Skip to content

document l3vni blackhole issue #316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
edipascale wants to merge 1 commit into
base: master
Choose a base branch
from
Open

document l3vni blackhole issue #316

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions docs/known-limitations/known-limitations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ working hard to address:
* [Deleting a VPC and creating a new one right away can cause the agent to fail](#deleting-a-vpc-and-creating-a-new-one-right-away-can-cause-the-agent-to-fail)
* [Configuration not allowed when port is member of PortChannel](#configuration-not-allowed-when-port-is-member-of-portchannel)
* [Breakout and CMIS transceiver initialization issues on DS5000](#breakout-and-cmis-transceiver-initialization-issues-on-ds5000)
* [Traffic gets black-holed for up to 5 minutes if a host changes IP within its L3VNI VPC subnet](#traffic-gets-black-holed-for-up-to-5-minutes-if-a-host-changes-ip-within-its-l3vni-vpc-subnet)

### Deleting a VPC and creating a new one right away can cause the agent to fail

Expand Down Expand Up @@ -78,3 +79,20 @@ This occurs because SONiC did not always correctly reinitialize hardware abstrac
- Prefer inserting transceivers before breaking out ports to avoid the issue altogether, if possible.
- Always follow any REBOOTREQ status after upgrades or configuration changes.
- If problems persist, perform a full power cycle as a last resort.

### Traffic gets black-holed for up to 5 minutes if a host changes IP within its L3VNI VPC subnet

When a host changes its IP address inside an L3VNI VPC subnet, leaves not directly attached to the host will
black-hole all traffic to the new IP address for up to 5 minutes, i.e., until the old neighbor is aged
out. This is due to a defect in SONiC that will be fixed in a future release.

#### Diagnosing this issue

Pings to the new IP address of the host from a remote peer will fail with `Destination Host Unreachable`.

In the remote leaf, a log like the following one can be observed, where `10.10.99.70` is the hypothetical new IP of the host:
><code>NOTICE swss#orchagent: :- handleConflictingNeighbor: Route: Add IP:10.10.99.70 vrf_id:0x844424930134944, has no matching interface</code>

#### Known workarounds
Comment thread
pau-hedgehog marked this conversation as resolved.

The black-hole will age out on its own after a few minutes. As a defensive measure, users can configure [static DHCP leases](../user-guide/dhcp.md#static-leases) to ensure that hosts will always receive the same IP address and prevent the issue from happening.
Comment thread
pau-hedgehog marked this conversation as resolved.
Loading