[ovs-dev] [PATCH ovn v3 2/2] northd: Remove "reachable" functions and users of them.

Dumitru Ceara dceara at redhat.com
Tue Mar 23 16:13:55 UTC 2021


On 3/23/21 5:05 PM, Numan Siddique wrote:
> On Fri, Mar 19, 2021 at 2:20 AM Mark Michelson <mmichels at redhat.com> wrote:
>>
>> Self-originated ARPs are intended to be sent to the "owning" router for
>> a given IP address, as well as flooded to non-router ports on a logical
>> switch.
>>
>> When trying to determine the owning router for an IP address, we would
>> iterate through load balancer and NAT addresses, and check if these IP
>> addresses were "reachable" on this particular router. Reachable here
>> means that the NAT external IP or load balancer VIP falls within any of
>> the networks served by this router. If an IP address were determined not
>> to be reachable, then we would not try to send ARPs for that particular
>> address to the router.
>>
>> However, it is possible (and sometimes desired) to configure NAT floating
>> IPs on a router that are not in any subnet handled by that router.
>> In this case, OVN refuses to send ARP requests to the router on which the
>> floating IP has been configured. The result is that internally-generated
>> traffic that targets the floating IP cannot reach its destination,
>> since the router on which the floating IP is configured never receives ARPs
>> for the floating IP.
>>
>> This patch fixes the issue by removing the reachability checks
>> altogether. If a router has a NAT external IP or load balancer VIP that
>> is outside the range of any of its configured subnets, we still should
>> send ARPs to that router for those requested addresses.
>>
>> Reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1929901
>>
>> Signed-off-by: Mark Michelson <mmichels at redhat.com>
> 
> Thanks for addressing this.
> 
> Acked-by: Numan Siddique <numans at ovn.org>
> 
> @Dumitru - Since you had added the code to limit ARPs.  Can you please
> also take a look at this patch ?
> 

Hi Mark, Numan,

I've been thinking about this for a while.  I think this needs at least:

Fixes: 1e07781310d8 ("ovn-northd: Fix logical flows to limit ARP/NS broadcast domain.")

With the latest changes in ovn-kubernetes I think that the above was not
needed anyway.  Mark, do you have more details about this by any chance?

Initial bug report was here:
https://mail.openvswitch.org/pipermail/ovs-discuss/2020-June/050287.html

Thanks,
Dumitru



More information about the dev mailing list