Juniper Openstack

IPv6 Fragments: If there are more than 3 fragments for the first ICMPv6 packet then the packet is dropped.

Bug #1716308 reported by Chandra Sekhar Reddy Mallam
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Juniper Openstack
Won't Fix
High
Divakar Dharanalakota
Juniper Openstack r5.0.0
R3.0.3.x
Won't Fix
High
Divakar Dharanalakota
Juniper Openstack r3.0.3.5
R3.2
Won't Fix
High
Divakar Dharanalakota
Juniper Openstack r3.2.6.0
R4.0
Won't Fix
High
Divakar Dharanalakota
Juniper Openstack r4.0.3.0
R4.1
Won't Fix
High
Divakar Dharanalakota
Juniper Openstack r4.1.0.0-fcs "r4.1"
Trunk
Won't Fix
High
Divakar Dharanalakota
Juniper Openstack r5.0.0

Bug Description

Issue with flow processing, when out of order ICMPv6 fragment packets are received.

Build
———
R3.0.3.4 Build 28 Ubuntu 14.04 Mitaka

Topology
—————
Control/config/analytics node :nodei15
Compute nodes : nodek11, nodec23

Steps
———
Create a VN and launch 2 VMs across 2 compute nodes
Send out of order ICMPv6 fragmented packets from one of VM to another
Flow processing happens for fragmented packets. But, not all fragments reach other compute node. Hence, ICMPv6 echo reply is missing.

With In order fragments everything works fine. Issue is seen with out of order fragments only.

Please see the log below:

root@nodek11:~# contrail-version
Package Version Build-ID | Repo | Package Name
-------------------------------------- ------------------------------ ----------------------------------
contrail-fabric-utils 3.0.3.4-28 28
contrail-install-packages 3.0.3.4-28~kilo 28
contrail-lib 3.0.3.4-28 28
contrail-nodemgr 3.0.3.4-28 28
contrail-nova-vif 3.0.3.4-28 28
contrail-openstack-vrouter 3.0.3.4-28 28
contrail-setup 3.0.3.4-28 28
contrail-utils 3.0.3.4-28 28
contrail-vrouter-3.13.0-85-generic 3.0.3.4-28 28
contrail-vrouter-agent 3.0.3.4-28 28
contrail-vrouter-common 3.0.3.4-28 28
contrail-vrouter-init 3.0.3.4-28 28
contrail-vrouter-utils 3.0.3.4-28 28
nova-common 1:2015.1.2-0ubuntu2~cloud0.1contrail128
nova-compute 1:2015.1.2-0ubuntu2~cloud0.1contrail128
nova-compute-kvm 1:2015.1.2-0ubuntu2~cloud0.1contrail128
nova-compute-libvirt 1:2015.1.2-0ubuntu2~cloud0.1contrail128
python-contrail 3.0.3.4-28 28
python-contrail-vrouter-api 3.0.3.4-28 28
python-neutronclient 1:2.3.11-0ubuntu1~cloud0.3contrail28
python-nova 1:2015.1.2-0ubuntu2~cloud0.1contrail128
python-opencontrail-vrouter-netns 3.0.3.4-28 28
root@nodek11:~# contrail-status
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "en_US:",
LC_ALL = (unset),
LC_CTYPE = "UTF-8",
LANG = "en_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
== Contrail vRouter ==
supervisor-vrouter: active
contrail-vrouter-agent active
contrail-vrouter-nodemgr active

root@nodek11:~# vif --list
Vrouter Interface Table

Flags: P=Policy, X=Cross Connect, S=Service Chain, Mr=Receive Mirror
       Mt=Transmit Mirror, Tc=Transmit Checksum Offload, L3=Layer 3, L2=Layer 2
       D=DHCP, Vp=Vhost Physical, Pr=Promiscuous, Vnt=Native Vlan Tagged
       Mnp=No MAC Proxy, Dpdk=DPDK PMD Interface, Rfl=Receive Filtering Offload, Mon=Interface is Monitored
       Uuf=Unknown Unicast Flood, Vof=VLAN insert/strip offload

vif0/0 OS: em1 (Speed 1000, Duplex 1)
            Type:Physical HWaddr:0c:c4:7a:32:0a:88 IPaddr:0
            Vrf:0 Flags:L3L2Vp MTU:1514 Ref:6
            RX packets:928661 bytes:99300004 errors:0
            TX packets:315286 bytes:209092111 errors:0

vif0/1 OS: vhost0
            Type:Host HWaddr:0c:c4:7a:32:0a:88 IPaddr:accd8e7
            Vrf:0 Flags:L3L2 MTU:1514 Ref:3
            RX packets:370669 bytes:148248611 errors:0
            TX packets:974889 bytes:104096407 errors:0

vif0/2 OS: pkt0
            Type:Agent HWaddr:00:00:5e:00:01:00 IPaddr:0
            Vrf:65535 Flags:L3 MTU:1514 Ref:3
            RX packets:2255 bytes:325102 errors:0
            TX packets:556699 bytes:57903207 errors:0

vif0/3 OS: tap6e876a77-f1
            Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:0
            Vrf:1 Flags:PL3L2D MTU:9160 Ref:5
            RX packets:61450 bytes:71071401 errors:0
            TX packets:72761 bytes:5306683 errors:0

vif0/4350 OS: pkt3
            Type:Stats HWaddr:00:00:00:00:00:00 IPaddr:0
            Vrf:65535 Flags:L3L2 MTU:9136 Ref:1
            RX packets:11628 bytes:1082027 errors:0
            TX packets:11628 bytes:919235 errors:0

vif0/4351 OS: pkt1
            Type:Stats HWaddr:00:00:00:00:00:00 IPaddr:0
            Vrf:65535 Flags:L3L2 MTU:9136 Ref:1
            RX packets:0 bytes:0 errors:0
            TX packets:0 bytes:0 errors:0

root@nodek11:~#

root@nodek11:~# flow --match 3b7c:1f1:ce94:145f::3
Flow table(size 80609280, entries 629760)

Entries: Created 60 Added 42 Processed 60 Used Overflow entries 0
(Created Flows/CPU: 5 0 4 3 4 6 6 1 0 0 0 0 0 0 0 0 2 24 0 0 1 0 1 3 0 0 0 0 0 0 0 0)(oflows 0)

Action:F=Forward, D=Drop N=NAT(S=SNAT, D=DNAT, Ps=SPAT, Pd=DPAT, L=Link Local Port)
 Other:K(nh)=Key_Nexthop, S(nh)=RPF_Nexthop
 Flags:E=Evicted, Ec=Evict Candidate, N=New Flow, M=Modified Dm=Delete Marked
TCP(r=reverse):S=SYN, F=FIN, R=RST, C=HalfClose, E=Established, D=Dead

Listing flows matching ([3b7c:1f1:ce94:145f::3]:*)

    Index Source:Port/Destination:Port Proto(V)
-----------------------------------------------------------------------------------
root@nodek11:~#

Sent 5 out of order ICMPv6 Echo request fragmented packets from VM. Here is the tcpdump:

08:50:25.523345 02:6e:87:6a:77:f1 > 33:33:ff:00:00:04, ethertype IPv6 (0x86dd), length 86: 3b7c:1f1:ce94:145f::3 > ff02::1:ff00:4: ICMP6, neighbor solicitation, who has 3b7c:1f1:ce94:145f::4, length 32
08:50:25.523369 02:65:ff:05:85:fa > 02:6e:87:6a:77:f1, ethertype IPv6 (0x86dd), length 86: 3b7c:1f1:ce94:145f::4 > 3b7c:1f1:ce94:145f::3: ICMP6, neighbor advertisement, tgt is 3b7c:1f1:ce94:145f::4, length 32
08:50:25.527323 02:6e:87:6a:77:f1 > 02:65:ff:05:85:fa, ethertype IPv6 (0x86dd), length 310: 3b7c:1f1:ce94:145f::3 > 3b7c:1f1:ce94:145f::4: frag (496|248)
08:50:25.532576 02:6e:87:6a:77:f1 > 02:65:ff:05:85:fa, ethertype IPv6 (0x86dd), length 310: 3b7c:1f1:ce94:145f::3 > 3b7c:1f1:ce94:145f::4: frag (744|248)
08:50:25.537062 02:6e:87:6a:77:f1 > 02:65:ff:05:85:fa, ethertype IPv6 (0x86dd), length 78: 3b7c:1f1:ce94:145f::3 > 3b7c:1f1:ce94:145f::4: frag (992|16)
08:50:25.541418 02:6e:87:6a:77:f1 > 02:65:ff:05:85:fa, ethertype IPv6 (0x86dd), length 310: 3b7c:1f1:ce94:145f::3 > 3b7c:1f1:ce94:145f::4: frag (248|248)
08:50:25.545775 02:6e:87:6a:77:f1 > 02:65:ff:05:85:fa, ethertype IPv6 (0x86dd), length 310: 3b7c:1f1:ce94:145f::3 > 3b7c:1f1:ce94:145f::4: frag (0|248) ICMP6, echo request, seq 0, length 248

Flow processing happens for fragmented packets

root@nodek11:~# flow --match 3b7c:1f1:ce94:145f::3
Flow table(size 80609280, entries 629760)

Entries: Created 62 Added 44 Processed 62 Used Overflow entries 0
(Created Flows/CPU: 5 0 5 3 4 6 6 1 0 0 0 0 0 0 0 0 3 24 0 0 1 0 1 3 0 0 0 0 0 0 0 0)(oflows 0)

Action:F=Forward, D=Drop N=NAT(S=SNAT, D=DNAT, Ps=SPAT, Pd=DPAT, L=Link Local Port)
 Other:K(nh)=Key_Nexthop, S(nh)=RPF_Nexthop
 Flags:E=Evicted, Ec=Evict Candidate, N=New Flow, M=Modified Dm=Delete Marked
TCP(r=reverse):S=SYN, F=FIN, R=RST, C=HalfClose, E=Established, D=Dead

Listing flows matching ([3b7c:1f1:ce94:145f::3]:*)

    Index Source:Port/Destination:Port Proto(V)
-----------------------------------------------------------------------------------
   139600<=>450548 3b7c:1f1:ce94:145f::4:384 58 (1)
                         3b7c:1f1:ce94:145f::3:129
(Gen: 1, K(nh):13, Action:F, Flags:, S(nh):22, Stats:0/0, SPort 64665)

   450548<=>139600 3b7c:1f1:ce94:145f::3:384 58 (1)
                         3b7c:1f1:ce94:145f::4:129
(Gen: 1, K(nh):13, Action:F, Flags:, S(nh):13, Stats:5/1318, SPort 50101)

root@nodek11:~#

Here is the scapy script:

root@ctest-vm1-37449795:/home/ubuntu# cat /tmp/icmp6.py
from scapy.all import *
from random import shuffle
fid=random.randint(0,1000)
I=IPv6(dst="3b7c:1f1:ce94:145f::4")
ICMP=ICMPv6EchoRequest(data='A'*1000, id=fid)
FH=IPv6ExtHdrFragment()
packets=fragment6(I/FH/ICMP,300)
rand_arr = range(len(packets))
shuffle(rand_arr)

print rand_arr
import pdb;pdb.set_trace()

counter=1
for i in rand_arr:
fragment = packets[i]
  print "Packet no#"+str(counter)
  print "==================================================="
fragment.show() #displays each fragment
counter+=1
send(fragment)
root@ctest-vm1-37449795:/home/ubuntu#

On another compute node (destination compute node), Not all fragments received.

root@nodec23:~# tcpdump -ne -i p1p1 host 10.204.216.231 -vvv -xxx
tcpdump: WARNING: p1p1: no IPv4 address assigned
tcpdump: listening on p1p1, link-type EN10MB (Ethernet), capture size 65535 bytes
08:52:53.740299 80:ac:ac:f0:a2:c1 > 00:25:90:c3:ae:b4, ethertype IPv4 (0x0800), length 356: (tos 0x0, ttl 63, id 52807, offset 0, flags [none], proto UDP (17), length 342)
    10.204.216.231.51912 > 10.204.217.8.51234: [no cksum] UDP, length 314
0x0000: 0025 90c3 aeb4 80ac acf0 a2c1 0800 4500
0x0010: 0156 ce47 0000 3f11 e4c7 0acc d8e7 0acc
0x0020: d908 cac8 c822 0142 0000 0001 1140 0265
0x0030: ff05 85fa 026e 876a 77f1 86dd 6000 0000
0x0040: 0100 2c40 3b7c 01f1 ce94 145f 0000 0000
0x0050: 0000 0003 3b7c 01f1 ce94 145f 0000 0000
0x0060: 0000 0004 3a00 0001 7e0d c359 8000 c624
0x0070: 0174 0000 4141 4141 4141 4141 4141 4141
0x0080: 4141 4141 4141 4141 4141 4141 4141 4141
0x0090: 4141 4141 4141 4141 4141 4141 4141 4141
0x00a0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00b0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00c0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00d0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00e0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00f0: 4141 4141 4141 4141 4141 4141 4141 4141
0x0100: 4141 4141 4141 4141 4141 4141 4141 4141
0x0110: 4141 4141 4141 4141 4141 4141 4141 4141
0x0120: 4141 4141 4141 4141 4141 4141 4141 4141
0x0130: 4141 4141 4141 4141 4141 4141 4141 4141
0x0140: 4141 4141 4141 4141 4141 4141 4141 4141
0x0150: 4141 4141 4141 4141 4141 4141 4141 4141
0x0160: 4141 4141
08:52:53.740336 80:ac:ac:f0:a2:c1 > 00:25:90:c3:ae:b4, ethertype IPv4 (0x0800), length 356: (tos 0x0, ttl 63, id 52809, offset 0, flags [none], proto UDP (17), length 342)
    10.204.216.231.51912 > 10.204.217.8.51234: [no cksum] UDP, length 314
0x0000: 0025 90c3 aeb4 80ac acf0 a2c1 0800 4500
0x0010: 0156 ce49 0000 3f11 e4c5 0acc d8e7 0acc
0x0020: d908 cac8 c822 0142 0000 0001 1140 0265
0x0030: ff05 85fa 026e 876a 77f1 86dd 6000 0000
0x0040: 0100 2c40 3b7c 01f1 ce94 145f 0000 0000
0x0050: 0000 0003 3b7c 01f1 ce94 145f 0000 0000
0x0060: 0000 0004 3a00 01f1 7e0d c359 4141 4141
0x0070: 4141 4141 4141 4141 4141 4141 4141 4141
0x0080: 4141 4141 4141 4141 4141 4141 4141 4141
0x0090: 4141 4141 4141 4141 4141 4141 4141 4141
0x00a0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00b0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00c0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00d0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00e0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00f0: 4141 4141 4141 4141 4141 4141 4141 4141
0x0100: 4141 4141 4141 4141 4141 4141 4141 4141
0x0110: 4141 4141 4141 4141 4141 4141 4141 4141
0x0120: 4141 4141 4141 4141 4141 4141 4141 4141
0x0130: 4141 4141 4141 4141 4141 4141 4141 4141
0x0140: 4141 4141 4141 4141 4141 4141 4141 4141
0x0150: 4141 4141 4141 4141 4141 4141 4141 4141
0x0160: 4141 4141
08:52:53.740344 80:ac:ac:f0:a2:c1 > 00:25:90:c3:ae:b4, ethertype IPv4 (0x0800), length 356: (tos 0x0, ttl 63, id 52811, offset 0, flags [none], proto UDP (17), length 342)
    10.204.216.231.51912 > 10.204.217.8.51234: [no cksum] UDP, length 314
0x0000: 0025 90c3 aeb4 80ac acf0 a2c1 0800 4500
0x0010: 0156 ce4b 0000 3f11 e4c3 0acc d8e7 0acc
0x0020: d908 cac8 c822 0142 0000 0001 1140 0265
0x0030: ff05 85fa 026e 876a 77f1 86dd 6000 0000
0x0040: 0100 2c40 3b7c 01f1 ce94 145f 0000 0000
0x0050: 0000 0003 3b7c 01f1 ce94 145f 0000 0000
0x0060: 0000 0004 3a00 00f9 7e0d c359 4141 4141
0x0070: 4141 4141 4141 4141 4141 4141 4141 4141
0x0080: 4141 4141 4141 4141 4141 4141 4141 4141
0x0090: 4141 4141 4141 4141 4141 4141 4141 4141
0x00a0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00b0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00c0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00d0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00e0: 4141 4141 4141 4141 4141 4141 4141 4141
0x00f0: 4141 4141 4141 4141 4141 4141 4141 4141
0x0100: 4141 4141 4141 4141 4141 4141 4141 4141
0x0110: 4141 4141 4141 4141 4141 4141 4141 4141
0x0120: 4141 4141 4141 4141 4141 4141 4141 4141
0x0130: 4141 4141 4141 4141 4141 4141 4141 4141
0x0140: 4141 4141 4141 4141 4141 4141 4141 4141
0x0150: 4141 4141 4141 4141 4141 4141 4141 4141
0x0160: 4141 4141

^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
root@nodec23:~# flow -l
Flow table(size 80609280, entries 629760)

Entries: Created 66 Added 66 Processed 66 Used Overflow entries 0
(Created Flows/CPU: 18 22 16 10)(oflows 0)

Action:F=Forward, D=Drop N=NAT(S=SNAT, D=DNAT, Ps=SPAT, Pd=DPAT, L=Link Local Port)
 Other:K(nh)=Key_Nexthop, S(nh)=RPF_Nexthop
 Flags:E=Evicted, Ec=Evict Candidate, N=New Flow, M=Modified Dm=Delete Marked
TCP(r=reverse):S=SYN, F=FIN, R=RST, C=HalfClose, E=Established, D=Dead

    Index Source:Port/Destination:Port Proto(V)
-----------------------------------------------------------------------------------
   268036<=>450992 3b7c:1f1:ce94:145f::3:372 58 (1)
                         3b7c:1f1:ce94:145f::4:129
(Gen: 1, K(nh):14, Action:F, Flags:, S(nh):21, Stats:3/930, SPort 55829)

   359024<=>371184 3b7c:1f1:ce94:145f::4:384 58 (1)
                         3b7c:1f1:ce94:145f::3:129
(Gen: 1, K(nh):14, Action:F, Flags:, S(nh):14, Stats:1/358, SPort 50378)

   371184<=>359024 3b7c:1f1:ce94:145f::3:384 58 (1)
                         3b7c:1f1:ce94:145f::4:129
(Gen: 1, K(nh):14, Action:F, Flags:, S(nh):21, Stats:3/930, SPort 60328)

   450992<=>268036 3b7c:1f1:ce94:145f::4:372 58 (1)
                         3b7c:1f1:ce94:145f::3:129
(Gen: 1, K(nh):14, Action:F, Flags:, S(nh):14, Stats:0/0, SPort 49753)

root@nodec23:~#

On source compute seeing "Flow Queue Limit Exceeded” errors.

root@nodek11:~# dropstats
GARP 0
ARP no where to go 0
Invalid ARPs 0

Invalid IF 0
Trap No IF 0
IF TX Discard 0
IF Drop 0
IF RX Discard 0

Flow Unusable 0
Flow No Memory 0
Flow Table Full 0
Flow NAT no rflow 0
Flow Action Drop 18
Flow Action Invalid 0
Flow Invalid Protocol 0
Flow Queue Limit Exceeded 24
Flow Unusable (Eviction) 0

Original Packet Trapped 0

Discards 1
TTL Exceeded 0
Mcast Clone Fail 0
Cloned Original 34

Invalid NH 3
Invalid Label 0
Invalid Protocol 0
Rewrite Fail 0
Invalid Mcast Source 0

Push Fails 0
Pull Fails 0
Duplicated 0
Head Alloc Fails 0
Head Space Reserve Fails 0
PCOW fails 0
Invalid Packets 0

Misc 0
Nowhere to go 0
Checksum errors 0
No Fmd 0
Invalid VNID 0
Fragment errors 0
Invalid Source 0
Jumbo Mcast Pkt with DF Bit 0
ARP No Route 0
No L2 Route 2
Memory Failures 0
Fragment Queueing Failures 0

root@nodek11:~#

Hari Prasad Killi (haripk)
Changed in juniperopenstack:
milestone: r3.0.3.4 → none
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0.3.x

Review in progress for https://review.opencontrail.org/36228
Submitter: Divakar Dharanalakota (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/36232
Submitter: Divakar Dharanalakota (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/36238
Committed: http://github.com/Juniper/contrail-vrouter/commit/22a05c108c319637513c37f9e88256779395fbee
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 22a05c108c319637513c37f9e88256779395fbee
Author: Divakar D <email address hidden>
Date: Wed Oct 4 18:24:31 2017 +0530

Intimate head fragment arrival to Fragment assembler after Agent's flow set

When the head fragment is received in the Vrouter it is enqueued to
assembler immediately upon arrival. The flow is created as hold flow and
then trapped to agent. If fragments corresponding to this head fragment
are already in assembler or if new fragments arrive immediately after
head fragment, assembler released them to flow module. If agent does not
write flow action by the time assembler releases fragments to Flow
module, fragments get enqued in hold queue. As only maximum of three
fragments are enqueued in holdq, rest of the fragments from assembler
gets dropped in flow module. This leads to whole packet getting dropped
in receive side leading to first packet loss.

As a fix, the head fragment is enqued to assembler not immediately after
flow is created, but after flow action is written by agent. If the flow
is already present in non-hold state, it is immdiately enqueued to
assembler.

Change-Id: I5c5d83df0cc56152c98355ed278c86249d7823e7
closes-bug: #1716308

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/36232
Committed: http://github.com/Juniper/contrail-vrouter/commit/06100923ed760dfd60aee5087e6f2ae71b23fea7
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 06100923ed760dfd60aee5087e6f2ae71b23fea7
Author: Divakar D <email address hidden>
Date: Wed Oct 4 18:24:31 2017 +0530

Intimate head fragment arrival to Fragment assembler after Agent's flow set

When the head fragment is received in the Vrouter it is enqueued to
assembler immediately upon arrival. The flow is created as hold flow and
then trapped to agent. If fragments corresponding to this head fragment
are already in assembler or if new fragments arrive immediately after
head fragment, assembler released them to flow module. If agent does not
write flow action by the time assembler releases fragments to Flow
module, fragments get enqued in hold queue. As only maximum of three
fragments are enqueued in holdq, rest of the fragments from assembler
gets dropped in flow module. This leads to whole packet getting dropped
in receive side leading to first packet loss.

As a fix, the head fragment is enqued to assembler not immediately after
flow is created, but after flow action is written by agent. If the flow
is already present in non-hold state, it is immdiately enqueued to
assembler.

Change-Id: Ia5a488e07e4cb814cb917138218c856ca56c3512
closes-bug: #1716308

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/36228
Committed: http://github.com/Juniper/contrail-vrouter/commit/b2c608eb7228ec56843a07ed1c0191c1e9d386fb
Submitter: Zuul (<email address hidden>)
Branch: R3.0.3.x

commit b2c608eb7228ec56843a07ed1c0191c1e9d386fb
Author: Divakar D <email address hidden>
Date: Wed Oct 4 18:24:31 2017 +0530

Intimate head fragment arrival to Fragment assembler after Agent's flow set

When the head fragment is received in the Vrouter it is enqueued to
assembler immediately upon arrival. The flow is created as hold flow and
then trapped to agent. If fragments corresponding to this head fragment
are already in assembler or if new fragments arrive immediately after
head fragment, assembler released them to flow module. If agent does not
write flow action by the time assembler releases fragments to Flow
module, fragments get enqued in hold queue. As only maximum of three
fragments are enqueued in holdq, rest of the fragments from assembler
gets dropped in flow module. This leads to whole packet getting dropped
in receive side leading to first packet loss.

As a fix, the head fragment is enqued to assembler not immediately after
flow is created, but after flow action is written by agent. If the flow
is already present in non-hold state, it is immdiately enqueued to
assembler.

Change-Id: Ia5a488e07e4cb814cb917138218c856ca56c3512
closes-bug: #1716308

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0.3.x

Review in progress for https://review.opencontrail.org/36276
Submitter: Divakar Dharanalakota (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.2

Review in progress for https://review.opencontrail.org/36277
Submitter: Divakar Dharanalakota (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/36278
Submitter: Divakar Dharanalakota (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/36277
Committed: http://github.com/Juniper/contrail-vrouter/commit/49e20291967d5d463c085ed610ff88d19f78072d
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 49e20291967d5d463c085ed610ff88d19f78072d
Author: Divakar D <email address hidden>
Date: Thu Oct 5 11:45:40 2017 +0530

Revert "Intimate head fragment arrival to Fragment assembler after Agent's flow set"

This reverts commit 22a05c108c319637513c37f9e88256779395fbee.

Change-Id: Ibc487f4655e5cfaaa46caabda212d72d8a3e3027
closes-bug: #1716308

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/36278
Committed: http://github.com/Juniper/contrail-vrouter/commit/86f26b0a92d0a47d5dfb94d76a4839a27daf787f
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 86f26b0a92d0a47d5dfb94d76a4839a27daf787f
Author: Divakar D <email address hidden>
Date: Thu Oct 5 11:47:37 2017 +0530

Revert "Intimate head fragment arrival to Fragment assembler after Agent's flow set"

This reverts commit 06100923ed760dfd60aee5087e6f2ae71b23fea7.

Change-Id: I430f4f4d7387d7ed4c8c8688574fc0f5a8d28b3c
closes-bug: #1716308

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/36276
Committed: http://github.com/Juniper/contrail-vrouter/commit/1b7d9937c1a83c5708ee51c8f717551d1756dac0
Submitter: Zuul (<email address hidden>)
Branch: R3.0.3.x

commit 1b7d9937c1a83c5708ee51c8f717551d1756dac0
Author: Divakar D <email address hidden>
Date: Thu Oct 5 11:37:36 2017 +0530

Revert "Intimate head fragment arrival to Fragment assembler after Agent's flow set"

This reverts commit b2c608eb7228ec56843a07ed1c0191c1e9d386fb.

Change-Id: I6b0bc21dd7b758d33452ad6aa6effcdd4fd88260
closes-bug: #1716308

Chandra Sekhar Reddy Mallam (cmallam)
tags: added: operational
Revision history for this message
Jeba Paulaiyan (jebap) wrote : Re: IPv6 Fragments: Issue with flow processing, when out of order ICMPv6 fragment packets are received.

Release notes:

When the head fragment is received in the Vrouter it is enqueued to
assembler immediately upon arrival. The flow is created as hold flow and
then trapped to agent. If fragments corresponding to this head fragment
are already in assembler or if new fragments arrive immediately after
head fragment, assembler released them to flow module. If agent does not
write flow action by the time assembler releases fragments to Flow
module, fragments get enqued in hold queue. As only maximum of three
fragments are enqueued in holdq, rest of the fragments from assembler
gets dropped in flow module. This leads to whole packet getting dropped
in receive side leading to first packet loss.

tags: added: releasenote
information type: Proprietary → Public
Jeba Paulaiyan (jebap)
Changed in juniperopenstack:
status: New → Won't Fix
Rudra Rugge (rrugge)
summary: - IPv6 Fragments: Issue with flow processing, when out of order ICMPv6
- fragment packets are received.
+ IPv6 Fragments: If there are more than 3 fragments for the first ICMPv6
+ packet then the packet is dropped.
Jim Reilly (jpreilly)
tags: added: att-aic-contrail
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.