From: David Ahern <dsahern@gmail.com>
To: Michael Jeanson <mjeanson@efficios.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: David <davem@davemloft.net>, netdev <netdev@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH v2 0/3] l3mdev icmp error route lookup fixes
Date: Wed, 23 Sep 2020 12:46:01 -0600 [thread overview]
Message-ID: <cfdc41d9-cca1-7166-1a2e-778ac4bf8b73@gmail.com> (raw)
In-Reply-To: <47175ae8-e7e8-473c-5103-90bf444db16c@efficios.com>
On 9/23/20 11:03 AM, Michael Jeanson wrote:
> On 2020-09-23 12 h 04, Michael Jeanson wrote:
>>> It should work without asymmetric routing; adding the return route to
>>> the second vrf as I mentioned above fixes the FRAG_NEEDED problem. It
>>> should work for TTL as well.
>>>
>>> Adding a second pass on the tests with the return through r2 is fine,
>>> but add a first pass for the more typical case.
>>
>> Hi,
>>
>> Before writing new tests I just want to make sure we are trying to fix
>> the same issue. If I add a return route to the red VRF then we don't
>> need this patchset because whether the ICMP error are routed using the
>> table from the source or destination interface they will reach the
>> source host.
>>
>> The issue for which this patchset was sent only happens when the
>> destination interface's VRF doesn't have a route back to the source
>> host. I guess we might question if this is actually a bug or not.
>>
>> So the question really is, when a packet is forwarded between VRFs
>> through route leaking and an icmp error is generated, which table
>> should be used for the route lookup? And does it depend on the type of
>> icmp error? (e.g. TTL=1 happens before forwarding, but fragmentation
>> needed happens after when on the destination interface)
>
> As a side note, I don't mind reworking the tests as you requested even
> if the patchset as a whole ends up not being needed and if you think
> they are still useful. I just wanted to make sure we understood each other.
>
if you are leaking from VRF 1 to VRF 2 and you do not configure VRF 2
with how to send to errors back to source - MTU or TTL - then I will
argue that is a configuration problem, not a bug.
Now the TTL problem is interesting. You need the FIB lookup to know that
the packet is forwarded, and by the time of the ttl check in ip_forward
skb->dev points to the ingress VRF and dst points to the egress VRF. So
I think the change is warranted.
Let's do this for the tests:
1 pass through all of the tests (TTL and MTU, v4 and v6) with symmetric
routing configured and make sure they all pass. ie., keep all of them
and make sure all tests pass. No sense losing the tests and the thoughts
behind them.
Add a second pass with the asymmetric routing per the customer setup
since it motivated the investigation.
Rename the test to something like vrf_route_leaking.sh. It can be
expanded with more tests related to route leaking as they come up.
next prev parent reply other threads:[~2020-09-23 18:46 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-18 18:17 [RFC PATCH v2 0/3] l3mdev icmp error route lookup fixes Mathieu Desnoyers
2020-09-18 18:17 ` [RFC PATCH v2 1/3] ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) Mathieu Desnoyers
2020-09-18 18:18 ` [RFC PATCH v2 2/3] ipv6/icmp: " Mathieu Desnoyers
2020-09-18 18:18 ` [RFC PATCH v2 3/3] selftests: Add VRF icmp error route lookup test Mathieu Desnoyers
2020-09-21 18:36 ` [RFC PATCH v2 0/3] l3mdev icmp error route lookup fixes David Ahern
2020-09-21 18:44 ` Mathieu Desnoyers
2020-09-21 19:11 ` David Ahern
2020-09-21 19:33 ` Mathieu Desnoyers
2020-09-22 13:52 ` Michael Jeanson
2020-09-23 1:59 ` David Ahern
2020-09-23 16:04 ` Michael Jeanson
2020-09-23 17:03 ` Michael Jeanson
2020-09-23 18:46 ` David Ahern [this message]
2020-09-23 19:12 ` Michael Jeanson
2020-09-23 20:04 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cfdc41d9-cca1-7166-1a2e-778ac4bf8b73@gmail.com \
--to=dsahern@gmail.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mjeanson@efficios.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).