Create and delete port timing windows with address sets

Bug #1611852 reported by Richard Theis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-ovn
Fix Released
Medium
Han Zhou

Bug Description

There is a timing window between create and delete port with respect to address sets. That is, deleting a port will result in its IP address being removed from its associated address sets. However, another port could be created at the same time taking over the IP address of the recently delete port. Depending on the sequence of events, the associated address sets may not contain the new ports IP address.

I was able to recreate this problem by adding a 15 second sleep in networking-ovn ML2 driver delete_port_postcommit() method.

This timing window may also impact update and delete port flow, but the create and delete port flow is the more likely scenario.

$ openstack port create --network private --fixed-ip ip-address=10.0.0.4 port1

$ ovn-nbctl show
    switch 45ba600a-fdf2-447f-961b-f19834f78539 (neutron-9d82f010-4021-48b7-b939-5ef5d3647221)
        port e5a9abc7-537e-425b-b138-56d02630b95f
            addresses: ["fa:16:3e:76:1c:a8 10.0.0.1"]
        port 99e4526a-c711-482a-99a4-bf59451496d9
            addresses: ["fa:16:3e:20:c1:66 fd4f:1747:ed80::1"]
        port ea898f42-6c5d-4f8b-a848-dfb9279be2ec
            addresses: ["fa:16:3e:78:9e:c2 10.0.0.4 fd4f:1747:ed80:0:f816:3eff:fe78:9ec2"]

...

$ ovn-nbctl list address_set
_uuid : 9e09ff9e-9bc7-49dc-8837-71808182a403
addresses : ["10.0.0.4"]
external_ids : {"neutron:security_group_name"=default}
name : "as_ip4_a420da8b_ea8b_46d4_891e_5441a87a261d"

...

# Run port create and delete at the same time.
$ openstack port delete port1
$ openstack port create --network private --fixed-ip ip-address=10.0.0.4 port2

$ ovn-nbctl show
    switch 45ba600a-fdf2-447f-961b-f19834f78539 (neutron-9d82f010-4021-48b7-b939-5ef5d3647221)
        port e5a9abc7-537e-425b-b138-56d02630b95f
            addresses: ["fa:16:3e:76:1c:a8 10.0.0.1"]
        port 99e4526a-c711-482a-99a4-bf59451496d9
            addresses: ["fa:16:3e:20:c1:66 fd4f:1747:ed80::1"]
        port 23ce3eda-5e5e-4aa7-acad-3c5156135129
            addresses: ["fa:16:3e:00:e8:83 10.0.0.4 fd4f:1747:ed80:0:f816:3eff:fe00:e883"]

...

$ ovn-nbctl list address_set
_uuid : 9e09ff9e-9bc7-49dc-8837-71808182a403
addresses : []
external_ids : {"neutron:security_group_name"=default}
name : "as_ip4_a420da8b_ea8b_46d4_891e_5441a87a261d"

...

Richard Theis (rtheis)
Changed in networking-ovn:
status: New → Confirmed
Revision history for this message
Richard Theis (rtheis) wrote :

Fixing this bug should take into consideration https://bugs.launchpad.net/networking-ovn/+bug/1611836.

Revision history for this message
Han Zhou (zhouhan) wrote :

I think this bug is a specific example of a more general bug: https://bugs.launchpad.net/networking-ovn/+bug/1605089

Revision history for this message
Richard Theis (rtheis) wrote :

Hi Han, I agree this is a specific example, but wanted to capture it in a separate bug report because it also impacts the create and delete flow. That said, the solution for https://bugs.launchpad.net/networking-ovn/+bug/1605089 may fix this problem as well.

description: updated
Revision history for this message
Han Zhou (zhouhan) wrote :

Richard, yes it is a good catch and this case is special because the dependency is less explicit.
I proposed the solution RFC here:
https://review.openstack.org/#/c/362494/

Changed in networking-ovn:
importance: Undecided → Medium
assignee: nobody → Han Zhou (zhouhan)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on networking-ovn (master)

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/362494
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message
Lucas Alvares Gomes (lucasagomes) wrote :

This has been fixed by the Port Groups support since address_sets won't be manipulated by networking-ovn like that anymore. See https://review.openstack.org/#/c/575388/

Changed in networking-ovn:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.