neutron

[ovn] Don't include IP addresses for OVN ports if both port security and DHCP are disabled

Bug #1904412 reported by Daniel Alvarez
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Elvira García Ruiz
neutron next

Bug Description

Right now, when port security is disabled the ML2/OVN plugin will set the addresses field to ["unknown", "mac IP1 IP2..."]. Eg.:

port 2da76786-51f0-4217-a09b-0c16e6728588 (aka servera-port-2)
        addresses: ["52:54:00:02:FA:0A 192.168.0.245", "unknown"]

There are scenarios (eg. NIC teaming) where the traffic may come from two different ports with the same source MAC address. While this is fine, on the way back, OVN doesn't learn the location of the MAC and it will deliver to the port which has the MAC address defined in the DB.

E.g

port1 - MAC1
port2 - MAC2

If traffic goes out from port2 with smac=MAC1, then the traffic will be delivered by OVN.
However, for incoming traffic getting to br-int with dmac=MAC1, OVN will deliver that to port1 instead of port2 because of the above configuration.

If OVN is not configured with any MAC(s) then the traffic will be flooded to all ports which have addresses=["unknown"].

The reason why "MAC IP" is added is merely so that OVN can install the necessary flows to serve DHCP natively.

In order to cover these use cases, the ML2/OVN driver could clear up the MAC-IP(s) from the 'addresses' column of those ports that belong to a network with DHCP disabled.

Lucas Alvares Gomes (lucasagomes)
tags: added: ovn
Changed in neutron:
importance: Undecided → Medium
status: New → Confirmed
Elvira García Ruiz (elviragr)
Changed in neutron:
assignee: nobody → Elvira García Ruiz (elviragr)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/763567

Jakub Libosvar (libosvar)
Changed in neutron:
milestone: none → wallaby-1
Slawek Kaplonski (slaweq)
Changed in neutron:
milestone: wallaby-1 → wallaby-2
Slawek Kaplonski (slaweq)
Changed in neutron:
milestone: wallaby-2 → wallaby-3
Slawek Kaplonski (slaweq)
Changed in neutron:
milestone: wallaby-3 → next
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 18.0.0.0rc2

This issue was fixed in the openstack/neutron 18.0.0.0rc2 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/wallaby)

Related fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron/+/786797

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/victoria)

Related fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/neutron/+/786798

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/ussuri)

Related fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/neutron/+/786799

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/786648
Committed: https://opendev.org/openstack/neutron/commit/662cd600753476a4f64df64361a0d31ecf54a1ec
Submitter: "Zuul (22348)"
Branch: master

commit 662cd600753476a4f64df64361a0d31ecf54a1ec
Author: Elvira García <email address hidden>
Date: Fri Apr 16 15:09:48 2021 +0200

    [OVN] Fix FDB table not registered in OvnSbIdl

    With MAC learning a new table FDB has been added to OVN [0]. It needs to
    be registered into OvnSbIdl so that it is recognized.

    [0] https://github.com/ovn-org/ovn/commit/6ec3b12590f9193659d549e30d96b1a22bbb1288

    Related-Bug: #1904412
    Change-Id: If815965f538b764cca4cc31b83ef5f4d4a50fc20
    Signed-off-by: Elvira García <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/786797
Committed: https://opendev.org/openstack/neutron/commit/a226f233262ebaaaba3f99f29f64933611627ab3
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit a226f233262ebaaaba3f99f29f64933611627ab3
Author: Elvira García <email address hidden>
Date: Fri Apr 16 15:09:48 2021 +0200

    [OVN] Fix FDB table not registered in OvnSbIdl

    With MAC learning a new table FDB has been added to OVN [0]. It needs to
    be registered into OvnSbIdl so that it is recognized.

    [0] https://github.com/ovn-org/ovn/commit/6ec3b12590f9193659d549e30d96b1a22bbb1288

    Related-Bug: #1904412
    Change-Id: If815965f538b764cca4cc31b83ef5f4d4a50fc20
    Signed-off-by: Elvira García <email address hidden>
    (cherry picked from commit 662cd600753476a4f64df64361a0d31ecf54a1ec)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/786799
Committed: https://opendev.org/openstack/neutron/commit/611a86b8f5be0215702f220adc942d232b95466a
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 611a86b8f5be0215702f220adc942d232b95466a
Author: Elvira García <email address hidden>
Date: Fri Apr 16 15:09:48 2021 +0200

    [OVN] Fix FDB table not registered in OvnSbIdl

    With MAC learning a new table FDB has been added to OVN [0]. It needs to
    be registered into OvnSbIdl so that it is recognized.

    [0] https://github.com/ovn-org/ovn/commit/6ec3b12590f9193659d549e30d96b1a22bbb1288

    Related-Bug: #1904412
    Change-Id: If815965f538b764cca4cc31b83ef5f4d4a50fc20
    Signed-off-by: Elvira García <email address hidden>
    (cherry picked from commit 662cd600753476a4f64df64361a0d31ecf54a1ec)

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/786798
Committed: https://opendev.org/openstack/neutron/commit/ae7a0567ef680970b3f7b65c7fcf721cb51898b2
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit ae7a0567ef680970b3f7b65c7fcf721cb51898b2
Author: Elvira García <email address hidden>
Date: Fri Apr 16 15:09:48 2021 +0200

    [OVN] Fix FDB table not registered in OvnSbIdl

    With MAC learning a new table FDB has been added to OVN [0]. It needs to
    be registered into OvnSbIdl so that it is recognized.

    [0] https://github.com/ovn-org/ovn/commit/6ec3b12590f9193659d549e30d96b1a22bbb1288

    Related-Bug: #1904412
    Change-Id: If815965f538b764cca4cc31b83ef5f4d4a50fc20
    Signed-off-by: Elvira García <email address hidden>
    (cherry picked from commit 662cd600753476a4f64df64361a0d31ecf54a1ec)

tags: added: in-stable-victoria
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 7.4.1

This issue was fixed in the openstack/networking-ovn 7.4.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 16.3.2

This issue was fixed in the openstack/neutron 16.3.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 17.1.2

This issue was fixed in the openstack/neutron 17.1.2 release.

Elvira García Ruiz (elviragr)
Changed in neutron:
status: Confirmed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 19.0.0.0rc1

This issue was fixed in the openstack/neutron 19.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.