[ovs-discuss] Issue with connection tracking for packets modified in pipeline

Joe Stringer joe at ovn.org
Fri Jun 16 17:52:37 UTC 2017


On 15 June 2017 at 22:20, Numan Siddique <nusiddiq at redhat.com> wrote:
>
>
> On Thu, Jun 15, 2017 at 5:06 PM, Aswin S <aswinsuryan at gmail.com> wrote:
>>
>>
>> Adding some more info here, Thanks Numan! for pointing to this.
>>
>> The issue I am facing looks similar to the one described in [1] and [2].
>> But it seems the issue is not yet fixed.  Is there a plan to fix this soon?
>> In Opendaylight security groups is implemented using ovs-conntrack. So the
>> flow based router  ping  responder and floating IP translations hits this
>> issue.
>>
>> [1]https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329542.html
>> [2]https://patchwork.ozlabs.org/patch/739796/
>>
>
> The same issuse is also seen in OVN as pointed by Aswin.
>
> Joe - If you remember, we had a chat about this same issue during the
> Openstack Boston summit.

Hi Numan, yeah I recall we had this discussion. I didn't have much
clarity on where we're at with this.  Looking at patchwork, I provided
some feedback on the RFC. The most straightforward approach seems to
be adding a nf_ct_set(skb, NULL, 0); call for each of the 5tuple "set"
actions in the datapath.


More information about the discuss mailing list