Add configurability for HA networks in L3 HA

Bug #1481443 reported by Matt Kassawara on 2015-08-04
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Undecided
John Schwarz
Kilo
Undecided
Unassigned

Bug Description

The L3 HA mechanism creates a project network for HA (VRRP) traffic among routers. The HA project network uses the first (default) network type in 'tenant_network_types' and next available segmentation ID. Depending on the environment, this combination may not provide a desirable path for HA traffic. For example, some operators may prefer to use a specific network for HA traffic, such that the HA networks will use tunneling while tenant networks use VLANs or vice versa. Alternatively, the physical_network tag of the HA networks may need to be selected so that HA networks will use a separate or different NIC.

John Schwarz (jschwarz) on 2015-08-11
Changed in neutron:
assignee: nobody → John Schwarz (jschwarz)
Assaf Muller (amuller) on 2015-08-11
description: updated

Fix proposed to branch: master
Review: https://review.openstack.org/212017

Changed in neutron:
status: New → In Progress

Reviewed: https://review.openstack.org/212017
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=98618644ce3c36eabfcc0aea49e7962b0506a567
Submitter: Jenkins
Branch: master

commit 98618644ce3c36eabfcc0aea49e7962b0506a567
Author: John Schwarz <email address hidden>
Date: Wed Aug 12 13:39:28 2015 +0300

    Add configurable options for HA networks

    The L3 HA mechanism creates a project network for HA (VRRP) traffic
    among routers. The HA project network uses the first (default) network
    type in 'tenant_network_types'. Depending on the environment, this
    combination may not provide a desirable path for HA traffic. For
    example, some operators may prefer to use a specific network for HA
    traffic to prevent split-brain issues.

    This patch adds configurable options that target the network_type and
    the physical_network of the created HA network.

    Doc-Impact
    Closes-Bug: #1481443
    Change-Id: I3527a780179b5982d6e0eb0b8c32d6dafeeab730

Changed in neutron:
status: In Progress → Fix Committed
Download full text (155.6 KiB)

Reviewed: https://review.openstack.org/218710
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=2c5f44e1b3bd4ed8a0b7232fd293b576cc8c1c87
Submitter: Jenkins
Branch: feature/pecan

commit f35d1c5c50dccbef1a2e079f967b82f0df0e22e9
Author: Adelina Tuvenie <email address hidden>
Date: Thu Aug 27 02:27:28 2015 -0700

    Fixes wrong neutron Hyper-V Agent name in constants

    Change Id03fb147e11541be309c1cd22ce27e70fadc28b5 moved the
    AGENT_TYPE_HYPERV constant from common.constants to
    plugins.ml2.drivers.hyperv.constants but change the value of the
    constant from 'HyperV agent' to 'hyperv'. This patch changes
    the name back to 'HyperV agent'

    Change-Id: If74b4b2a84811e266c8b12e70bf6bfe74ed4ea21
    Partial-Bug: #1487598

commit de604de334854e2eb6b4312ff57920564cbd4459
Author: OpenStack Proposal Bot <email address hidden>
Date: Sun Aug 30 01:39:06 2015 +0000

    Updated from global requirements

    Change-Id: Ie52aa3b59784722806726e4046bd07f4a4d97328

commit f0415ac20eaf5ab4abb9bd4839bf6d04ceee85d0
Author: armando-migliaccio <email address hidden>
Date: Fri Aug 28 13:53:04 2015 -0700

    Revert "Add support for unaddressed port"

    This implementation may expose a vulnerability where a malicious
    user can sieze the opportunity of a time window where a port
    may land unaddressed on a shared network, thus allowing him/her
    to suck up all the tenant traffic he/she wants....oh the shivers.

    This reverts commit d4c52b7f5a36a103a92bf9dcda7f371959112292.

    Change-Id: I7ebdaa8d3defa80eab90e460fde541a5bdd8864c

commit 013fdcd2a6d45dbe4de5d6e7077e5e9b60985ef9
Author: Assaf Muller <email address hidden>
Date: Fri Aug 28 16:41:07 2015 -0400

    Improve logging upon failure in iptables functional tests

    This will help us nail down a more accurate and efficient logstash
    query.

    Change-Id: Iee4238e358f7b056e373c7be8d6aa3202117a680
    Related-Bug: #1478847

commit 622dea818d851224a43d5276a81d5ce8a6eebb76
Author: Ivar Lazzaro <email address hidden>
Date: Mon Aug 17 17:17:42 2015 -0700

    handle gw_info outside of the db transaction on router creation

    Move the gateway interface creation outside the DB transaction
    to avoid lock timeout.

    Change-Id: I5a78d7f32e8ca912016978105221d5f34618af19
    Closes-bug: 1485809

commit 5b27d290a0a95f6247fc5a0fe6da1e7d905e6b2d
Author: Assaf Muller <email address hidden>
Date: Wed Aug 26 10:07:03 2015 -0400

    Remove ml2 resource extension success logging

    This is the cause of a tremendous amount of logs, for no
    perceivable gain. A normal dvr run in the gate shows this debug
    message around 120K times, which is way too much.

    Closes-Bug: #1489952

    Change-Id: I26fca8515d866a7cc1638d07fa33bc04479ae221

commit 8d3faf549cba2f58c872ef4121b2481e73464010
Author: huangpengtao <email address hidden>
Date: Fri Aug 28 23:20:46 2015 +0800

    Replace "prt" variable by "port"

    the local variable prt is meaningless,
    and port is used popular.

    Change-Id: I20849102cf5b4d84433c46791b4b1e2a22dc4739

commit ee374e7a5f4dea538fcd942f5...

tags: added: in-feature-pecan
Thierry Carrez (ttx) on 2015-09-03
Changed in neutron:
milestone: none → liberty-3
status: Fix Committed → Fix Released
Assaf Muller (amuller) on 2015-09-12
description: updated

Change abandoned by Bertrand Lallau (<email address hidden>) on branch: stable/kilo
Review: https://review.openstack.org/224729

Reviewed: https://review.openstack.org/224729
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=c377330e919699b8a108d46ef9073dab47285265
Submitter: Jenkins
Branch: stable/kilo

commit c377330e919699b8a108d46ef9073dab47285265
Author: John Schwarz <email address hidden>
Date: Wed Aug 12 13:39:28 2015 +0300

    Add configurable options for HA networks

    The L3 HA mechanism creates a project network for HA (VRRP) traffic
    among routers. The HA project network uses the first (default) network
    type in 'tenant_network_types'. Depending on the environment, this
    combination may not provide a desirable path for HA traffic. For
    example, some operators may prefer to use a specific network for HA
    traffic to prevent split-brain issues.

    This patch adds configurable options that target the network_type and
    the physical_network of the created HA network.

    DocImpact
    Closes-Bug: #1481443
    Change-Id: I3527a780179b5982d6e0eb0b8c32d6dafeeab730
    (cherry picked from commit 98618644ce3c36eabfcc0aea49e7962b0506a567)
    Conflicts:
     etc/neutron.conf

tags: added: in-stable-kilo
Thierry Carrez (ttx) on 2015-10-15
Changed in neutron:
milestone: liberty-3 → 7.0.0
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers