Traffic still forward without NDP reachable

[shihdada]

Description
DUT will forward traffic even the NDP neighbor status is STALE, not REACHABLE.

Steps to reproduce the issue:
+----------+ 　　 　+----------+
| 　　　44 |----------| 1 　　 　|
| 　DUT 　 | 　 　 　| 　 STC 　|
| 　　　45 |----------| 2 　　 　|
+----------+ 　　 　+----------+

Config:

"INTERFACE": {
    "Ethernet44|2010::1/64": {},
    "Ethernet45|2020::1/64": {}
},
"PORT": {
    "Ethernet44": {
        "speed": "25000",
    },
    "Ethernet45": {
        "speed": "25000",
    }
}

STC Config:

STC-1:
Emulated Device: IPv6: 2010::2
RAW Stream: Src.IP 2010::2 Dst.IP 2020::2

STC-2:
Emulated Device: IPv6: 2020::2

Test Procedure:

1. Send ND from STC-1 and STC-2

2. Check NDP table on DUT:
   root@SONiC-Inventec-d6556:/home/admin# show ndp
   2010::2 dev Ethernet44 lladdr 00:10:94:00:00:01 REACHABLE
   2020::2 dev Ethernet45 lladdr 00:10:94:00:00:03 REACHABLE

3. Remove emulated device of STC-2

4. Wait more than 1 hour

5. Check NDP table on DUT:
   root@SONiC-Inventec-d6556:/home/admin# show ndp
   2010::2 dev Ethernet44 lladdr 00:10:94:00:00:01 STALE
   2020::2 dev Ethernet45 lladdr 00:10:94:00:00:03 STALE

6. Send traffic from STC-1 with Src.IP 2010::2, Dst.IP 2020::2

Describe the results you received:
DUT will forward traffic even the NDP neighbor status is STALE, not REACHABLE.

root@SONiC-Inventec-d6556:/home/admin# show ndp
2010::2 dev Ethernet44 lladdr 00:10:94:00:00:05 STALE
2020::2 dev Ethernet45 lladdr 00:10:94:00:00:06 STALE

Describe the results you expected:
When NDP neighbor status is STALE, packets should not be forwarded.

Additional information you deem important (e.g. issue happens only occasionally):
Actually, we found routing rules always exist in Broadcom ASIC, so DUT could forward traffic even NDP neighbor status is STALE, but it’s inconsistent between Linux and Broadcom ASIC.

root@SONiC-Inventec-d6556:/etc/sonic# bcmcmd "l3 ip6host show"
l3 ip6host show
Unit 0, free IPv6 table entries: 8190
Entry VRF IP address Mac Address INTF MOD PORT CLASS HIT H/W Index
1 0 2020:0000:0000:0000:0000:0000:0000:0002 00:00:00:00:00:00 100005 0 0 0 y 2096
2 0 2010:0000:0000:0000:0000:0000:0000:0002 00:00:00:00:00:00 100004 0 0 0 y 3452

Will SONiC have plan to remove routing rule in ASIC when NDP neighbor status is STALE?

**Output of `show version`:**

```
(paste your output here)
```

**Attach debug file `sudo generate_dump`:**

```
(paste your output here)
```

[prsunny]

Please note, Stale means the entry is still Valid. It will be refreshed when kernel receives the next packet. Here the expectation that "if the entry is stale, traffic should not be forwarded in ASIC" is not correct. Sonic does not remove routes/neighbor if the neighbor entry is in stale state. There are timers in Linux that cleans up stale entries based on certain threshold. When the state changes to failed or incomplete, Sonic removes/updates the routes

[yxieca]

Prince answered the question. Please feel free to raise new questions.