovn.at:6661) ## - ## ## Test results. ## ## - ## ERROR: 1 test was run, 1 failed unexpectedly. Verification: ubuntu@game-cicada:~/src/ovn$ uname -a Linux game-cicada 5.15.0-43-generic #46-Ubuntu SMP Tue Jul 12 10:30:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ubuntu@game-cicada:~/src/ovn$ git -C ./ovs status HEAD detached at 6f24c2bc7 nothing to commit, working tree clean ubuntu@game-cicada:~/src/ovn$ git status On branch main Your branch is up to date with 'origin/main'. Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git restore ..." to discard changes in working directory) modified: tests/system-ovn.at Untracked files: (use "git add ..." to include in what will be committed) tests/system-ovn.at.orig no changes added to commit (use "git add" and/or "git commit -a") ubuntu@game-cicada:~/src/ovn$ make check-kernel SUDO=sudo TESTSUITEFLAGS=169 make all-am make[1]: Entering directory '/home/ubuntu/src/ovn' make[1]: Leaving directory '/home/ubuntu/src/ovn' set /bin/bash './tests/system-kmod-testsuite' -C tests AUTOTEST_PATH='/home/ubuntu/src/ovn/ovs/utilities:/home/ubuntu/src/ovn/ovs/vswitchd:/home/ubuntu/src/ovn/ovs/ovsdb:/home/ubuntu/src/ovn/ovs/vtep:tests:::controller-vtep:northd:utilities:controller:ic'; \ sudo "$@" 169 -j1 || (test X'' = Xyes && sudo "$@" --recheck) ## ## ## ovn 22.06.90 test suite. ## ## ## 169: DNAT LR hairpin IPv4 -- ovn-northd -- parallelization=yes -- ovn_monitor_all=yes ok ## - ## ## Test results. ## ## - ## 1 test was successful. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Invalid Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Fix Committed Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Won't Fix Status in openvswitch source package in Impish: New Status in ovn source package in Impish: New Status in linux source package in Jammy: Fix Committed Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Invalid Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted,
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
This bug is awaiting verification that the linux/5.15.0-43.46 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Invalid Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Fix Committed Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Won't Fix Status in openvswitch source package in Impish: New Status in ovn source package in Impish: New Status in linux source package in Jammy: Fix Committed Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Invalid Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
Control test: ubuntu@actual-beagle:~/src/ovn$ uname -a Linux actual-beagle 5.4.0-122-generic #138-Ubuntu SMP Wed Jun 22 15:00:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ubuntu@actual-beagle:~/src/ovn$ git -C ./ovs status HEAD detached at 6f24c2bc7 nothing to commit, working tree clean ubuntu@actual-beagle:~/src/ovn$ git status On branch main Your branch is up to date with 'origin/main'. nothing to commit, working tree clean ubuntu@actual-beagle:~/src/ovn$ wget -qO - https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1967856/+attachment/5579267/+files/test-synthesis.patch|patch -p1 patching file tests/system-ovn.at Hunk #1 succeeded at 6699 (offset 15 lines). Hunk #2 succeeded at 6724 (offset 15 lines). Hunk #3 succeeded at 6750 (offset 15 lines). ubuntu@actual-beagle:~/src/ovn$ make check-kernel SUDO=sudo TESTSUITEFLAGS=169 make all-am make[1]: Entering directory '/home/ubuntu/src/ovn' /bin/bash /home/ubuntu/src/ovn/build-aux/missing autom4te --language=autotest -I '.' -o tests/system-kmod-testsuite.tmp tests/system-kmod-testsuite.at mv tests/system-kmod-testsuite.tmp tests/system-kmod-testsuite /bin/bash /home/ubuntu/src/ovn/build-aux/missing autom4te --language=autotest -I '.' -o tests/system-userspace-testsuite.tmp tests/system-userspace-testsuite.at mv tests/system-userspace-testsuite.tmp tests/system-userspace-testsuite make[1]: Leaving directory '/home/ubuntu/src/ovn' set /bin/bash './tests/system-kmod-testsuite' -C tests AUTOTEST_PATH='/home/ubuntu/src/ovn/ovs/utilities:/home/ubuntu/src/ovn/ovs/vswitchd:/home/ubuntu/src/ovn/ovs/ovsdb:/home/ubuntu/src/ovn/ovs/vtep:tests:::controller-vtep:northd:utilities:controller:ic'; \ sudo "$@" 169 -j1 || (test X'' = Xyes && sudo "$@" --recheck) ## ## ## ovn 22.06.90 test suite. ## ## ## 169: DNAT LR hairpin IPv4 -- ovn-northd -- parallelization=yes -- ovn_monitor_all=yes FAILED (system-ovn.at:6661) ## - ## ## Test results. ## ## - ## ERROR: 1 test was run, 1 failed unexpectedly. Verification: ubuntu@actual-beagle:~/src/ovn$ uname -a Linux actual-beagle 5.4.0-123-generic #139-Ubuntu SMP Mon Jul 11 16:02:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ubuntu@actual-beagle:~/src/ovn$ git -C ovs status HEAD detached at 6f24c2bc7 nothing to commit, working tree clean ubuntu@actual-beagle:~/src/ovn$ git status On branch main Your branch is up to date with 'origin/main'. Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git restore ..." to discard changes in working directory) modified: tests/system-ovn.at Untracked files: (use "git add ..." to include in what will be committed) tests/system-ovn.at.orig no changes added to commit (use "git add" and/or "git commit -a") ubuntu@actual-beagle:~/src/ovn$ make check-kernel SUDO=sudo TESTSUITEFLAGS=169 make all-am make[1]: Entering directory '/home/ubuntu/src/ovn' make[1]: Leaving directory '/home/ubuntu/src/ovn' set /bin/bash './tests/system-kmod-testsuite' -C tests AUTOTEST_PATH='/home/ubuntu/src/ovn/ovs/utilities:/home/ubuntu/src/ovn/ovs/vswitchd:/home/ubuntu/src/ovn/ovs/ovsdb:/home/ubuntu/src/ovn/ovs/vtep:tests:::controller-vtep:northd:utilities:controller:ic'; \ sudo "$@" 169 -j1 || (test X'' = Xyes && sudo "$@" --recheck) ## ## ## ovn 22.06.90 test suite. ## ## ## 169: DNAT LR hairpin IPv4 -- ovn-northd -- parallelization=yes -- ovn_monitor_all=yes ok ## - ## ## Test results. ## ## - ## 1 test was successful. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Invalid Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Fix Committed Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Won't Fix Status in openvswitch source package in Impish: New Status in ovn source package in Impish: New Status in linux source package in Jammy: Fix Committed Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Invalid Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
This bug is awaiting verification that the linux/5.4.0-123.139 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Invalid Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Fix Committed Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Won't Fix Status in openvswitch source package in Impish: New Status in ovn source package in Impish: New Status in linux source package in Jammy: Fix Committed Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Invalid Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
** Changed in: linux (Ubuntu Jammy) Status: Confirmed => Fix Committed ** Changed in: linux (Ubuntu Focal) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Invalid Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Fix Committed Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Won't Fix Status in openvswitch source package in Impish: New Status in ovn source package in Impish: New Status in linux source package in Jammy: Fix Committed Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Invalid Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 0: https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmich...@redhat.com/ 1: https://github.com/ovn-org/ovn/commit/4deac4509abbedd6ffaecf27eed01ddefccea40a ---
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
** Changed in: linux (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Impish) Status: Confirmed => Won't Fix ** Changed in: linux (Ubuntu Kinetic) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Invalid Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Confirmed Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Won't Fix Status in openvswitch source package in Impish: New Status in ovn source package in Impish: New Status in linux source package in Jammy: Confirmed Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Invalid Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 0: https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmich...@redhat.com/ 1:
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
** Changed in: linux (Ubuntu Jammy) Importance: Undecided => Medium -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Confirmed Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: Confirmed Status in openvswitch source package in Focal: Invalid Status in ovn source package in Focal: Invalid Status in linux source package in Impish: Confirmed Status in openvswitch source package in Impish: New Status in ovn source package in Impish: New Status in linux source package in Jammy: Confirmed Status in openvswitch source package in Jammy: Invalid Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Confirmed Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 0: https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmich...@redhat.com/ 1: https://github.com/ovn-org/ovn/commit/4deac4509abbedd6ffaecf27eed01ddefccea40a --- ProblemType: Bug AlsaDevices: total 0 crw-rw 1 root audio 116, 1 Jun 9 11:35
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
This issue has been fixed by a patch to the openvswitch datapath code in the kernel [0]. The patched kernel would be required when used in conjunction with OVN 21.12 or newer, which translates to Focal (yoga UCA), Jammy and Kinetic. 0: https://lore.kernel.org/netdev/20220606221140.488984-1-i.maxim...@ovn.org/T/#u ** Also affects: linux (Ubuntu Kinetic) Importance: Undecided Status: Incomplete ** Also affects: openvswitch (Ubuntu Kinetic) Importance: High Status: Invalid ** Also affects: ovn (Ubuntu Kinetic) Importance: Undecided Status: Invalid ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openvswitch (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: ovn (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: openvswitch (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ovn (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: ovn (Ubuntu Jammy) Status: New => Invalid ** Changed in: ovn (Ubuntu Focal) Status: New => Invalid ** Changed in: openvswitch (Ubuntu Jammy) Status: New => Invalid ** Changed in: openvswitch (Ubuntu Focal) Status: New => Invalid ** Tags added: apport-collected jammy uec-images ** Description changed: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Changed in: openvswitch (Ubuntu) Status: Triaged => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1967856 Title: Hairpin traffic does not work with centralized NAT gw Status in linux package in Ubuntu: Incomplete Status in openvswitch package in Ubuntu: Invalid Status in ovn package in Ubuntu: Invalid Status in linux source package in Focal: New Status in openvswitch source package in Focal: New Status in ovn source package in Focal: Invalid Status in linux source package in Jammy: New Status in openvswitch source package in Jammy: New Status in ovn source package in Jammy: Invalid Status in linux source package in Kinetic: Incomplete Status in openvswitch source package in Kinetic: Invalid Status in ovn source package in Kinetic: Invalid Bug description: If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2. On instance on hv2 hairpin traffic works for the first session, but not for the next: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. --- 10.78.95.89 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7 We made an attempt at using OVN built with [0], but that did unfortunately not help. If we however revert [1] it works again: $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 $ ping -c1 10.78.95.89 PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data. 64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms --- 10.78.95.89 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7 icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7 icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1 0: https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmich...@redhat.com/ 1: https://github.com/ovn-org/ovn/commit/4deac4509abbedd6ffaecf27eed01ddefccea40a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967856/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to :
