Ubuntu
linux package

openvswitch: same tcp session encapsulated with different udp src port for ovs vxlan tunnel

Bug #1860986 reported by Maxime Leroy
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Expired
Undecided
Unassigned
Xenial
Expired
Undecided
Unassigned
Bionic
Expired
Undecided
Unassigned
Eoan
Expired
Undecided
Unassigned
Focal
Expired
Undecided
Unassigned

Bug Description

[SRU Justification]

[Impact]

Packets encapsulated into a vxlan tunnel with openvswitch don't have the same udp source port for the first packet and the following ones of the same TCP flow in a DOCKER scenario usecase.

In fact, when using the kernel datapath, the upcall don't include skb hash info relatived. As VXLAN module uses the skb hash to select UDP src port, the source port is different for the first packet.

More information can be found here:
https://mail.openvswitch.org/pipermail/ovs-dev/2019-October/364062.html

This has been fixed in v5.5 by the following upstream commit:
bd1903b7c4596 ("net: openvswitch: add hash info to upcall")

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/openvswitch?id=bd1903b7c4596ba6f7677d0dfefd05ba5876707d

The bug exists since the beginning of vxlan support in openvswitch.

== Fix ==

Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
Xenial (4.4).

== Risk of Regression ==

This patch only add hash information when we do upcall, thus the risk should be low.

See original description
Revision history for this message
Maxime Leroy (maxime-leroy) wrote :

To fix this issue, some patches needs to be back-ported on openvswitch too. See the following bug:
https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1860987

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1860986

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Nicolas Dichtel (nicolas-dichtel)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu) because there has been no activity for 60 days.]

Changed in linux (Ubuntu):
status: Incomplete → Expired
Terry Rudd (terrykrudd)
Changed in linux (Ubuntu):
status: Expired → New
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1860986

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Kelsey Steele (kelsey-steele) wrote :

Before back porting commit bd1903b7c4596 ("net: openvswitch: add hash info to upcall"), a couple points should be addressed:
- xenial backport is skipping one netlink attribute, which will
introduce an ABI incompatibility
- Needs a test case

Submission and conversation on the kernel mailing list can be found here:
https://lists.ubuntu.com/archives/kernel-team/2020-May/109666.html

Changed in linux (Ubuntu Xenial):
status: New → Incomplete
Changed in linux (Ubuntu Bionic):
status: New → Incomplete
Changed in linux (Ubuntu Eoan):
status: New → Incomplete
Changed in linux (Ubuntu Focal):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu Bionic) because there has been no activity for 60 days.]

Changed in linux (Ubuntu Bionic):
status: Incomplete → Expired
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu) because there has been no activity for 60 days.]

Changed in linux (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu Focal) because there has been no activity for 60 days.]

Changed in linux (Ubuntu Focal):
status: Incomplete → Expired
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu Eoan) because there has been no activity for 60 days.]

Changed in linux (Ubuntu Eoan):
status: Incomplete → Expired
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu Xenial) because there has been no activity for 60 days.]

Changed in linux (Ubuntu Xenial):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.