On Wed, Jun 10, 2026 at 1:06 AM Ilya Maximets <[email protected]> wrote:
> For some reason the forced SNAT IP in this test is configured as a
> random IP from the join switch subnet that doesn't belong to anything.
> When the return traffic hits the router R1, it doesn't know the
> destination MAC for this IP and the packet gets sent to ovn-controller
> and eventually dropped. None of the wget calls actually succeed.
> The test doesn't check that and it only checks that there are some
> conntrack entries, which are actually in SYN_SENT state.
>
> While this is enough to check that load balancing is happening, this
> makes the test extremely slow. wget is configured to re-try 5 times
> with 1 second wait. And it also by default backs off by 1 more second
> on every re-try. And we're calling wget 10 times. In the end, all of
> this takes 2.5 minutes per test. Test suite runs the test twice with
> different options resulting in 5 minutes of wasted time.
>
> Let's use the proper router IP instead for SNAT. This allows reply
> traffic to actually go through and wget to succeed, saving us these
> 5 minutes.
>
> Also changing the simple NS_EXEC to NS_CHECK_EXEC so the test fails if
> wget fails.
>
> The test still reproduces the original issue.
>
> Fixes: da5529438342 ("northd: Do not drop ip traffic with destination vip
> expressed via template vars.")
> Signed-off-by: Ilya Maximets <[email protected]>
> ---
> tests/system-ovn.at | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> index 65781bed3..b08363eda 100644
> --- a/tests/system-ovn.at
> +++ b/tests/system-ovn.at
> @@ -17725,7 +17725,7 @@ ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24",
> "f0:00:00:01:02:05", \
> check ovn-nbctl lsp-add bar bar1 \
> -- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
>
> -check ovn-nbctl set logical_router R2 options:lb_force_snat_ip="20.0.0.5"
> +check ovn-nbctl set logical_router R2 options:lb_force_snat_ip="20.0.0.2"
>
> AT_CHECK([ovn-nbctl -- create chassis_template_var chassis="hv1" \
> variables="{vip=172.16.1.1,vport1=8000,backends1=\"
> 192.168.1.2:80,192.168.2.2:80\"}"],
> @@ -17741,12 +17741,12 @@ check ovn-nbctl --wait=hv sync
> OVS_START_L7([foo1], [http])
> OVS_START_L7([bar1], [http])
>
> -NETNS_START_TCPDUMP([foo1], [-neei foo1 src 20.0.0.5 and tcp], [foo1])
> -NETNS_START_TCPDUMP([bar1], [-neei bar1 src 20.0.0.5 and tcp], [bar1])
> +NETNS_START_TCPDUMP([foo1], [-neei foo1 src 20.0.0.2 and tcp], [foo1])
> +NETNS_START_TCPDUMP([bar1], [-neei bar1 src 20.0.0.2 and tcp], [bar1])
>
> check ovs-appctl dpctl/flush-conntrack
> for i in $(seq 10); do
> - NS_EXEC([alice1], [wget 172.16.1.1:8000 -t 5 -T 1
> --retry-connrefused -v -o wget$i.log])
> + NS_CHECK_EXEC([alice1], [wget 172.16.1.1:8000 -t 5 -T 1
> --retry-connrefused -v -o wget$i.log])
> done
>
> OVS_WAIT_UNTIL([
> @@ -17758,10 +17758,10 @@ OVS_WAIT_UNTIL([
> test "${n_pkt}" -ge 1
> ])
>
> -AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(20.0.0.5) | \
> +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(20.0.0.2) | \
> sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
>
> -tcp,orig=(src=172.16.1.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=20.0.0.5,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
>
> -tcp,orig=(src=172.16.1.2,dst=192.168.2.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=20.0.0.5,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
>
> +tcp,orig=(src=172.16.1.2,dst=192.168.1.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.1.2,dst=20.0.0.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
>
> +tcp,orig=(src=172.16.1.2,dst=192.168.2.2,sport=<cleared>,dport=<cleared>),reply=(src=192.168.2.2,dst=20.0.0.2,sport=<cleared>,dport=<cleared>),zone=<cleared>,protoinfo=(state=<cleared>)
> ])
>
> OVN_CLEANUP_CONTROLLER([hv1])
> --
> 2.54.0
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
> Thank you Ilya,
applied to main and backported down to 25.03 + 24.03.
Regards,
Ales
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
