-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-9, rhel-10
-
3
-
False
-
-
False
-
-
rhel-sst-network-fastdatapath
-
-
-
ssg_networking
-
Moderate
Description of problem:
Disable lacp negotiation on ovs balance-slb port. When physical switch didn't have a dynamical mac record, in this time send packets from ovs-bond port will receive DUP packets. Balance-slb has a limitation when disabled lacp.
Version-Release number of selected component (if applicable):
in this case, I use rhel10 to emulate this issue.
openvswitch3.3-3.3.0-8.el10fdp.x86_64
kernel version: 6.11.0-25.el10.x86_64+rt
E810 nic firmware-version: 4.60 0x8001e8b3 1.3682.0:
DUT switch topo:
ens3f0np0 --> 9364 Eth1/3/4
ens3f1np1 --> 9364 Eth1/3/3
peer site switch topo:
ens3f0np0(i40e xxv710) --> 9364 Eth1/7/3
How reproducible: 100%
Steps to Reproduce:
1.down-up switch port, make sure no mac address record in address-table.
swcfg ssh 9364 configure interface eth1/3/3-4 shutdown no shutdown sw-cisco9364(config-if-range)# show mac address-table interface eth1/3/3 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link, (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ sw-cisco9364(config-if-range)# show mac address-table interface eth1/3/4 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link, (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------
2. run below step
ip netns add test0 ip netns exec test0 sysctl -w net.ipv6.conf.all.autoconf=1 ip netns exec test0 sysctl -w net.ipv6.conf.all.accept_ra=0 ip netns exec test0 sysctl -w net.ipv6.conf.default.autoconf=1 ip netns exec test0 sysctl -w net.ipv6.conf.default.accept_ra=0 ip netns exec test0 sysctl -w net.ipv6.conf.test0.autoconf=1 ip netns exec test0 sysctl -w net.ipv6.conf.test0.accept_ra=0 ip link add test0 type veth peer name ovs-test0 ip link set test0 netns test0 ip netns exec test0 ip link set test0 up ip netns exec test0 ip addr add 172.118.118.2/24 dev test0 ip netns exec test0 ip addr add 2024:db8:118:118::2/64 dev test0 ip link set ens3f0np0 up ip link set ens3f1np1 up ip link set ens3f0np0 mtu 9000 ip link set ens3f1np1 mtu 9000 ovs-vsctl --may-exist add-br bondbridge -- set bridge bondbridge mcast_snooping_enable=true other-config:mac-aging-time=15 other-config:mcast-snooping-aging-time=15 ovs-vsctl add-bond bondbridge balance-slb ens3f0np0 ens3f1np1 lacp=off bond_mode=balance-slb \ -- set Interface ens3f0np0 mtu_request=9000 \ -- set Interface ens3f1np1 mtu_request=9000 ovs-ofctl mod-port bondbridge bondbridge up ovs-vsctl set int bondbridge mtu_request=9000 ovs-vsctl add-port bondbridge ovs-test0 ip link set ovs-test0 up ip link set ovs-test0 mtu 9000 ip netns exec test0 ip link set test0 mtu 9000 ovs-ofctl del-flows bondbridge ovs-ofctl add-flow bondbridge actions=NORMAL ovs-appctl fdb/flush bondbridge ovs-appctl mdb/flush bondbridge ovs-appctl bond/show ---- balance-slb ---- bond_mode: balance-slb bond may use recirculation: no, Recirc-ID : -1 bond-hash-basis: 0 lb_output action: disabled, bond-id: -1 all members active: false updelay: 0 ms downdelay: 0 ms next rebalance: 7616 ms lacp_status: off lacp_fallback_ab: false active-backup primary: <none> active member mac: b4:96:91:a5:d0:e7(ens3f1np1)member ens3f0np0: enabled may_enable: truemember ens3f1np1: enabled active member may_enable: true sleep 16 ip netns exec test0 ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2486: test0@if2485: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000 link/ether 56:6b:93:39:86:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.118.118.2/24 scope global test0 valid_lft forever preferred_lft forever inet6 2024:db8:118:118::2/64 scope global valid_lft forever preferred_lft forever ip netns exec test0 ping -c 10 172.118.118.1 PING 172.118.118.1 (172.118.118.1) 56(84) bytes of data. 64 bytes from 172.118.118.1: icmp_seq=1 ttl=64 time=0.381 ms 64 bytes from 172.118.118.1: icmp_seq=1 ttl=64 time=0.402 ms (DUP!) 64 bytes from 172.118.118.1: icmp_seq=2 ttl=64 time=0.056 ms 64 bytes from 172.118.118.1: icmp_seq=3 ttl=64 time=0.056 ms 64 bytes from 172.118.118.1: icmp_seq=4 ttl=64 time=0.061 ms 64 bytes from 172.118.118.1: icmp_seq=5 ttl=64 time=0.055 ms 64 bytes from 172.118.118.1: icmp_seq=6 ttl=64 time=0.054 ms 64 bytes from 172.118.118.1: icmp_seq=7 ttl=64 time=0.044 ms 64 bytes from 172.118.118.1: icmp_seq=8 ttl=64 time=0.046 ms 64 bytes from 172.118.118.1: icmp_seq=9 ttl=64 time=0.046 ms 64 bytes from 172.118.118.1: icmp_seq=10 ttl=64 time=0.049 ms
3.using tcpdump to capture each slave interface on balance-slb
for ens3f0np0
[root@hp-dl388g10-03 ovs_bond_function]# tcpdump -i ens3f0np0 -ne ether src 56:6b:93:39:86:b8 or ether dst 56:6b:93:39:86:b8
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on ens3f0np0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
04:15:41.625525 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 1, length 64
04:15:41.625707 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype ARP (0x0806), length 42: Reply 172.118.118.2 is-at 56:6b:93:39:86:b8, length 28
04:15:41.625744 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 1, length 64
04:15:42.645726 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 2, length 64
04:15:42.645757 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 2, length 64
04:15:43.669722 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 3, length 64
04:15:43.669755 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 3, length 64
04:15:44.693479 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 4, length 64
04:15:44.693513 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 4, length 64
04:15:45.717472 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 5, length 64
04:15:45.717506 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 5, length 64
04:15:46.741473 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 6, length 64
04:15:46.741507 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 6, length 64
04:15:46.869475 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype ARP (0x0806), length 42: Request who-has 172.118.118.1 tell 172.118.118.2, length 28
04:15:46.869504 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype ARP (0x0806), length 60: Reply 172.118.118.1 is-at 40:a6:b7:0e:d0:90, length 46
04:15:47.765466 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 7, length 64
04:15:47.765494 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 7, length 64
04:15:48.789467 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 8, length 64
04:15:48.789497 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 8, length 64
04:15:49.813468 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 9, length 64
04:15:49.813497 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 9, length 64
04:15:50.837470 56:6b:93:39:86:b8 > 40:a6:b7:0e:d0:90, ethertype IPv4 (0x0800), length 98: 172.118.118.2 > 172.118.118.1: ICMP echo request, id 10141, seq 10, length 64
04:15:50.837499 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 10, length 64
for ens3f1np1
[root@hp-dl388g10-03 ovs_bond_function]# tcpdump -i ens3f1np1 -ne ether src 56:6b:93:39:86:b8 or ether dst 56:6b:93:39:86:b8
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on ens3f1np1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
04:15:41.625735 40:a6:b7:0e:d0:90 > 56:6b:93:39:86:b8, ethertype IPv4 (0x0800), length 98: 172.118.118.1 > 172.118.118.2: ICMP echo reply, id 10141, seq 1, length 64
Actual results:
Receive a DUP packets.
