← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1794232] Re: Geneve tunnels don't work when ipv6 is disabled

 

We had tested a patch discussed above and tested internally,
with success - although we have limited testing (opening up
a geneve tunnel between 2 kvm guests). 

Jiri has now pushed an identical patch upstream which is 
available in the v5.0 kernel and later.

"geneve: correctly handle ipv6.disable module parameter"  
Commit:	cf1c9ccba7308e48a68fa77f476287d9d614e4c7
 

Although I do not have testing validation from original 
poster, since it has been committed upstream, I'm going
to go ahead and get the SRU request started. 


** Changed in: linux (Ubuntu)
       Status: Triaged => In Progress

** Changed in: linux (Ubuntu)
   Importance: Medium => High

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Cosmic)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Disco)
   Importance: High
       Status: In Progress

** Changed in: linux (Ubuntu Cosmic)
       Status: New => In Progress

** Changed in: linux (Ubuntu Disco)
     Assignee: (unassigned) => Nivedita Singhvi (niveditasinghvi)

** Changed in: linux (Ubuntu Cosmic)
     Assignee: (unassigned) => Nivedita Singhvi (niveditasinghvi)

** Changed in: linux (Ubuntu Xenial)
     Assignee: (unassigned) => Nivedita Singhvi (niveditasinghvi)

** Changed in: linux (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: linux (Ubuntu Cosmic)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => High

** Description changed:

  [Impact]
  
- When attempting to create a geneve tunnel on Ubuntu 16.04 Xenial, in 
- an OS environment with open vswitch, where ipv6 has been disabled, 
+ When attempting to create a geneve tunnel on Ubuntu 16.04 Xenial, in
+ an OS environment with open vswitch, where ipv6 has been disabled,
  the create fails with the error :
  
- “ovs-vsctl: Error detected while setting up 'geneve0': could not 
- add network device geneve0 to ofproto (Address family not supported 
+ “ovs-vsctl: Error detected while setting up 'geneve0': could not
+ add network device geneve0 to ofproto (Address family not supported
  by protocol)."
  
-  
+ [Fix]
+ There is an upstream commit for this in v5.0 mainline.
+ 
+ "geneve: correctly handle ipv6.disable module parameter"
+ Commit: cf1c9ccba7308e48a68fa77f476287d9d614e4c7
+ 
+ This fix is needed on all our series: X, C, B, D
+ 
+ 
  [Test Case]
- (Best to do this on a kvm guest VM so as not to interfere with  
-  your system's networking)
+ (Best to do this on a kvm guest VM so as not to interfere with
+  your system's networking)
  
  1. On any Ubuntu Xenial kernel, disable ipv6. This example
-    is shown with the4.15.0-23-generic kernel (which differs
-    slightly from 4.4.x in symptoms):   
-   
+    is shown with the4.15.0-23-generic kernel (which differs
+    slightly from 4.4.x in symptoms):
+ 
  - Edit /etc/default/grub to add the line:
-         GRUB_CMDLINE_LINUX="ipv6.disable=1"
+         GRUB_CMDLINE_LINUX="ipv6.disable=1"
  - # update-grub
  - Reboot
- 
  
  2. Install OVS
  # apt install openvswitch-switch
  
  3. Create a Geneve tunnel
  # ovs-vsctl add-br br1
- # ovs-vsctl add-port br1 geneve1 -- set interface geneve1 
+ # ovs-vsctl add-port br1 geneve1 -- set interface geneve1
  type=geneve options:remote_ip=192.168.x.z
  
  (where remote_ip is the IP of the other host)
  
  You will see the following error message:
  
- "ovs-vsctl: Error detected while setting up 'geneve1'. 
+ "ovs-vsctl: Error detected while setting up 'geneve1'.
  See ovs-vswitchd log for details."
  
  From /var/log/openvswitch/ovs-vswitchd.log you will see:
  
- "2018-07-02T16:48:13.295Z|00026|dpif|WARN|system@ovs-system: 
- failed to add geneve1 as port: Address family not supported 
+ "2018-07-02T16:48:13.295Z|00026|dpif|WARN|system@ovs-system:
+ failed to add geneve1 as port: Address family not supported
  by protocol"
  
- You will notice from the "ifconfig" output that the device 
+ You will notice from the "ifconfig" output that the device
  genev_sys_6081 is not created.
  
- If you do not disable IPv6 (remove ipv6.disable=1 from 
- /etc/default/grub + update-grub + reboot), the same 
- 'ovs-vsctl add-port' command completes successfully. 
- You can see that it is working properly by adding an 
- IP to the br1 and pinging each host. 
+ If you do not disable IPv6 (remove ipv6.disable=1 from
+ /etc/default/grub + update-grub + reboot), the same
+ 'ovs-vsctl add-port' command completes successfully.
+ You can see that it is working properly by adding an
+ IP to the br1 and pinging each host.
  
- On kernel 4.4 (4.4.0-128-generic), the error message doesn't 
- happen using the 'ovs-vsctl add-port' command, no warning is 
- shown in ovs-vswitchd.log, but the device genev_sys_6081 is 
+ On kernel 4.4 (4.4.0-128-generic), the error message doesn't
+ happen using the 'ovs-vsctl add-port' command, no warning is
+ shown in ovs-vswitchd.log, but the device genev_sys_6081 is
  also not created and ping test won't work.
  
  
  [Other Info]
  
  * Analysis
  
- Geneve tunnels should work with either IPv4 or IPv6 environments 
+ Geneve tunnels should work with either IPv4 or IPv6 environments
  as a design and support  principle.
  
- Currently, however, what's in the implementation requires support 
+ Currently, however, what's in the implementation requires support
  for ipv6 for metadata-based tunnels which geneve is:
  
  rather than:
  
  a) ipv4 + metadata // whether ipv6 compiled or dynamically disabled
  b) ipv4 + metadata + ipv6
  
  What enforces this in the current 4.4.0-x code when opening a Geneve
  tunnel is the following in geneve_open() :
  
-         bool ipv6 = geneve->remote.sa.sa_family == AF_INET6;
-         bool metadata = geneve->collect_md;
-         ...
+         bool ipv6 = geneve->remote.sa.sa_family == AF_INET6;
+         bool metadata = geneve->collect_md;
+         ...
  
  #if IS_ENABLED(CONFIG_IPV6)
-         geneve->sock6 = NULL;
-         if (ipv6 || metadata)
-                 ret = geneve_sock_add(geneve, true);
+         geneve->sock6 = NULL;
+         if (ipv6 || metadata)
+                 ret = geneve_sock_add(geneve, true);
  #endif
-         if (!ret && (!ipv6 || metadata))
-                 ret = geneve_sock_add(geneve, false);
- 
+         if (!ret && (!ipv6 || metadata))
+                 ret = geneve_sock_add(geneve, false);
  
  CONFIG_IPV6 is enabled, IPv6 is disabled at boot, but
- even though ipv6 is false, metadata is always true 
- for a geneve open as it is set unconditionally in 
+ even though ipv6 is false, metadata is always true
+ for a geneve open as it is set unconditionally in
  ovs:
  
  In /lib/dpif_netlink_rtnl.c :
  
  case OVS_VPORT_TYPE_GENEVE:
- nl_msg_put_flag(&request, IFLA_GENEVE_COLLECT_METADATA);  
+ nl_msg_put_flag(&request, IFLA_GENEVE_COLLECT_METADATA);
  
  The second argument of geneve_sock_add is a boolean
- value indicating whether it's an ipv6 address family 
+ value indicating whether it's an ipv6 address family
  socket or not, and we thus incorrectly pass a true
  value rather than false.
  
  The current "|| metadata" check is unnecessary and incorrectly
  sends the tunnel creation code down the ipv6 path, which
  fails subsequently when the code expects an ipv6 family socket.
  
+ * This issue exists in all versions of the kernel upto present
+    mainline and net-next trees.
  
- * This issue exists in all versions of the kernel upto present
-    mainline and net-next trees.  
- 
- * Testing with a trivial patch to remove that and make 
-   similar changes to those made for vxlan (which had the 
-   same issue) has been successful. Patches for various
-   versions to be attached here soon.
- 
- * We are in the process of sending a patch for this upstream
-   once it has completed adequate testing. 
+ * Testing with a trivial patch to remove that and make
+   similar changes to those made for vxlan (which had the
+   same issue) has been successful. Patches for various
+   versions to be attached here soon.
  
  * Example Versions (bug exists in all versions of Ubuntu
-   and mainline):
+   and mainline):
  
  $ uname -r
  4.4.0-135-generic
  
  $ lsb_release -rd
  Description:	Ubuntu 16.04.5 LTS
  Release:	16.04
  
  $ dpkg -l | grep openvswitch-switch
  ii  openvswitch-switch                   2.5.4-0ubuntu0.16.04.1

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Bionic)
     Assignee: (unassigned) => Nivedita Singhvi (niveditasinghvi)

** Description changed:

  [Impact]
  
  When attempting to create a geneve tunnel on Ubuntu 16.04 Xenial, in
  an OS environment with open vswitch, where ipv6 has been disabled,
  the create fails with the error :
  
  “ovs-vsctl: Error detected while setting up 'geneve0': could not
  add network device geneve0 to ofproto (Address family not supported
  by protocol)."
  
  [Fix]
- There is an upstream commit for this in v5.0 mainline.
+ There is an upstream commit for this in v5.0 mainline. 
  
  "geneve: correctly handle ipv6.disable module parameter"
  Commit: cf1c9ccba7308e48a68fa77f476287d9d614e4c7
  
- This fix is needed on all our series: X, C, B, D
+ This fix is needed on all our series: X, C, B, D. It is identical
+ to the fix we implemented and tested internally with, but
+ had not pushed upstream yet. 
  
  
  [Test Case]
  (Best to do this on a kvm guest VM so as not to interfere with
   your system's networking)
  
  1. On any Ubuntu Xenial kernel, disable ipv6. This example
     is shown with the4.15.0-23-generic kernel (which differs
     slightly from 4.4.x in symptoms):
  
  - Edit /etc/default/grub to add the line:
          GRUB_CMDLINE_LINUX="ipv6.disable=1"
  - # update-grub
  - Reboot
  
  2. Install OVS
  # apt install openvswitch-switch
  
  3. Create a Geneve tunnel
  # ovs-vsctl add-br br1
  # ovs-vsctl add-port br1 geneve1 -- set interface geneve1
  type=geneve options:remote_ip=192.168.x.z
  
  (where remote_ip is the IP of the other host)
  
  You will see the following error message:
  
  "ovs-vsctl: Error detected while setting up 'geneve1'.
  See ovs-vswitchd log for details."
  
  From /var/log/openvswitch/ovs-vswitchd.log you will see:
  
  "2018-07-02T16:48:13.295Z|00026|dpif|WARN|system@ovs-system:
  failed to add geneve1 as port: Address family not supported
  by protocol"
  
  You will notice from the "ifconfig" output that the device
  genev_sys_6081 is not created.
  
  If you do not disable IPv6 (remove ipv6.disable=1 from
  /etc/default/grub + update-grub + reboot), the same
  'ovs-vsctl add-port' command completes successfully.
  You can see that it is working properly by adding an
  IP to the br1 and pinging each host.
  
  On kernel 4.4 (4.4.0-128-generic), the error message doesn't
  happen using the 'ovs-vsctl add-port' command, no warning is
  shown in ovs-vswitchd.log, but the device genev_sys_6081 is
  also not created and ping test won't work.
+ 
+ With the fixed test kernel, the interfaces and tunnel 
+ is created successfully.
  
  
  [Other Info]
  
  * Analysis
  
  Geneve tunnels should work with either IPv4 or IPv6 environments
  as a design and support  principle.
  
  Currently, however, what's in the implementation requires support
  for ipv6 for metadata-based tunnels which geneve is:
  
  rather than:
  
  a) ipv4 + metadata // whether ipv6 compiled or dynamically disabled
  b) ipv4 + metadata + ipv6
  
  What enforces this in the current 4.4.0-x code when opening a Geneve
  tunnel is the following in geneve_open() :
  
          bool ipv6 = geneve->remote.sa.sa_family == AF_INET6;
          bool metadata = geneve->collect_md;
          ...
  
  #if IS_ENABLED(CONFIG_IPV6)
          geneve->sock6 = NULL;
          if (ipv6 || metadata)
                  ret = geneve_sock_add(geneve, true);
  #endif
          if (!ret && (!ipv6 || metadata))
                  ret = geneve_sock_add(geneve, false);
  
  CONFIG_IPV6 is enabled, IPv6 is disabled at boot, but
  even though ipv6 is false, metadata is always true
  for a geneve open as it is set unconditionally in
  ovs:
  
  In /lib/dpif_netlink_rtnl.c :
  
  case OVS_VPORT_TYPE_GENEVE:
  nl_msg_put_flag(&request, IFLA_GENEVE_COLLECT_METADATA);
  
  The second argument of geneve_sock_add is a boolean
  value indicating whether it's an ipv6 address family
  socket or not, and we thus incorrectly pass a true
  value rather than false.
  
  The current "|| metadata" check is unnecessary and incorrectly
  sends the tunnel creation code down the ipv6 path, which
  fails subsequently when the code expects an ipv6 family socket.
  
  * This issue exists in all versions of the kernel upto present
     mainline and net-next trees.
  
  * Testing with a trivial patch to remove that and make
    similar changes to those made for vxlan (which had the
    same issue) has been successful. Patches for various
    versions to be attached here soon.
  
  * Example Versions (bug exists in all versions of Ubuntu
    and mainline):
  
  $ uname -r
  4.4.0-135-generic
  
  $ lsb_release -rd
  Description:	Ubuntu 16.04.5 LTS
  Release:	16.04
  
  $ dpkg -l | grep openvswitch-switch
  ii  openvswitch-switch                   2.5.4-0ubuntu0.16.04.1

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1794232

Title:
  Geneve tunnels don't work when ipv6 is disabled

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  In Progress
Status in linux source package in Disco:
  Fix Released

Bug description:
  [Impact]

  When attempting to create a geneve tunnel on Ubuntu 16.04 Xenial, in
  an OS environment with open vswitch, where ipv6 has been disabled,
  the create fails with the error :

  “ovs-vsctl: Error detected while setting up 'geneve0': could not
  add network device geneve0 to ofproto (Address family not supported
  by protocol)."

  [Fix]
  There is an upstream commit for this in v5.0 mainline. 

  "geneve: correctly handle ipv6.disable module parameter"
  Commit: cf1c9ccba7308e48a68fa77f476287d9d614e4c7

  This fix is needed on all our series: X, C, B, D. It is identical
  to the fix we implemented and tested internally with, but
  had not pushed upstream yet. 

  
  [Test Case]
  (Best to do this on a kvm guest VM so as not to interfere with
   your system's networking)

  1. On any Ubuntu Xenial kernel, disable ipv6. This example
     is shown with the4.15.0-23-generic kernel (which differs
     slightly from 4.4.x in symptoms):

  - Edit /etc/default/grub to add the line:
          GRUB_CMDLINE_LINUX="ipv6.disable=1"
  - # update-grub
  - Reboot

  2. Install OVS
  # apt install openvswitch-switch

  3. Create a Geneve tunnel
  # ovs-vsctl add-br br1
  # ovs-vsctl add-port br1 geneve1 -- set interface geneve1
  type=geneve options:remote_ip=192.168.x.z

  (where remote_ip is the IP of the other host)

  You will see the following error message:

  "ovs-vsctl: Error detected while setting up 'geneve1'.
  See ovs-vswitchd log for details."

  From /var/log/openvswitch/ovs-vswitchd.log you will see:

  "2018-07-02T16:48:13.295Z|00026|dpif|WARN|system@ovs-system:
  failed to add geneve1 as port: Address family not supported
  by protocol"

  You will notice from the "ifconfig" output that the device
  genev_sys_6081 is not created.

  If you do not disable IPv6 (remove ipv6.disable=1 from
  /etc/default/grub + update-grub + reboot), the same
  'ovs-vsctl add-port' command completes successfully.
  You can see that it is working properly by adding an
  IP to the br1 and pinging each host.

  On kernel 4.4 (4.4.0-128-generic), the error message doesn't
  happen using the 'ovs-vsctl add-port' command, no warning is
  shown in ovs-vswitchd.log, but the device genev_sys_6081 is
  also not created and ping test won't work.

  With the fixed test kernel, the interfaces and tunnel 
  is created successfully.

  
  [Other Info]

  * Analysis

  Geneve tunnels should work with either IPv4 or IPv6 environments
  as a design and support  principle.

  Currently, however, what's in the implementation requires support
  for ipv6 for metadata-based tunnels which geneve is:

  rather than:

  a) ipv4 + metadata // whether ipv6 compiled or dynamically disabled
  b) ipv4 + metadata + ipv6

  What enforces this in the current 4.4.0-x code when opening a Geneve
  tunnel is the following in geneve_open() :

          bool ipv6 = geneve->remote.sa.sa_family == AF_INET6;
          bool metadata = geneve->collect_md;
          ...

  #if IS_ENABLED(CONFIG_IPV6)
          geneve->sock6 = NULL;
          if (ipv6 || metadata)
                  ret = geneve_sock_add(geneve, true);
  #endif
          if (!ret && (!ipv6 || metadata))
                  ret = geneve_sock_add(geneve, false);

  CONFIG_IPV6 is enabled, IPv6 is disabled at boot, but
  even though ipv6 is false, metadata is always true
  for a geneve open as it is set unconditionally in
  ovs:

  In /lib/dpif_netlink_rtnl.c :

  case OVS_VPORT_TYPE_GENEVE:
  nl_msg_put_flag(&request, IFLA_GENEVE_COLLECT_METADATA);

  The second argument of geneve_sock_add is a boolean
  value indicating whether it's an ipv6 address family
  socket or not, and we thus incorrectly pass a true
  value rather than false.

  The current "|| metadata" check is unnecessary and incorrectly
  sends the tunnel creation code down the ipv6 path, which
  fails subsequently when the code expects an ipv6 family socket.

  * This issue exists in all versions of the kernel upto present
     mainline and net-next trees.

  * Testing with a trivial patch to remove that and make
    similar changes to those made for vxlan (which had the
    same issue) has been successful. Patches for various
    versions to be attached here soon.

  * Example Versions (bug exists in all versions of Ubuntu
    and mainline):

  $ uname -r
  4.4.0-135-generic

  $ lsb_release -rd
  Description:	Ubuntu 16.04.5 LTS
  Release:	16.04

  $ dpkg -l | grep openvswitch-switch
  ii  openvswitch-switch                   2.5.4-0ubuntu0.16.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1794232/+subscriptions