On 12/1/25 10:37 PM, Alexandra Rukomoinikova wrote:
> Since [0], external ARP request/reply processing is performed only
> on the HA chassis.
>
> In cases where the full processing of ARP request happens on chassis
> that doesn't host DGP - ARP reply won't be received.
> This happens for instance in the following setup, with vif1 and ext on hv1
> and lr-pub on hv2.
> vif1 --- ls1 --- lr --- pub -+- ln
> +- ext
> To fix this, the restrictions are now applied only to requests.
>
> [0] 1b4058b9162c ("northd: Process external arps on ha chassis.")
>
> Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2025-December/428133.html
> Fixes: 1b4058b9162c ("northd: Process external arps on ha chassis.")
> Signed-off-by: Alexandra Rukomoinikova <[email protected]>
> ---
Hi Alexandra,
Thanks for the quick fix! Applied to main to unblock the CI.
However, I think we might need two more follow ups:
1. ovn-northd.at updated tests that check the flows that set
REGBIT_EXT_ARP in S_SWITCH_IN_CHECK_PORT_SEC.
2. do we need IPv6 support too (not only in tests but also for
processing ND_NS only on ha chassis?
Would you happen to have time to look into that too?
Regards,
Dumitru
> northd/northd.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/northd/northd.c b/northd/northd.c
> index ec219a0c7..8979d9ad6 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -9746,8 +9746,7 @@ build_lswitch_arp_chassis_resident(const struct
> ovn_datapath *od,
>
> SSET_FOR_EACH (port_name, &inports) {
> ds_clear(&match);
> - ds_put_format(&match, "(arp.op == 1 || arp.op == 2) "
> - "&& inport == %s",
> + ds_put_format(&match, "arp.op == 1 && inport == %s",
> port_name);
> ovn_lflow_add(lflows, od, S_SWITCH_IN_CHECK_PORT_SEC, 75,
> ds_cstr(&match), REGBIT_EXT_ARP " = 1; next;",
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
