openvswitch: same tcp session encapsulated with different udp src port for ovs vxlan tunnel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Expired
|
Undecided
|
Unassigned | ||
Xenial |
Expired
|
Undecided
|
Unassigned | ||
Bionic |
Expired
|
Undecided
|
Unassigned | ||
Eoan |
Expired
|
Undecided
|
Unassigned | ||
Focal |
Expired
|
Undecided
|
Unassigned |
Bug Description
[SRU Justification]
[Impact]
Packets encapsulated into a vxlan tunnel with openvswitch don't have the same udp source port for the first packet and the following ones of the same TCP flow in a DOCKER scenario usecase.
In fact, when using the kernel datapath, the upcall don't include skb hash info relatived. As VXLAN module uses the skb hash to select UDP src port, the source port is different for the first packet.
More information can be found here:
https:/
This has been fixed in v5.5 by the following upstream commit:
bd1903b7c4596 ("net: openvswitch: add hash info to upcall")
The bug exists since the beginning of vxlan support in openvswitch.
== Fix ==
Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
Xenial (4.4).
== Risk of Regression ==
This patch only add hash information when we do upcall, thus the risk should be low.
description: | updated |
Changed in linux (Ubuntu): | |
status: | Expired → New |
To fix this issue, some patches needs to be back-ported on openvswitch too. See the following bug: /bugs.launchpad .net/ubuntu/ +source/ openvswitch/ +bug/1860987
https:/