OVS agent: avoid the use of OVSDB port tags
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
New
|
Wishlist
|
Unassigned | ||
Bug Description
Currently, the OVS agent relies on OVSDB port tags in br-int to mark the traffic arriving on a VM port with a local VLAN that is used to isolate the traffic once it exits br-int. The vlan (dot1q) tag is imposed on the packet when the NORMAL action is applied on the packet.
This approach is incompatible with the goal of having VLAN transparent ports (VM ports which can send tagged traffic that is forwarded as-is to other ports on the same Neutron network), because when an OVSDB port tag is set, OVS drops packets sent by a VM if they are already tagged [1].
Additionally, because its only applied after the NORMAL action, this local vlan is not usable in matches in br-int, this leads components such as the openvswitch SG firewall driver to keep track in an OVS register of which network a packet belongs to (the L2 openflow manager [2] will lead to other components ending up with the same need, other components such as networking-bagpipe worked around this limitation by placing rule in br-tun instead).
This RFE is here to discuss the idea of changing the design to not use OVSDB port tags anymore always use an OVS register instead, and use an explicit push_vlan action for traffic going towards br-ex, br-int, br-tun .
[1] http://
[2] https:/
| Changed in neutron: | |
| importance: | Undecided → Wishlist |
| YAMAMOTO Takashi (yamamoto) wrote | #1 |
| Slawek Kaplonski (slaweq) wrote | #2 |
| Thomas Morin (tmmorin-orange) wrote | #3 |
| Slawek Kaplonski (slaweq) wrote | #4 |
| tags: |
added: rfe-postponed removed: rfe |
what do you plan to use instead of NORMAL action?
something similar to ofagent?
https:/