[ovs-dev] Always lost first tx tunnel packet due to no ARP entry

William Tu u9012063 at gmail.com
Tue Apr 7 15:43:25 UTC 2020


Hi Ben and Lorenzo,

I've been thinking about how to implement a feature that
queues/buffers the first tunnel outgoing
packet when the translation result shows that there is no ARP entry
("neighbor cache miss for....)
for the underlay network interface.

One place I'm trying is at handle_packet_upcall(), based on the call stack
handle_packet_upcall
  dp_netdev_upcall
    upcall_cb
      process_upcall
        upcall_xlate
          xlate_actions
            compose_output_action__
                native_tunnel_output

When native_tunnel_output() show that there is no ARP, then passes
this information back to handle_packet_upcall, and save the packet at
a list. And every time when hitting handle_packet_upcall, flush the list
first.
I feel this is a little complicated and there might be a better solution?

Regards,
William

On Wed, Mar 11, 2020 at 11:59 AM William Tu <u9012063 at gmail.com> wrote:
>
> Hi,
>
> We are seeing an issue using userspace datapath with tunnel. (Kernel
> datapath works ok).
> After creating a flow-based tunnel, the first IP packet sent to that
> tunnel is always dropped due to
>   -> neighbor cache miss for 88.88.88.2 on bridge br-phy, sending ARP request
> leads to
>  Datapath actions: drop
> Where 88.88.88.2 is the underlay remote ip address need to be resolved.
>
> I think similar issue is posted here, but solution is based on OVN.
> https://developers.redhat.com/blog/2018/12/07/ip-packet-buffering-in-ovn/
> https://github.com/openvswitch/ovs/commit/d7abfe39cfd234227bb6174b7f959a16dc803b83
>
> Basically we need to buffer the packet until L2 address is resolved.
> I wonder if there was any solution/ideas how to buffer this packet in OVS?
> That is, save this first packet somewhere until OVS receives ARP replies.
>
> Regards,
> William
>
> ----- A more detail of our test using vxlan ----
> ip netns add nsA
> ip netns add nsB
>
> ip link add vethC0 type veth peer name vethC1
> ip link add vethU0 type veth peer name vethU1
>
> ip link set vethC0 netns nsA
> ip link set vethU1 netns nsB
>
> ip netns exec nsA ip addr add 10.0.1.1/24 dev vethC0
> ip netns exec nsA ip link set dev vethC0 up
> ip link set dev vethC1 up
>
> ip addr add 88.88.88.1/24 dev vethU0
> ip link set dev vethU0 up
> ip netns exec nsB ip addr add 88.88.88.2/24 dev vethU1
> ip netns exec nsB ip link set dev vethU1 up
>
> hwaddr=$(ip link show vethU0 | grep link/ether | awk '{print $2}')
> inet=$(ip addr show vethU0 | grep "inet " | awk '{ print $2 }')
>
> ovs-vsctl add-br br-int -- set Bridge br-int
> ovs-vsctl --may-exist add-br br-phy \
>               -- set Bridge br-phy datapath_type=system \
>               -- br-set-external-id br-phy bridge-id br-phy \
>               -- set bridge br-phy fail-mode=standalone \
>               other_config:hwaddr="$hwaddr"
>
> ovs-vsctl --timeout 10 add-port br-phy vethU0
> ip addr add 88.88.88.1/24 dev br-phy
> ip link set br-phy up
> ip addr flush dev vethU0 2>/dev/null
> ip link set vethU0 up
>
> ovs-vsctl add-port br-int vethC1
>
> ovs-vsctl add-port br-int vxlan0 \
>   -- set interface vxlan0 ofport_request=99 type=vxlan
> options:remote_ip=flow options:key=flow
>
> ovs-ofctl add-flow br-int 'priority=100,arp,arp_tpa=10.0.1.2,arp_op=1
> actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:aa:bb:cc:dd:ee:ff,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0xaabbccddeeff->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x0a000102->NXM_OF_ARP_SPA[],IN_PORT'
> ovs-ofctl add-flow br-int 'priority=100,ip,nw_dst=10.0.1.2
> actions=set_field:88.88.88.2->tun_dst,99'
> ovs-ofctl add-flow br-int 'priority=0,actions=drop'
> -------
> then
> ------
> Run tcpdump on vethU1:
> $ ip netns exec nsB tcpdump -i vethU1 -vvvv -n -l port 4789
>
> Send 1 ICMP packet from 10.0.1.1 to 10.0.1.2 (we do not expect a
> response, we just want to capture ICMP echo request messages on
> vethU1):
> $ ip netns exec nsA ping 10.0.1.2 -c 1
>
> Observe with tcpdump that no packet was received on vethU1


More information about the dev mailing list