neutron

[OVN] Flooding issue on provider networks with disabled port security

Bug #2012069 reported by Luis Tomas Bolivar on 2023-03-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Wishlist	Luis Tomas Bolivar

Bug Description

When VMs associated to a provider network, with disabled port security, try to reach IPs on the provider network not known by OpenStack, there is a flooding issue due to FDB table not learning MACs. It seems there is a option in ovn [1] to address this issue but it is not used by OpenStack.

[1] https://github.com/ovn-org/ovn/commit/93514df0d4c8fe7986dc5f287d7011f420d1be6d

Tags:

Slawek Kaplonski (slaweq) on 2023-03-17

Changed in neutron:
status:	New → Confirmed
importance:	Undecided → Wishlist
tags:	added: ovn

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-17: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/877675

Changed in neutron:
status:	Confirmed → In Progress

Rodolfo Alonso (rodolfo-alonso-hernandez) on 2023-03-21

Changed in neutron:
assignee:	nobody → Luis Tomas Bolivar (ltomasbo)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-28: Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/877675
Committed: https://opendev.org/openstack/neutron/commit/7dfbdf65a71b7da2865d475cd91988728f734652
Submitter: "Zuul (22348)"
Branch: master

commit 7dfbdf65a71b7da2865d475cd91988728f734652
Author: Luis Tomas Bolivar <email address hidden>
Date: Fri Mar 17 15:59:05 2023 +0100

Add support for localnet_learn_fdb OVN option

    In OVN 22.09, the option "localnet_learn_fdb" was added so that
    localnet ports can learn MAC addresses and store them in the FDB
    table. This avoids flooding issues for VMs on provider networks
    when port security is disabled

Closes-Bug: #2012069
Change-Id: I93574b4fe9a79b649bfe755cf7e0697ccc7eb83a

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-17: Fix included in openstack/neutron 23.0.0.0b2

This issue was fixed in the openstack/neutron 23.0.0.0b2 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.