[ovs-dev] Always lost first tx tunnel packet due to no ARP entry

William Tu u9012063 at gmail.com
Wed Mar 11 18:59:04 UTC 2020


We are seeing an issue using userspace datapath with tunnel. (Kernel
datapath works ok).
After creating a flow-based tunnel, the first IP packet sent to that
tunnel is always dropped due to
  -> neighbor cache miss for on bridge br-phy, sending ARP request
leads to
 Datapath actions: drop
Where is the underlay remote ip address need to be resolved.

I think similar issue is posted here, but solution is based on OVN.

Basically we need to buffer the packet until L2 address is resolved.
I wonder if there was any solution/ideas how to buffer this packet in OVS?
That is, save this first packet somewhere until OVS receives ARP replies.


----- A more detail of our test using vxlan ----
ip netns add nsA
ip netns add nsB

ip link add vethC0 type veth peer name vethC1
ip link add vethU0 type veth peer name vethU1

ip link set vethC0 netns nsA
ip link set vethU1 netns nsB

ip netns exec nsA ip addr add dev vethC0
ip netns exec nsA ip link set dev vethC0 up
ip link set dev vethC1 up

ip addr add dev vethU0
ip link set dev vethU0 up
ip netns exec nsB ip addr add dev vethU1
ip netns exec nsB ip link set dev vethU1 up

hwaddr=$(ip link show vethU0 | grep link/ether | awk '{print $2}')
inet=$(ip addr show vethU0 | grep "inet " | awk '{ print $2 }')

ovs-vsctl add-br br-int -- set Bridge br-int
ovs-vsctl --may-exist add-br br-phy \
              -- set Bridge br-phy datapath_type=system \
              -- br-set-external-id br-phy bridge-id br-phy \
              -- set bridge br-phy fail-mode=standalone \

ovs-vsctl --timeout 10 add-port br-phy vethU0
ip addr add dev br-phy
ip link set br-phy up
ip addr flush dev vethU0 2>/dev/null
ip link set vethU0 up

ovs-vsctl add-port br-int vethC1

ovs-vsctl add-port br-int vxlan0 \
  -- set interface vxlan0 ofport_request=99 type=vxlan
options:remote_ip=flow options:key=flow

ovs-ofctl add-flow br-int 'priority=100,arp,arp_tpa=,arp_op=1
ovs-ofctl add-flow br-int 'priority=100,ip,nw_dst=
ovs-ofctl add-flow br-int 'priority=0,actions=drop'
Run tcpdump on vethU1:
$ ip netns exec nsB tcpdump -i vethU1 -vvvv -n -l port 4789

Send 1 ICMP packet from to (we do not expect a
response, we just want to capture ICMP echo request messages on
$ ip netns exec nsA ping -c 1

Observe with tcpdump that no packet was received on vethU1

More information about the dev mailing list