[ovs-discuss] Issue with connection tracking for packets modified in pipeline

Joe Stringer joe at ovn.org
Mon Jun 19 21:41:40 UTC 2017


On 19 June 2017 at 00:37, Numan Siddique <nusiddiq at redhat.com> wrote:
>
>
> On Fri, Jun 16, 2017 at 11:22 PM, Joe Stringer <joe at ovn.org> wrote:
>>
>> On 15 June 2017 at 22:20, Numan Siddique <nusiddiq at redhat.com> wrote:
>> >
>> >
>> > On Thu, Jun 15, 2017 at 5:06 PM, Aswin S <aswinsuryan at gmail.com> wrote:
>> >>
>> >>
>> >> Adding some more info here, Thanks Numan! for pointing to this.
>> >>
>> >> The issue I am facing looks similar to the one described in [1] and
>> >> [2].
>> >> But it seems the issue is not yet fixed.  Is there a plan to fix this
>> >> soon?
>> >> In Opendaylight security groups is implemented using ovs-conntrack. So
>> >> the
>> >> flow based router  ping  responder and floating IP translations hits
>> >> this
>> >> issue.
>> >>
>> >>
>> >> [1]https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329542.html
>> >> [2]https://patchwork.ozlabs.org/patch/739796/
>> >>
>> >
>> > The same issuse is also seen in OVN as pointed by Aswin.
>> >
>> > Joe - If you remember, we had a chat about this same issue during the
>> > Openstack Boston summit.
>>
>> Hi Numan, yeah I recall we had this discussion. I didn't have much
>> clarity on where we're at with this.  Looking at patchwork, I provided
>> some feedback on the RFC. The most straightforward approach seems to
>> be adding a nf_ct_set(skb, NULL, 0); call for each of the 5tuple "set"
>> actions in the datapath.
>
>
> Thanks. I will try it out and let you know how it went.
> I remember, I was suppose to provide more clarity after our discussion. My
> apologies. It slipped out of my head.

No worries, let me know how you go.


More information about the discuss mailing list