[ovs-discuss] OVN LSP with a unknown in address will not build arp response lflows

鲁 成 lucheng0127 at outlook.com
Fri Oct 29 03:50:23 UTC 2021 

Environment info:
OVN 21.06
OVS 2.12.0

Reproduction:
1. Create a port with neutronclient assign it to a node and close port security group
2. Create a ovs port and add it to br-int, and set interface iface-id same as neutron port uuid
After it Neutron will create a LSP in OVN NB, and append unknow into LSP’s address field
Check it in script[1]

Port info:
()[root at ovn-tool-0 /]# ovn-nbctl find Logical_Switch_Port name=6a8064f9-f2cc-407d-b8da-345c6a216cb3
_uuid               : 88fd1a84-8695-4cef-b916-45531edaf0db
addresses           : ["fa:16:3e:b3:c0:e5 192.168.111.42", unknown]
dhcpv4_options      : 1a8ca1af-519c-4aa2-b3a3-cc74955dee1f
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : true
external_ids        : {"neutron:cidrs"="192.168.111.42/24", "neutron:device_id"="", "neutron:device_owner"="", "neutron:network_name"=neutron-6ac00688-422f-4a4f-99ae-b092b2d87f7b, "neutron:port_name"=lc-tap-2, "neutron:project_id"="498e2a96e4cc4edeb0c525a081dd6830", "neutron:revision_number"="4", "neutron:security_group_ids"=""}
ha_chassis_group    : []
name                : "6a8064f9-f2cc-407d-b8da-345c6a216cb3"
options             : {mcast_flood_reports="true", requested-chassis=node-1.domain.tld}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : ""
up                  : false

Results:
OVN will not build arp responder lfows for this LSP

Script:
[1]:
#!/usr/bin/bash

# Create port
# neutron port-create --name lucheng-tap --binding:host_id=node-3.domain.tld share_net

HOST=""
MAC=""

get_port_info() {
    source openrc
    port_id="$1"
    HOST=$(neutron port-show -F binding:host_id -f value "$port_id")
    MAC=$(neutron port-show -F mac_address -f value "$port_id")
    ip_info=$(neutron port-show -F fixed_ips -f value "$port_id")
    echo Port "$port_id" Mac: "$MAC" HOST: "$HOST"
    echo IP Info: "$ip_info"
}

create_ns() {
    port_id="$1"
    iface_name="lc-tap-${port_id:0:8}"
    netns_name="lc-vm-${port_id:0:8}"
    ssh "$HOST" ovs-vsctl add-port br-int "$iface_name" \
      -- set Interface "$iface_name" type=internal \
      -- set Interface "$iface_name" external_ids:iface-id="$port_id" \
      -- set Interface "$iface_name" external_ids:attached-mac="$MAC" \
      -- set Interface "$iface_name" external_ids:iface-status=active

    ssh "$HOST" ip netns add "$netns_name"
    ssh "$HOST" ip l set dev "$iface_name" address "$MAC"
    ssh "$HOST" ip l set "$iface_name" netns "$netns_name"
    ssh "$HOST" ip netns exec "$netns_name" ip l set lo up
    ssh "$HOST" ip netns exec "$netns_name" ip l set "$iface_name" up
}

main() {
    get_port_info "$1"
    create_ns "$1"
}

main $@
neutron port-update --no-security-groups [port uuid]
neutron port-update --port_security_enabled=false [port uuid]

What I found:
When try to build_lswitch_arp_nd_responder_known_ips in ovn northd, it will skip LSP, which has unknow flag.
static void
build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
                                         struct hmap *lflows,
                                         struct hmap *ports,
                                         struct ds *actions,
                                         struct ds *match)
{
    ...
            if (lsp_is_external(op->nbsp) || op->has_unknown) {
                return;
            }

从 Windows 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>发送

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20211029/82dde6e4/attachment.html>

More information about the discuss mailing list