Juniper Openstack

  1. Bug #1551576
  2. Comment #32

Comment 32 for bug 1551576

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/21070
Committed: http://github.org/Juniper/contrail-controller/commit/5f1b41f3ad6e7060ab9e831100ae2a20bd6f6bc6
Submitter: Zuul
Branch: master

commit 5f1b41f3ad6e7060ab9e831100ae2a20bd6f6bc6
Author: Manish Singh <email address hidden>
Date: Fri Jun 10 09:16:16 2016 +0530

Cherry-picked commits from R3.0

Deadlock in agent.

Problem:
It was seen that if a packet is trapped for flow setup with same source IP and
destination IP is classified as nat flow then rflow key becomes similar to flow
key.
This in turn used to enter in deadlock as agent will try to attempt lock both on
flow and rflow located using above keys. (Both will be same).

Mentioned bug exposed this issue.
In bug ICMP TTL expired was received for which agent generated a packet to
switch to VM-port from where packet with TTL 1 was generated. This packet
resulted in flow trap and agent processed the same. (agent packet was
generated
with
same
SIP
and
DIP).
Deadlock results in flows going to hold state.

This fix does not cover agent generating packet with same SIP and DIP and
flow trap for agent generated packet.
It only fixes deadlock.

Solution:
In packet flow when flow and rflow keys are created, match them and if they are
same, nullify rflow and mark flow as short flow.

Partial-bug: #1556290

Conflicts:
src/vnsw/agent/pkt/flow_table.cc

Conflicts:
src/vnsw/agent/pkt/flow_entry.cc
src/vnsw/agent/pkt/flow_entry.h
src/vnsw/agent/pkt/flow_table.cc
src/vnsw/agent/vrouter/ksync/flowtable_ksync.cc

BGP service sessio gets reset intermittently.

Problem:
All BGP as service flows program flows with loose policy. This
is to enable flow
lookup on non-tunneled traffic coming from fabric.
Say there is a VM and it has two bgp-sessions to CN1 and CN2.
Both the session
will have reverse flow(fabric) which will have same nat-sport
and
dport(bgp-port) with different destination IP. For loose policy
vrouter programs
this nat-sport to bitmap which it uses to identify fabric
traffic for flow
processing. When traffic comes from fabric it checks dport and
if it matches to
nat port it has stored in bitmap vrouter pushes it for flow
processing else dump
it to host interface.
Now if one session is teared down say CN2 in this case, reverse
flow gets
aged out and in turn vrouter removes the nat port from bitmap.
However for CN1
this reservation was still needed. In its absence packet coming
from CN1 to VM
gets dumped to host interface(even though flow is present).

Solution:
Dont age the flow of bgp service and let it get deleted by
config change of bgp
service object or vm interface deletion.

Closes-bug: 1551576

Conflicts:
src/vnsw/agent/vrouter/flow_stats/flow_stats_collector.cc

Send BGP flag to retain same nat port across flows.

In BGP as service same nat port is used for different CN
peers.
Now if one CN is going down agent will send delete for flow,
which in turn will
reset the port still in use by second CN. Now because of
this reset packets from
second CN will start going to vhost. This will cause session
reset for second CN
and in turn other issues arise.

Solution:
New flag tells vrouter to retain the port for BGP flows even
if flow is deleted.

Closes-bug: #1551576

Change-Id: I79cff1e70a2a3560d408e4d8f74cfde10018f33d