Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-1554

Upstream: Determining outport for a router policy doesn't work when IPv6 LLAs are used

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • ovn26.03
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      Please mark each item below with ( / ) if completed or ( x ) if incomplete:
      Unit test or Integration test case are written and pass successfully

      The upstream pull request is merged upstream and pass CI

      Show
      Please mark each item below with ( / ) if completed or ( x ) if incomplete: Unit test or Integration test case are written and pass successfully The upstream pull request is merged upstream and pass CI
    • ovn26.03-26.03.0-alpha.55.el9fdp
    • rhel-9
    • None
    • rhel-net-ovn
    • ssg_networking
    • OVN FDP Sprint 9
    • 1

       Problem Description: If there are routers using only IPv6 LLA (common with BGP unnumbered use case) and a router policy is used on a router with nexthop set to the LLA of a different router then the outport is determined by matching subnets of the nexthop address and the LRPs addresses on the router with the policy. In this case, if LLAs are used then all LRPs match the criteria as all LLAs are fe80::/64 on all ports.

      https://github.com/ovn-org/ovn/blob/045b14c258c7292d1d51248f243eb201199ee45d/lib/ovn-util.c#L466-L478

       Impact Assessment: This makes routing policy not working as expected and with the reroute action traffic is sent to random ports. The workaround is to use a subnet per each router-router connection.

       

       Software Versions: All OVN versions

        Issue Type: This is a new issue

       

       Reproducibility: It can be reproduced consistently.

       

       Reproduction Steps:

      create 3 routers, 1 connecting to the other two and not configuring any IPs on the LRPs. Then use a router policy with "reroute" action and nexthop an LLA of one of the two connected LRPs.

      R1 | LRPr1 ---- LRPr2 | R2 | LRPr3 ----- LRPr4 | R3

                                                   ^
                match: inport LRPr2 reroute - nexthop: LRPr4 LLA

       Expected Behavior: The outport should be determined based on exact address given in nexthop. This can be very complex with complicated topologies

       

       Observed Behavior: Routing happens randomly

       

       Troubleshooting Actions: Looked at the generated logical flows for the router for lr_in_policy stage

       

       Logs: If you collected logs please provide them (e.g. sos report, /var/log/openvswitch/* , testpmd console)

              dceara@redhat.com Dumitru Ceara
              jlibosva Jakub Libosvar
              Jianlin Shi Jianlin Shi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: