[Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw

Frode Nordahl 1967856 at bugs.launchpad.net
Thu Apr 7 17:05:33 UTC 2022 

** Attachment added: "ovnnb_db.db"
   https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1967856/+attachment/5577952/+files/ovnnb_db.db

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ovn in Ubuntu.
https://bugs.launchpad.net/bugs/1967856

Title:
  Hairpin traffic does not work with centralized NAT gw

Status in ovn package in Ubuntu:
  Triaged

Bug description:
  If you have two hvs where hv1 is the gateway chassis and you have an
  instance running on hv2.

  On instance on hv2 hairpin traffic works for the first session, but
  not for the next:

  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7

  
  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 0 received, 100% packet loss, time 0ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7

  We made an attempt at using OVN built with [0], but that did
  unfortunately not help.

  If we however revert [1] it works again:
  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1

  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1

  
  0: https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmichels@redhat.com/
  1: https://github.com/ovn-org/ovn/commit/4deac4509abbedd6ffaecf27eed01ddefccea40a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1967856/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list