[ovs-discuss] Flow match on nw_dst and tp_dst suddenly starts failing and gets OK on any event on VSwitch
Emad Mohamadi
emadolsky at gmail.com
Mon Sep 6 11:18:34 UTC 2021
Hi,
We have an OpenVSwitch instance in a server which has a table like this in
it:
```
cookie=0x0, duration=4137.820s, table=55, n_packets=50463917,
n_bytes=28268279960, idle_age=0,
priority=400,tcp,nw_dst=80.80.80.80,tp_dst=443
actions=multipath(symmetric_l3l4+udp,0,hrw,12,0,NXM_NX_REG6[]),resubmit(,56)
cookie=0x0, duration=184.291s, table=55, n_packets=632, n_bytes=187447,
priority=5 actions=output:"ln-5adfec95d9bc"
cookie=0x0, duration=2986630.741s, table=55, n_packets=29493764,
n_bytes=4541230125, priority=0 actions=drop
```
There are about 200 other flows in the table like the first one mentioned
with different nw_dst and tp_dsts.
So, the problem is that sometimes, we see that packets are accepted in the
second flow instead of the first one despite that the nw_src and tp_dst
should match to the first one. So inside `ln-5adfec95d9bc` we would capture:
```
2021-09-05 22:53:00.081189 00:08:e3:ff:fc:c8 > c2:56:82:a2:e7:c6, ethertype
IPv4 (0x0800), length 74: (tos 0x0, ttl 50, id 3002, offset 0, flags [DF],
proto TCP (6), length 60)
5.5.5.5.55845 > 80.80.80.80.443: Flags [S], seq 2227601317, win 65535,
options [mss 1400,sackOK,TS val 7304320 ecr 0,nop,wscale 4], length 0
```
And the state remains problematic until some event happens to OpenVSwitch;
like adding and deleting some flow entries or restarting ovs components.
I know this sounds very weird, but we are really losing our minds :).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20210906/15102b14/attachment.html>
More information about the discuss
mailing list