ovs VXLAN over IPv6 conflicts with linux native VXLAN over IPv4 using standard port

Notifying neutron so that they may shed some light on this observation.

If it's available could you maybe share some netstat output snippets showing the UDP sockets in use, linux bridge settings, OVS version, and any relevant neutron config snippets?

I added environment description to description, will attach relevant configs and command outputs.

Linux kernel VXLAN interface was created as follows (addresses given as example):
ip link add vxlan0 type vxlan id 10001 local 10.0.0.1 dstport 4789

^ to reiterate: changing that 4789 to e.g. 4790 fixes IPv6 tunnel, IPv4 is never broken

Launchpad hid the file names but they are downloaded just fine. These two config files are fed to the agent.

Just noticed I left IPv4 multicast group address in there. Will check without it for completeness. I get no warnings regarding it so it probably was not even used here.

Is it possible to check the value of /proc/sys/net/ipv6/bindv6only? I can see the initial VTEP bound to UDP 0.0.0.0:4789. I'm wondering if OVS is attempting to use [::]:4789, which could conflict when /proc/sys/net/ipv6/bindv6only is 0. When bindv6only is 0, I believe that tells the system to use bind to open a "dual-stack" socket if you will, meaning we could be getting a conflict with the IPv4 aspect of the listening socket OVS is requesting. I'm wondering whether simply setting /proc/sys/net/ipv6/bindv6only to 1 would allow this setup to work.

"When bindv6only is 0, I believe that tells the system to use bind to open a "dual-stack" socket if you will"

should read:

"When bindv6only is 0, I believe that tells the system to bind to a "dual-stack" socket if you will...."

(changed kolla-ansible params so that launchpad does not hide it from me)

Ryan, sure, I log every detail that comes to my mind, here it is:
net.ipv6.bindv6only = 0
(as expected)

Will try setting this to 1. I believe OVS should set the socket to v6only but most likely it does not. ;-)

Still it does not explain why IPv4 tunnels work. Does neutron/ovs see the conflict upfront and modifies the port? Or is able to reuse kernel IPv4 binding?

From a running compute node I have access to:

# ss -lun | grep 4789
UNCONN 0 0 *:4789 *:*
UNCONN 0 0 :::4789 :::*

I see what appears to be OVS listening on both IPv4 and IPv6, even in a single-stack IPv4 deployment. I need to spend a little more time with this to really get a handle on what is happening.

Neither helped IPv6: nor removing the bogus multicast address (initially expected) nor setting bindv6only (expected after your last comment).

So the mystery still waits to be uncovered. :-)

It turns out we are hitting this also in IPv4 jobs. For some reason not on all nodes though...