Hello OVN enthusiasts o/
I noticed that when periodic IPv6 Router Advertisements are enabled on LRP [0],
they wont get forwarded to the external networks. I’m just wondering if it’s
intentional, or a bug. I have following simple setup:
alice | | ovn-host
| |
eth1 -------- eth1 -- SW-EXT --- R1
| |
* alice is external host connected via physical network
* ovn-host runs OVN+OVS services
* SW-EXT is LS
* R1 is LR with interface plugged to SW-EXT
Below are (what I think) relevant details:
# ovs-vsctl show
7c17d701-cc3d-4804-8094-5f92e090daa8
Bridge br-ext
Port br-ext
Interface br-ext
type: internal
Port patch-ext-patch-to-br-int
Interface patch-ext-patch-to-br-int
type: patch
options: {peer=patch-br-int-to-ext-patch}
Port eth1
Interface eth1
Bridge br-int
fail_mode: secure
datapath_type: system
Port br-int
Interface br-int
type: internal
Port patch-br-int-to-ext-patch
Interface patch-br-int-to-ext-patch
type: patch
options: {peer=patch-ext-patch-to-br-int}
ovs_version: “3.4.0"
# ovn-nbctl show
switch aaa80b25-8168-4944-bcb9-aede4d3f4c94 (SW-EXT)
port lsp-ext
type: router
router-port: lrp-ext
port ext-patch
type: localnet
addresses: ["unknown"]
router d75c995e-4d9b-4bd1-af18-9cd24c248f44 (R1)
port lrp-ext
mac: "00:00:02:00:00:01"
ipv6-lla: "fe80::200:2ff:fe00:1"
networks: ["10.42.234.1/24", "fd12:3456:789a:1::/64”]
# ipv6_ra options on “lrp-ext” in NB
ipv6_ra_configs : {address_mode=slaac, max_interval=“4", min_interval=“3",
send_periodic="true”}
# the same options correctly translated to SB options in “port_binding” table
options : {ipv6_ra_address_mode=slaac, ipv6_ra_max_interval="4",
ipv6_ra_min_interval="3”, ipv6_ra_prefixes="fd12:3456:789a:1::/64",
ipv6_ra_prf=MEDIUM, ipv6_ra_send_periodic="true”,
ipv6_ra_src_addr="fe80::200:2ff:fe00:1", ipv6_ra_src_eth="00:00:02:00:00:01",
l3gateway-chassis=movn1, peer=lsp-ext}
I can see that the packets are generated by controller:
Aug 23 10:00:17 movn1 ovn-controller[19122]:
ovs|00161|vconn(ovn_pinctrl0)|DBG|unix:/var/snap/microovn/common/run/switch//br-int.mgmt:
sent (Success): OFPT_PACKET_OUT (OF1.5) (xid=0x3de): in_port=CONTROLLER
actions=set_field:0x2->metadata,set_field:0x1->reg14,set_field:0x10/0x10->reg10,resubmit(CONTROLLER,8)
data_len=110 Aug 23 10:00:17 movn1 ovn-controller[19122]:
icmp6,vlan_tci=0x0000,dl_src=00:00:02:00:00:01,dl_dst=33:33:00:00:00:01,ipv6_src=fe80::200:2ff:fe00:1,ipv6_dst=ff02::1,ipv6_label=0x00000,nw_tos=0,nw_ecn=0,nw_ttl=255,nw_frag=no,icmp_type=134,icmp_code=0
icmp6_csum:893b
However listening on “eth1” either on “alice” or on “ovn-host”, the RAs never
show up. Note that if I plug another LSP into SW-EXT, those RAs show up on an
interface bound to that LSP.
I did a little bit of digging and found that these RA packets are dropped by a
rule that’s supposed to prevent leaking of “local only” traffic through
localnet ports [1].
The reason why I think this is unintentional is that solicited RAs in reply to
NS requests from “alice” are answered to the external network without any
issues.
What would be the best approach to fixing this?
Thanks for any insights,
Martin.
[0] https://man7.org/linux/man-pages/man5/ovn-nb.5.html (search for
“send_periodic”)
[1]h
ttps://github.com/ovn-org/ovn/blob/32fb58665f93ef033e5a0e748a4f5ee1ed10e03b/controller/physical.c#L1859-L1867
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
