| 2016-08-10 16:05:25 |
Richard Theis |
description |
Neutron can be configured to allow overlapping IP addresses (see the allow_overlapping_ips configuration option). This is the default in DevStack. With overlapping IP addresses (as the example shows below), OVN address sets do not store duplicate addresses. As a result, deleting a port with a duplicate IP address on the same security group will result in networking-ovn removing the overlapping IP address from the security group's address set.
$ openstack network create network1
$ openstack network create network2
$ openstack subnet create --subnet-range 10.1.0.0/24 --network network1 subnet1
$ openstack subnet create --subnet-range 10.1.0.0/24 --network network2 subnet2
$ openstack port create --network network1 --fixed-ip ip-address=10.1.0.10 port1
$ openstack port create --network network2 --fixed-ip ip-address=10.1.0.10 port2
$ ovn-nbctl show
switch 58c1eaa8-96b3-47f5-93b1-b7c568811e3c (neutron-56a3c2a7-f70f-4614-93de-1399a81defdb)
port 37cef443-4a2d-4670-8abd-05fc7d97cba0
addresses: ["fa:16:3e:b2:7e:c1 10.1.0.10"]
switch acd899f1-6846-4f58-ae7c-aa72f765ea02 (neutron-95bad130-4b0c-4aa2-b11f-e1cfeb1ec62b)
port 605cf49a-3d65-49b1-bb0f-7ba72ffc0b7a
addresses: ["fa:16:3e:8c:0e:a1 10.1.0.10"]
...
$ ovn-nbctl list address_set
_uuid : 9e09ff9e-9bc7-49dc-8837-71808182a403
addresses : ["10.1.0.10"]
external_ids : {"neutron:security_group_name"=default}
name : "as_ip4_a420da8b_ea8b_46d4_891e_5441a87a261d"
...
$ openstack port delete port2
$ ovn-nbctl list address_set
_uuid : 9e09ff9e-9bc7-49dc-8837-71808182a403
addresses : []
external_ids : {"neutron:security_group_name"=default}
name : "as_ip4_a420da8b_ea8b_46d4_891e_5441a87a261d"
...
$ ovn-nbctl show
switch 58c1eaa8-96b3-47f5-93b1-b7c568811e3c (neutron-56a3c2a7-f70f-4614-93de-1399a81defdb)
port 37cef443-4a2d-4670-8abd-05fc7d97cba0
addresses: ["fa:16:3e:b2:7e:c1 10.1.0.10"]
... |
Neutron can be configured to allow overlapping IP addresses (see the allow_overlapping_ips configuration option). This is the default in DevStack. With overlapping IP addresses (as the example shows below), OVN address sets do not store duplicate addresses. As a result, deleting a port with a duplicate IP address on the same security group will result in networking-ovn removing the overlapping IP address from the security group's address set even though another port is using the IP address.
Recreate Steps:
$ openstack network create network1
$ openstack network create network2
$ openstack subnet create --subnet-range 10.1.0.0/24 --network network1 subnet1
$ openstack subnet create --subnet-range 10.1.0.0/24 --network network2 subnet2
$ openstack port create --network network1 --fixed-ip ip-address=10.1.0.10 port1
$ openstack port create --network network2 --fixed-ip ip-address=10.1.0.10 port2
$ ovn-nbctl show
switch 58c1eaa8-96b3-47f5-93b1-b7c568811e3c (neutron-56a3c2a7-f70f-4614-93de-1399a81defdb)
port 37cef443-4a2d-4670-8abd-05fc7d97cba0
addresses: ["fa:16:3e:b2:7e:c1 10.1.0.10"]
switch acd899f1-6846-4f58-ae7c-aa72f765ea02 (neutron-95bad130-4b0c-4aa2-b11f-e1cfeb1ec62b)
port 605cf49a-3d65-49b1-bb0f-7ba72ffc0b7a
addresses: ["fa:16:3e:8c:0e:a1 10.1.0.10"]
...
$ ovn-nbctl list address_set
_uuid : 9e09ff9e-9bc7-49dc-8837-71808182a403
addresses : ["10.1.0.10"]
external_ids : {"neutron:security_group_name"=default}
name : "as_ip4_a420da8b_ea8b_46d4_891e_5441a87a261d"
...
$ openstack port delete port2
$ ovn-nbctl list address_set
_uuid : 9e09ff9e-9bc7-49dc-8837-71808182a403
addresses : []
external_ids : {"neutron:security_group_name"=default}
name : "as_ip4_a420da8b_ea8b_46d4_891e_5441a87a261d"
...
$ ovn-nbctl show
switch 58c1eaa8-96b3-47f5-93b1-b7c568811e3c (neutron-56a3c2a7-f70f-4614-93de-1399a81defdb)
port 37cef443-4a2d-4670-8abd-05fc7d97cba0
addresses: ["fa:16:3e:b2:7e:c1 10.1.0.10"]
... |
|
