Connectivity issues due to skb marks on the encapsulating packet
Bug #1839252 reported by
Oleg Bondarev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
Oleg Bondarev |
Bug Description
Looks like by default OVS tunnels inherit skb marks from tunneled packets.
As a result Neutron IPTables marks set in qrouter namespace are inherited by VXLAN encapsulating packets.
These marks may conflict with marks used by underlying networking (like Calico) and lead to VXLAN
tunneled packets being dropped.
The proposal is to set 'egress_pkt_mark = 0' explicitly for tunnel ports. The option was added in OVS 2.8.0 (https:/
tags: | added: neutron-proactive-backport-potential |
tags: | removed: neutron-proactive-backport-potential |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/675054
Review: https:/