[ovn] Don't include IP addresses for OVN ports if both port security and DHCP are disabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Elvira García Ruiz |
Bug Description
Right now, when port security is disabled the ML2/OVN plugin will set the addresses field to ["unknown", "mac IP1 IP2..."]. Eg.:
port 2da76786-
addresses: ["52:54:00:02:FA:0A 192.168.0.245", "unknown"]
There are scenarios (eg. NIC teaming) where the traffic may come from two different ports with the same source MAC address. While this is fine, on the way back, OVN doesn't learn the location of the MAC and it will deliver to the port which has the MAC address defined in the DB.
E.g
port1 - MAC1
port2 - MAC2
If traffic goes out from port2 with smac=MAC1, then the traffic will be delivered by OVN.
However, for incoming traffic getting to br-int with dmac=MAC1, OVN will deliver that to port1 instead of port2 because of the above configuration.
If OVN is not configured with any MAC(s) then the traffic will be flooded to all ports which have addresses=
The reason why "MAC IP" is added is merely so that OVN can install the necessary flows to serve DHCP natively.
In order to cover these use cases, the ML2/OVN driver could clear up the MAC-IP(s) from the 'addresses' column of those ports that belong to a network with DHCP disabled.
tags: | added: ovn |
Changed in neutron: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in neutron: | |
assignee: | nobody → Elvira García Ruiz (elviragr) |
Changed in neutron: | |
milestone: | none → wallaby-1 |
Changed in neutron: | |
milestone: | wallaby-1 → wallaby-2 |
Changed in neutron: | |
milestone: | wallaby-2 → wallaby-3 |
Changed in neutron: | |
milestone: | wallaby-3 → next |
Changed in neutron: | |
status: | Confirmed → Fix Released |
Related fix proposed to branch: master /review. opendev. org/763567
Review: https:/