group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #29658
[Bug 1794232] Re: Geneve tunnels don't work when ipv6 is disabled
We had tested a patch discussed above and tested internally,
with success - although we have limited testing (opening up
a geneve tunnel between 2 kvm guests).
Jiri has now pushed an identical patch upstream which is
available in the v5.0 kernel and later.
"geneve: correctly handle ipv6.disable module parameter"
Commit: cf1c9ccba7308e48a68fa77f476287d9d614e4c7
Although I do not have testing validation from original
poster, since it has been committed upstream, I'm going
to go ahead and get the SRU request started.
** Changed in: linux (Ubuntu)
Status: Triaged => In Progress
** Changed in: linux (Ubuntu)
Importance: Medium => High
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Disco)
Importance: High
Status: In Progress
** Changed in: linux (Ubuntu Cosmic)
Status: New => In Progress
** Changed in: linux (Ubuntu Disco)
Assignee: (unassigned) => Nivedita Singhvi (niveditasinghvi)
** Changed in: linux (Ubuntu Cosmic)
Assignee: (unassigned) => Nivedita Singhvi (niveditasinghvi)
** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => Nivedita Singhvi (niveditasinghvi)
** Changed in: linux (Ubuntu Xenial)
Status: New => In Progress
** Changed in: linux (Ubuntu Cosmic)
Importance: Undecided => High
** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => High
** Description changed:
[Impact]
- When attempting to create a geneve tunnel on Ubuntu 16.04 Xenial, in
- an OS environment with open vswitch, where ipv6 has been disabled,
+ When attempting to create a geneve tunnel on Ubuntu 16.04 Xenial, in
+ an OS environment with open vswitch, where ipv6 has been disabled,
the create fails with the error :
- “ovs-vsctl: Error detected while setting up 'geneve0': could not
- add network device geneve0 to ofproto (Address family not supported
+ “ovs-vsctl: Error detected while setting up 'geneve0': could not
+ add network device geneve0 to ofproto (Address family not supported
by protocol)."
-
+ [Fix]
+ There is an upstream commit for this in v5.0 mainline.
+
+ "geneve: correctly handle ipv6.disable module parameter"
+ Commit: cf1c9ccba7308e48a68fa77f476287d9d614e4c7
+
+ This fix is needed on all our series: X, C, B, D
+
+
[Test Case]
- (Best to do this on a kvm guest VM so as not to interfere with
- your system's networking)
+ (Best to do this on a kvm guest VM so as not to interfere with
+ your system's networking)
1. On any Ubuntu Xenial kernel, disable ipv6. This example
- is shown with the4.15.0-23-generic kernel (which differs
- slightly from 4.4.x in symptoms):
-
+ is shown with the4.15.0-23-generic kernel (which differs
+ slightly from 4.4.x in symptoms):
+
- Edit /etc/default/grub to add the line:
- GRUB_CMDLINE_LINUX="ipv6.disable=1"
+ GRUB_CMDLINE_LINUX="ipv6.disable=1"
- # update-grub
- Reboot
-
2. Install OVS
# apt install openvswitch-switch
3. Create a Geneve tunnel
# ovs-vsctl add-br br1
- # ovs-vsctl add-port br1 geneve1 -- set interface geneve1
+ # ovs-vsctl add-port br1 geneve1 -- set interface geneve1
type=geneve options:remote_ip=192.168.x.z
(where remote_ip is the IP of the other host)
You will see the following error message:
- "ovs-vsctl: Error detected while setting up 'geneve1'.
+ "ovs-vsctl: Error detected while setting up 'geneve1'.
See ovs-vswitchd log for details."
From /var/log/openvswitch/ovs-vswitchd.log you will see:
- "2018-07-02T16:48:13.295Z|00026|dpif|WARN|system@ovs-system:
- failed to add geneve1 as port: Address family not supported
+ "2018-07-02T16:48:13.295Z|00026|dpif|WARN|system@ovs-system:
+ failed to add geneve1 as port: Address family not supported
by protocol"
- You will notice from the "ifconfig" output that the device
+ You will notice from the "ifconfig" output that the device
genev_sys_6081 is not created.
- If you do not disable IPv6 (remove ipv6.disable=1 from
- /etc/default/grub + update-grub + reboot), the same
- 'ovs-vsctl add-port' command completes successfully.
- You can see that it is working properly by adding an
- IP to the br1 and pinging each host.
+ If you do not disable IPv6 (remove ipv6.disable=1 from
+ /etc/default/grub + update-grub + reboot), the same
+ 'ovs-vsctl add-port' command completes successfully.
+ You can see that it is working properly by adding an
+ IP to the br1 and pinging each host.
- On kernel 4.4 (4.4.0-128-generic), the error message doesn't
- happen using the 'ovs-vsctl add-port' command, no warning is
- shown in ovs-vswitchd.log, but the device genev_sys_6081 is
+ On kernel 4.4 (4.4.0-128-generic), the error message doesn't
+ happen using the 'ovs-vsctl add-port' command, no warning is
+ shown in ovs-vswitchd.log, but the device genev_sys_6081 is
also not created and ping test won't work.
[Other Info]
* Analysis
- Geneve tunnels should work with either IPv4 or IPv6 environments
+ Geneve tunnels should work with either IPv4 or IPv6 environments
as a design and support principle.
- Currently, however, what's in the implementation requires support
+ Currently, however, what's in the implementation requires support
for ipv6 for metadata-based tunnels which geneve is:
rather than:
a) ipv4 + metadata // whether ipv6 compiled or dynamically disabled
b) ipv4 + metadata + ipv6
What enforces this in the current 4.4.0-x code when opening a Geneve
tunnel is the following in geneve_open() :
- bool ipv6 = geneve->remote.sa.sa_family == AF_INET6;
- bool metadata = geneve->collect_md;
- ...
+ bool ipv6 = geneve->remote.sa.sa_family == AF_INET6;
+ bool metadata = geneve->collect_md;
+ ...
#if IS_ENABLED(CONFIG_IPV6)
- geneve->sock6 = NULL;
- if (ipv6 || metadata)
- ret = geneve_sock_add(geneve, true);
+ geneve->sock6 = NULL;
+ if (ipv6 || metadata)
+ ret = geneve_sock_add(geneve, true);
#endif
- if (!ret && (!ipv6 || metadata))
- ret = geneve_sock_add(geneve, false);
-
+ if (!ret && (!ipv6 || metadata))
+ ret = geneve_sock_add(geneve, false);
CONFIG_IPV6 is enabled, IPv6 is disabled at boot, but
- even though ipv6 is false, metadata is always true
- for a geneve open as it is set unconditionally in
+ even though ipv6 is false, metadata is always true
+ for a geneve open as it is set unconditionally in
ovs:
In /lib/dpif_netlink_rtnl.c :
case OVS_VPORT_TYPE_GENEVE:
- nl_msg_put_flag(&request, IFLA_GENEVE_COLLECT_METADATA);
+ nl_msg_put_flag(&request, IFLA_GENEVE_COLLECT_METADATA);
The second argument of geneve_sock_add is a boolean
- value indicating whether it's an ipv6 address family
+ value indicating whether it's an ipv6 address family
socket or not, and we thus incorrectly pass a true
value rather than false.
The current "|| metadata" check is unnecessary and incorrectly
sends the tunnel creation code down the ipv6 path, which
fails subsequently when the code expects an ipv6 family socket.
+ * This issue exists in all versions of the kernel upto present
+ mainline and net-next trees.
- * This issue exists in all versions of the kernel upto present
- mainline and net-next trees.
-
- * Testing with a trivial patch to remove that and make
- similar changes to those made for vxlan (which had the
- same issue) has been successful. Patches for various
- versions to be attached here soon.
-
- * We are in the process of sending a patch for this upstream
- once it has completed adequate testing.
+ * Testing with a trivial patch to remove that and make
+ similar changes to those made for vxlan (which had the
+ same issue) has been successful. Patches for various
+ versions to be attached here soon.
* Example Versions (bug exists in all versions of Ubuntu
- and mainline):
+ and mainline):
$ uname -r
4.4.0-135-generic
$ lsb_release -rd
Description: Ubuntu 16.04.5 LTS
Release: 16.04
$ dpkg -l | grep openvswitch-switch
ii openvswitch-switch 2.5.4-0ubuntu0.16.04.1
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Bionic)
Status: New => In Progress
** Changed in: linux (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Nivedita Singhvi (niveditasinghvi)
** Description changed:
[Impact]
When attempting to create a geneve tunnel on Ubuntu 16.04 Xenial, in
an OS environment with open vswitch, where ipv6 has been disabled,
the create fails with the error :
“ovs-vsctl: Error detected while setting up 'geneve0': could not
add network device geneve0 to ofproto (Address family not supported
by protocol)."
[Fix]
- There is an upstream commit for this in v5.0 mainline.
+ There is an upstream commit for this in v5.0 mainline.
"geneve: correctly handle ipv6.disable module parameter"
Commit: cf1c9ccba7308e48a68fa77f476287d9d614e4c7
- This fix is needed on all our series: X, C, B, D
+ This fix is needed on all our series: X, C, B, D. It is identical
+ to the fix we implemented and tested internally with, but
+ had not pushed upstream yet.
[Test Case]
(Best to do this on a kvm guest VM so as not to interfere with
your system's networking)
1. On any Ubuntu Xenial kernel, disable ipv6. This example
is shown with the4.15.0-23-generic kernel (which differs
slightly from 4.4.x in symptoms):
- Edit /etc/default/grub to add the line:
GRUB_CMDLINE_LINUX="ipv6.disable=1"
- # update-grub
- Reboot
2. Install OVS
# apt install openvswitch-switch
3. Create a Geneve tunnel
# ovs-vsctl add-br br1
# ovs-vsctl add-port br1 geneve1 -- set interface geneve1
type=geneve options:remote_ip=192.168.x.z
(where remote_ip is the IP of the other host)
You will see the following error message:
"ovs-vsctl: Error detected while setting up 'geneve1'.
See ovs-vswitchd log for details."
From /var/log/openvswitch/ovs-vswitchd.log you will see:
"2018-07-02T16:48:13.295Z|00026|dpif|WARN|system@ovs-system:
failed to add geneve1 as port: Address family not supported
by protocol"
You will notice from the "ifconfig" output that the device
genev_sys_6081 is not created.
If you do not disable IPv6 (remove ipv6.disable=1 from
/etc/default/grub + update-grub + reboot), the same
'ovs-vsctl add-port' command completes successfully.
You can see that it is working properly by adding an
IP to the br1 and pinging each host.
On kernel 4.4 (4.4.0-128-generic), the error message doesn't
happen using the 'ovs-vsctl add-port' command, no warning is
shown in ovs-vswitchd.log, but the device genev_sys_6081 is
also not created and ping test won't work.
+
+ With the fixed test kernel, the interfaces and tunnel
+ is created successfully.
[Other Info]
* Analysis
Geneve tunnels should work with either IPv4 or IPv6 environments
as a design and support principle.
Currently, however, what's in the implementation requires support
for ipv6 for metadata-based tunnels which geneve is:
rather than:
a) ipv4 + metadata // whether ipv6 compiled or dynamically disabled
b) ipv4 + metadata + ipv6
What enforces this in the current 4.4.0-x code when opening a Geneve
tunnel is the following in geneve_open() :
bool ipv6 = geneve->remote.sa.sa_family == AF_INET6;
bool metadata = geneve->collect_md;
...
#if IS_ENABLED(CONFIG_IPV6)
geneve->sock6 = NULL;
if (ipv6 || metadata)
ret = geneve_sock_add(geneve, true);
#endif
if (!ret && (!ipv6 || metadata))
ret = geneve_sock_add(geneve, false);
CONFIG_IPV6 is enabled, IPv6 is disabled at boot, but
even though ipv6 is false, metadata is always true
for a geneve open as it is set unconditionally in
ovs:
In /lib/dpif_netlink_rtnl.c :
case OVS_VPORT_TYPE_GENEVE:
nl_msg_put_flag(&request, IFLA_GENEVE_COLLECT_METADATA);
The second argument of geneve_sock_add is a boolean
value indicating whether it's an ipv6 address family
socket or not, and we thus incorrectly pass a true
value rather than false.
The current "|| metadata" check is unnecessary and incorrectly
sends the tunnel creation code down the ipv6 path, which
fails subsequently when the code expects an ipv6 family socket.
* This issue exists in all versions of the kernel upto present
mainline and net-next trees.
* Testing with a trivial patch to remove that and make
similar changes to those made for vxlan (which had the
same issue) has been successful. Patches for various
versions to be attached here soon.
* Example Versions (bug exists in all versions of Ubuntu
and mainline):
$ uname -r
4.4.0-135-generic
$ lsb_release -rd
Description: Ubuntu 16.04.5 LTS
Release: 16.04
$ dpkg -l | grep openvswitch-switch
ii openvswitch-switch 2.5.4-0ubuntu0.16.04.1
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1794232
Title:
Geneve tunnels don't work when ipv6 is disabled
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
In Progress
Status in linux source package in Bionic:
In Progress
Status in linux source package in Cosmic:
In Progress
Status in linux source package in Disco:
Fix Released
Bug description:
[Impact]
When attempting to create a geneve tunnel on Ubuntu 16.04 Xenial, in
an OS environment with open vswitch, where ipv6 has been disabled,
the create fails with the error :
“ovs-vsctl: Error detected while setting up 'geneve0': could not
add network device geneve0 to ofproto (Address family not supported
by protocol)."
[Fix]
There is an upstream commit for this in v5.0 mainline.
"geneve: correctly handle ipv6.disable module parameter"
Commit: cf1c9ccba7308e48a68fa77f476287d9d614e4c7
This fix is needed on all our series: X, C, B, D. It is identical
to the fix we implemented and tested internally with, but
had not pushed upstream yet.
[Test Case]
(Best to do this on a kvm guest VM so as not to interfere with
your system's networking)
1. On any Ubuntu Xenial kernel, disable ipv6. This example
is shown with the4.15.0-23-generic kernel (which differs
slightly from 4.4.x in symptoms):
- Edit /etc/default/grub to add the line:
GRUB_CMDLINE_LINUX="ipv6.disable=1"
- # update-grub
- Reboot
2. Install OVS
# apt install openvswitch-switch
3. Create a Geneve tunnel
# ovs-vsctl add-br br1
# ovs-vsctl add-port br1 geneve1 -- set interface geneve1
type=geneve options:remote_ip=192.168.x.z
(where remote_ip is the IP of the other host)
You will see the following error message:
"ovs-vsctl: Error detected while setting up 'geneve1'.
See ovs-vswitchd log for details."
From /var/log/openvswitch/ovs-vswitchd.log you will see:
"2018-07-02T16:48:13.295Z|00026|dpif|WARN|system@ovs-system:
failed to add geneve1 as port: Address family not supported
by protocol"
You will notice from the "ifconfig" output that the device
genev_sys_6081 is not created.
If you do not disable IPv6 (remove ipv6.disable=1 from
/etc/default/grub + update-grub + reboot), the same
'ovs-vsctl add-port' command completes successfully.
You can see that it is working properly by adding an
IP to the br1 and pinging each host.
On kernel 4.4 (4.4.0-128-generic), the error message doesn't
happen using the 'ovs-vsctl add-port' command, no warning is
shown in ovs-vswitchd.log, but the device genev_sys_6081 is
also not created and ping test won't work.
With the fixed test kernel, the interfaces and tunnel
is created successfully.
[Other Info]
* Analysis
Geneve tunnels should work with either IPv4 or IPv6 environments
as a design and support principle.
Currently, however, what's in the implementation requires support
for ipv6 for metadata-based tunnels which geneve is:
rather than:
a) ipv4 + metadata // whether ipv6 compiled or dynamically disabled
b) ipv4 + metadata + ipv6
What enforces this in the current 4.4.0-x code when opening a Geneve
tunnel is the following in geneve_open() :
bool ipv6 = geneve->remote.sa.sa_family == AF_INET6;
bool metadata = geneve->collect_md;
...
#if IS_ENABLED(CONFIG_IPV6)
geneve->sock6 = NULL;
if (ipv6 || metadata)
ret = geneve_sock_add(geneve, true);
#endif
if (!ret && (!ipv6 || metadata))
ret = geneve_sock_add(geneve, false);
CONFIG_IPV6 is enabled, IPv6 is disabled at boot, but
even though ipv6 is false, metadata is always true
for a geneve open as it is set unconditionally in
ovs:
In /lib/dpif_netlink_rtnl.c :
case OVS_VPORT_TYPE_GENEVE:
nl_msg_put_flag(&request, IFLA_GENEVE_COLLECT_METADATA);
The second argument of geneve_sock_add is a boolean
value indicating whether it's an ipv6 address family
socket or not, and we thus incorrectly pass a true
value rather than false.
The current "|| metadata" check is unnecessary and incorrectly
sends the tunnel creation code down the ipv6 path, which
fails subsequently when the code expects an ipv6 family socket.
* This issue exists in all versions of the kernel upto present
mainline and net-next trees.
* Testing with a trivial patch to remove that and make
similar changes to those made for vxlan (which had the
same issue) has been successful. Patches for various
versions to be attached here soon.
* Example Versions (bug exists in all versions of Ubuntu
and mainline):
$ uname -r
4.4.0-135-generic
$ lsb_release -rd
Description: Ubuntu 16.04.5 LTS
Release: 16.04
$ dpkg -l | grep openvswitch-switch
ii openvswitch-switch 2.5.4-0ubuntu0.16.04.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1794232/+subscriptions
