[ovs-discuss] [OVN] Ovn-controller dose not update the flows table when localport tap device is rebuilt

hh ts_1749 at 163.com
Wed May 12 03:52:19 UTC 2021 

Description as:

After all vm using network A on HV are deleted, the tap device of the network A is also deleted.
After the vm is re-created on this HV using the network A, the tap device will be rebuilt.
At this point, the flows table has not been updated and the vm's traffic cannot reach localport. Restore by restarting ovn-controller.

ovn version as:
# ovn-controller --version
ovn-controller 21.03.0
Open vSwitch Library 2.15.90
OpenFlow versions 0x6:0x6
SB DB Schema 20.16.1

Trace by ovn-trace is normal:

()[root at ovn-ovsdb-sb-1 /]# ovn-trace --summary 5f79485f-682c-434a-8202-f6658fa30076 'inport == "643e3bc7-0b44-4929-8c4d-ec63f19097f8" && eth.src == fa:16:3e:55:4a:8f && ip4.src == 192.168.222.168 && eth.dst == fa:16:3e:4a:d6:bc && ip4.dst == 169.254.169.254 && ip.ttl == 32'
# ip,reg14=0x16,vlan_tci=0x0000,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=169.254.169.254,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=32
ingress(dp="jufeng", inport="instance-h0NdYw_jufeng_3fe45e35") {
    next;
    next;
    reg0[0] = 1;
    next;
    ct_next;
    ct_next(ct_state=est|trk /* default (use --ct to customize) */) {
        reg0[8] = 1;
        reg0[10] = 1;
        next;
        next;
        outport = "8b01e3";
        output;
        egress(dp="jufeng", inport="instance-h0NdYw_jufeng_3fe45e35", outport="8b01e3") {
            reg0[0] = 1;
            next;
            ct_next;
            ct_next(ct_state=est|trk /* default (use --ct to customize) */) {
                reg0[8] = 1;
                reg0[10] = 1;
                next;
                output;
                /* output to "8b01e3", type "localport" */;
            };
        };
    };
};

Trace by flows is not normal:

# ovs-appctl ofproto/trace br-int in_port=33,tcp,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=169.254.169.254,tp_dst=80
Flow: tcp,in_port=33,vlan_tci=0x0000,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=169.254.169.254,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0

bridge("br-int")
----------------
 0. in_port=33, priority 100, cookie 0xebbdd9f7
    set_field:0x19->reg13
    set_field:0x5->reg11
    set_field:0x3->reg12
    set_field:0x3->metadata
    set_field:0x16->reg14
    resubmit(,8)
 8. reg14=0x16,metadata=0x3,dl_src=fa:16:3e:55:4a:8f, priority 50, cookie 0x1a73fa10
    resubmit(,9)
 9. ip,reg14=0x16,metadata=0x3,dl_src=fa:16:3e:55:4a:8f,nw_src=192.168.222.168, priority 90, cookie 0x2690070f
    resubmit(,10)
10. metadata=0x3, priority 0, cookie 0x4f77990b
    resubmit(,11)
11. metadata=0x3, priority 0, cookie 0xd7e42894
    resubmit(,12)
12. metadata=0x3, priority 0, cookie 0xa5400341
    resubmit(,13)
13. ip,metadata=0x3, priority 100, cookie 0x510177c2
    set_field:0x1000000000000000000000000/0x1000000000000000000000000->xxreg0
    resubmit(,14)
14. metadata=0x3, priority 0, cookie 0x5505c270
    resubmit(,15)
15. ip,reg0=0x1/0x1,metadata=0x3, priority 100, cookie 0xf2eaa3a5
    ct(table=16,zone=NXM_NX_REG13[0..15])
    drop
     -> A clone of the packet is forked to recirculate. The forked pipeline will be resumed at table 16.
     -> Sets the packet to an untracked state, and clears all the conntrack fields.

Final flow: tcp,reg0=0x1,reg11=0x5,reg12=0x3,reg13=0x19,reg14=0x16,metadata=0x3,in_port=33,vlan_tci=0x0000,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=169.254.169.254,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0
Megaflow: recirc_id=0,eth,tcp,in_port=33,vlan_tci=0x0000/0x1fff,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=128.0.0.0/2,nw_frag=no
Datapath actions: ct(zone=25),recirc(0xe8)

===============================================================================
recirc(0xe8) - resume conntrack with default ct_state=trk|new (use --ct-next to customize)
===============================================================================

Flow: recirc_id=0xe8,ct_state=new|trk,ct_zone=25,eth,tcp,reg0=0x1,reg11=0x5,reg12=0x3,reg13=0x19,reg14=0x16,metadata=0x3,in_port=33,vlan_tci=0x0000,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=169.254.169.254,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0

bridge("br-int")
----------------
    thaw
        Resuming from table 16
16. ct_state=+new-est+trk,metadata=0x3, priority 7, cookie 0x6d37a2c
    set_field:0x80000000000000000000000000/0x80000000000000000000000000->xxreg0
    set_field:0x200000000000000000000000000/0x200000000000000000000000000->xxreg0
    resubmit(,17)
17. ip,reg0=0x80/0x80,reg14=0x16,metadata=0x3, priority 2002, cookie 0x6cdd739a
    set_field:0x2000000000000000000000000/0x2000000000000000000000000->xxreg0
    resubmit(,18)
18. metadata=0x3, priority 0, cookie 0x20565915
    resubmit(,19)
19. metadata=0x3, priority 0, cookie 0x5f4ccace
    resubmit(,20)
20. metadata=0x3, priority 0, cookie 0x1172b12a
    resubmit(,21)
21. ip,reg0=0x2/0x2,metadata=0x3, priority 100, cookie 0x39726b61
    ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0/0x1->ct_label))
    set_field:0/0x1->ct_label
     -> Sets the packet to an untracked state, and clears all the conntrack fields.
    resubmit(,22)
22. metadata=0x3, priority 0, cookie 0xd70f120c
    resubmit(,23)
23. metadata=0x3, priority 0, cookie 0x3b8fb19
    resubmit(,24)
24. metadata=0x3, priority 0, cookie 0x8948e698
    resubmit(,25)
25. metadata=0x3, priority 0, cookie 0xdc7bec76
    resubmit(,26)
26. metadata=0x3, priority 0, cookie 0x26b5d0d
    resubmit(,27)
27. metadata=0x3, priority 0, cookie 0x55ef644d
    resubmit(,28)
28. metadata=0x3, priority 0, cookie 0x915abc2b
    resubmit(,29)
29. metadata=0x3, priority 0, cookie 0x4ec355ed
    resubmit(,30)
30. metadata=0x3, priority 0, cookie 0x73a4bec2
    resubmit(,31)
31. metadata=0x3,dl_dst=fa:16:3e:4a:d6:bc, priority 50, cookie 0xb7f24943
    set_field:0x1->reg15
    resubmit(,37)
37. priority 0
    resubmit(,38)
38. reg15=0x1,metadata=0x3, priority 100
    set_field:0x18->reg13
    set_field:0x5->reg11
    set_field:0x3->reg12
    resubmit(,39)
39. priority 0
    set_field:0->reg0
    set_field:0->reg1
    set_field:0->reg2
    set_field:0->reg3
    set_field:0->reg4
    set_field:0->reg5
    set_field:0->reg6
    set_field:0->reg7
    set_field:0->reg8
    set_field:0->reg9
    resubmit(,40)
40. metadata=0x3, priority 0, cookie 0x79edd1f9
    resubmit(,41)
41. ip,metadata=0x3, priority 100, cookie 0xc29e223c
    set_field:0x1000000000000000000000000/0x1000000000000000000000000->xxreg0
    resubmit(,42)
42. ip,reg0=0x1/0x1,metadata=0x3, priority 100, cookie 0x66e9692f
    ct(table=43,zone=NXM_NX_REG13[0..15])
    drop
     -> A clone of the packet is forked to recirculate. The forked pipeline will be resumed at table 43.
     -> Sets the packet to an untracked state, and clears all the conntrack fields.

Final flow: recirc_id=0xe8,eth,tcp,reg0=0x1,reg11=0x5,reg12=0x3,reg13=0x18,reg14=0x16,reg15=0x1,metadata=0x3,in_port=33,vlan_tci=0x0000,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=169.254.169.254,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0
Megaflow: recirc_id=0xe8,ct_state=+new-est-rel-rpl-inv+trk,ct_label=0/0x1,eth,tcp,in_port=33,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_dst=128.0.0.0/2,nw_frag=no
Datapath actions: ct(commit,zone=25,label=0/0x1),ct(zone=24),recirc(0xe9)

===============================================================================
recirc(0xe9) - resume conntrack with default ct_state=trk|new (use --ct-next to customize)
===============================================================================

Flow: recirc_id=0xe9,ct_state=new|trk,ct_zone=24,eth,tcp,reg0=0x1,reg11=0x5,reg12=0x3,reg13=0x18,reg14=0x16,reg15=0x1,metadata=0x3,in_port=33,vlan_tci=0x0000,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=169.254.169.254,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0

bridge("br-int")
----------------
    thaw
        Resuming from table 43
43. metadata=0x3, priority 0, cookie 0x61feba78
    resubmit(,44)
44. ct_state=+new-est+trk,metadata=0x3, priority 7, cookie 0x9ec270ec
    set_field:0x80000000000000000000000000/0x80000000000000000000000000->xxreg0
    set_field:0x200000000000000000000000000/0x200000000000000000000000000->xxreg0
    resubmit(,45)
45. ct_state=-est+trk,ip,metadata=0x3, priority 1, cookie 0x38bc1887
    set_field:0x2000000000000000000000000/0x2000000000000000000000000->xxreg0
    resubmit(,46)
46. metadata=0x3, priority 0, cookie 0xa32f8f02
    resubmit(,47)
47. metadata=0x3, priority 0, cookie 0xbc6d5e4e
    resubmit(,48)
48. ip,reg0=0x2/0x2,metadata=0x3, priority 100, cookie 0x2a5f6224
    ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0/0x1->ct_label))
    set_field:0/0x1->ct_label
     -> Sets the packet to an untracked state, and clears all the conntrack fields.
    resubmit(,49)
49. metadata=0x3, priority 0, cookie 0x7ef415be
    resubmit(,50)
50. reg15=0x1,metadata=0x3, priority 50, cookie 0x70a3745
    resubmit(,64)
64. priority 0
    resubmit(,65)
65. reg15=0x1,metadata=0x3, priority 100, cookie 0xd7e139a0
    output:26
     >> Nonexistent output port

Final flow: recirc_id=0xe9,eth,tcp,reg0=0x283,reg11=0x5,reg12=0x3,reg13=0x18,reg14=0x16,reg15=0x1,metadata=0x3,in_port=33,vlan_tci=0x0000,dl_src=fa:16:3e:55:4a:8f,dl_dst=fa:16:3e:4a:d6:bc,nw_src=192.168.222.168,nw_dst=169.254.169.254,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0
Megaflow: recirc_id=0xe9,ct_state=+new-est-rel-rpl-inv+trk,ct_label=0/0x1,eth,ip,in_port=33,dl_src=fa:16:3e:55:4a:8f,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00,nw_frag=no
Datapath actions: ct(commit,zone=24,label=0/0x1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20210512/28a6cc70/attachment-0001.html>

More information about the discuss mailing list