On Wed, May 10, 2023 at 7:24 AM Ilya Maximets via discuss <ovs-discuss@openvswitch.org> wrote: > > On 5/10/23 05:33, 张祖建 wrote: > > > > Attached is the ovn-northd log file. > > > > Numan Siddique <num...@ovn.org <mailto:num...@ovn.org>> 于2023年5月10日周三 > > 08:03写道: > > > > On Tue, May 9, 2023 at 1:29 PM Ilya Maximets via discuss > > <ovs-discuss@openvswitch.org <mailto:ovs-discuss@openvswitch.org>> > > wrote: > > > > > > On 5/5/23 10:22, 张祖建 via discuss wrote: > > > > Hi, all: > > > > > > > > I'm using OVN ACL with address set. Sometimes an ACL rule does not > > work as expected after updating address set addresses, and ovn-northd > > reports the following warning: > > > > > > > > 2023-05-05T08:00:07.298Z|00217|ovsdb_idl|WARN|Trying to delete a > > key that doesn't exist in the set. > > > > > > > > After some investigation, I found the reason is that ovn-northd > > tries to delete an address 0.0.0.0/4 <http://0.0.0.0/4> <http://0.0.0.0/4 > > <http://0.0.0.0/4>> from the addresses column while the existing addresses > > are 10.16.0.47/4 <http://10.16.0.47/4> <http://10.16.0.47/4 > > <http://10.16.0.47/4>> and 10.16.3.48/32 <http://10.16.3.48/32> > > <http://10.16.3.48/32 <http://10.16.3.48/32>>. > > > > > > > > I added some debug logging and found that there are two functions > > responsible for updating ovn sb address_set, update_sb_addr_set() and > > sync_addr_set(). In update_sb_addr_set(), ovn-northd formats 10.16.0.47/4 > > <http://10.16.0.47/4> <http://10.16.0.47/4 <http://10.16.0.47/4>> to > > 0.0.0.0/4 <http://0.0.0.0/4> <http://0.0.0.0/4 <http://0.0.0.0/4>> and > > writes the later to ovn sb. While in sync_addr_set(), ovn-northd writes > > 10.16.0.47/4 <http://10.16.0.47/4> <http://10.16.0.47/4 > > <http://10.16.0.47/4>> to sb directly. > > > > > > > > I believe this is a bug. > > > > > > > > OVN version: v22.12 > > > > > > CC: Numan > > > > > > Thanks for the report! This indeed looks like a bug in the > > > address set incremental processing in northd. > > > > > > If address set doesn't already exist, sync_addr_set() function > > > just copies to Sb without any processing on the addresses, but > > > during the update all addresses are going through expression > > > parsing and formatting that is getting rid of bits that are not > > > part of the mask. And that creates a difference and inability > > > to remove the address from Sb as a result. > > > > > > Best regards, Ilya Maximets. > > > > Thanks for the report. > > > > Is it possible to enable jsonrpc dbg in ovn-northd and share the logs > > when you see this issue ? > > (ovn-appctl -t ovn-northd vlog/set jsonrpc:dbg) > > > > Or if you can share a simple ovn-nbctl script to reproduce this issue > > and/or attach the OVN Northbound db that would be great. > > FWIW, the simple reproducer: > > [tutorial]$ as_uuid=$(ovn-nbctl --wait=sb create address-set name=as1 > addresses=10.16.0.47/4,10.16.3.48/32) > [tutorial]$ ovn-nbctl --wait=sb remove address_set $as_uuid addresses > 10.16.0.47/4 > [tutorial]$ cat sandbox/ovn-northd.log | grep WARN > 2023-05-10T11:22:38.998Z|00012|ovsdb_idl|WARN|Trying to delete a key that > doesn't exist in the set.
Thanks for the logs and thanks Ilya for the reproducer. I've raised a bugzilla to track it here - https://bugzilla.redhat.com/show_bug.cgi?id=2196885 I'll see if I can fix this and put a patch for review. Thanks Numan > > > > > > Thanks > > Numan > > > > > > > > > _______________________________________________ > > > discuss mailing list > > > disc...@openvswitch.org <mailto:disc...@openvswitch.org> > > > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss> > > > > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss