Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-773

ovn-controller flushes previously owned requested conntrack zones on restart

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Critical

      With latest ovn24.09 branch, or with ovn24.09-24.09.0-beta.27.el9fdp.

      Create a topology with a gateway router pinned to the local chassis (e.g., chassis-1) for which we request snat-zone to be 0:

      ovn-nbctl ls-add sw0
ovn-nbctl lsp-add sw0 sw0-port1
ovn-nbctl lsp-set-addresses sw0-port1 "50:54:00:00:00:01 192.168.0.2"

# Create the second logical switch with one port
ovn-nbctl ls-add sw1
ovn-nbctl lsp-add sw1 sw1-port1
ovn-nbctl lsp-set-addresses sw1-port1 "50:54:00:00:00:03 11.0.0.2"

# Create a logical router and attach both logical switches
ovn-nbctl lr-add lr0

ovn-nbctl set logical_router lr0 options:chassis=chassis-1      # IMPORTANT
ovn-nbctl set logical_router lr0 options:snat-ct-zone=0           # IMPORTANT

ovn-nbctl lrp-add lr0 lrp0 00:00:00:00:ff:01 192.168.0.1/24
ovn-nbctl lsp-add sw0 lrp0-attachment
ovn-nbctl lsp-set-type lrp0-attachment router
ovn-nbctl lsp-set-addresses lrp0-attachment 00:00:00:00:ff:01
ovn-nbctl lsp-set-options lrp0-attachment router-port=lrp0
ovn-nbctl lrp-add lr0 lrp1 00:00:00:00:ff:02 11.0.0.1/24
ovn-nbctl lsp-add sw1 lrp1-attachment
ovn-nbctl lsp-set-type lrp1-attachment router
ovn-nbctl lsp-set-addresses lrp1-attachment 00:00:00:00:ff:02
ovn-nbctl lsp-set-options lrp1-attachment router-port=lrp1

ovs-vsctl add-port br-int p1 -- \
    set Interface p1 external_ids:iface-id=sw0-port1
ovs-vsctl add-port br-int p2 -- \
    set Interface p2 external_ids:iface-id=sw1-port1

      Wait for everything to converge, e.g.:

      ovn-nbctl --wait=hv sync

      Enable ovs-vswitchd vconn logs and monitor for conntrack zone flushes:

      ovs-appctl vlog/disable-rate-limit
ovs-appctl vlog/set vconn:DBG

tail -F ovs-vswitchd.log | grep -i flush

      Forcefully kill ovn-controller and restart it. It should detect that zone 0 is already allocated and requested and should not flush it. However we see this in the vswitchd logs, when ovn-controller restarts:

      2024-09-06T15:10:51.880Z|00728|vconn|DBG|unix#9: received: NXT_CT_FLUSH_ZONE (OF1.5) (xid=0x11): zone_id=0
2024-09-06T15:10:51.918Z|01172|vconn|DBG|unix#9: received: NXT_CT_FLUSH_ZONE (OF1.5) (xid=0x1ca): zone_id=0

            lorenzobianconi lorenzo bianconi
            dceara@redhat.com Dumitru Ceara
            Ying Xu Ying Xu
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: