OpenStack Neutron Open vSwitch Charm

feature: allow 'dvr_snat' l3 agent mode to be used instead of just 'dvr' to allow for neutron-gateway-less deployments

Bug #1808045 reported by Dmitrii Shcherbakov
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Neutron Open vSwitch Charm
Fix Released
High
Dmitrii Shcherbakov
OpenStack Neutron Open vSwitch Charm 19.04

Bug Description

Currently it is a requirement to have a network node with an l3 agent running in the dvr_snat mode even for DVR deployments that do not use SNAT or have a very limited usage of SNAT.

It is not possible to disable snat completely: https://bugs.launchpad.net/neutron/+bug/1761591

Neutron creates a network:router_centralized_snat port and if it is not possible to find a dvr_snat agent to schedule it on there are various side-effects which are not seen at first. For example, Designate stops creating records for floating IPs and Neutron/Designate integration is, therefore, not functional.

Functionality relevant to dvr_snat:

* nodes that host l3 agents in dvr_snat mode are used for network:router_centralized_snat port bindings (otherwise there is nowhere to bind this port and it stays in the DOWN state);
* l3 agents in dvr_snat mode create snat-<router-uuid> namespaces that have rules perform port address translation functionality;
* l3 agents in dvr_snat mode are placeholders for parts of an L3HA router.

The documentation says that dvr_snat should be used on network nodes:
https://docs.openstack.org/neutron/queens/admin/deploy-ovs-ha-dvr.html#network-node

However, there is nothing restricting a DVR deployment from using dvr_snat l3 agents on every compute node and not having dedicated network nodes.

https://wiki.openstack.org/wiki/Neutron/DVR/HowTo (example: devstack environment)

Rationale: for deployments that only need FIPs with DVR or are known to have low SNAT traffic usage requirements it makes sense not to have network nodes. Therefore, neutron-openvswitch can be extended to optionally use dvr_snat mode.

Tags: cpe-onsite
Dmitrii Shcherbakov (dmitriis)
Changed in charm-neutron-openvswitch:
status: New → In Progress
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-openvswitch (master)

Fix proposed to branch: master
Review: https://review.openstack.org/624495

Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :

Subscribed ~field-medium as this is needed for ongoing field projects.

Revision history for this message
James Page (james-page) wrote :

Worth noting that the n-gateway units also do some other tasks such as lbaas (for pre-octavia deployments) and metering; these are not currently included in the scope of the neutron-openvswitch DVR support. Worth checking on the fwaas support in the l3-agent for n-ova as well.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-neutron-openvswitch (master)

Reviewed: https://review.openstack.org/624495
Committed: https://git.openstack.org/cgit/openstack/charm-neutron-openvswitch/commit/?id=1486c83a1f15e39cb7c4233996fec6668c663949
Submitter: Zuul
Branch: master

commit 1486c83a1f15e39cb7c4233996fec6668c663949
Author: Dmitrii Shcherbakov <email address hidden>
Date: Wed Dec 12 00:12:21 2018 +0300

    Allow dvr_snat l3 agent mode to be used with DVR

    Currently it is a requirement to have a network node with an l3 agent
    running in the dvr_snat mode even for DVR deployments that do not use
    SNAT or have a very limited usage of SNAT.

    It is not possible to disable snat completely:
    https://bugs.launchpad.net/neutron/+bug/1761591

    Neutron creates a network:router_centralized_snat port and if it is not
    possible to find a dvr_snat agent to schedule it on there are various
    side-effects which are not seen at first. For example, Designate stops
    creating records for floating IPs and Neutron/Designate integration is,
    therefore, not functional.

    The Neutron DVR documentation says that dvr_snat should be used on
    network nodes. However, there is nothing restricting a DVR deployment
    from using dvr_snat l3 agents on every compute node and not having
    dedicated network nodes.

    This change modifies neutron-openvswitch to optionally enable dvr_snat
    l3 agent mode (this includes supporting L3HA routers if enabled). As a
    result, it is possible to have deployments without neutron-gateway thus
    saving on the amount of required nodes. Care should be taken when a
    large amount of L3HA routers is used and using DVR routers without L3HA
    is a recommended.

    Change-Id: Iad3a64967f91c81312911f6db856ce2271b0e068
    Closes-Bug: #1808045

Changed in charm-neutron-openvswitch:
status: In Progress → Fix Committed
David Ames (thedac)
Changed in charm-neutron-openvswitch:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.