Bug #1365476 “HA routers interact badly with l2pop” : Bugs : neutron

Assaf Muller (amuller) on 2014-09-04

tags:

added: l2-pop

Eugene Nikanorov (enikanorov) on 2014-09-07

Changed in neutron:
importance:	Undecided → Medium
status:	New → Confirmed

Sylvain Afchain (sylvain-afchain) on 2014-09-18

Changed in neutron:
assignee:	nobody → Sylvain Afchain (sylvain-afchain)

Carl Baldwin (carl-baldwin) on 2014-09-24

Changed in neutron:
importance:	Medium → High

Sylvain Afchain (sylvain-afchain) on 2014-09-24

Changed in neutron:
status:	Confirmed → In Progress

Revision history for this message

Mathieu Rohon (mathieu-rohon) wrote on 2014-09-25:

#1

this has some overlap with :

https://bugs.launchpad.net/neutron/+bug/1367391

and

https://bugs.launchpad.net/neutron/+bug/1372438

Revision history for this message

Sylvain Afchain (sylvain-afchain) wrote on 2014-09-25:

#2

Yes I saw that Mathieu :)

I'm working on a fix, close to the DVR one approach for the binding. So lot of redundant code, I'll rebase it on top of the race condition fix, and we will see how to manage with the refactoring part.

Revision history for this message

Sylvain Afchain (sylvain-afchain) wrote on 2014-09-25:

#3

Finally, I have been unable to reproduce the issue. With the arp responder set to False and since the regular mac learning still have an higher priority than the rule pushed by l2pop I do not see any issue here. Tested with DVR/L2Pop

Revision history for this message

Sylvain Afchain (sylvain-afchain) wrote on 2014-09-25:

#4

In my previous comment I wrote something about the Arp response, but we don't care here :)

Revision history for this message

Phil Hopkins (phil-hopkins-a) wrote on 2014-10-22:

#5

My environment is Ubuntu 14.04, with a source install of OpenStack Juno. I am running Linuxbridges using VXLAN for tunnels.

There is clearly a problem, HA routers keepalived changes are not reflected in the fdb's on the various nodes. If the l3 node that is showing to be master in the keepalived process fails and causes another l3 node to be the new master, the fbd tables are never changed on the various nodes causing a communications failure for the VMs.

Also if the master network node (as decided by the keepalived processes) is rebooted, keepalived detects the failure and moves the VIP to a new node. Once the rebooted node comes on-line and reports that it is well, neutron sets up the router namespace and the keepalived and conntrackd processes on this node, l2pop also sees the new node and sets the fdb's on all nodes to point this node that just came alive. This causes the VMs to lose communication.

Revision history for this message

Li Ma (nick-ma-z) wrote on 2014-10-29:

#6

Well, I think I also hit this problem. I'm using the same environment, Linuxbridge+VxLAN.

Eugene Nikanorov (enikanorov) on 2014-11-21

Changed in neutron:
status:	In Progress → Confirmed

Revision history for this message

Mike Smith (michael-smith6) wrote on 2014-11-24:

#7

I am hitting this issue consistently in my setup currently. I have a multi-node devstack setup with 1 controller, 2 network nodes, and 2 compute nodes. In my script I setup 1 router (HA), 2 networks (one subnet each), and 2 VMs (one on each subnet).

Pings to/from nova VMs fail because the packets are directed to the passive router instance instead of the active router instance. I assume this is from L2 pop since the router has two ports associated with it.

Once I turn off L2 pop on all nodes, my script (and pings) work fine.

Revision history for this message

Mike Smith (michael-smith6) wrote on 2014-11-24:

#8

Sorry - to add to my setup above I am running with vxlan as well.

david martin (dmartls1) on 2014-11-25

Changed in neutron:
status:	Confirmed → In Progress

Revision history for this message

david martin (dmartls1) wrote on 2014-11-25:

#9

sorry about that, did not intend to change the status

Changed in neutron:
status:	In Progress → Confirmed

Revision history for this message

Sylvain Afchain (sylvain-afchain) wrote on 2014-11-26:

#10

So, the current issue is not due to the mac learning but because the tunnels are not created to the correct host. It seems that the best/simplest way to fix think is to allow a port to be bound to several host.

Changed in neutron:
status:	Confirmed → In Progress

Revision history for this message

Assaf Muller (amuller) wrote on 2014-11-26:

#11

I know that Robert Kukura wanted to generalize this concept so that all ports could be bound to multiple hosts. This way distributed ports and single-bind ports are just sub-cases of a generalized concept.

Revision history for this message

Sylvain Afchain (sylvain-afchain) wrote on 2014-11-26:

#12

Yes I had a discussion with Robert about the refactoring work especially the DB schema, the multiple ports binding and the way we could leverage it.

Here is the refactoring bug https://bugs.launchpad.net/neutron/+bug/1367391

Mike Kolesnik (mkolesni) on 2014-12-10

Changed in neutron:
assignee:	Sylvain Afchain (sylvain-afchain) → Mike Kolesnik (mkolesni)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-11: Fix proposed to neutron (master)

#13

Fix proposed to branch: master
Review: https://review.openstack.org/141114

Revision history for this message

Assaf Muller (amuller) wrote on 2014-12-14:

#14

This could be backported, depending on how we end up solving it. If we do backport the fix, we could backport the fix for https://bugs.launchpad.net/neutron/+bug/1397209 as well.

tags:

added: juno-backport-potential

Revision history for this message

Mathieu Rohon (mathieu-rohon) wrote on 2015-01-16: Re: OVS : HA routers interact badly with l2pop

#15

lets split the bug to dedicate this one to an OVS implementation.

the corresponding Linuxbridge bug is here :
https://bugs.launchpad.net/neutron/+bug/1411752

summary:

- HA routers interact badly with l2pop
+ OVS : HA routers interact badly with l2pop

Kyle Mestery (mestery) on 2015-03-31

Changed in neutron:
milestone:	none → liberty-1

Kyle Mestery (mestery) on 2015-03-31

Changed in neutron:
milestone:	liberty-1 → kilo-rc1

Revision history for this message

Kyle Mestery (mestery) wrote on 2015-04-06:

#16

After discussion with Carl, moving this one to Liberty. We can backport it to Kilo once it merges in Liberty.

Changed in neutron:
milestone:	kilo-rc1 → liberty-1

OpenStack Infra (hudson-openstack) on 2015-04-07

Changed in neutron:
assignee:	Mike Kolesnik (mkolesni) → Assaf Muller (amuller)

OpenStack Infra (hudson-openstack) on 2015-04-07

Changed in neutron:
assignee:	Assaf Muller (amuller) → Mike Kolesnik (mkolesni)

OpenStack Infra (hudson-openstack) on 2015-04-07

Changed in neutron:
assignee:	Mike Kolesnik (mkolesni) → Assaf Muller (amuller)

Assaf Muller (amuller) on 2015-04-13

tags:

removed: juno-backport-potential

Assaf Muller (amuller) on 2015-06-02

summary:

- OVS : HA routers interact badly with l2pop
+ HA routers interact badly with l2pop

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-10: Change abandoned on neutron (master)

#17

Change abandoned by Kyle Mestery (<email address hidden>) on branch: master
Review: https://review.openstack.org/141114
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

OpenStack Infra (hudson-openstack) on 2015-06-11

Changed in neutron:
assignee:	Assaf Muller (amuller) → Mike Kolesnik (mkolesni)

Thierry Carrez (ttx) on 2015-06-23

Changed in neutron:
milestone:	liberty-1 → liberty-2

Assaf Muller (amuller) on 2015-06-25

Changed in neutron:
milestone:	liberty-2 → none

OpenStack Infra (hudson-openstack) on 2015-06-27

Changed in neutron:
assignee:	Mike Kolesnik (mkolesni) → Assaf Muller (amuller)

OpenStack Infra (hudson-openstack) on 2015-07-16

Changed in neutron:
assignee:	Assaf Muller (amuller) → Mike Kolesnik (mkolesni)

OpenStack Infra (hudson-openstack) on 2015-07-16

Changed in neutron:
assignee:	Mike Kolesnik (mkolesni) → Assaf Muller (amuller)

OpenStack Infra (hudson-openstack) on 2015-07-23

Changed in neutron:
assignee:	Assaf Muller (amuller) → Mike Kolesnik (mkolesni)

Assaf Muller (amuller) on 2015-07-28

Changed in neutron:
milestone:	none → liberty-3
description:	updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-04: Fix merged to neutron (master)

#18

Reviewed: https://review.openstack.org/141114
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=91d3a0219a43a2c06ea4043cc9eeb518815df391
Submitter: Jenkins
Branch: master

commit 91d3a0219a43a2c06ea4043cc9eeb518815df391
Author: Mike Kolesnik <email address hidden>
Date: Tue Apr 7 19:54:09 2015 -0400

Update port bindings for master router

An HA port needs to point to the correct host (where the master router
is running) in order for L2Population to work.

    Hence, this patch introduces two fixes:
    * When a port owned by an HA router is up we make sure it points to the
      right node where the master is running, or a random node if there is
      no master yet (This corner case is fixed by the 2nd bullet point).

    * When a L3 agent reports it's hosting a master, we need to update the
      port binding to the host the master is now running on. This fixes
      both routers with no elected master (Yet) and failovers.

This patch also changes the L3 HA failover test to use l2pop.
Note that the test does not pass when using l2pop without this patch.

    Closes-Bug: #1365476
    Co-Authored-By: Assaf Muller <email address hidden>
    Change-Id: I8475548947526d8ea736ed7aa754fd0ca475cae2

Changed in neutron:
status:	In Progress → Fix Committed

Revision history for this message

LIU Yulong (dragon889) wrote on 2015-08-05:

#19

Documents also need update:
https://wiki.openstack.org/wiki/Neutron/DVR/ServiceNode-HA

Revision history for this message

Assaf Muller (amuller) wrote on 2015-08-05:

#20

@Liu: I removed the 'known issues' section. For what it's worth, anyone can edit that page.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-10: Fix proposed to neutron (stable/kilo)

#21

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/211166

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-11: Fix proposed to neutron (feature/pecan)

#22

Fix proposed to branch: feature/pecan
Review: https://review.openstack.org/211492

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-11: Fix merged to neutron (feature/pecan)

#23

Download full text (37.3 KiB)

Reviewed: https://review.openstack.org/211492
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=a7b91632fc65ab9d2687298c68b1d715866d0356
Submitter: Jenkins
Branch: feature/pecan

commit 966203f89dee8fe61fb2dce654e36e510e80380f
Author: Sukhdev Kapur <email address hidden>
Date: Wed Jul 1 16:30:44 2015 -0700

Neutron-Ironic integration patch

    This patch is in preparation for the integration
    of Ironic and Neutron. A new vnic_type is being
    added so that ML2 drivers can filter for all
    Ironic ports based upon match for 'baremetal'.
    Nova/Ironic will set this vnic_type when issuing
    port-create request to neutron.
    (e.g. binding:vnic_type = 'baremetal' )

Change-Id: I25dc9472b31db052719db503a10c1fb1a55572ef
Partial-Implements: blueprint neutron-ironic-integration

commit 236e408272bcb9b8e957524864e571b5afdc4623
Author: Oleg Bondarev <email address hidden>
Date: Tue Jul 7 12:02:58 2015 +0300

DVR: fix router scheduling

    Fix scheduling of DVR routers to not stop scheduling once
    csnat portion was scheduled. See bug report for failing
    scenario.

    This partially reverts
    commit 3794b4a83e68041e24b715135f0ccf09a5631178
    and fixes bug 1374473 by moving csnat scheduling
    after general dvr router scheduling, so double binding does
    not happen.

    Closes-Bug: #1472163
    Related-Bug: #1374473
    Change-Id: I57c06e2be732e47b6cce7c724f6b255ea2d8fa32

commit e152f93878b9bb6af7cfedc9e045892fcf7d0615
Author: Assaf Muller <email address hidden>
Date: Sat Aug 8 21:15:03 2015 +0300

TESTING.rst love

Change-Id: I64b569048f8f87ea2fe63d861302b4020d36493d

commit 633c52cca1b383af2c900e1663c8682114acd177
Author: sridhargaddam <email address hidden>
Date: Wed Aug 5 10:49:33 2015 +0000

Avoid dhcp_release for ipv6 addresses

    dhcp_release is only supported for IPv4 addresses [1] and not for
    IPv6 addresses [2]. There will be no effect when it is called with
    IPv6 address. This patch adds a corresponding note and avoids calling
    dhcp_release for IPv6 addresses.

[1] http://manpages.ubuntu.com/manpages/trusty/man1/dhcp_release.1.html
[2] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q2/007084.html

Change-Id: I8b8316c9d3d011c2a687a3a1e2a4da5cf1b5d604

commit 2de8fad17402f38bbc30204ee2f4f99cf21cb69d
Author: OpenStack Proposal Bot <email address hidden>
Date: Mon Aug 10 06:11:06 2015 +0000

Imported Translations from Transifex

For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure

Change-Id: I2b423e83a7d0ac8b23239f81fe33dd8382c6fff6

commit fef79dc7b9162e03c8891645494c115b52d4d014
Author: Henry Gessau <email address hidden>
Date: Mon Aug 3 23:30:34 2015 -0400

Consistent layout and headings for devref

    The lack of convention for heading levels among the independently
    written devref documents was starting to make the Table of Contents
    look rather messy when rendered in HTML.

This patch does not cover the "Neutron Internals" section since its
layo...

Reviewed:  https://review.openstack.org/211492
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=a7b91632fc65ab9d2687298c68b1d715866d0356
Submitter: Jenkins
Branch:    feature/pecan

commit 966203f89dee8fe61fb2dce654e36e510e80380f
Author: Sukhdev Kapur <sukhdev@aristanetworks.com>
Date:   Wed Jul 1 16:30:44 2015 -0700

Neutron-Ironic integration patch
    
    This patch is in preparation for the integration
    of Ironic and Neutron. A new vnic_type is being
    added so that ML2 drivers can filter for all
    Ironic ports based upon match for 'baremetal'.
    Nova/Ironic will set this vnic_type when issuing
    port-create request to neutron.
    (e.g. binding:vnic_type = 'baremetal' )
    
    Change-Id: I25dc9472b31db052719db503a10c1fb1a55572ef
    Partial-Implements: blueprint neutron-ironic-integration

commit 236e408272bcb9b8e957524864e571b5afdc4623
Author: Oleg Bondarev <obondarev@mirantis.com>
Date:   Tue Jul 7 12:02:58 2015 +0300

DVR: fix router scheduling
    
    Fix scheduling of DVR routers to not stop scheduling once
    csnat portion was scheduled. See bug report for failing
    scenario.
    
    This partially reverts
    commit 3794b4a83e68041e24b715135f0ccf09a5631178
    and fixes bug 1374473 by moving csnat scheduling
    after general dvr router scheduling, so double binding does
    not happen.
    
    Closes-Bug: #1472163
    Related-Bug: #1374473
    Change-Id: I57c06e2be732e47b6cce7c724f6b255ea2d8fa32

commit e152f93878b9bb6af7cfedc9e045892fcf7d0615
Author: Assaf Muller <amuller@redhat.com>
Date:   Sat Aug 8 21:15:03 2015 +0300

TESTING.rst love
    
    Change-Id: I64b569048f8f87ea2fe63d861302b4020d36493d

commit 633c52cca1b383af2c900e1663c8682114acd177
Author: sridhargaddam <sridhar.gaddam@enovance.com>
Date:   Wed Aug 5 10:49:33 2015 +0000

Avoid dhcp_release for ipv6 addresses
    
    dhcp_release is only supported for IPv4 addresses [1] and not for
    IPv6 addresses [2]. There will be no effect when it is called with
    IPv6 address. This patch adds a corresponding note and avoids calling
    dhcp_release for IPv6 addresses.
    
    [1] http://manpages.ubuntu.com/manpages/trusty/man1/dhcp_release.1.html
    [2] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q2/007084.html
    
    Change-Id: I8b8316c9d3d011c2a687a3a1e2a4da5cf1b5d604

commit 2de8fad17402f38bbc30204ee2f4f99cf21cb69d
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Mon Aug 10 06:11:06 2015 +0000

Imported Translations from Transifex
    
    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure
    
    Change-Id: I2b423e83a7d0ac8b23239f81fe33dd8382c6fff6

commit fef79dc7b9162e03c8891645494c115b52d4d014
Author: Henry Gessau <gessau@cisco.com>
Date:   Mon Aug 3 23:30:34 2015 -0400

Consistent layout and headings for devref
    
    The lack of convention for heading levels among the independently
    written devref documents was starting to make the Table of Contents
    look rather messy when rendered in HTML.
    
    This patch does not cover the "Neutron Internals" section since its
    layout is reasonably OK for now.
    
    Change-Id: I827c105599f05773bda7e4fc0a941ce04ebd51fa

commit b220d10125c859367069eeb43ea45e3650a782f9
Author: Oleg Bondarev <obondarev@mirantis.com>
Date:   Fri Aug 7 19:56:13 2015 +0300

Do not delete fip namespace during l3 dvr agent resync
    
    This was introduced by commit 46608806aa7a9c60214e28429ca5a8b87b2a15de
    which didn't take into account that fip namespace name is composed
    from external network id rather than router id.
    The fix is to ensure fip namespaces for the known routers are kept
    by namespace manager on agent resync.
    
    Closes-Bug: #1482521
    Change-Id: I0ffd0a3f6d83f7356638827a1cfe4dabef24b891

commit 2093d8727070829064b1a6005a9b411a383d246d
Author: Ryan Moats <rmoats@us.ibm.com>
Date:   Thu Aug 6 16:24:55 2015 -0500

Introduce ItemAllocator class
    
    The ItemAllocator class is used as the base class for
    LinkLocalAllocator in preparation for adding
    FipRulePriorityAllocator as a child class.
    
    Change-Id: I2c77e5a895f750845b46d3e8a2326e01ea87ee78
    Partial-Bug: #1414779
    Signed-off-by: Ryan Moats <rmoats@us.ibm.com>

commit e64f5bdd22f7907cc77b9f94f5f6b6676dc57a93
Author: John Kasperski <jckasper@us.ibm.com>
Date:   Fri Aug 7 09:15:33 2015 -0500

Validate updated allocation pool before using it
    
    The allocation pool specified during subnet-update is being
    used in gateway validation checks before the allocation pool
    is ever validated.  Errors indicating that the gateway IP is
    invalid are returned when it is the allocation pool that is
    actually in error.
    
    Additional testing of the allocation pool is also being added
    to the subnet-update unit tests.
    
    Closes-Bug: #1479948
    Change-Id: I854333d571bad2550ea5a0b93ff64ce44d0bd010

commit ed9703e3edc1290b57132e408e2d1c1d021d9477
Author: Zhao Lei <zhaolei@cn.fujitsu.com>
Date:   Fri Aug 7 21:17:20 2015 +0800

Remove quotes from subshell call in tools/split.sh
    
    Always no quotes for $() statement.
    
    We don't need quotes to hold blanks in result:
     # i=$(echo 1 2 3)
     # echo $i
     1 2 3
     #
    
    These quotes can make something wrong in some case:
     # i=$(echo '!')
     #
     # i="$(echo '!')"
     -bash: !: event not found
     #
    
    No real problem for current code in split.sh, only to use a
    better code style.
    
    Change-Id: Ib86d59e10be0aca4774ad2fc656915a96b1b6c74
    Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>

commit 73845d564c910bb9113a3ba5963b368384efbaad
Author: Yalei Wang <yalei.wang@intel.com>
Date:   Thu Aug 6 01:03:20 2015 +0800

Pass the extension driver exception to plugin
    
    The extension driver is intercepted by driver manager currently. It will
    cover the errors/exceptions happened in extension drivers. The extension
    process will continue even if preceding extension driver get a wrong/useless
    extended result, or even no result.
    This patch make process_[create|update]_<resource>() and
    extend_<resource>_dict() methods return the exception, and log it with proper
    level respectively, and also include a minor optimization for the
    extend_<resource>_dict() methods.
    
    Change-Id: I20a249c47b58292125476bc44b2372ca959509e3
    Closes-Bug: #1468990

commit 3cb75c4dd7a7e29bb58dbaf4efb0b7a1c709af43
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date:   Fri Aug 7 14:05:38 2015 +0900

Remove a few obsolete options from midonet.ini example
    
    Relevant change:
        https://github.com/openstack/networking-midonet/commit/0ee831b5e816568fdc2079f0ac4ac866eb300ada
    
    Change-Id: Ib437209d026fc83b7885101d3813ffae29f8b240

commit 666aad61c5b8343a57419b2f4b8ebe373fcccc45
Author: Takashi NATSUME <natsume.takashi@lab.ntt.co.jp>
Date:   Fri Aug 7 13:47:51 2015 +0900

Rename a test method in test_policy.py
    
    Rename
    'test_check_is_advsvc_with_svc_context_suceeds'
    to
    'test_check_is_advsvc_with_svc_context_succeeds'
    
    Change-Id: Id73a09c2d838051fdcf5ec867b0a1a5821ddfc9d

commit 85ebf88afa04986cd0e5d65f20c9f286820d87a5
Author: leejian0612 <ljianbj@cn.ibm.com>
Date:   Wed Aug 5 16:00:35 2015 +0800

Broadcast service port's arp in DVR
    
    When creating VMs, DVR router will broadcast VM's arp details to all the
    l3 agents hosting it. that enable dvr can forwarding networking traffic
    in link layer, but when the port is attached to the service liking
    lbaas, their arp will not be broadcast, so the dvr do not know its mac,
    and will cause that vms in other subnet can not reach the service port
    through the dvr router.
    
    Change-Id: Ia78a35f39981d6659fc220e02fb10917bda74e04
    Closes-Bug: #1481613

commit d1b4d864b6f634cc7308ad48c9857e7ddf771cb4
Author: Doug Wiegley <dougwig@parkside.io>
Date:   Wed Aug 5 20:05:41 2015 +0000

Revert "Remove VPN from API tests"
    
    This reverts commit df35d21141dc4544421ccbff8715ea6da3e03def.
    
    Also tweaks the gate_hook to get vpn installed via devstack plugin.
    
    Change-Id: Id304a7d010c682acd3250928a29efd850b2e69cb

commit ae9be0b999e9ee8d2f5ab472d9dbb89a4db11487
Author: Paul Michali <pc@michali.net>
Date:   Wed Aug 5 16:51:46 2015 -0400

Enable VPN plugin for API test
    
    Since API tests still contain VPN test cases, enable the VPN devstack
    plugin, so that the service is enabled.
    
    Change-Id: Icc3c4038a0772a85a2377bc10d50ab84927c4bad

commit 58e388261313025d1e713d4c17c99db12404b75f
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jul 29 17:28:50 2015 -0700

Validate interface_mappings on Linux bridge init
    
    Verify that the interfaces actually exist that are defined in
    interface_mappings on Linux bridge startup. If they do not, exit
    immediately similar to how OVS handles incorrect bridge_mappings.
    
    This prevents an unfriendly exception in the rpc setup routine.
    
    Change-Id: I050b9b66aa0b27f148e67123eedf29fe332e6f65
    Closes-Bug: #1470584

commit 3b18aa3e1f4bb6d4d2f1264b37f8d784d57c4a28
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Wed Jul 29 10:52:59 2015 +0200

Initialize ancillary_port_info dict as blank in OVS agent
    
    The first assignment of ancillary_port_info was from the scan_ancillary_ports
    function which could result in an exception and result in ancillary_port_info
    being unbound for the port stats scan below.
    
    This patch just initializes ancillary_port_info as an empty dict so the port
    stats will always have an input.
    
    Closes-Bug: #1479265
    Change-Id: I37084bf27d4c328a7b78ca71cf26813207697361

commit 0de917e09b7caef224804cc7d43a089688df2adb
Author: Assaf Muller <amuller@redhat.com>
Date:   Thu May 7 09:02:59 2015 +0300

Enable fullstack multinode tests, add L3 HA test exemplar
    
    * Created a 'resources' subdir and moved all fixture files
      to it.
    * Split ML2ConfigFixture to the server-side ml2 configuration
      fixture, and the OVS agent configuration fixture.
    * Neutron process logs were using H:M:S format as their file name,
      but when starting multiple agents of the same type my machine
      was fast enough to do that in the same second so that different
      processes were outputting to the same log file. No good!
      Added ms to the log name format. I also changed the log time
      from UTC to local timezone.
    * Renamed and moved 'FullstackFixture' to neutron/tests/fullstack/
      resources/environment.Environment
    * Added a 'Host' abstraction that groups agents that report with
      the same 'host' value. Hosts may be interconnected by the
      environment via shared bridges.
    * The 'Environment' class will accept global
      attributes (This will be later filled with stuff like tunneling,
      l2pop or other environment-level flags), and in this patch accepts
      a  list of host attributes (Configuration that may differ between
      hosts like the l3 agent mode [legacy, dvr, dvr_snat]).
    * Made OVS agent and L3 agent fixtures expose their bridges
      so that I could interconnect them.
    * Added a super simple L3 HA test to show that this entire thing
      works.
    
    Change-Id: Ie64de9f35bd6ab7cbad494061613ecf5e0ccd806

commit fc7cae844cb783887b8a8eb4d9c3286116d740e6
Author: John Davidge <jodavidg@cisco.com>
Date:   Thu Jul 16 18:26:24 2015 +0100

DB, IPAM & RPC changes for IPv6 Prefix Delegation
    
    This patch includes the DB, IPAM & RPC changes needed for the IPv6 Prefix
    Delegation feature.
    
    To enable this feature, the subnetpool_id attribute of subnets has been
    modified to allow for a special subnetpool identifier - "prefix_delegation".
    
    WORKFLOW:
    
    1. Admin sets default_ipv6_subnet_pool in neutron.conf to "prefix_delegation"
    2. User creates a new IPv6 subnet without a CIDR or subnetpool ID
    3. User creates an interface between this subnet and a router with an existing
    external interface
    
    The agent-side changes will follow in separate patches.
    
    A documentation patch is up for review here:
    
    https://review.openstack.org/#/c/178739
    
    Video guides for configuring and using this feature are available on
    YouTube:
    
    https://www.youtube.com/watch?v=wI830s881HQ
    https://www.youtube.com/watch?v=zfsFyS01Fn0
    
    Change-Id: Ic0c6ed4dba74da94a75838178a1837f93d2d0885
    Co-Authored-By: Baodong (Robert) Li <baoli@cisco.com>
    Partially-Implements: blueprint ipv6-prefix-delegation

commit 3adf970899950ebc88f2d0f5e34313d003973ea4
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Wed Aug 5 11:39:50 2015 +0200

Python 3: convert dict_keys object to list
    
    This makes sure we use the same types in Python 2 and 3, prevents TypeErrors
    from happening, and should have no performance impact since the the lists are
    quite small anyway.
    
    Change-Id: I4e8563231a22a440b4f22b76b17f76f2ba45e606
    Blueprint: neutron-python3

commit df35d21141dc4544421ccbff8715ea6da3e03def
Author: Henry Gessau <gessau@cisco.com>
Date:   Tue Aug 4 21:29:46 2015 -0400

Remove VPN from API tests
    
    Change Idd5524ed0b602408be5a53830981a8ab974b390c removed the
    VPN service from devstack installations in the gate, so now we
    can no longer test VPN APIs from neutron. The tests will be
    added to the vpnaas repo's API test suite.
    
    Change-Id: I25267bd6713cf38f7134f4f047dc550c6f4a2a78

commit e12851f2df398d12359b2aef1406748be426a694
Author: Edgar Magana <emagana@gmail.com>
Date:   Tue Aug 4 08:03:20 2015 -0700

Fix typos in neutron code
    
    Fix typos found in neutron code and docs
    
    Change-Id: I4afc3a4b36dd47d47d1238ac22e7f09e2d75050d
    Related-Bug: #1424139

commit 59531d9d11c3e7aed7f41f85dd48ef8567b82e37
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Tue Aug 4 14:27:48 2015 +0200

Python 3: fix test_ovs_tunnel
    
    In Python 3, this happens:
    
    >>> d = {}
    >>> a = d.values()
    >>> b = d.values()
    >>> a == b
    False
    
    And anyway we're not really willing to pass dict_values objects around; we are
    expecting lists, just like in Python 2, so let's just do the conversion.
    
    Change-Id: I62ef32d50ba5ce64a653ffc62ba18c53cab9b15c
    Blueprint: neutron-python3

commit 47277ffde3de8e318f033a303da1553a89419d90
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date:   Tue Aug 4 18:47:51 2015 +0900

_get_dvr_sync_data: Return a list, rather than dict_values for python3
    
    Align with the non-dvr case.
    
    Blueprint: neutron-python3
    Change-Id: I37d24875be530f200118374e9f8046f32a902c8e

commit 42188537172f4e1e633a0fb36ace5a522c730a32
Author: Roey Chen <roeyc@vmware.com>
Date:   Fri Jul 24 11:17:19 2015 -0700

Fixing ICMP type and code validation
    
    The case where type is not specifed (None) but the code is '0' will not
    result in an error, as it should.
    
    APIImpact
    
    Closes-Bug: #1480966
    Change-Id: I878b13ec46a93947765227c40282efa9a7e02ca8

commit bde7838d047d68cbc4aa3b301f236136ac1c17fc
Author: vikram.choudhary <vikram.choudhary@huawei.com>
Date:   Wed Jul 1 17:54:31 2015 +0530

Support subnetpool association to an address scope
    
    This patch supports the following
     - create a subnetpool with address scope
     - update a subnetpool
         - to associate with an address scope
         - to change the association to another address scope
         - to remove the association with the address scope
    
    DocImpact
    APIImpact
    
    Change-Id: I889096235ae81fcc736fabd4686c8e88b1a226b7
    Co-Authored-By: Ryan Tidwell <rktidwell85@gmail.com>
    Co-Authored-By: Numan Siddique <nusiddiq@redhat.com>
    Partially-implements:  blueprint address-scopes

commit 98d1a2dd4cdde30c725a4991944275d0a5391fb0
Author: sonu.kumar <sonu.kumar@nectechnologies.in>
Date:   Mon Aug 3 17:15:52 2015 +0530

Replaces reduce with six.moves.reduce for py 2/3 compatibility
    
    This patch replaces "reduce" with "six.moves.reduce" to comply with
    the newer python version i.e. python3.
    
    Partially-Implements: Blueprint neutron-python3
    
    Change-Id: Iddb52d86665123ade5920bc09f7802e29440e7dd

commit 272768caddb17617e4b5af960075d07a623cd8ca
Author: Oleg Bondarev <obondarev@mirantis.com>
Date:   Thu Jul 30 19:24:38 2015 +0300

Add oslo db retry decorator to the RPC handlers
    
    The decorator was previously added at the API layer
    (commit 4e77442d529d9803ff90de905b846af940eaf382,
    commit d04335c448aa15cf9e1902e22ed4cd17b6ed344b).
    However some RPC handlers are also dealing with port
    create/update/delete operations, like dhcp ports for example.
    We need to cover these cases too.
    
    Also remove db retry from ml2 plugin delete_port()
    as it's not needed once we retry at the API and RPC layers.
    (there is already a unit test on this)
    
    The patch also adds a unit test for checking deadlock
    handling during port creation at API layer.
    Though it's not directly related to the current fix,
    I decided to leave it for regression preventing purposes.
    
    Closes-Bug: #1479738
    Change-Id: I7793a8f7c37ca542b8bc12372168aaaa0826ac4c

commit 1d0eea7540b2449f836aff1adfe06c5d8f386113
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Mon Aug 3 11:56:41 2015 +0200

Python 3: Fix test_security_groups_db
    
    In Python 3, Exception() is not iterable.
    
    Change-Id: I89ffefeebb18f967129245936270318014f17f3f
    Blueprint: neutron-python3

commit e79d602e3821955507907a872df6da4cc4d82e2f
Author: changzhi <changzhi@unitedstack.com>
Date:   Fri Jul 17 10:43:09 2015 +0800

Add DNS and DHCP log into dhcp agent
    
    Enable set DNS and DHCP log of dnsmasq for dhcp agent
    Add a new configuration named 'dnsmasq_base_log_dir'
    in dhcp_agent.ini.
    
    This entry should be a path of log file. It should
    like this:
    
        dnsmasq_base_log_dir=/tmp
    
    And the DNS and DHCP log will be written into the file
    "/tmp/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/dhcp_dns_log".
    The dir path will be created if the given path doesn't exists.
    
    DocImpact
    
    Closes-Bug: #1475636
    Change-Id: I87be346ec5059eaa8a29f48fe53933af82d1b155

commit ff8bd9d1e9a1f5c7445af2c8a4489623634cb417
Author: shihanzhang <shihanzhang@huawei.com>
Date:   Wed Jul 8 09:32:39 2015 +0800

Install arp spoofing protection flow after setting port tag
    
    when ovs-agent set a tag for a port, it will first remove all
    flows on this port, because it should guarantee that no drop_port
    flow installed by port_dead remains, so arp spoofing protection
    flow must be installed after it.
    
    Closes-Bug: #1472452
    
    Change-Id: I566d0fd93b39e81a34214f1a7a0a1decc9a169d6

commit 6fda25daa28743ad7d8e8156bb80f4e8b084764b
Author: Salvatore Orlando <salv.orlando@gmail.com>
Date:   Sun Aug 2 23:36:54 2015 -0700

Move 1c844d1677f7 expand migration to appropriate branch
    
    Commit cb60d0bb4e0cc0cba68f59fdf5f4e89d6ec52950 added an expand
    migration. Howewer it indicated a contract migration as its
    ancestor (2a16083502f3). As a result the migration was treated
    by alembic as a contract one, even if it was defined in the
    'expand' directory.
    
    This patch 'rebases' this migration on top of the expand branch
    HEAD. This might impact trunk chasers which have already executed
    migration 1c844d1677f7 as a part of the contract branch.
    
    Change-Id: I431aa684ccd029c6cff37a7666bb7ce1a7541f9c

commit 764f018f50ac7cd42c29efeabaccbb5aec21f6f4
Author: shihanzhang <shihanzhang@huawei.com>
Date:   Mon Jun 1 16:17:37 2015 +0800

Fix ipset can't be destroyed when last rule is deleted
    
    when it deletes a security group all rules, it should
    include this sg information in RPC method
    'security_group_info_for_devices', otherwise the ports
    in this sg can't corrcectly update their iptables and
    ipset sets.
    
    Change-Id: Ibb071ce84590bd46cda2c1e010a566e75e22b4d2
    Closes-bug: #1460562

commit 3fe38d049f9c25045baff138ed82dd5e3ac8ad30
Author: Roey Chen <roeyc@vmware.com>
Date:   Wed Jul 29 04:45:29 2015 -0700

Move away nested transaction from _ensure_default_security_group
    
    This patch remove the nested transaction started in
    _ensure_default_security_group, before calling create_security_group.
    Instead, a nested transaction will be started inside
    create_security_group.
    
    The purpose of this change is to reduce the time period in which the db
    transaction is open (to avoid races, db lock timeouts, etc), when creating
    the default security-group.
    
    Closes-Bug: #1479558
    Change-Id: Ia0efa72c70c2f405c851370b0b26770008e5ff95

commit e32e74553fe4947c7e7cc011ce277f45a4514ef5
Author: rossella <rsblendido@suse.com>
Date:   Thu Jul 9 22:08:50 2015 +0000

Introduce get_ports_attributes in OVSBridge
    
    OVSBridge was inheriting db_list from BaseOVS, which was
    returning the information of all the ports on the machine,
    not only the ones belonging to the bridge.
    The OVSNeutronAgent was using that method with the assumption
    that ports were filtered by bridge.
    To avoid confusion, this patch add a new method to OVSBridge
    get_ports_attributes to query the info for all the ports
    belonging to the bridge.
    db_list is removed from BaseOVS since that method is already
    available in ovsdb/api.py
    ovs_lib methods that use db_list are refactored accordingly.
    
    Co-Authored-By: Assaf Muller <amuller@redhat.com>
    
    Change-Id: I2ce6d232744f48ba7fc0f824a7db32e3655bc2aa
    Closes-Bug: 1473199

commit 78ff49ecf9e4ec3e0490909e8033aaeb5ea33c34
Author: Qiaowei Ren <qiaowei.ren@intel.com>
Date:   Thu Jul 16 15:09:28 2015 +0800

Remove unnecessary executable permission
    
    Bunch of neutron source code files are marked as executable which is not
    appropriate, this patch just 'chmod -x' to all of them.
    
    Closes-Bug: #1468564
    
    Change-Id: Idec4ae16501d68e044e103db24ad3be0e0751e9a

commit e4896b30e63729de4ac07f2baf23ed24dd0a00c7
Author: Abhishek Raut <rauta@vmware.com>
Date:   Fri Jul 31 15:07:59 2015 -0700

NSX: Rename default_interface_name option
    
    Since this option is configured in the DEFAULT section of nsx.ini,
    the name of the option clashes with that in the networking_l2gw repo.
    Proposal is to prefix our option with "nsx_" to avoid such interference.
    Unfortunately this module was not moved to openstack/vmware-nsx
    during decomposition and therefore this patch is being proposed on
    the neutron repository.
    
    Change-Id: Ib568333a5ab8ad76600beb4981d7c6047c0603a0
    Partial-bug: #1480485

commit 50eb8041bdc8cc872d95e3005eed2c59c2c3290c
Author: Sukhdev Kapur <sukhdev@aristanetworks.com>
Date:   Thu Jul 30 15:23:52 2015 -0700

Arista Drivers decomposition part II
    
    As a part of vendor driver decomposition,
    this patch moves the remaining Arista specific
    code to openstack/networking-arista
    
    Change-Id: Ie16b5ed936b116043dea36ec967bb5ae9cdacbdf
    Partial-Implements: blueprint core-vendor-decomposition

commit 74cdfb1bab12bf54bbc64267c5fb92cc35d6b40b
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Tue Jul 28 16:43:00 2015 +0200

Python 3: pass bytes to base64.encode{string,bytes}
    
    In Python 3, base64.encodestring expects bytes. Also, base64.encodebytes should
    be used in order not to trigger a DeprecationWarning.
    
    Change-Id: Iaae377b612feda7e01963f0d527c898bc0fd21d1
    Blueprint: neutron-python3

commit 99f9ec3e3812d39857f311894a516d0d43f166ec
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Thu Jul 23 09:23:21 2015 +0000

Python3: pass bytes to binascii.crc32
    
    In Python3, binascii.crc32 must be given bytes. This commit does not change the
    behaviour in Python 2.
    
    Change-Id: I91607ced4ab26d1d2e3eb31a3e4b2a4b2131b7bd
    Blueprint: neutron-python3

commit f6ffac2537870956efabe56326c3b30b2ecbf336
Author: Sam Betts <sam@code-smash.net>
Date:   Thu Jul 16 14:08:59 2015 +0100

Fix order of calls in update_port
    
    https://review.openstack.org/#/c/196908 introduced some extra logic to
    do with DVR to update_port, however it changed the ordering of some of
    the calls, this patch ensures that the calls that need to happen before
    precommit happen in the right place.
    
    Change-Id: I560100b3be76c616a93bf7d3264675dce6cef732
    Closes-Bug: #1475297

commit a8d1b7218038025d066472cfb9c17037f31bf791
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jul 29 16:32:43 2015 -0700

Check that VXLAN is not in use in LB VXLAN check
    
    The Linux bridge VXLAN supported check was only checking that the
    test interface didn't exist instead of checking that both the interface
    and the VXLAN didn't exist. This caused it to fail on startup if
    a VXLAN interface existed under a different name using one of the
    VXLANs that the agent tried to test support with.
    
    This patch adds a check to ensure that the VXLAN ID isn't in use as well.
    
    Closes-Bug: #1470579
    Change-Id: I3a91ce54da86e319b7a4485dfae3fc99885383d4

commit 4021fe30a915c5478d1053b08e693c7f5c6270f4
Author: Kevin Benton <blak111@gmail.com>
Date:   Tue Jul 28 16:15:34 2015 -0700

Initialize port_info dict as blank in OVS agent
    
    The first assignment of port_info was from the scan_ports function
    which could result in an exception and result in port_info being
    unbound for the port stats scan below.
    
    This patch just initializes port_info as an empty dict so the port
    stats will always have an input.
    
    Closes-Bug: #1479105
    Change-Id: I017a6dd334e2673072c977cc13b73e8cceb16712

commit 03b70b109449f3b9329834c7aa88fd26ed71cf26
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Thu May 28 18:35:17 2015 +0200

Ensure non-overlapping cidrs in subnetpools with galera
    
    This change enables galera support in _lock_subnetpool[1]. It uses an
    update to disallow 2 transactions performing concurrent subnet
    allocation in the same subnetpool to succeed: the 2 transactions will
    conflict because they update the same row so the db (including Galera
    multi-writer cluster) will discard the last transaction and
    Controller.create[2] will catch and retry the "discarded" allocation.
    
    This change adds the "hash" attribute in "subnetpools" table to enable
    previous update.
    
    [1] neutron.ipam.subnet_alloc.SubnetAllocator
    [2] neutron.api.v2.base
    
    Change-Id: I74f7100a6fd9b7787be693adffec15ec468d0018
    Closes-Bug: #1451576

commit e3ba447d7f31444ab5c6d56cb408fed84f42792d
Author: fumihiko kakuma <kakuma@valinux.co.jp>
Date:   Thu Jul 30 08:17:10 2015 +0900

Python 3: Use '//' instead of '/'
    
    In python 3, division(/) returns a float.
    So use '//' instead of '/' in the case that an integer is required.
    
    Change-Id: I9170ea57d5b967533767871fa612a02d797cda17
    Blueprint: neutron-python3

commit 2e733a9c9e0166e52c4a052662a39a8ca825d112
Author: John Kasperski <jckasper@us.ibm.com>
Date:   Wed Jul 29 23:52:01 2015 -0500

Prevent update alloc pool over existing gateway ip
    
    The gateway IP for a subnet is not allowed to be listed in the
    allocation pool for that subnet. This restriction is checked and
    enforced at subnet-create time.
    
    During subnet-update, it is only partially checked. An
    exception is returned if the update request tries to place the gateway
    IP in an existing allocation pool OR if both gateway and allocation
    pool are being changed and the gateway is located in the new pool.
    
    If only the allocation pool is being updated, no check is made to
    verify that the new allocation pool does not contain the existing
    gateway IP.
    
    Closes-Bug: #1479514
    Change-Id: Id9583d6ad88188955388931cd688ca19bd2c9717

commit aa2236a8bf4e7d2bc1d8cf38a18ea8de067fb7c6
Author: Roman Bogorodskiy <rbogorodskiy@mirantis.com>
Date:   Thu Apr 16 09:07:55 2015 +0200

sriov: implement spoofchecking configuration
    
    - Make sriov agent to set the spoofchecking on VFs
      according to port_security_enabled attribute of the port.
    - Extend vf management sanity check to probe spoof checking
      capability
    
    Implements: blueprint sriov-spoofchk
    Change-Id: I4d1060be26ee6cbd7d766c2bde364f694533de69

commit 7cd340cb2300ce777f68a390834cdd51f77ad10a
Author: Ritesh Anand <ritesh.anand@hp.com>
Date:   Thu Jun 25 12:25:12 2015 -0700

Fixes a typo phys_brs in place of phys_br
    
    Change-Id: I0301952d5f7d4cd78c5d35c38aa5c6caabcc6298
    Closes-Bug: #1423774

commit e34e67b8e6ad4a95762287161184a9f9ce81b429
Author: John Nielsen <john@jnielsen.net>
Date:   Wed Jul 22 12:43:04 2015 -0600

Extend vxlan_group option to allow a range of group addresses
    
    If vxlan_group is specified in CIDR notation, it is interpreted as a
    range of group addresses. VXLAN VNIs are mapped to group addresses in
    a many-to-one round robin fashion, or one-to-one if a large enough
    range is provided. Since VNIs are 24 bits, a /8 such as 239.0.0.0/8
    allows each VNI to use a unique multicast group. (239.0.0.0/8 also
    happens to be the "site-local" multicast range.)
    
    With multiple VNIs on a single multicast group, it is likely that
    VTEPs will unnecessarily receive broadcast/unknown/multicast
    datagrams for VNIs in which they do not participate. Using a range of
    groups mitigates or eliminates this issue. It is thus an alternative
    to the l2_population extension and driver for environments where both
    multicast and linuxbridge are used.
    
    The default setting is unchanged, but the comments in the ini file
    suggest 239.0.0.0/8 as an alternative. Administrators are free to use
    any valid multicast range that can be expressed in CIDR notation, and
    should choose a size and starting address that make sense for their
    environment.
    
    DocImpact
    Closes-Bug: #1477331
    Change-Id: If9a3487a28ba2b02a6ef934c5421cec5d505b53c

commit 0d7b5392ab05aa8842b42bbbe3adc19773925e67
Author: Salvatore Orlando <salv.orlando@gmail.com>
Date:   Thu Jun 4 15:43:35 2015 -0700

Enable resource usage tracking for reference plugins.
    
    Specify which resources should be tracked when initializing
    the ML2 and l3_router plugins. This will enable usage tracking
    for the following resources:
    - Networks
    - Ports
    - Subnets
    - Subnet pools
    - Security groups
    - Security group rules
    - Routers
    - Floating IPs
    
    Partially implements blueprint: bp/better-quotas
    
    Change-Id: I57287b15ffdadc30297651a01e9f05110e9ce6b6

commit e9322c8f65fc7c5b621393cd242fb819c1f904f7
Author: fumihiko kakuma <kakuma@valinux.co.jp>
Date:   Mon Jul 27 10:11:18 2015 +0900

Fix a microsecond format of isoformat()
    
    isoformat() omits the microsecond from the format when the microsecond is 0.
    Therefore, use strftime('%Y-%m-%dT%H:%M:%S.%f') instead.
    
    Related Change-Id: Id6e8645362fe70b1427d45d5b44048fe47aba0f7
    Closes-Bug: #1478418
    
    Change-Id: I27059fa3476ceb51033534cc60d40047d88390d7

commit 7f152490bfe001ccef7b3d2815978853585dbea3
Author: Darragh O'Reilly <darragh.oreilly@hp.com>
Date:   Mon Jul 27 11:23:19 2015 +0000

Fix dhcp autoschedule test assertion logic
    
    The functional test for auto_schedule_networks passes even if the
    method does nothing. This patch changes the test so it checks that
    each expected hosted network is in hosted_net_ids.
    
    Change-Id: I42130993b1af3f3d028e355d30322853453f064f
    Closes-Bug: #1478531

commit e5e5f7a281fd89c06d65da3a6d3a1fe194647432
Author: gong yong sheng <gong.yongsheng@99cloud.net>
Date:   Mon Jul 6 20:47:25 2015 +0800

Create fip on subnet id
    
    If there are multiple subnets in the external networks, users can expect
    to create a floatingip on a specific subnet on which the quality or cost
    is maybe different than other ones.
    
    This patch allows users to create floating ip on specified subnet.
    
    DocImpact
    APIImpact
    
    Change-Id: I7a3c27c1d0d2685e31201f1eac6ec74dfb96b279
    Closes-Bug: #1468175

commit 91d3a0219a43a2c06ea4043cc9eeb518815df391
Author: Mike Kolesnik <mkolesni@redhat.com>
Date:   Tue Apr 7 19:54:09 2015 -0400

Update port bindings for master router
    
    An HA port needs to point to the correct host (where the master router
    is running) in order for L2Population to work.
    
    Hence, this patch introduces two fixes:
    * When a port owned by an HA router is up we make sure it points to the
      right node where the master is running, or a random node if there is
      no master yet (This corner case is fixed by the 2nd bullet point).
    
    * When a L3 agent reports it's hosting a master, we need to update the
      port binding to the host the master is now running on. This fixes
      both routers with no elected master (Yet) and failovers.
    
    This patch also changes the L3 HA failover test to use l2pop.
    Note that the test does not pass when using l2pop without this patch.
    
    Closes-Bug: #1365476
    Co-Authored-By: Assaf Muller <amuller@redhat.com>
    Change-Id: I8475548947526d8ea736ed7aa754fd0ca475cae2

commit aa608d2e042e8c5033cdaf805615aaf03678edb7
Author: shihanzhang <shihanzhang@huawei.com>
Date:   Thu Jan 15 20:16:21 2015 +0800

Add conntrack-tool to manage security groups
    
    This patch introduces conntrack-tool to manage security groups. When a
    security group rule is deleted, the corresponding tracked connection
    entries will also be removed from the kernel for the address.
    
    Closes-Bug: #1335375
    Partially-Implements: bp conntrack-in-security-group
    
    Change-Id: Ibfd2d6a11aa970ea9e5009f4c4b858544d8b7463

commit 4eafec58f22a432b597ca9b23843bb79626481bc
Author: Itzik Brown <itzikb@redhat.com>
Date:   Tue Jul 21 13:39:12 2015 +0300

Adding a cleanup for 'qlbaas-' namespaces in netns_cleanup
    
    Change-Id: I2f8c2c037419953d6f6a9416472f4e5fb73d53db
    Closes-Bug: 1456151

commit b095fa11a4df221a5d539d142bd3c0340935ad9d
Author: watanabe isao <watanabe_isao@jp.fujitsu.com>
Date:   Wed Jun 24 18:15:31 2015 +0900

Bug-Fix for unexpected DHCP agent redundant
    
    This fix let DHCP scheduler not looks at only active agents, but all
    available agents.
    This helps db module to remove dead agent, when rebinding, properly.
    
    Change-Id: I8534ddfae299724c05641183c2fe4c1c98c614e8
    Closes-Bug: 1388698

commit 8828250468e9f44f4572f2b227619cf949a62bb3
Author: Romil Gupta <romilg@hp.com>
Date:   Sat Jul 11 08:15:07 2015 -0700

Updated sub_projects.rst for networking-vsphere
    
    Depends On: I89fabdb2761675d061967f8940f2702f336b4ba7
    
    Change-Id: I62709efd0c4f12e5c31af0144ce68c434b8c6895

commit d479e44af63138003aed4767e641ea605eec3385
Author: watanabe isao <watanabe_isao@jp.fujitsu.com>
Date:   Mon Jul 6 14:25:16 2015 +0900

List up necessary files for thirdparty-ci.rst
    
    List of necessary files for thirdparty-ci crushed its style in github [1].
    This fix just lists them up for better looking.
    
    [1]https://github.com/openstack/neutron/blob/master/doc/source/policies/thirdparty-ci.rst
    
    Change-Id: I746400ba170eedcd418d3c4806645aab7de333e7

commit 8bc09053e480f50958cab00b655114068b12159d
Author: Jeremy Stanley <fungi@yuggoth.org>
Date:   Fri Jul 3 23:06:09 2015 +0000

Remove unneeded OS_TEST_DBAPI_ADMIN_CONNECTION
    
    The desired OS_TEST_DBAPI_ADMIN_CONNECTION string is now reflected
    in the oslo.db 1.12.0 release's default behavior, and so does not
    need to be set any longer to achieve the same opportunistic backend
    discovery for tests.
    
    Change-Id: I51e655e2db67541c58f7909811bbec344094c4c0
    Depends-On: Ibcb49412a012f79be2f7fd697349ddbf43bd7b9b

commit 571453c614577ffd47e23de9a35863d2f2119583
Author: venkata anil <anil.venkata@enovance.com>
Date:   Thu Jul 2 11:22:39 2015 +0000

Update dhcp host portbinding on failover
    
    When a dhcp server is moved to new host on failover,
    tunnel is not created.
    
    When a dhcp server is moved to new host,
    1) network-hostagent binding is updated(properly i.e with new host).
    2) dhcp port-hostagent binding is not updated
       ( dhcp port is still bound to old host)
    If dhcp port-bound agent is different from the new dhcp agent
    (which is now taking care of this dhcp port), neutron plugin won't
     notify the l2pop, and hence tunnel is not created.
    
    As after failover, the new agent is taking care of this dhcp port,
    update portbinding with the new host. This will allow neutron plugin
    to notify l2pop(which will create tunnel).
    
    Change-Id: Ib7d7dcddee005395af116ccd31a43853332ae317
    Closes-bug: #1411163

commit e28aa9761751d7fa12dba1c35076c3c975b7cd3f
Author: Bob Melander <bob.melander@gmail.com>
Date:   Sat Jun 27 19:14:19 2015 +0200

Make '_create_router' function handle Boolean kwargs correctly
    
    The function allows arbitrary kw arguments to be specificed.
    Those kw arguments whose key is specified in the function
    parameter 'arg_list' are then passed in the create router REST
    API call.
    
    The code line that checks if a kw argument key is included in
    'arg_list' does not work with Boolean kw arguments. Nor does it
    work with None kw argument values. This is a limitation as
    tests in inheriting classes may need such kw arguments.
    
    This patch fixes the faulty 'if' clause so that it simply
    checks that the kw argument key is in 'arg_list'. This makes it
    support Boolean kw arguments and kw arguments with value None.
    
    Closes-Bug: #1482108
    Change-Id: I5618dc4d5c803c7614dd1f579db3c79928007fb6

tags:

added: in-feature-pecan

Revision history for this message

Adolfo Duarte (adolfo-duarte) wrote on 2015-08-19:

#24

tested with trhee node seup by failing the HA network between the two snat-nodes (ifconfig tap--xxxxx down).

I see the standby node take over and programming the correct ip addresses, however the ha_router_agent_port_bindings db is not updated. i.e. the old snat still says inactive, while the new snat says stand by.
Therfor the "switch" in the datapath does not happen and the vms cannot ping the new gateway (on the new snat).

Am I testing this incorrectly? is doing ifconfig .... down not enough to trigger a failover in the database?

Revision history for this message

Adolfo Duarte (adolfo-duarte) wrote on 2015-08-20:

#25

There appears to be no issue. I was not waiting long enough for failover to register. Everything seems to work as expected.

Revision history for this message

Mike Kolesnik (mkolesni) wrote on 2015-08-20:

#26

Yes it could take a while due to the need to wait for the server to be notified who's actually master.
Thanks for testing this!

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-09-03: Fix merged to neutron (stable/kilo)

#27

Reviewed: https://review.openstack.org/211166
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7c2727c4cdb791cc259b86c3dec128cfdb8cbd18
Submitter: Jenkins
Branch: stable/kilo

commit 7c2727c4cdb791cc259b86c3dec128cfdb8cbd18
Author: Mike Kolesnik <email address hidden>
Date: Tue Apr 7 19:54:09 2015 -0400

Update port bindings for master router

An HA port needs to point to the correct host (where the master router
is running) in order for L2Population to work.

    Hence, this patch introduces two fixes:
    * When a port owned by an HA router is up we make sure it points to the
      right node where the master is running, or a random node if there is
      no master yet (This corner case is fixed by the 2nd bullet point).

    * When a L3 agent reports it's hosting a master, we need to update the
      port binding to the host the master is now running on. This fixes
      both routers with no elected master (Yet) and failovers.

(cherry picked from commit 91d3a0219a43a2c06ea4043cc9eeb518815df391)

Conflicts:
neutron/api/rpc/handlers/l3_rpc.py

    Closes-Bug: #1365476
    Co-Authored-By: Assaf Muller <email address hidden>
    Change-Id: I8475548947526d8ea736ed7aa754fd0ca475cae2

tags:

added: in-stable-kilo

Thierry Carrez (ttx) on 2015-09-03

Changed in neutron:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in neutron:
milestone:	liberty-3 → 7.0.0

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	High	Mike Kolesnik	neutron 7.0.0 "liberty"
	Kilo	Fix Released	Undecided	Unassigned	neutron 2015.1.2

neutron

HA routers interact badly with l2pop

Bug Description

Duplicates of this bug

Other bug subscribers

Remote bug watches