[ovs-dev] 答复: [spam可疑邮件]Re: [PATCH] ovn-northd: Fix ping failure of vlan networks.

Thu Jun 1 01:22:24 UTC 2017

Hi Ben, thanks for your review.

Conntrack have no problem with localnet port, but the pipline hase problem 
in the follow circumstance

------   vlan      ----
|ovs1|----------  |ovs2| 
------            -----
  |                 |
 vm1               vm2

net1 10.0.0.0/24 has vm1 with ip 10.0.0.10, net2 10.0.0.0/24 has vm2 with 
ip 20.0.0.10. net1 and net2 link to same route. net1 and net2 have 
localnet ports as inport/outport when packet forwarded between ovs1 and 
ovs2. 

when vm1 ping vm2, by the route forward, the out port of icmp request is 
localnet port of net2 in ovs1. And in reverse, ovs1 will use localnet port 
of net1 as inport of icmp reply from vm2.

The request and reply is not the same localnet port in ovs. Because of 
different localnet port with different zone id, when localnet port use ct, 
the ct state can not change to established.

So the icmp relpy will be dropped because of the error ct state.

Ben Pfaff <blp at ovn.org>
2017/06/01 07:42

        收件人：        wang.qianyu at zte.com.cn, 
        抄送：  dev at openvswitch.org, zhou.huijing at zte.com.cn, 
xu.rong at zte.com.cn
        主题：  [spam可疑邮件]Re: [ovs-dev]  [PATCH] ovn-northd: Fix ping 
failure of vlan networks.

On Mon, May 22, 2017 at 07:39:22PM +0800, wang.qianyu at zte.com.cn wrote:
> There are two computer node, each have one vm. And the two vms in 
> indifferent vlan networks. The ping between the vms is not success.
> 
> The reason is that, acl of to-localnet port or from-localnet port is
> signed to contrack. So the pair of icmp request and reply have different
> zone id in one ovs node. This makes the ct state not correct.
> 
> This patch do the modification that localnet port do not use ct.
> 
> Signed-off-by: wangqianyu <wang.qianyu at zte.com.cn>

This patch was word-wrapped, but I was able to deal with that.

I don't exactly understand the problem.  Does conntrack not work at all
with packets that go to/from localnet ports?  Or does it have something
to do with VLAN tags?

Please document the new flows in ovn-northd.8.xml.

Also, checkpatch reported the following:

ERROR: Improper whitespace around control block
#17 FILE: b/ovn/northd/ovn-northd.c:1355:
                if(!strcmp(nbsp->type, "localnet")) {

ERROR: Improper whitespace around control block
#28 FILE: b/ovn/northd/ovn-northd.c:2637:
        if(od->localnet_port) {

WARNING: Line length is >79-characters long
#32 FILE: b/ovn/northd/ovn-northd.c:2641:
            ds_put_format(&match_in, "ip && inport == %s", 
od->localnet_port->json_key);

WARNING: Line length is >79-characters long
#33 FILE: b/ovn/northd/ovn-northd.c:2642:
            ds_put_format(&match_out, "ip && outport == %s", 
od->localnet_port->json_key);

Thanks a lot for working on OVN!