Fix host to pod traffic with ovn cluster using ovs internal port and tc offload
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-bluefield (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Bodong Wang |
Bug Description
* Explain the bug(s)
When using ovs internal port with tc the redirect rules to internal port is back
to ingress instead of egress.
When we reinsert the skb we start from chain 0 but it could be ct state already
set so matching rules on the internal port queue would miss.
* brief explanation of fixes
When reinserting skb back to ingress queue to restart tc classification then also reset ct.
* How to test
The setup was created by using ovn and testing iperf traffic from host container to VF pod.
The result was ip set on the ovs bridge netdev (internal port)
The rules were from rep to eventually the internal port and internal port to rep.
The rules were with ct actions and chains tc-policy was set to skip-hw.
Without the commit the traffic doesn’t work when hw-offload was true (offload to tc sw only) but
does work with hw-offload false (ovs dp).
* What it could break.
Traffic not working in some cases using internal ports and CT.
Changed in linux-bluefield (Ubuntu): | |
assignee: | nobody → Bodong Wang (bodong-wang) |
status: | New → In Progress |
Changed in linux-bluefield (Ubuntu Focal): | |
status: | New → In Progress |
assignee: | nobody → Bodong Wang (bodong-wang) |
Changed in linux-bluefield (Ubuntu Focal): | |
importance: | Undecided → Medium |
Changed in linux-bluefield (Ubuntu): | |
assignee: | Bodong Wang (bodong-wang) → nobody |
status: | In Progress → Invalid |
Changed in linux-bluefield (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-focal removed: verification-needed-focal |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal' to 'verification- done-focal' . If the problem still exists, change the tag 'verification- needed- focal' to 'verification- failed- focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!