Problem:
It was seen that if a packet is trapped for flow setup with same source IP and
destination IP is classified as nat flow then rflow key becomes similar to flow
key.
This in turn used to enter in deadlock as agent will try to attempt lock both on
flow and rflow located using above keys. (Both will be same).
Mentioned bug exposed this issue.
In bug ICMP TTL expired was received for which agent generated a packet to
switch to VM-port from where packet with TTL 1 was generated. This packet
resulted in flow trap and agent processed the same. (agent packet was
generated
with
same
SIP
and
DIP).
Deadlock results in flows going to hold state.
This fix does not cover agent generating packet with same SIP and DIP and
flow trap for agent generated packet.
It only fixes deadlock.
Solution:
In packet flow when flow and rflow keys are created, match them and if they are
same, nullify rflow and mark flow as short flow.
Problem:
All BGP as service flows program flows with loose policy. This
is to enable flow
lookup on non-tunneled traffic coming from fabric.
Say there is a VM and it has two bgp-sessions to CN1 and CN2.
Both the session
will have reverse flow(fabric) which will have same nat-sport
and
dport(bgp-port) with different destination IP. For loose policy
vrouter programs
this nat-sport to bitmap which it uses to identify fabric
traffic for flow
processing. When traffic comes from fabric it checks dport and
if it matches to
nat port it has stored in bitmap vrouter pushes it for flow
processing else dump
it to host interface.
Now if one session is teared down say CN2 in this case, reverse
flow gets
aged out and in turn vrouter removes the nat port from bitmap.
However for CN1
this reservation was still needed. In its absence packet coming
from CN1 to VM
gets dumped to host interface(even though flow is present).
Solution:
Dont age the flow of bgp service and let it get deleted by
config change of bgp
service object or vm interface deletion.
Send BGP flag to retain same nat port across flows.
In BGP as service same nat port is used for different CN
peers.
Now if one CN is going down agent will send delete for flow,
which in turn will
reset the port still in use by second CN. Now because of
this reset packets from
second CN will start going to vhost. This will cause session
reset for second CN
and in turn other issues arise.
Solution:
New flag tells vrouter to retain the port for BGP flows even
if flow is deleted.
Reviewed: https:/ /review. opencontrail. org/21070 github. org/Juniper/ contrail- controller/ commit/ 5f1b41f3ad6e706 0ab9e831100ae2a 20bd6f6bc6
Committed: http://
Submitter: Zuul
Branch: master
commit 5f1b41f3ad6e706 0ab9e831100ae2a 20bd6f6bc6
Author: Manish Singh <email address hidden>
Date: Fri Jun 10 09:16:16 2016 +0530
Cherry-picked commits from R3.0
Deadlock in agent.
Problem:
It was seen that if a packet is trapped for flow setup with same source IP and
destination IP is classified as nat flow then rflow key becomes similar to flow
key.
This in turn used to enter in deadlock as agent will try to attempt lock both on
flow and rflow located using above keys. (Both will be same).
Mentioned bug exposed this issue.
In bug ICMP TTL expired was received for which agent generated a packet to
switch to VM-port from where packet with TTL 1 was generated. This packet
resulted in flow trap and agent processed the same. (agent packet was
generated
with
same
SIP
and
DIP).
Deadlock results in flows going to hold state.
This fix does not cover agent generating packet with same SIP and DIP and
flow trap for agent generated packet.
It only fixes deadlock.
Solution:
In packet flow when flow and rflow keys are created, match them and if they are
same, nullify rflow and mark flow as short flow.
Partial-bug: #1556290
Conflicts: agent/pkt/ flow_table. cc
src/vnsw/
Conflicts: agent/pkt/ flow_entry. cc agent/pkt/ flow_entry. h agent/pkt/ flow_table. cc agent/vrouter/ ksync/flowtable _ksync. cc
src/vnsw/
src/vnsw/
src/vnsw/
src/vnsw/
BGP service sessio gets reset intermittently.
Problem:
All BGP as service flows program flows with loose policy. This
is to enable flow
lookup on non-tunneled traffic coming from fabric.
Say there is a VM and it has two bgp-sessions to CN1 and CN2.
Both the session
will have reverse flow(fabric) which will have same nat-sport
and
dport(bgp-port) with different destination IP. For loose policy
vrouter programs
this nat-sport to bitmap which it uses to identify fabric
traffic for flow
processing. When traffic comes from fabric it checks dport and
if it matches to
nat port it has stored in bitmap vrouter pushes it for flow
processing else dump
it to host interface.
Now if one session is teared down say CN2 in this case, reverse
flow gets
aged out and in turn vrouter removes the nat port from bitmap.
However for CN1
this reservation was still needed. In its absence packet coming
from CN1 to VM
gets dumped to host interface(even though flow is present).
Solution:
Dont age the flow of bgp service and let it get deleted by
config change of bgp
service object or vm interface deletion.
Closes-bug: 1551576
Conflicts: agent/vrouter/ flow_stats/ flow_stats_ collector. cc
src/vnsw/
Send BGP flag to retain same nat port across flows.
In BGP as service same nat port is used for different CN
peers.
Now if one CN is going down agent will send delete for flow,
which in turn will
reset the port still in use by second CN. Now because of
this reset packets from
second CN will start going to vhost. This will cause session
reset for second CN
and in turn other issues arise.
Solution:
New flag tells vrouter to retain the port for BGP flows even
if flow is deleted.
Closes-bug: #1551576
Change-Id: I79cff1e70a2a35 60d408e4d8f74cf de10018f33d