Neutron agent internal ports remain untagged for some time, which makes them trunk ports
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Jakub Libosvar |
Bug Description
Neutron agent ports are added to br-int without any tag. That makes them trunk ports (receiving traffic for all VLANs) until neutron-
Sometimes the ports are left untagged forever, meaning that for example ha-router ha port will receive traffic directly from the external network (jumps to br-int to br-ex , and also back), or dnsmasq receives requests on the external network.
Outgoing traffic is dropped in br-ex though..
Vague details here (it's all we have so far):
This also becomes an issue (still under investigation) with the ovs-vswitchd agent and the revalidator thread (the thread that will check the kernel datapath flows under some circumstances to get stuck, for some reason it slows down a lot while analyzing trunk ports, eventually crashing the node on CPU usage).
This is also related to one security lp here: https:/
Changed in neutron: | |
importance: | Undecided → High |
assignee: | nobody → Miguel Angel Ajo (mangelajo) |
milestone: | none → rocky-1 |
description: | updated |
Changed in neutron: | |
assignee: | Miguel Angel Ajo (mangelajo) → Slawek Kaplonski (slaweq) |
tags: | added: neutron-proactive-backport-potential |
Related to : https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1558336