On Mon, May 04, 2026 at 09:05:40AM +0200, Dumitru Ceara wrote:
> Hi Mairtin,
>
> Thanks for the review!
>
> On 4/29/26 10:28 AM, Mairtin O'Loingsigh wrote:
> > On Fri, Apr 24, 2026 at 05:35:58PM +0200, Dumitru Ceara via dev wrote:
> >> The ARP/ND responder stage (ls_in_arp_rsp) unconditionally
> >> bypassed all traffic arriving from localnet ports via a
> >> priority-100 "next;" flow. This caused broadcast ARP/ND
> >> requests from the physical network to be flooded to every
> >> logical switch port instead of being handled by proxy
> >> ARP/ND. On switches with ~200+ ports the resulting
> >> multicast replication exceeded the OVS 4K resubmit limit,
> >> dropping the packets and breaking connectivity.
> >>
> >> Replace the bypass with a targeted mechanism:
> >>
> >> - In ls_in_lookup_fdb, set flags.localnet = 1 for
> >> packets arriving from localnet ports (P50 fallback;
> >> the existing P100 FDB-learning flow already sets this
> >> flag when FDB learning is enabled).
> >>
> >> - In the P50 ARP/ND reply flows, append the condition
> >> "((flags.localnet == 1 && is_chassis_resident(port))
> >> || flags.localnet == 0)" on switches that have
> >> localnet ports.
> >>
> >> This ensures that ARP/ND requests from localnet are only
> >> answered on the chassis hosting the target VIF, preventing
> >> both the flood and duplicate replies from multiple
> >> hypervisors. VIF-to-VIF proxy ARP/ND is unchanged because
> >> flags.localnet is 0 for non-localnet-sourced traffic.
> >>
> >> Fixes: f763a3273b84 ("ovn: Avoid ARP responder for packets from localnet
> >> port")
> >> Reported-at: https://redhat.atlassian.net/browse/FDP-3436
> >> Assisted-by: Claude Opus 4.6, Claude Code
> >> Signed-off-by: Dumitru Ceara <[email protected]>
> >> ---
>
> [...]
>
> >>
> >> +/* On switches with localnet ports, restrict ARP/ND replies for
> >> + * localnet-sourced requests to the chassis hosting the target VIF
> >> + * (preventing duplicate replies from every hypervisor). Non-localnet
> >> + * requests (VIF-to-VIF) are answered unconditionally as before. */
> >> +static void
> >> +build_lswitch_arp_nd_local_resp_match(struct ds *match,
> >> + const struct ovn_port *op)
> >> +{
> >> + if (!ls_has_localnet_port(op->od)) {
> >> + return;
> >> + }
> >> +
> >> + ds_put_format(match,
> >> + " && ((flags.localnet == 1 && is_chassis_resident(%s))"
> >> + " || flags.localnet == 0)", op->json_key);
> > nit: spacing
>
> I had actually done this on purpose to make it a bit more visible that "
> || flags.localnet == 0" is part of the condition in parenthesis. But I
> have no strong preference in the end. Please let me know if you still
> would like me to change it.
>
> >> +}
> >> +
>
> [...]
>
> >>
> > LGTM. Just one small nit.
> >
> > Acked-by: Mairtin O'Loingsigh <[email protected]>
> >
>
> Regards,
> Dumitru
>
This spacing does look more readable. No need to change.
Regards,
Mairtin
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
