Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-2615

Test Coverage: OVS broadcasts fragmented packets to all ports in other tenant

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      ( ) The test coverage is aligned with the epic's acceptance criteria

      Given two isolated OpenShift networks backed by OVN/OVS-DPDK, each with its own Geneve VNI (0x408 and 0x3fa for example),

      When a pod/VM in the 0x408 network sends an IPv4 packet that is fragmented,

      Then no fragment of that packet is received on any interface in the 0x3fa network.

      Show
      ( ) The test coverage is aligned with the epic's acceptance criteria Given two isolated OpenShift networks backed by OVN/OVS-DPDK, each with its own Geneve VNI (0x408 and 0x3fa for example), When a pod/VM in the 0x408 network sends an IPv4 packet that is fragmented, Then no fragment of that packet is received on any interface in the 0x3fa network.
    • rhel-9
    • None
    • rhel-net-ovs-dpdk
    • Important

      This task is tracking the test case writing activities to cover the bug described below.

       Problem Description: Clearly explain the issue.

      OVS broadcasts with fragmented packets to all ports in other tenant.
       

       Impact Assessment: Describe the severity and impact (e.g., network down,availability of a workaround, etc.).

      Unintended packets are sent to other tenants. It may have security impact on the environment.

       Software Versions: Specify the exact versions in use (e.g.,openvswitch3.1-3.1.0-147.el8fdp).

      openvswitch3.1-3.1.7-160.el9fdp.x86_64
       

        Issue Type: Indicate whether this is a new issue or a regression (if a regression, state the last known working version).

      A new issue.
       

       Reproducibility: Confirm if the issue can be reproduced consistently. If not, describe how often it occurs.

      In the customer's environment, it is constantly observed.
       

       Reproduction Steps: Provide detailed steps or scripts to replicate the issue.

      Not identified yet.
       

       Expected Behavior: Describe what should happen under normal circumstances.

      The fragmented packet in other tenant should not be observed in other tenant.
       

       Observed Behavior: Explain what actually happens.

      The unintended fragmented packet which is not target to the tenant is observed.
       

       Troubleshooting Actions: Outline the steps taken to diagnose or resolve the issue so far.

      The customer tried to drop the packet with the following command.
      However, sometime later, they removed the rule then similar fragmented packets which differred from the original timestamp were observed.

      sudo ovs-ofctl -O OpenFlow15 add-flow br-int "table=39,priority=300,metadata=0x408,dl_src=0a:00:77:3e:06:c1,nw_src=10.3.50.23/32,dl_dst=00:00:5e:00:01:12,nw_dst=10.4.3.232/32 actions=drop"

       

       Logs: If you collected logs please provide them (e.g. sos report, /var/log/openvswitch/* , testpmd console)

              ovsdpdk-triage ovsdpdk triage
              nstbot NST Bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: