Ensure drop flows on br-int at agent startup for DVR too
Commit 90212b12 changed the OVS agent so adding vital drop flows on
br-int (table 0 priority 2) for packets from physical bridges was
deferred until DVR initialization later on. But if br-int has no flows
from a previous run (eg after host reboot), then these packets will hit
the NORMAL flow in table 60. And if there is more than one physical
bridge, then the physical interfaces from the different bridges are now
essentially connected at layer 2 and a network loop is possible in the
time before the flows are added by DVR. Also the DVR code won't add them
until after RPC calls to the server, so a loop is more likely if the
server is not available.
This patch restores adding these flows to when the physical bridges are
first configured. Also updated a comment that was no longer correct and
updated the unit test.
Change-Id: I42c33fefaae6a7bee134779c840f35632823472e
Closes-Bug: #1887148
Related-Bug: #1869808
(cherry picked from commit c1a77ef8b74bb9b5abbc5cb03fb3201383122eb8)
(cherry picked from commit 143fe8ff89ba776618ed6291af9d5e28e4662bdb)
(cherry picked from commit 6a861b8c8c28e5675ec2208057298b811ba2b649)
(cherry picked from commit 8181c5dbfe799ac6c832ab67b7eab3bcef4098b9)
Conflicts: neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
(cherry picked from commit 47ec363f5faefd85dfa33223c0087f4444afb5b9)
Conflicts: neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py
(cherry picked from commit 8a173ec29ac1819c3d28c191814cd1402d272bb9)
Reviewed: https:/ /review. opendev. org/742366 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=00466f41d69 0ca7c7a918bfd86 1878ef620bbec9
Committed: https:/
Submitter: Zuul
Branch: stable/pike
commit 00466f41d690ca7 c7a918bfd861878 ef620bbec9
Author: Darragh O'Reilly <email address hidden>
Date: Mon Jul 13 14:48:10 2020 +0000
Ensure drop flows on br-int at agent startup for DVR too
Commit 90212b12 changed the OVS agent so adding vital drop flows on
br-int (table 0 priority 2) for packets from physical bridges was
deferred until DVR initialization later on. But if br-int has no flows
from a previous run (eg after host reboot), then these packets will hit
the NORMAL flow in table 60. And if there is more than one physical
bridge, then the physical interfaces from the different bridges are now
essentially connected at layer 2 and a network loop is possible in the
time before the flows are added by DVR. Also the DVR code won't add them
until after RPC calls to the server, so a loop is more likely if the
server is not available.
This patch restores adding these flows to when the physical bridges are
first configured. Also updated a comment that was no longer correct and
updated the unit test.
Change-Id: I42c33fefaae6a7 bee134779c840f3 5632823472e 5abbc5cb03fb320 1383122eb8) 618ed6291af9d5e 28e4662bdb) 75ec2208057298b 811ba2b649) 6c832ab67b7eab3 bcef4098b9)
neutron/ plugins/ ml2/drivers/ openvswitch/ agent/ovs_ neutron_ agent.py 5dfa33223c0087f 4444afb5b9)
neutron/ tests/unit/ plugins/ ml2/drivers/ openvswitch/ agent/test_ ovs_neutron_ agent.py c3d28c191814cd1 402d272bb9)
Closes-Bug: #1887148
Related-Bug: #1869808
(cherry picked from commit c1a77ef8b74bb9b
(cherry picked from commit 143fe8ff89ba776
(cherry picked from commit 6a861b8c8c28e56
(cherry picked from commit 8181c5dbfe799ac
Conflicts:
(cherry picked from commit 47ec363f5faefd8
Conflicts:
(cherry picked from commit 8a173ec29ac1819