On Tue, Nov 18, 2025 at 7:03 PM Dumitru Ceara <[email protected]> wrote:
> On 11/14/25 5:59 PM, Ales Musil wrote:
> > The dynamically learned FBDs were using idle_timeout configured to
> > the same value as fdb_age_threshold for given LS. This could cause
> > an issue when the traffic was originated only from OVN, without the
> > reply the flow would be used, but OVN could be just blackholing
> > traffic.
> >
> > Switch to hard_timeout instead, that means the flow will be removed
> > after the specified timeout regardless of the usage, however
> > this is still better than the blackhole that isn't recoverable.
> > Without the FDB we would flood instead, which might happen during the
> > period when hard_timeout expires before the workload replies back to
> > populate the FDB again.
> >
> > Fixes: 53e0d5ac2a74 ("controller: Learn EVPN workload FDB from the
> ingress traffic.")
> > Signed-off-by: Ales Musil <[email protected]>
> > ---
>
> Looks good to me, thanks!
>
> Acked-by: Dumitru Ceara <[email protected]>
>
> > controller/physical.c | 2 +-
> > tests/system-ovn.at | 6 +++---
> > 2 files changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/controller/physical.c b/controller/physical.c
> > index 6ac5dcd3f..2c314b7da 100644
> > --- a/controller/physical.c
> > +++ b/controller/physical.c
> > @@ -2965,7 +2965,7 @@ physical_consider_evpn_binding(const struct
> evpn_binding *binding,
> > ol->flags = NX_LEARN_F_DELETE_LEARNED;
> > ol->priority = 150;
> > ol->table_id = OFTABLE_GET_REMOTE_FDB;
> > - ol->idle_timeout = binding->fdb_age_threshold;
> > + ol->hard_timeout = binding->fdb_age_threshold;
> >
> > /* Match the learned flow on the same metadata. */
> > ol_spec = ofpbuf_put_zeros(ofpacts, sizeof *ol_spec);
> > diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> > index 76f73d96e..167281785 100644
> > --- a/tests/system-ovn.at
> > +++ b/tests/system-ovn.at
> > @@ -18653,9 +18653,9 @@ check ovn-nbctl --wait=hv set logical_switch
> ls-evpn other_config:fdb_age_thresh
> > ovs-ofctl dump-flows br-int table=OFTABLE_LEARN_REMOTE_FDB
> > AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
> table=OFTABLE_LEARN_REMOTE_FDB | grep priority | \
> > awk '{print $7, $8}' | strip_cookie | sort], [0],
> [dnl
> > -priority=100,reg14=0x80000001,metadata=0x$dp_key
> actions=learn(table=OFTABLE_GET_REMOTE_FDB,idle_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
> > -priority=100,reg14=0x80000002,metadata=0x$dp_key
> actions=learn(table=OFTABLE_GET_REMOTE_FDB,idle_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
> > -priority=100,reg14=0x80000003,metadata=0x$dp_key
> actions=learn(table=OFTABLE_GET_REMOTE_FDB,idle_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
> > +priority=100,reg14=0x80000001,metadata=0x$dp_key
> actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
> > +priority=100,reg14=0x80000002,metadata=0x$dp_key
> actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
> > +priority=100,reg14=0x80000003,metadata=0x$dp_key
> actions=learn(table=OFTABLE_GET_REMOTE_FDB,hard_timeout=300,priority=150,delete_learned,OXM_OF_METADATA[[]],NXM_OF_ETH_DST[[]]=NXM_OF_ETH_SRC[[]],load:NXM_NX_REG14[[]]->NXM_NX_REG1[[]])
> >
> priority=150,reg14=0x80000001,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:50
> actions=drop
> >
> priority=150,reg14=0x80000002,metadata=0x$dp_key,dl_src=f0:00:0f:16:10:60
> actions=drop
> >
> priority=150,reg14=0x80000003,metadata=0x$dp_key,dl_src=00:00:00:00:00:01
> actions=drop
>
>
Thank you Dumitru,
I went ahead and merged this into main.
Regards,
Ales
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
