yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1839252] [NEW] Connectivity issues due to skb marks on the encapsulating packet

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Oleg Bondarev <obondarev@xxxxxxxxxxxx>
Date: Wed, 07 Aug 2019 08:12:09 -0000
Reply-to: Bug 1839252 <1839252@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Looks like by default OVS tunnels inherit skb marks from tunneled packets. 
As a result Neutron IPTables marks set in qrouter namespace are inherited by VXLAN encapsulating packets.
These marks may conflict with marks used by underlying networking (like Calico) and lead to VXLAN
tunneled packets being dropped.

The proposal is to set 'egress_pkt_mark = 0' explicitly for tunnel
ports. The option was added in OVS 2.8.0
(https://www.openvswitch.org/releases/NEWS-2.8.0.txt)

** Affects: neutron
     Importance: Undecided
     Assignee: Oleg Bondarev (obondarev)
         Status: In Progress


** Tags: ovs ovs-lib

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1839252

Title:
  Connectivity issues due to skb marks on the  encapsulating  packet

Status in neutron:
  In Progress

Bug description:
  Looks like by default OVS tunnels inherit skb marks from tunneled packets. 
  As a result Neutron IPTables marks set in qrouter namespace are inherited by VXLAN encapsulating packets.
  These marks may conflict with marks used by underlying networking (like Calico) and lead to VXLAN
  tunneled packets being dropped.

  The proposal is to set 'egress_pkt_mark = 0' explicitly for tunnel
  ports. The option was added in OVS 2.8.0
  (https://www.openvswitch.org/releases/NEWS-2.8.0.txt)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1839252/+subscriptions

Follow ups

[Bug 1839252] Re: Connectivity issues due to skb marks on the encapsulating packet
From: OpenStack Infra, 2019-08-09