Mirantis OpenStack

Duplicated traffic in SR-IOV and DVR mode

  1. Series 10.0.x
  2. Bug #1566951
Bug #1566951 reported by Kristina Berezovskaia
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Status tracked in 10.0.x
10.0.x
Confirmed
High
Unassigned
Mirantis OpenStack 10.0
neutron
Fix Released
Undecided
Rodolfo Alonso

Bug Description

Detailed bug description:
 On DVR VLAN env vm with SR-IOV has duplicated traffic during pin external host or internal ip

Steps to reproduce:
1. Deployed env with SR-IOV and DVR
2. Create net1, subnet
3. Create net2, subnet
4. Create DVR router, set gatawey, add interface for both nets
5. Create sr-iov port in net1 (port_sriov_1)
6. Create sr-iov port in net2 (port_sriov_2)
7. Boot ubuntu vm1 with port port_sriov_1
8. Boot ubuntu vm 2with port port_sriov_2
9. Associate floating for vm1
10. Ping from vm1 8.8.8.8, ping vm2 by floating

Expected results:
 Ping is available, packets are not duplicated

Actual result:
Packets are duplicated:
ubuntu@vm-ew-1:~$ ping 10.1.2.6
PING 10.1.2.6 (10.1.2.6) 56(84) bytes of data.
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.312 ms
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.313 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.313 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.313 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.314 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.314 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.314 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.315 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.315 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.315 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.316 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.316 ms (DUP!)
64 bytes from 10.1.2.6: icmp_seq=1 ttl=63 time=0.316 ms (DUP!)

ubuntu@vm-ew-1:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=5.41 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=5.41 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=5.41 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=5.41 ms (DUP!)
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=4.36 ms

Description of the environment:
Find on iso 155, vlan+dvr+enable sr-iov

Additional information:
 I boot usual vm in net1 and ping 8.8.8.8 work good

Dmitry Klenov (dklenov)
tags: added: area-library
Changed in mos:
assignee: nobody → Fuel Library Team (fuel-library)
status: New → Confirmed
Matthew Mosesohn (raytrac3r)
tags: added: team-network
Revision history for this message
Atsuko Ito (yottatsa) wrote :

Even with DVR enabled, SR-IOV ports could be used with Provider networks (without DVR). This requires from end user to setup physnets according to it.

Changed in mos:
assignee: Fuel Library Team (fuel-library) → Fuel Documentation Team (fuel-docs)
Revision history for this message
Svetlana Karslioglu (skarslioglu) wrote :

Please describe the documentation impact in more details.

Changed in mos:
status: Confirmed → Incomplete
Michele Fagan (michelefagan)
Changed in mos:
assignee: Fuel Documentation Team (fuel-docs) → Alexander Adamov (aadamov)
Dmitry Pyzhov (dpyzhov)
tags: added: adocs
tags: added: docs
removed: adocs
Revision history for this message
Evgeny Konstantinov (evkonstantinov) wrote :

Marking this wontfix. Feel free to reopen if you have the doc impact & description of what needs to be implemented in the docs.

Changed in mos:
status: Incomplete → Won't Fix
Revision history for this message
David Hill (david-hill-ubisoft) wrote :

What needs to be documented here is that a SR-IOV port should only be attached to the VM and not put in a DVR router as this will duplicate the ports ... from my understanding of the issue.

Here is a simple representation of what should be configured:

VM -> SR-IOV VF -> SR-IOV PF -> Switch

and here is what you have configured when adding the SR-IOV port to the router:
VM \ -> SR-IOV VF -> SR-IOV PF -> Switch # port attached to the VM
    \ -> SR-IOV VF -> OVS -> SR-IOV-PF -> Switch # port also attached to the OVS router

... and that's what is duplicating the packets. I guess here we could :

1) Prevent attaching the SR-IOV port to a DVR router ...

I can't think of another possibility but it doesn't mean there're none.

Changed in neutron:
status: New → Confirmed
Rodolfo Alonso (rodolfo-alonso-hernandez)
Changed in neutron:
assignee: nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/611059

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lib (master)

Fix proposed to branch: master
Review: https://review.openstack.org/615126

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-lib (master)

Reviewed: https://review.openstack.org/615126
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=29f128cd1f9499ad4c600898d90ebf5b9ceca5f3
Submitter: Zuul
Branch: master

commit 29f128cd1f9499ad4c600898d90ebf5b9ceca5f3
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri Nov 2 10:29:20 2018 +0000

    Check if a port can be bound to a virtual bridge

    If port VNIC type is "normal", the port can be bound to a virtual bridge;
    e.g.: Linux Bridge, OVS.

    Change-Id: I0dab235bd492538c7fa909dace08fad2267a589d
    Partial-Bug: #1566951

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/611059
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1966ad3945a7a44beeefc603f9d6da54ac67f9a3
Submitter: Zuul
Branch: master

commit 1966ad3945a7a44beeefc603f9d6da54ac67f9a3
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri Nov 2 11:35:25 2018 +0000

    Check port VNIC type when associating a floating IP

    When associating a floating IP to a port and the router is distributed,
    the VNIC type of this port must be "normal" only. In any other case,
    the floating IP can't be assigned. For example, a SR-IOV can have a
    floating IP if the router is distributed (the router is in the same
    host of the port).

    Closes-Bug: #1566951

    Change-Id: I4944041df81e24683bc612560808bcdcc2db6bf2

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 14.0.0.0b1

This issue was fixed in the openstack/neutron 14.0.0.0b1 development milestone.

Bernard Cafarelli (bcafarel)
tags: added: neutron-proactive-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/631837

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/631842

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/631844

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/rocky)

Reviewed: https://review.openstack.org/631837
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0f14e30fa4618d0f3041f9f4bfb066ad248f19ed
Submitter: Zuul
Branch: stable/rocky

commit 0f14e30fa4618d0f3041f9f4bfb066ad248f19ed
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri Nov 2 11:35:25 2018 +0000

    Check port VNIC type when associating a floating IP

    When associating a floating IP to a port and the router is distributed,
    the VNIC type of this port must be "normal" only. In any other case,
    the floating IP can't be assigned. For example, a SR-IOV can have a
    floating IP if the router is distributed (the router is in the same
    host of the port).

    This patch adds also function can_port_be_bound_to_virtual_bridge to
    neutron/db/l3_db.py module.
    Originally this function was introduced in neutron-lib with [1] but
    in stable branch there is older neutron-lib used so this isn't available
    from neutron-lib.

    [1] https://review.openstack.org/#/c/615126/

    Closes-Bug: #1566951

    Change-Id: I4944041df81e24683bc612560808bcdcc2db6bf2
    (cherry picked from commit 1966ad3945a7a44beeefc603f9d6da54ac67f9a3)

tags: added: in-stable-rocky
tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/631842
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1c573bb8b949baf591d8e0744537be4c0d1faa72
Submitter: Zuul
Branch: stable/queens

commit 1c573bb8b949baf591d8e0744537be4c0d1faa72
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri Nov 2 11:35:25 2018 +0000

    Check port VNIC type when associating a floating IP

    When associating a floating IP to a port and the router is distributed,
    the VNIC type of this port must be "normal" only. In any other case,
    the floating IP can't be assigned. For example, a SR-IOV can have a
    floating IP if the router is distributed (the router is in the same
    host of the port).

    This patch adds also function can_port_be_bound_to_virtual_bridge to
    neutron/db/l3_db.py module.
    Originally this function was introduced in neutron-lib with [1] but
    in stable branch there is older neutron-lib used so this isn't available
    from neutron-lib.

    [1] https://review.openstack.org/#/c/615126/

    Closes-Bug: #1566951

    Change-Id: I4944041df81e24683bc612560808bcdcc2db6bf2
    (cherry picked from commit 1966ad3945a7a44beeefc603f9d6da54ac67f9a3)
    (cherry picked from commit 0f14e30fa4618d0f3041f9f4bfb066ad248f19ed)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/631844
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=edd8ad31d7cd9f340ebe8a607b6c6487a78ad7e5
Submitter: Zuul
Branch: stable/pike

commit edd8ad31d7cd9f340ebe8a607b6c6487a78ad7e5
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri Nov 2 11:35:25 2018 +0000

    Check port VNIC type when associating a floating IP

    When associating a floating IP to a port and the router is distributed,
    the VNIC type of this port must be "normal" only. In any other case,
    the floating IP can't be assigned. For example, a SR-IOV can have a
    floating IP if the router is distributed (the router is in the same
    host of the port).

    This patch adds also function can_port_be_bound_to_virtual_bridge to
    neutron/db/l3_db.py module.
    Originally this function was introduced in neutron-lib with [1] but
    in stable branch there is older neutron-lib used so this isn't available
    from neutron-lib.

    [1] https://review.openstack.org/#/c/615126/

    Closes-Bug: #1566951

    Change-Id: I4944041df81e24683bc612560808bcdcc2db6bf2
    (cherry picked from commit 1966ad3945a7a44beeefc603f9d6da54ac67f9a3)
    (cherry picked from commit 0f14e30fa4618d0f3041f9f4bfb066ad248f19ed)
    (cherry picked from commit 1c573bb8b949baf591d8e0744537be4c0d1faa72)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.7

This issue was fixed in the openstack/neutron 11.0.7 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.3

This issue was fixed in the openstack/neutron 13.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.6

This issue was fixed in the openstack/neutron 12.0.6 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.