[ovs-git] [openvswitch/ovs] 9d469b: ovn: Fix IPv6 DAD failure for container ports

GitHub noreply at github.com
Wed Oct 31 21:02:09 UTC 2018 

  Branch: refs/heads/branch-2.9
  Home:   https://github.com/openvswitch/ovs
  Commit: 9d469b1c2d2d473ca733f661e8c9004489bf6c0e
      https://github.com/openvswitch/ovs/commit/9d469b1c2d2d473ca733f661e8c9004489bf6c0e
  Author: Numan Siddique <nusiddiq at redhat.com>
  Date:   2018-10-31 (Wed, 31 Oct 2018)

  Changed paths:
    M ovn/controller/ofctrl.c
    M ovn/controller/ofctrl.h
    M ovn/controller/physical.c
    M ovn/lib/logical-fields.h
    M tests/ovn.at

  Log Message:
  -----------
  ovn: Fix IPv6 DAD failure for container ports

When a container port is created inside a VM, the below kernel message
is seen and IPv6 doesn't work on that interface.

[  138.000753] IPv6: vlan4: IPv6 duplicate address <IPv6 LLA> detected!

When a container port sends a ethernet broadcast packet, OVN delivers the same
packet back to the child port (and hence the DAD check fails).

This is because
 - 'MLF_ALLOW_LOOPBACK_BIT' is set in REG10 in table 0 for the packets received
   from any child port.
 - for ethernet broadcast packets, Table 33 (OFTABLE_LOCAL_OUTPUT) clones the
   packet for every local port 'P' which belongs to the same datapath i.e
   'P'->REG15, resubmit(,34)
 - If REG14 and REG15 are same, Table 34 (OFTABLE_CHECK_LOOPBACK) drops the packet
   if 'MLF_ALLOW_LOOPBACK_BIT' is not set.
 - But in the case of container ports, this bit will be set and hence doesn't gets
   dropped and eventually gets delivered to the source container port.
 - The VM's kernel thinks its a DAD packet. The latest kernels (4.19) implements
   the RFC -7527 (enhanced DAD), but it is still a problem for older kernels.

This patch fixes the issue by using a new register bit (MLF_NESTED_CONTAINER_BIT)
instead of 'MLF_ALLOW_LOOPBACK_BIT' and sets it in REG10 for the packets received
from child ports so that Table 34 drops the packet for the source port.

(cherry picked from 22e506d3b686d654239c381a8c4166803fd00692)
Conflicts:
    ovn/controller/physical.c

Branch 2.9 doesn't have indexing support and the function lport_lookup_by_name()
is not available. To resolve this conflict, I had to use SBREC_PORT_BINDING_FOR_EACH
instead.

Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
CC: Gurucharan Shetty <guru at ovn.org>



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the git mailing list