[ovs-dev] Always lost first tx tunnel packet due to no ARP entry

William Tu u9012063 at gmail.com
Wed Mar 11 18:59:04 UTC 2020


Hi,

We are seeing an issue using userspace datapath with tunnel. (Kernel
datapath works ok).
After creating a flow-based tunnel, the first IP packet sent to that
tunnel is always dropped due to
  -> neighbor cache miss for 88.88.88.2 on bridge br-phy, sending ARP request
leads to
 Datapath actions: drop
Where 88.88.88.2 is the underlay remote ip address need to be resolved.

I think similar issue is posted here, but solution is based on OVN.
https://developers.redhat.com/blog/2018/12/07/ip-packet-buffering-in-ovn/
https://github.com/openvswitch/ovs/commit/d7abfe39cfd234227bb6174b7f959a16dc803b83

Basically we need to buffer the packet until L2 address is resolved.
I wonder if there was any solution/ideas how to buffer this packet in OVS?
That is, save this first packet somewhere until OVS receives ARP replies.

Regards,
William

----- A more detail of our test using vxlan ----
ip netns add nsA
ip netns add nsB

ip link add vethC0 type veth peer name vethC1
ip link add vethU0 type veth peer name vethU1

ip link set vethC0 netns nsA
ip link set vethU1 netns nsB

ip netns exec nsA ip addr add 10.0.1.1/24 dev vethC0
ip netns exec nsA ip link set dev vethC0 up
ip link set dev vethC1 up

ip addr add 88.88.88.1/24 dev vethU0
ip link set dev vethU0 up
ip netns exec nsB ip addr add 88.88.88.2/24 dev vethU1
ip netns exec nsB ip link set dev vethU1 up

hwaddr=$(ip link show vethU0 | grep link/ether | awk '{print $2}')
inet=$(ip addr show vethU0 | grep "inet " | awk '{ print $2 }')

ovs-vsctl add-br br-int -- set Bridge br-int
ovs-vsctl --may-exist add-br br-phy \
              -- set Bridge br-phy datapath_type=system \
              -- br-set-external-id br-phy bridge-id br-phy \
              -- set bridge br-phy fail-mode=standalone \
              other_config:hwaddr="$hwaddr"

ovs-vsctl --timeout 10 add-port br-phy vethU0
ip addr add 88.88.88.1/24 dev br-phy
ip link set br-phy up
ip addr flush dev vethU0 2>/dev/null
ip link set vethU0 up

ovs-vsctl add-port br-int vethC1

ovs-vsctl add-port br-int vxlan0 \
  -- set interface vxlan0 ofport_request=99 type=vxlan
options:remote_ip=flow options:key=flow

ovs-ofctl add-flow br-int 'priority=100,arp,arp_tpa=10.0.1.2,arp_op=1
actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:aa:bb:cc:dd:ee:ff,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0xaabbccddeeff->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x0a000102->NXM_OF_ARP_SPA[],IN_PORT'
ovs-ofctl add-flow br-int 'priority=100,ip,nw_dst=10.0.1.2
actions=set_field:88.88.88.2->tun_dst,99'
ovs-ofctl add-flow br-int 'priority=0,actions=drop'
-------
then
------
Run tcpdump on vethU1:
$ ip netns exec nsB tcpdump -i vethU1 -vvvv -n -l port 4789

Send 1 ICMP packet from 10.0.1.1 to 10.0.1.2 (we do not expect a
response, we just want to capture ICMP echo request messages on
vethU1):
$ ip netns exec nsA ping 10.0.1.2 -c 1

Observe with tcpdump that no packet was received on vethU1


More information about the dev mailing list