Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-1554

Determining outport for a router policy doesn't work when IPv6 LLAs are used

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • ovn26.03
    • None
    • 13
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      Given a logical router with two connected LRPs where both only have IPv6 LLAs with no other IP configurations,

      When a router policy is created that includes a nexthop using the IPv6 LLA of one of the LRPs,

      Then the outport should be determined correctly based on the LLA provided in the nexthop configuration.

      Show
      Given a logical router with two connected LRPs where both only have IPv6 LLAs with no other IP configurations, When a router policy is created that includes a nexthop using the IPv6 LLA of one of the LRPs, Then the outport should be determined correctly based on the LLA provided in the nexthop configuration.
    • ovn26.03-26.03.0-alpha.55.el9fdp
    • rhel-9
    • None
    • rhel-net-ovn
    • ssg_networking
    • OVN FDP Sprint 9
    • 1

       Problem Description: If there are routers using only IPv6 LLA (common with BGP unnumbered use case) and a router policy is used on a router with nexthop set to the LLA of a different router then the outport is determined by matching subnets of the nexthop address and the LRPs addresses on the router with the policy. In this case, if LLAs are used then all LRPs match the criteria as all LLAs are fe80::/64 on all ports.

      https://github.com/ovn-org/ovn/blob/045b14c258c7292d1d51248f243eb201199ee45d/lib/ovn-util.c#L466-L478

       Impact Assessment: This makes routing policy not working as expected and with the reroute action traffic is sent to random ports. The workaround is to use a subnet per each router-router connection.

       

       Software Versions: All OVN versions

        Issue Type: This is a new issue

       

       Reproducibility: It can be reproduced consistently.

       

       Reproduction Steps:

      create 3 routers, 1 connecting to the other two and not configuring any IPs on the LRPs. Then use a router policy with "reroute" action and nexthop an LLA of one of the two connected LRPs.

      R1 | LRPr1 ---- LRPr2 | R2 | LRPr3 ----- LRPr4 | R3

                                                   ^
                match: inport LRPr2 reroute - nexthop: LRPr4 LLA

       Expected Behavior: The outport should be determined based on exact address given in nexthop. This can be very complex with complicated topologies

       

       Observed Behavior: Routing happens randomly

       

       Troubleshooting Actions: Looked at the generated logical flows for the router for lr_in_policy stage

       

       Logs: If you collected logs please provide them (e.g. sos report, /var/log/openvswitch/* , testpmd console)

              dceara@redhat.com Dumitru Ceara
              jlibosva Jakub Libosvar
              Jianlin Shi Jianlin Shi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: