[Bug 1967718] Re: Traffic sent to LRP port recirculate until TTL=0

Edward Hope-Morley 1967718 at bugs.launchpad.net
Fri Feb 23 14:23:09 UTC 2024 

This has been successfully backported upstream down to 22.03 (its in the
22.03.5 point release). So we can either SRU to 22.03.3 (current version
in the archives) or SRU the point release.

** Also affects: charm-ovn-central
   Importance: Undecided
       Status: New

** Project changed: charm-ovn-central => cloud-archive

** Also affects: cloud-archive/bobcat
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/antelope
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/caracal
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/yoga
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/zed
   Importance: Undecided
       Status: New

** Also affects: ovn (Ubuntu Mantic)
   Importance: Undecided
       Status: New

** Also affects: ovn (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: ovn (Ubuntu Noble)
   Importance: Undecided
       Status: Fix Released

** Also affects: cloud-archive/ovn-22.03
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ovn in Ubuntu.
https://bugs.launchpad.net/bugs/1967718

Title:
  Traffic sent to LRP port recirculate until TTL=0

Status in Ubuntu Cloud Archive:
  New
Status in Ubuntu Cloud Archive antelope series:
  New
Status in Ubuntu Cloud Archive bobcat series:
  New
Status in Ubuntu Cloud Archive caracal series:
  New
Status in Ubuntu Cloud Archive ovn-22.03 series:
  New
Status in Ubuntu Cloud Archive yoga series:
  New
Status in Ubuntu Cloud Archive zed series:
  New
Status in ovn package in Ubuntu:
  Fix Released
Status in ovn source package in Jammy:
  New
Status in ovn source package in Mantic:
  New
Status in ovn source package in Noble:
  Fix Released

Bug description:
  When TCP/UDP traffic is sent to the address of an LRP port and at the
  same time is not part of any SNAT/DNAT conversation, it will keep
  recirculating in the OVS data plane until TTL is 0.

  When the packet eventually drops, you might get this message logged:

  [   58.586597] openvswitch: ovs-system: deferred action limit reached,
  drop recirc action

  This behavior is problematic because it wastes resources and could
  also trigger other potential problems in the data plane quite quickly
  [0]. For any internet connected system it is also highly likely to
  occur.

  As mentioned above the LRP address is used for both SNAT return
  traffic and DNAT forwarding, so we would need to allow that traffic to
  pass and at the same time install flows to prevent this from
  happening.

  0: https://mail.openvswitch.org/pipermail/ovs-
  discuss/2022-March/051780.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1967718/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list