[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw

Frode Nordahl Thu, 09 Jun 2022 04:36:16 -0700

** Also affects: linux (Ubuntu)
   Importance: Undecided
       Status: New


** Changed in: openvswitch (Ubuntu)
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1967856

Title:
  Hairpin traffic does not work with centralized NAT gw

Status in linux package in Ubuntu:
  Incomplete
Status in openvswitch package in Ubuntu:
  Invalid
Status in ovn package in Ubuntu:
  Invalid
Status in linux source package in Focal:
  New
Status in openvswitch source package in Focal:
  New
Status in ovn source package in Focal:
  Invalid
Status in linux source package in Jammy:
  New
Status in openvswitch source package in Jammy:
  New
Status in ovn source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Incomplete
Status in openvswitch source package in Kinetic:
  Invalid
Status in ovn source package in Kinetic:
  Invalid

Bug description:
  If you have two hvs where hv1 is the gateway chassis and you have an
  instance running on hv2.

  On instance on hv2 hairpin traffic works for the first session, but
  not for the next:

  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7
  
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7

  
  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 0 received, 100% packet loss, time 0ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7
  
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7
  
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7

  We made an attempt at using OVN built with [0], but that did
  unfortunately not help.

  If we however revert [1] it works again:
  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7
  
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
  
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1

  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7
  
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1
  
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7
  
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7
  
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
  
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1

  
  0: 
https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmich...@redhat.com/
  1: 
https://github.com/ovn-org/ovn/commit/4deac4509abbedd6ffaecf27eed01ddefccea40a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967856/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw

Reply via email to