-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
1
-
False
-
-
False
-
-
-
ssg_networking
-
Important
ovn-northd today generates flows for IPv6 prefix delegation even if prefix delegation is not enabled.
For example these flows are added pretty much unconditionally:
static void build_dhcpv6_reply_flows_for_lrouter_port( struct ovn_port *op, struct lflow_table *lflows, struct ds *match, struct lflow_ref *lflow_ref) { ovs_assert(op->nbrp); if (is_cr_port(op)) { return; } for (size_t i = 0; i < op->lrp_networks.n_ipv6_addrs; i++) { ds_clear(match); ds_put_format(match, "ip6.dst == %s && udp.src == 547 &&" " udp.dst == 546", op->lrp_networks.ipv6_addrs[i].addr_s); ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 100, ds_cstr(match), "reg0 = 0; handle_dhcpv6_reply;", lflow_ref); } }
While they may be harmless logically, they create unnecessary matches on IPv6 addresses and UDP ports increasing the number of generated datapath flows in OVS, while this can be avoided. There are maybe other flows related to prefix delegation that may also be removed.
In general, unless necessary, IPv6 prefix delegation flows should not be generated for ports that do not have prefix delegation enabled.
- clones
-
-
- Verified
-
- links to
-
RHBA-2025:144759
ovn24.03 bug fix and enhancement update
