[ovs-discuss] nd_target match intermittently not hitting

Justin Pettit jpettit at ovn.org
Thu Mar 23 07:21:46 UTC 2017 

> On Mar 22, 2017, at 2:54 PM, Michael Ben-Ami via discuss <ovs-discuss at openvswitch.org> wrote:
> 
> We have a flow that looks like this:
> 
> priority=1030,icmp6,in_port=4,icmp_type=135,nd_target=xxxx:xxxx:1:d0::1105:3000/124 actions=resubmit(,25)
> 
> When neighbor solicitations come in on port 4 (ethernet interface), we can see them in tcpdump as having the correct nd_target, yet the flow's n_byte, and n_packet counters don't increase, and we confirm the packet falls to a lower priority matching flow (that drops). However, if we remove the nd_target field from the match, the solicitation hits the flow as expected, every time.
> 
> As another wrinkle, while receiving continuous neighbor solicitations, we simply re-add the above flow in a loop, like "while true; do ovs-ofctl add-flow...; done". And without fail, the flow will suddenly instantly be hit (n_byte and n_packet counters increase, VM actually receives solicitation), with no change at all on what's been coming in on the data plane, and no change to the content of the flow set as a whole.

Strange.  You might try running "ovs-dpctl dump-flows" in a loop and see if an appropriate flow is being pushed to the kernel datapath and getting hit.  The behavior you've described makes me wonder if re-adding the flow is causing the packet to execute in userspace, which is properly handling the packet, and then a kernel flow is pushed down that no longer works.

> For a similar wrinkle, we can also make the flow hit by simply repeatedly running tcpdump on the interface multiple times. Like if port 4 is eth1, we'll just do "tcpdump -enni eth1" multiple times, and the solicitation will be successfully received by VM, counters increase, etc.

That just sounds odd.  I can't imagine why that would matter.

> Any ideas on why this may be? It's seems like a race condition somewhere that is relevant to matching on nd_target.
> 
> Other info:
> 
> # ovs-ofctl --version
> ovs-ofctl (Open vSwitch) 2.5.0

I haven't looked to see if this kind of issue has been addressed, but is there a reason you're not running something more recent?  The 2.5 series is now at 2.5.2.

--Justin

More information about the discuss mailing list