port binding on multi segment networks could lead to agent misconfiguration

Bug #1224978 reported by Francois Eleouet on 2013-09-13
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
neutron
Medium
Romil Gupta

Bug Description

With introduction of multi-segment support in ml2 plugin, agent misconfiguration could happen under exceptionnal circumstances:

Supposing a multi-segment provider network is created with different network types (suppose a flat and a vlan segment), and two ports are bound on an agent supporting the associated physical network.

Portbinding validation will occur on network's segments list returned by db.get_network_segments funtion . As this function may not always returns segments in the same order, one port may be bound to the flat segment while the other will be bound to vlan one.

In that case, ports wouldn't be properly plugged in agent, as they'd recieve two contradictory segment details for the same network.

OVS agent would probably bound the two ports within the same segment as they both would use the same LocalVLANMapping
LB agent would probably add two uplink interfaces under the same qbr[net-id] bridge

Tags: ml2 Edit Tag help
Romil Gupta (romilg) on 2014-04-29
Changed in neutron:
assignee: nobody → Romil Gupta (romilg)
Romil Gupta (romilg) wrote :

Hi,

Please provide the steps to reproduce.
Thanks in Advance.

Changed in neutron:
status: New → Incomplete
importance: Undecided → Medium
Romil Gupta (romilg) wrote :

Hi ,

Please provide the syntax to create a multi-segment network using CLI.

Thanks,
Romil

Romil Gupta (romilg) wrote :

Hi shivharis.

I am working on this defect and will check-in the code by end of this week !

Thanks,
Romil

Romil Gupta (romilg) wrote :

FIx Commited , needs review

https://review.openstack.org/#/c/103546/

Romil Gupta (romilg) on 2014-06-30
Changed in neutron:
status: Incomplete → In Progress
Romil Gupta (romilg) on 2014-08-06
Changed in neutron:
status: In Progress → Fix Committed
Liping Mao (limao) wrote :

Hi Romil, I think you should not modify the state to "Fix Committed" by manual, because you code has not been merged. After the code is merged it will automatic change the status.

Changed in neutron:
status: Fix Committed → In Progress
Romil Gupta (romilg) wrote :

Thanks Mao, I was not aware of that , I will take care in future :)

Romil Gupta (romilg) wrote :

bp/specs:

Gerrit topic: https://review.openstack.org/#q,topic:bp/schema-enhancement-to-support-multisegment-network,n,z

Addressed by: https://review.openstack.org/103546
    Schema enhancement to support MultiSegment Network

Romil Gupta (romilg) wrote :

Request core member to set the milestone.

Robert Kukura (rkukura) on 2014-10-08
Changed in neutron:
milestone: none → kilo-1

Change abandoned by Romil Gupta (<email address hidden>) on branch: master
Review: https://review.openstack.org/110558
Reason: Not required!

Reviewed: https://review.openstack.org/103546
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=db5e370b0d68c3e71626c99941fe487059b3cf88
Submitter: Jenkins
Branch: master

commit db5e370b0d68c3e71626c99941fe487059b3cf88
Author: Romil Gupta <email address hidden>
Date: Mon Jun 30 05:35:08 2014 -0700

    Schema enhancement to support MultiSegment Network

    Description:
    Currently, there is nothing in the schema that ensures segments
    for a network are returned in the same order they were specified
    when the network was created, or even in a deterministic order.

    Solution:
    We need to add another field named 'segment_index' in
    'ml2_network_segment' table containing a numeric position index.
    With segment_index field we can retrieve the segments in the
    order in which user created.

    This patch set also fixes ML2 invalid unit test case in
    test_create_network_multiprovider().

    Closes-Bug: #1224978
    Closes-Bug: #1377346

    Change-Id: I560c34c6fe1c5425469ccdf9b8b4905c123d496d

Changed in neutron:
status: In Progress → Fix Committed
Download full text (72.6 KiB)

Reviewed: https://review.openstack.org/130864
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=c089154a94e5872efc95eab33d3d0c9de8619fe4
Submitter: Jenkins
Branch: feature/lbaasv2

commit 62588957fbeccfb4f80eaa72bef2b86b6f08dcf8
Author: Kevin Benton <email address hidden>
Date: Wed Oct 22 13:04:03 2014 -0700

    Big Switch: Switch to TLSv1 in server manager

    Switch to TLSv1 for the connections to the backend
    controllers. The default SSLv3 is no longer considered
    secure.

    TLSv1 was chosen over .1 or .2 because the .1 and .2 weren't
    added until python 2.7.9 so TLSv1 is the only compatible option
    for py26.

    Closes-Bug: #1384487
    Change-Id: I68bd72fc4d90a102003d9ce48c47a4a6a3dd6e03

commit 17204e8f02fdad046dabdb8b31397289d72c877b
Author: OpenStack Proposal Bot <email address hidden>
Date: Wed Oct 22 06:20:15 2014 +0000

    Imported Translations from Transifex

    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure

    Change-Id: I58db0476c810aa901463b07c42182eef0adb5114

commit d712663b99520e6d26269b0ca193527603178742
Author: Carl Baldwin <email address hidden>
Date: Mon Oct 20 21:48:42 2014 +0000

    Move disabling of metadata and ipv6_ra to _destroy_router_namespace

    I noticed that disable_ipv6_ra is called from the wrong place and that
    in some cases it was called with a bogus router_id because the code
    made an incorrect assumption about the context. In other case, it was
    never called because _destroy_router_namespace was being called
    directly. This patch moves the disabling of metadata and ipv6_ra in
    to _destroy_router_namespace to ensure they get called correctly and
    avoid duplication.

    Change-Id: Ia76a5ff4200df072b60481f2ee49286b78ece6c4
    Closes-Bug: #1383495

commit f82a5117f6f484a649eadff4b0e6be9a5a4d18bb
Author: OpenStack Proposal Bot <email address hidden>
Date: Tue Oct 21 12:11:19 2014 +0000

    Updated from global requirements

    Change-Id: Idcbd730f5c781d21ea75e7bfb15959c8f517980f

commit be6bd82d43fbcb8d1512d8eb5b7a106332364c31
Author: Angus Lees <email address hidden>
Date: Mon Aug 25 12:14:29 2014 +1000

    Remove duplicate import of constants module

    .. and enable corresponding pylint check now the only offending instance
    is fixed.

    Change-Id: I35a12ace46c872446b8c87d0aacce45e94d71bae

commit 9902400039018d77aa3034147cfb24ca4b2353f6
Author: rajeev <email address hidden>
Date: Mon Oct 13 16:25:36 2014 -0400

    Fix race condition on processing DVR floating IPs

    Fip namespace and agent gateway port can be shared by multiple dvr routers.
    This change uses a set as the control variable for these shared resources
    and ensures that Test and Set operation on the control variable are
    performed atomically so that race conditions do not occur among
    multiple threads processing floating IPs.
    Limitation: The scope of this change is limited to addressing the race
    condition described in the bug report. It may not address other issues
    such as pre-existing issue wit...

Thierry Carrez (ttx) on 2014-12-18
Changed in neutron:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2015-04-30
Changed in neutron:
milestone: kilo-1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers