[ovs-git] [openvswitch/ovs] db66f7: ovn: Fix IPv6 DAD failure for container ports

GitHub noreply at github.com
Thu Oct 11 17:53:29 UTC 2018 

  Branch: refs/heads/branch-2.10
  Home:   https://github.com/openvswitch/ovs
  Commit: db66f728cff36446890d8d461a7dbc70e18c611c
      https://github.com/openvswitch/ovs/commit/db66f728cff36446890d8d461a7dbc70e18c611c
  Author: Numan Siddique <nusiddiq at redhat.com>
  Date:   2018-10-10 (Wed, 10 Oct 2018)

  Changed paths:
    M ovn/controller/ofctrl.c
    M ovn/controller/ofctrl.h
    M ovn/controller/physical.c
    M ovn/lib/logical-fields.h
    M tests/ovn.at

  Log Message:
  -----------
  ovn: Fix IPv6 DAD failure for container ports

When a container port is created inside a VM, the below kernel message
is seen and IPv6 doesn't work on that interface.

[  138.000753] IPv6: vlan4: IPv6 duplicate address <IPv6 LLA> detected!

When a container port sends a ethernet broadcast packet, OVN delivers the same
packet back to the child port (and hence the DAD check fails).

This is because
 - 'MLF_ALLOW_LOOPBACK_BIT' is set in REG10 in table 0 for the packets received
   from any child port.
 - for ethernet broadcast packets, Table 33 (OFTABLE_LOCAL_OUTPUT) clones the
   packet for every local port 'P' which belongs to the same datapath i.e
   'P'->REG15, resubmit(,34)
 - If REG14 and REG15 are same, Table 34 (OFTABLE_CHECK_LOOPBACK) drops the packet
   if 'MLF_ALLOW_LOOPBACK_BIT' is not set.
 - But in the case of container ports, this bit will be set and hence doesn't gets
   dropped and eventually gets delivered to the source container port.
 - The VM's kernel thinks its a DAD packet. The latest kernels (4.19) implements
   the RFC -7527 (enhanced DAD), but it is still a problem for older kernels.

This patch fixes the issue by using a new register bit (MLF_NESTED_CONTAINER_BIT)
instead of 'MLF_ALLOW_LOOPBACK_BIT' and sets it in REG10 for the packets received
from child ports so that Table 34 drops the packet for the source port.

Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the git mailing list