[ovs-git] [openvswitch/ovs] 9d469b: ovn: Fix IPv6 DAD failure for container ports
GitHub
noreply at github.com
Wed Oct 31 21:02:09 UTC 2018
Branch: refs/heads/branch-2.9
Home: https://github.com/openvswitch/ovs
Commit: 9d469b1c2d2d473ca733f661e8c9004489bf6c0e
https://github.com/openvswitch/ovs/commit/9d469b1c2d2d473ca733f661e8c9004489bf6c0e
Author: Numan Siddique <nusiddiq at redhat.com>
Date: 2018-10-31 (Wed, 31 Oct 2018)
Changed paths:
M ovn/controller/ofctrl.c
M ovn/controller/ofctrl.h
M ovn/controller/physical.c
M ovn/lib/logical-fields.h
M tests/ovn.at
Log Message:
-----------
ovn: Fix IPv6 DAD failure for container ports
When a container port is created inside a VM, the below kernel message
is seen and IPv6 doesn't work on that interface.
[ 138.000753] IPv6: vlan4: IPv6 duplicate address <IPv6 LLA> detected!
When a container port sends a ethernet broadcast packet, OVN delivers the same
packet back to the child port (and hence the DAD check fails).
This is because
- 'MLF_ALLOW_LOOPBACK_BIT' is set in REG10 in table 0 for the packets received
from any child port.
- for ethernet broadcast packets, Table 33 (OFTABLE_LOCAL_OUTPUT) clones the
packet for every local port 'P' which belongs to the same datapath i.e
'P'->REG15, resubmit(,34)
- If REG14 and REG15 are same, Table 34 (OFTABLE_CHECK_LOOPBACK) drops the packet
if 'MLF_ALLOW_LOOPBACK_BIT' is not set.
- But in the case of container ports, this bit will be set and hence doesn't gets
dropped and eventually gets delivered to the source container port.
- The VM's kernel thinks its a DAD packet. The latest kernels (4.19) implements
the RFC -7527 (enhanced DAD), but it is still a problem for older kernels.
This patch fixes the issue by using a new register bit (MLF_NESTED_CONTAINER_BIT)
instead of 'MLF_ALLOW_LOOPBACK_BIT' and sets it in REG10 for the packets received
from child ports so that Table 34 drops the packet for the source port.
(cherry picked from 22e506d3b686d654239c381a8c4166803fd00692)
Conflicts:
ovn/controller/physical.c
Branch 2.9 doesn't have indexing support and the function lport_lookup_by_name()
is not available. To resolve this conflict, I had to use SBREC_PORT_BINDING_FOR_EACH
instead.
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
CC: Gurucharan Shetty <guru at ovn.org>
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the git
mailing list