[Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw

Frode Nordahl 1967856 at bugs.launchpad.net
Thu Jun 9 11:29:08 UTC 2022 

** Also affects: linux (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: openvswitch (Ubuntu)
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/1967856

Title:
  Hairpin traffic does not work with centralized NAT gw

Status in linux package in Ubuntu:
  Incomplete
Status in openvswitch package in Ubuntu:
  Invalid
Status in ovn package in Ubuntu:
  Invalid
Status in linux source package in Focal:
  New
Status in openvswitch source package in Focal:
  New
Status in ovn source package in Focal:
  Invalid
Status in linux source package in Jammy:
  New
Status in openvswitch source package in Jammy:
  New
Status in ovn source package in Jammy:
  Invalid
Status in linux source package in Kinetic:
  Incomplete
Status in openvswitch source package in Kinetic:
  Invalid
Status in ovn source package in Kinetic:
  Invalid

Bug description:
  If you have two hvs where hv1 is the gateway chassis and you have an
  instance running on hv2.

  On instance on hv2 hairpin traffic works for the first session, but
  not for the next:

  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7

  
  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 0 received, 100% packet loss, time 0ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7

  We made an attempt at using OVN built with [0], but that did
  unfortunately not help.

  If we however revert [1] it works again:
  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1

  $ ping -c1 10.78.95.89
  PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
  64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms

  --- 10.78.95.89 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms

  $ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7
  icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
  icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1

  
  0: https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmichels@redhat.com/
  1: https://github.com/ovn-org/ovn/commit/4deac4509abbedd6ffaecf27eed01ddefccea40a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967856/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list