networking-ovn

OVN with distributed floating IPs doesn't work with Octavia as LB VIPs are not bound to any chassis

Bug #1789686 reported by Daniel Alvarez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-ovn
Fix Released
High
Daniel Alvarez

Bug Description

When using OVN with distributed FIPs and Octavia, traffic to the LB VIP won't work as it's not bound to any chassis so flows aren't installed in any compute node.

We could have a way to add the external_mac only when the port is up (ie. bound to a chassis). When port is down and we assign a FIP to it, we'll be then falling back to the centralized routing case so traffic will go to the network node hosting the gateway for that FIP.

Daniel Alvarez (dalvarezs)
Changed in networking-ovn:
assignee: nobody → Daniel Alvarez (dalvarezs)
OpenStack Infra (hudson-openstack)
Changed in networking-ovn:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-ovn (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/601292

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-ovn (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/601293

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (master)

Reviewed: https://review.openstack.org/592538
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=c44d075269acb0b28ef3d68071ac3864911077d9
Submitter: Zuul
Branch: master

commit c44d075269acb0b28ef3d68071ac3864911077d9
Author: Daniel Alvarez <email address hidden>
Date: Wed Aug 29 15:58:05 2018 +0000

    Set/unset external MAC addresses for NAT entry when port is up/down

    When using distributed floating IPs, we set the external MAC
    address and logical port fields regardless whether the LSP
    is up. For the particular use of Octavia LB VIP, which doesn't
    ever get bound, the floating IP associated to it will never
    get the flows installed by ovn-controller.

    This patch changes the mechanism so that the DNAT entries get
    updated only on port up/down changes. If the port remains
    down, the external_mac will be cleared and traffic to those
    FIPs will still go through the centralized router.
    When a port gets bound to a chassis, if DVR is enabled, the
    mac_address field will be populated and traffic will go to
    the compute node.

    Closes-bug: #1789686
    Change-Id: I0043984b4bb7b3780112aba170ffb956c48084d0
    Signed-off-by: Daniel Alvarez <email address hidden>

Changed in networking-ovn:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (stable/rocky)

Reviewed: https://review.openstack.org/601292
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=15f56a02efee8c6f03f52abfa3a466b3041621ed
Submitter: Zuul
Branch: stable/rocky

commit 15f56a02efee8c6f03f52abfa3a466b3041621ed
Author: Daniel Alvarez <email address hidden>
Date: Wed Aug 29 15:58:05 2018 +0000

    Set/unset external MAC addresses for NAT entry when port is up/down

    When using distributed floating IPs, we set the external MAC
    address and logical port fields regardless whether the LSP
    is up. For the particular use of Octavia LB VIP, which doesn't
    ever get bound, the floating IP associated to it will never
    get the flows installed by ovn-controller.

    This patch changes the mechanism so that the DNAT entries get
    updated only on port up/down changes. If the port remains
    down, the external_mac will be cleared and traffic to those
    FIPs will still go through the centralized router.
    When a port gets bound to a chassis, if DVR is enabled, the
    mac_address field will be populated and traffic will go to
    the compute node.

    Closes-bug: #1789686
    Change-Id: I0043984b4bb7b3780112aba170ffb956c48084d0
    Signed-off-by: Daniel Alvarez <email address hidden>
    (cherry picked from commit c44d075269acb0b28ef3d68071ac3864911077d9)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (stable/queens)

Reviewed: https://review.openstack.org/601293
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=517a691cf1d662e52c23c0254005145983e748c5
Submitter: Zuul
Branch: stable/queens

commit 517a691cf1d662e52c23c0254005145983e748c5
Author: Daniel Alvarez <email address hidden>
Date: Wed Aug 29 15:58:05 2018 +0000

    Set/unset external MAC addresses for NAT entry when port is up/down

    When using distributed floating IPs, we set the external MAC
    address and logical port fields regardless whether the LSP
    is up. For the particular use of Octavia LB VIP, which doesn't
    ever get bound, the floating IP associated to it will never
    get the flows installed by ovn-controller.

    This patch changes the mechanism so that the DNAT entries get
    updated only on port up/down changes. If the port remains
    down, the external_mac will be cleared and traffic to those
    FIPs will still go through the centralized router.
    When a port gets bound to a chassis, if DVR is enabled, the
    mac_address field will be populated and traffic will go to
    the compute node.

     Conflicts:
     networking_ovn/tests/unit/fakes.py

    Closes-bug: #1789686
    Change-Id: I0043984b4bb7b3780112aba170ffb956c48084d0
    Signed-off-by: Daniel Alvarez <email address hidden>
    (cherry picked from commit c44d075269acb0b28ef3d68071ac3864911077d9)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 4.0.3

This issue was fixed in the openstack/networking-ovn 4.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 5.0.1

This issue was fixed in the openstack/networking-ovn 5.0.1 release.

Lucas Alvares Gomes (lucasagomes)
Changed in networking-ovn:
importance: Undecided → Critical
importance: Critical → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 6.0.0.0b1

This issue was fixed in the openstack/networking-ovn 6.0.0.0b1 development milestone.

Revision history for this message
Lucas Alvares Gomes (lucasagomes) wrote :

Re-opening this bug because the latest fix hasn't completed solved the problem as reported at https://bugzilla.redhat.com/show_bug.cgi?id=1707241

Changed in networking-ovn:
status: Fix Released → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (master)

Reviewed: https://review.opendev.org/659286
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=33fd553158a96b4dc40c66acf050fa7f91227dec
Submitter: Zuul
Branch: master

commit 33fd553158a96b4dc40c66acf050fa7f91227dec
Author: Maciej Józefczyk <email address hidden>
Date: Wed May 15 09:41:33 2019 +0000

    Do not set port addresses on LSP while port not bound

    FIP that points to VIP port could not have addresses
    specified [1]. Router pipeline will try to resolve
    ARP requests internally from LSP instead looking for
    actual MAC address from LSP where VIP exists at this moment.

    Lets not set this address till the port is bound.

    [1] https://bugzilla.redhat.com/show_bug.cgi?id=1707241

    Change-Id: I36261701be393584ad4b00ced96273736339b03c
    Closes-Bug: #1789686

Changed in networking-ovn:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-ovn (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/660257

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-ovn (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/660258

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-ovn (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/661565

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (stable/stein)

Reviewed: https://review.opendev.org/660257
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=fe366e0992c5f2655d6e16d5adf778cbaf4caf43
Submitter: Zuul
Branch: stable/stein

commit fe366e0992c5f2655d6e16d5adf778cbaf4caf43
Author: Maciej Józefczyk <email address hidden>
Date: Wed May 15 09:41:33 2019 +0000

    Do not set port addresses on LSP while port not bound

    FIP that points to VIP port could not have addresses
    specified [1]. Router pipeline will try to resolve
    ARP requests internally from LSP instead looking for
    actual MAC address from LSP where VIP exists at this moment.

    Lets not set this address till the port is bound.

    [1] https://bugzilla.redhat.com/show_bug.cgi?id=1707241

    Change-Id: I36261701be393584ad4b00ced96273736339b03c
    Closes-Bug: #1789686
    (cherry picked from commit 33fd553158a96b4dc40c66acf050fa7f91227dec)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (stable/rocky)

Reviewed: https://review.opendev.org/660258
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=f8864483767e0da780a5619a6fd6774ab8702b05
Submitter: Zuul
Branch: stable/rocky

commit f8864483767e0da780a5619a6fd6774ab8702b05
Author: Maciej Józefczyk <email address hidden>
Date: Wed May 15 09:41:33 2019 +0000

    Do not set port addresses on LSP while port not bound

    FIP that points to VIP port could not have addresses
    specified [1]. Router pipeline will try to resolve
    ARP requests internally from LSP instead looking for
    actual MAC address from LSP where VIP exists at this moment.

    Lets not set this address till the port is bound.

    [1] https://bugzilla.redhat.com/show_bug.cgi?id=1707241

    Change-Id: I36261701be393584ad4b00ced96273736339b03c
    Closes-Bug: #1789686
    (cherry picked from commit 33fd553158a96b4dc40c66acf050fa7f91227dec)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (stable/queens)

Reviewed: https://review.opendev.org/661565
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=7248a54f669effc5724983686b5dab6e87700e8f
Submitter: Zuul
Branch: stable/queens

commit 7248a54f669effc5724983686b5dab6e87700e8f
Author: Maciej Józefczyk <email address hidden>
Date: Wed May 15 09:41:33 2019 +0000

    Do not set port addresses on LSP while port not bound

    FIP that points to VIP port could not have addresses
    specified [1]. Router pipeline will try to resolve
    ARP requests internally from LSP instead looking for
    actual MAC address from LSP where VIP exists at this moment.

    Lets not set this address till the port is bound.

    [1] https://bugzilla.redhat.com/show_bug.cgi?id=1707241

    Change-Id: I36261701be393584ad4b00ced96273736339b03c
    Closes-Bug: #1789686
    (cherry picked from commit 33fd553158a96b4dc40c66acf050fa7f91227dec)

Bernard Cafarelli (bcafarel)
tags: added: networking-ovn-proactive-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 7.0.0.0b1

This issue was fixed in the openstack/networking-ovn 7.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 4.0.4

This issue was fixed in the openstack/networking-ovn 4.0.4 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to networking-ovn (master)

Reviewed: https://review.opendev.org/676223
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=5e72ea104cba1c30d2de36dbbab6e3d23a075929
Submitter: Zuul
Branch: master

commit 5e72ea104cba1c30d2de36dbbab6e3d23a075929
Author: Lucas Alvares Gomes <email address hidden>
Date: Wed Aug 7 13:47:55 2019 +0100

    Add support for virtual port type

    This patch adds support for "virtual" port type following the work in
    core OVN [0].

    Currently there are two main usages for this type of port:

    * Octavia: For creating the logical port for the virtual IP.
    * VRRP [1]

    Upon adding an IP address to the allowed_address_pairs field of the
    Neutron's port, networking-ovn will look if that IP matches with the IP
    of another existing port in the same network. If so, networking-ovn will
    updating the matching port accordingly setting its type to "virtual"
    and adding the required options in the OVN database.

    The patch also accounts for other situations such as:

    * Creating the VIP port after the parents (the ones with the IP in the
      allowed_address_pairs field) are created.

    * When updating removing/adding allowed_address_pairs' the virtual
      ports are also updated.

    * When deleting a parent port the virtual ports are also updated.

    The code removes the type "virtual" from a virtual port whenever there's
    no parents left (in case of deletion or editing allowed_address_pairs)
    making it an ordinary port again.

    The patch also keeps the logic introduced by
    33fd553158a96b4dc40c66acf050fa7f91227dec for version of OVN which does
    not support the virtual port type (> 2.12) making it backward compatible.

    [0]
    https://github.com/ovn-org/ovn/commit/054f4c85c413e20d893e10ba053ec52ac15db49c
    [1]
    https://docs.catalystcloud.io/tutorials/deploying-highly-available-instances-with-keepalived.html

    Closes-Bug: #1840449
    Related-Bug: #1789686
    Change-Id: I0b01b764413d178759a43028428c212014d3aa80
    Signed-off-by: Lucas Alvares Gomes <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-ovn (stable/train)

Related fix proposed to branch: stable/train
Review: https://review.opendev.org/697503

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to networking-ovn (stable/train)

Reviewed: https://review.opendev.org/697503
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=07df2a6bf8acb58608f7bc706556bf3541cc5d4c
Submitter: Zuul
Branch: stable/train

commit 07df2a6bf8acb58608f7bc706556bf3541cc5d4c
Author: Lucas Alvares Gomes <email address hidden>
Date: Wed Aug 7 13:47:55 2019 +0100

    Add support for virtual port type

    This patch adds support for "virtual" port type following the work in
    core OVN [0].

    Currently there are two main usages for this type of port:

    * Octavia: For creating the logical port for the virtual IP.
    * VRRP [1]

    Upon adding an IP address to the allowed_address_pairs field of the
    Neutron's port, networking-ovn will look if that IP matches with the IP
    of another existing port in the same network. If so, networking-ovn will
    updating the matching port accordingly setting its type to "virtual"
    and adding the required options in the OVN database.

    The patch also accounts for other situations such as:

    * Creating the VIP port after the parents (the ones with the IP in the
      allowed_address_pairs field) are created.

    * When updating removing/adding allowed_address_pairs' the virtual
      ports are also updated.

    * When deleting a parent port the virtual ports are also updated.

    The code removes the type "virtual" from a virtual port whenever there's
    no parents left (in case of deletion or editing allowed_address_pairs)
    making it an ordinary port again.

    The patch also keeps the logic introduced by
    33fd553158a96b4dc40c66acf050fa7f91227dec for version of OVN which does
    not support the virtual port type (> 2.12) making it backward compatible.

    [0]
    https://github.com/ovn-org/ovn/commit/054f4c85c413e20d893e10ba053ec52ac15db49c
    [1]
    https://docs.catalystcloud.io/tutorials/deploying-highly-available-instances-with-keepalived.html

    Conflicts:
        networking_ovn/common/utils.py
        networking_ovn/tests/unit/fakes.py

    Closes-Bug: #1840449
    Related-Bug: #1789686
    Change-Id: I0b01b764413d178759a43028428c212014d3aa80
    Signed-off-by: Lucas Alvares Gomes <email address hidden>
    (cherry picked from commit 5e72ea104cba1c30d2de36dbbab6e3d23a075929)

tags: added: in-stable-train
Jakub Libosvar (libosvar)
tags: removed: networking-ovn-proactive-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-ovn (stable/stein)

Related fix proposed to branch: stable/stein
Review: https://review.opendev.org/704804

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-ovn (stable/rocky)

Related fix proposed to branch: stable/rocky
Review: https://review.opendev.org/704806

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-ovn (stable/queens)

Related fix proposed to branch: stable/queens
Review: https://review.opendev.org/704812

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-ovn (stable/stein)

Related fix proposed to branch: stable/stein
Review: https://review.opendev.org/704898

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on networking-ovn (stable/stein)

Change abandoned by Brian Haley (<email address hidden>) on branch: stable/stein
Review: https://review.opendev.org/704804
Reason: See https://review.opendev.org/#/c/704898/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-ovn (stable/rocky)

Related fix proposed to branch: stable/rocky
Review: https://review.opendev.org/704902

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on networking-ovn (stable/rocky)

Change abandoned by Brian Haley (<email address hidden>) on branch: stable/rocky
Review: https://review.opendev.org/704806
Reason: See https://review.opendev.org/#/c/704902

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-ovn (stable/queens)

Related fix proposed to branch: stable/queens
Review: https://review.opendev.org/704903

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on networking-ovn (stable/queens)

Change abandoned by Brian Haley (<email address hidden>) on branch: stable/queens
Review: https://review.opendev.org/704812
Reason: See https://review.opendev.org/#/c/704903

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 6.0.1

This issue was fixed in the openstack/networking-ovn 6.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 5.1.0

This issue was fixed in the openstack/networking-ovn 5.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to networking-ovn (stable/rocky)

Reviewed: https://review.opendev.org/704902
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=32eb8c3f0171c453459cd1a19ae4ed17c0ed962a
Submitter: Zuul
Branch: stable/rocky

commit 32eb8c3f0171c453459cd1a19ae4ed17c0ed962a
Author: Lucas Alvares Gomes <email address hidden>
Date: Wed Aug 7 13:47:55 2019 +0100

    Add support for virtual port type

    This patch adds support for "virtual" port type following the work in
    core OVN [0].

    Currently there are two main usages for this type of port:

    * Octavia: For creating the logical port for the virtual IP.
    * VRRP [1]

    Upon adding an IP address to the allowed_address_pairs field of the
    Neutron's port, networking-ovn will look if that IP matches with the IP
    of another existing port in the same network. If so, networking-ovn will
    updating the matching port accordingly setting its type to "virtual"
    and adding the required options in the OVN database.

    The patch also accounts for other situations such as:

    * Creating the VIP port after the parents (the ones with the IP in the
      allowed_address_pairs field) are created.

    * When updating removing/adding allowed_address_pairs' the virtual
      ports are also updated.

    * When deleting a parent port the virtual ports are also updated.

    The code removes the type "virtual" from a virtual port whenever there's
    no parents left (in case of deletion or editing allowed_address_pairs)
    making it an ordinary port again.

    The patch also keeps the logic introduced by
    33fd553158a96b4dc40c66acf050fa7f91227dec for version of OVN which does
    not support the virtual port type (> 2.12) making it backward compatible.

    [0]
    https://github.com/ovn-org/ovn/commit/054f4c85c413e20d893e10ba053ec52ac15db49c
    [1]
    https://docs.catalystcloud.io/tutorials/deploying-highly-available-instances-with-keepalived.html

    Closes-Bug: #1840449
    Related-Bug: #1789686
    Signed-off-by: Lucas Alvares Gomes <email address hidden>
    (cherry picked from commit 5e72ea104cba1c30d2de36dbbab6e3d23a075929)

    Conflicts:
        networking_ovn/common/ovn_client.py
        networking_ovn/tests/functional/test_mech_driver.py
        networking_ovn/tests/unit/fakes.py
        networking_ovn/tests/unit/ml2/test_mech_driver.py

    Change-Id: I0b01b764413d178759a43028428c212014d3aa80

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to networking-ovn (stable/stein)

Reviewed: https://review.opendev.org/704898
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=1e789a02715cbfaad8dc9f4ba35a9b5bd6a6ee36
Submitter: Zuul
Branch: stable/stein

commit 1e789a02715cbfaad8dc9f4ba35a9b5bd6a6ee36
Author: Lucas Alvares Gomes <email address hidden>
Date: Wed Aug 7 13:47:55 2019 +0100

    Add support for virtual port type

    This patch adds support for "virtual" port type following the work in
    core OVN [0].

    Currently there are two main usages for this type of port:

    * Octavia: For creating the logical port for the virtual IP.
    * VRRP [1]

    Upon adding an IP address to the allowed_address_pairs field of the
    Neutron's port, networking-ovn will look if that IP matches with the IP
    of another existing port in the same network. If so, networking-ovn will
    updating the matching port accordingly setting its type to "virtual"
    and adding the required options in the OVN database.

    The patch also accounts for other situations such as:

    * Creating the VIP port after the parents (the ones with the IP in the
      allowed_address_pairs field) are created.

    * When updating removing/adding allowed_address_pairs' the virtual
      ports are also updated.

    * When deleting a parent port the virtual ports are also updated.

    The code removes the type "virtual" from a virtual port whenever there's
    no parents left (in case of deletion or editing allowed_address_pairs)
    making it an ordinary port again.

    The patch also keeps the logic introduced by
    33fd553158a96b4dc40c66acf050fa7f91227dec for version of OVN which does
    not support the virtual port type (> 2.12) making it backward compatible.

    [0]
    https://github.com/ovn-org/ovn/commit/054f4c85c413e20d893e10ba053ec52ac15db49c
    [1]
    https://docs.catalystcloud.io/tutorials/deploying-highly-available-instances-with-keepalived.html

    Closes-Bug: #1840449
    Related-Bug: #1789686
    Signed-off-by: Lucas Alvares Gomes <email address hidden>
    (cherry picked from commit 5e72ea104cba1c30d2de36dbbab6e3d23a075929)

    Conflicts:
        networking_ovn/common/ovn_client.py
        networking_ovn/tests/functional/test_mech_driver.py
        networking_ovn/tests/unit/ml2/test_mech_driver.py

    Change-Id: I0b01b764413d178759a43028428c212014d3aa80

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to networking-ovn (stable/queens)

Reviewed: https://review.opendev.org/704903
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=9f14ee2b735a172048ffd702f77eb9a7a202fff9
Submitter: Zuul
Branch: stable/queens

commit 9f14ee2b735a172048ffd702f77eb9a7a202fff9
Author: Lucas Alvares Gomes <email address hidden>
Date: Wed Aug 7 13:47:55 2019 +0100

    Add support for virtual port type

    This patch adds support for "virtual" port type following the work in
    core OVN [0].

    Currently there are two main usages for this type of port:

    * Octavia: For creating the logical port for the virtual IP.
    * VRRP [1]

    Upon adding an IP address to the allowed_address_pairs field of the
    Neutron's port, networking-ovn will look if that IP matches with the IP
    of another existing port in the same network. If so, networking-ovn will
    updating the matching port accordingly setting its type to "virtual"
    and adding the required options in the OVN database.

    The patch also accounts for other situations such as:

    * Creating the VIP port after the parents (the ones with the IP in the
      allowed_address_pairs field) are created.

    * When updating removing/adding allowed_address_pairs' the virtual
      ports are also updated.

    * When deleting a parent port the virtual ports are also updated.

    The code removes the type "virtual" from a virtual port whenever there's
    no parents left (in case of deletion or editing allowed_address_pairs)
    making it an ordinary port again.

    The patch also keeps the logic introduced by
    33fd553158a96b4dc40c66acf050fa7f91227dec for version of OVN which does
    not support the virtual port type (> 2.12) making it backward compatible.

    [0]
    https://github.com/ovn-org/ovn/commit/054f4c85c413e20d893e10ba053ec52ac15db49c
    [1]
    https://docs.catalystcloud.io/tutorials/deploying-highly-available-instances-with-keepalived.html

    Had to fix a bug in a previous cherry-pick that broke a port_type
    check in ovn_client.py, https://review.opendev.org/#/c/703195/

    Closes-Bug: #1840449
    Related-Bug: #1789686
    Signed-off-by: Lucas Alvares Gomes <email address hidden>
    (cherry picked from commit 5e72ea104cba1c30d2de36dbbab6e3d23a075929)

    Conflicts:
        networking_ovn/common/ovn_client.py
        networking_ovn/common/utils.py
        networking_ovn/ovsdb/commands.py
        networking_ovn/tests/functional/test_mech_driver.py
        networking_ovn/tests/unit/fakes.py
        networking_ovn/tests/unit/ml2/test_mech_driver.py

    Change-Id: I0b01b764413d178759a43028428c212014d3aa80

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.