When it come to me, I think LSP with address "fa:16:3e:b3:c0:e5 192.168.111.42" and unknown unknown it means port can send traffic with any mac address But for address "fa:16:3e:b3:c0:e5”, maybe we should make an arp reply for this address, don’t you think?
Thanks 从 Windows 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>发送 发件人: ovs-discuss-requ...@openvswitch.org<mailto:ovs-discuss-requ...@openvswitch.org> 发送时间: Friday, October 29, 2021 3:59 PM 收件人: ovs-discuss@openvswitch.org<mailto:ovs-discuss@openvswitch.org> 主题: discuss Digest, Vol 148, Issue 36 Send discuss mailing list submissions to ovs-discuss@openvswitch.org To subscribe or unsubscribe via the World Wide Web, visit https://mail.openvswitch.org/mailman/listinfo/ovs-discuss or, via email, send a message with subject or body 'help' to ovs-discuss-requ...@openvswitch.org You can reach the person managing the list at ovs-discuss-ow...@openvswitch.org When replying, please edit your Subject line so it is more specific than "Re: Contents of discuss digest..." Today's Topics: 1. OVN LSP with a unknown in address will not build arp response lflows (? ?) 2. Re: OVN LSP with a unknown in address will not build arp response lflows (Daniel Alvarez Sanchez) ---------------------------------------------------------------------- Message: 1 Date: Fri, 29 Oct 2021 03:50:23 +0000 From: ? ? <lucheng0...@outlook.com> To: "b...@openvswitch.org" <b...@openvswitch.org> Subject: [ovs-discuss] OVN LSP with a unknown in address will not build arp response lflows Message-ID: <os3pr01mb7359b67f7668601955af9ba8a6...@os3pr01mb7359.jpnprd01.prod.outlook.com> Content-Type: text/plain; charset="gb2312" Environment info: OVN 21.06 OVS 2.12.0 Reproduction: 1. Create a port with neutronclient assign it to a node and close port security group 2. Create a ovs port and add it to br-int, and set interface iface-id same as neutron port uuid After it Neutron will create a LSP in OVN NB, and append unknow into LSP?s address field Check it in script[1] Port info: ()[root@ovn-tool-0 /]# ovn-nbctl find Logical_Switch_Port name=6a8064f9-f2cc-407d-b8da-345c6a216cb3 _uuid : 88fd1a84-8695-4cef-b916-45531edaf0db addresses : ["fa:16:3e:b3:c0:e5 192.168.111.42", unknown] dhcpv4_options : 1a8ca1af-519c-4aa2-b3a3-cc74955dee1f dhcpv6_options : [] dynamic_addresses : [] enabled : true external_ids : {"neutron:cidrs"="192.168.111.42/24", "neutron:device_id"="", "neutron:device_owner"="", "neutron:network_name"=neutron-6ac00688-422f-4a4f-99ae-b092b2d87f7b, "neutron:port_name"=lc-tap-2, "neutron:project_id"="498e2a96e4cc4edeb0c525a081dd6830", "neutron:revision_number"="4", "neutron:security_group_ids"=""} ha_chassis_group : [] name : "6a8064f9-f2cc-407d-b8da-345c6a216cb3" options : {mcast_flood_reports="true", requested-chassis=node-1.domain.tld} parent_name : [] port_security : [] tag : [] tag_request : [] type : "" up : false Results: OVN will not build arp responder lfows for this LSP Script: [1]: #!/usr/bin/bash # Create port # neutron port-create --name lucheng-tap --binding:host_id=node-3.domain.tld share_net HOST="" MAC="" get_port_info() { source openrc port_id="$1" HOST=$(neutron port-show -F binding:host_id -f value "$port_id") MAC=$(neutron port-show -F mac_address -f value "$port_id") ip_info=$(neutron port-show -F fixed_ips -f value "$port_id") echo Port "$port_id" Mac: "$MAC" HOST: "$HOST" echo IP Info: "$ip_info" } create_ns() { port_id="$1" iface_name="lc-tap-${port_id:0:8}" netns_name="lc-vm-${port_id:0:8}" ssh "$HOST" ovs-vsctl add-port br-int "$iface_name" \ -- set Interface "$iface_name" type=internal \ -- set Interface "$iface_name" external_ids:iface-id="$port_id" \ -- set Interface "$iface_name" external_ids:attached-mac="$MAC" \ -- set Interface "$iface_name" external_ids:iface-status=active ssh "$HOST" ip netns add "$netns_name" ssh "$HOST" ip l set dev "$iface_name" address "$MAC" ssh "$HOST" ip l set "$iface_name" netns "$netns_name" ssh "$HOST" ip netns exec "$netns_name" ip l set lo up ssh "$HOST" ip netns exec "$netns_name" ip l set "$iface_name" up } main() { get_port_info "$1" create_ns "$1" } main $@ neutron port-update --no-security-groups [port uuid] neutron port-update --port_security_enabled=false [port uuid] What I found: When try to build_lswitch_arp_nd_responder_known_ips in ovn northd, it will skip LSP, which has unknow flag. static void build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, struct hmap *lflows, struct hmap *ports, struct ds *actions, struct ds *match) { ... if (lsp_is_external(op->nbsp) || op->has_unknown) { return; } ? Windows ???<https://go.microsoft.com/fwlink/?LinkId=550986>?? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20211029/82dde6e4/attachment-0001.html> ------------------------------ Message: 2 Date: Fri, 29 Oct 2021 09:58:33 +0200 From: Daniel Alvarez Sanchez <dalva...@redhat.com> To: ? ? <lucheng0...@outlook.com> Cc: "b...@openvswitch.org" <b...@openvswitch.org> Subject: Re: [ovs-discuss] OVN LSP with a unknown in address will not build arp response lflows Message-ID: <capxmuf9yd4x5sbbha13tmhswfsufgytxazvbus2vs0igkho...@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Hi, On Fri, Oct 29, 2021 at 5:50 AM ? ? <lucheng0...@outlook.com> wrote: > *Environment info:* > OVN 21.06 > > OVS 2.12.0 > > *Reproduction:* > 1. Create a port with neutronclient assign it to a node and close port > security group > > 2. Create a ovs port and add it to br-int, and set interface iface-id same > as neutron port uuid > > After it Neutron will create a LSP in OVN NB, and append unknow into LSP?s > address field > > Check it in script[1] > > > > Port info: > ()[root@ovn-tool-0 /]# ovn-nbctl find Logical_Switch_Port > name=6a8064f9-f2cc-407d-b8da-345c6a216cb3 > > _uuid : 88fd1a84-8695-4cef-b916-45531edaf0db > > addresses : ["fa:16:3e:b3:c0:e5 192.168.111.42", unknown] > > dhcpv4_options : 1a8ca1af-519c-4aa2-b3a3-cc74955dee1f > > dhcpv6_options : [] > > dynamic_addresses : [] > > enabled : true > > external_ids : {"neutron:cidrs"="192.168.111.42/24", > "neutron:device_id"="", "neutron:device_owner"="", > "neutron:network_name"=neutron-6ac00688-422f-4a4f-99ae-b092b2d87f7b, > "neutron:port_name"=lc-tap-2, > "neutron:project_id"="498e2a96e4cc4edeb0c525a081dd6830", > "neutron:revision_number"="4", "neutron:security_group_ids"=""} > > ha_chassis_group : [] > > name : "6a8064f9-f2cc-407d-b8da-345c6a216cb3" > > options : {mcast_flood_reports="true", > requested-chassis=node-1.domain.tld} > > parent_name : [] > > port_security : [] > > tag : [] > > tag_request : [] > > type : "" > > up : false > > > > *Results:* > OVN will not build arp responder lfows for this LSP > I believe that this is the expected behavior as you disable port security, meaning that the traffic from that port can come from any MAC address (it's unknown to OVN). Hence, it is up to the VM/container/whatever to reply to ARP requests and OVN should not reply on its behalf. Hope this helps. Thanks! daniel > > *Script:* > > [1]: > > #!/usr/bin/bash > > > > # Create port > > # neutron port-create --name lucheng-tap > --binding:host_id=node-3.domain.tld share_net > > > > HOST="" > > MAC="" > > > > get_port_info() { > > source openrc > > port_id="$1" > > HOST=$(neutron port-show -F binding:host_id -f value "$port_id") > > MAC=$(neutron port-show -F mac_address -f value "$port_id") > > ip_info=$(neutron port-show -F fixed_ips -f value "$port_id") > > echo Port "$port_id" Mac: "$MAC" HOST: "$HOST" > > echo IP Info: "$ip_info" > > } > > > > create_ns() { > > port_id="$1" > > iface_name="lc-tap-${port_id:0:8}" > > netns_name="lc-vm-${port_id:0:8}" > > ssh "$HOST" ovs-vsctl add-port br-int "$iface_name" \ > > -- set Interface "$iface_name" type=internal \ > > -- set Interface "$iface_name" external_ids:iface-id="$port_id" \ > > -- set Interface "$iface_name" external_ids:attached-mac="$MAC" \ > > -- set Interface "$iface_name" external_ids:iface-status=active > > > > ssh "$HOST" ip netns add "$netns_name" > > ssh "$HOST" ip l set dev "$iface_name" address "$MAC" > > ssh "$HOST" ip l set "$iface_name" netns "$netns_name" > > ssh "$HOST" ip netns exec "$netns_name" ip l set lo up > > ssh "$HOST" ip netns exec "$netns_name" ip l set "$iface_name" up > > } > > > > main() { > > get_port_info "$1" > > create_ns "$1" > > } > > > > main $@ > > neutron port-update --no-security-groups [port uuid] > > neutron port-update --port_security_enabled=false [port uuid] > > > > *What I found:* > > When try to build_lswitch_arp_nd_responder_known_ips in ovn northd, it > will skip LSP, which has unknow flag. > > static void > > build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op, > > struct hmap *lflows, > > struct hmap *ports, > > struct ds *actions, > > struct ds *match) > > { > > ... > > if (lsp_is_external(op->nbsp) || op->has_unknown) { > > return; > > } > > > > ? Windows ??? <https://go.microsoft.com/fwlink/?LinkId=550986>?? > > > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20211029/9b9537a0/attachment.html> ------------------------------ Subject: Digest Footer _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss ------------------------------ End of discuss Digest, Vol 148, Issue 36 ****************************************
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
