Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-774

ovn-controller flushes all conntrack entries in ct zone 0

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • None
    • ovn24.09
    • False
    • Hide

      None

      Show
      None
    • False
    • Moderate

      this is a regression of https://bugzilla.redhat.com/show_bug.cgi?id=2087194

      version:

      ovn24.09-24.09.0-beta.26.el9fdp
      [root@dell-per740-53 ls-lr]# ovn-nbctl set logical_router rtr options:snat-ct-zone=0
      [root@dell-per740-53 ls-lr]# ovn-appctl ct-zone-list
      0307b0bd-19de-4366-a285-78a695e0a291_snat 1
      vm1 2
      0307b0bd-19de-4366-a285-78a695e0a291_dnat 3
      [root@dell-per740-53 ls-lr]# ovn-sbctl show
      Chassis hv1
      hostname: dell-per740-53.rhts.eng.pek2.redhat.com
      Encap geneve
      ip: "127.0.0.1"
      options: {csum="true"}
      Port_Binding vm1
      [root@dell-per740-53 ls-lr]# ovn-nbctl lr-add rtr – set logical_router rtr options:chassis=hv1
      ovn-nbctl: rtr: a router with this name already exists
      [root@dell-per740-53 ls-lr]# ovn-nbctl set logical_router rtr options:chassis=hv1
      [root@dell-per740-53 ls-lr]# ovn-appctl ct-zone-list
      0275178c-a738-4620-8d07-f162c580e2d7_snat 0
      rtr-ls 4
      0307b0bd-19de-4366-a285-78a695e0a291_snat 1
      vm1 2
      ls-rtr 5
      0307b0bd-19de-4366-a285-78a695e0a291_dnat 3
      0275178c-a738-4620-8d07-f162c580e2d7_dnat 6
      [root@dell-per740-53 ls-lr]# vn-appctl exit
      -bash: vn-appctl: command not found
      [root@dell-per740-53 ls-lr]# ovn-appctl exit
      [root@dell-per740-53 ls-lr]# ovs-appctl vlog/disable-rate-limit
      [root@dell-per740-53 ls-lr]# ovs-appctl vlog/set vconn:dbg
      [root@dell-per740-53 ls-lr]# > /var/lo
      local/ lock/ log/
      [root@dell-per740-53 ls-lr]# > /var/lo
      local/ lock/ log/
      [root@dell-per740-53 ls-lr]# > /var/log/openvswitch/ovs
      ovsdb-server.log ovs-vswitchd.log
      [root@dell-per740-53 ls-lr]# > /var/log/openvswitch/ovs
      ovsdb-server.log ovs-vswitchd.log
      [root@dell-per740-53 ls-lr]# > /var/log/openvswitch/ovs-vswitchd.log
      [root@dell-per740-53 ls-lr]# systemctl start ovn-controller
      [root@dell-per740-53 ls-lr]# grep -i flush /var/log/openvswitch/ovs-vswitchd.log |grep zone_id=0
      2022-06-10T01:44:36.421Z|00056|vconn|DBG|unix#4: received: NXT_CT_FLUSH_ZONE (OF1.5) (xid=0x6): zone_id=0 -------------------should not flush this zone_id=0
       
      Description of bz2087194
      With the move to shared gateway mode in OCP we changed GR to use the host ct zone to avoid conflicts with sharing the same addresses/ct entries with the host. However due to
      https://mail.openvswitch.org/pipermail/ovs-dev/2016-September/323402.html
      all entries are being flushed. OVN-Controller should only flush entries for zones it dynamically allocates that for ephemeral things like pod ips are not in use by any other entities in the system. Background on why it was added:

              ovnteam@redhat.com OVN Team
              rhn-support-yinxu Ying Xu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: