Allowed address pairs aren't populated to the new host with DVR router

Bug #1928466 reported by Slawek Kaplonski
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Slawek Kaplonski

Bug Description

In the DVR routers, neutron-server needs to populate ARP entries also for IPs added to the ports as allowed address pairs. When e.g. new IP is added to the allowed address pairs of the port, it works fine and neutron server sends notification about such new arp entry to the all L3 agents where dvr router is placed.

But in case when new vm plugged to the same router is spawned on completly new compute, or existing vm is migrated to the new compute where dvr router wasn't created before, arp entries for allowed address pairs aren't populated at all.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/791492

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/791492
Committed: https://opendev.org/openstack/neutron/commit/7b59b5069b1402730602b430416a15b1609253ea
Submitter: "Zuul (22348)"
Branch: master

commit 7b59b5069b1402730602b430416a15b1609253ea
Author: Slawek Kaplonski <email address hidden>
Date: Fri May 14 16:07:14 2021 +0200

    [DVR] Send allowed address pairs info to the L3 agents

    When new dvr router is going to be created on the node, L3 agent
    asks server for list of ports plugged to the subnets, to populate
    arp entries for all fixed IPs from those ports.
    There was missing info about allowed address pairs there, so those
    IPs were not populated in the qrouter namespace.
    Now it's added and L3 agent can add those arp entries to the qrouter
    namespaces too.

    Closes-Bug: #1928466
    Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron/+/792790

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/neutron/+/792756

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/neutron/+/792757

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/neutron/+/792791

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/c/openstack/neutron/+/792792

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/c/openstack/neutron/+/792759

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/c/openstack/neutron/+/792760

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron-tempest-plugin (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/794788

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/792790
Committed: https://opendev.org/openstack/neutron/commit/e622b28e2c009aacc6bebac7d0740cfab85b8b68
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit e622b28e2c009aacc6bebac7d0740cfab85b8b68
Author: Slawek Kaplonski <email address hidden>
Date: Fri May 14 16:07:14 2021 +0200

    [DVR] Send allowed address pairs info to the L3 agents

    When new dvr router is going to be created on the node, L3 agent
    asks server for list of ports plugged to the subnets, to populate
    arp entries for all fixed IPs from those ports.
    There was missing info about allowed address pairs there, so those
    IPs were not populated in the qrouter namespace.
    Now it's added and L3 agent can add those arp entries to the qrouter
    namespaces too.

    Conflicts:
        neutron/tests/unit/db/test_l3_dvr_db.py

    Closes-Bug: #1928466
    Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
    (cherry picked from commit 7b59b5069b1402730602b430416a15b1609253ea)

tags: added: in-stable-wallaby
tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/rocky)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/792759
Committed: https://opendev.org/openstack/neutron/commit/1321a31a8ce7bc266df05ad432a94e16ed693305
Submitter: "Zuul (22348)"
Branch: stable/rocky

commit 1321a31a8ce7bc266df05ad432a94e16ed693305
Author: Slawek Kaplonski <email address hidden>
Date: Fri May 14 16:07:14 2021 +0200

    [DVR] Send allowed address pairs info to the L3 agents

    When new dvr router is going to be created on the node, L3 agent
    asks server for list of ports plugged to the subnets, to populate
    arp entries for all fixed IPs from those ports.
    There was missing info about allowed address pairs there, so those
    IPs were not populated in the qrouter namespace.
    Now it's added and L3 agent can add those arp entries to the qrouter
    namespaces too.

    Conflicts:
        neutron/agent/l3/dvr_local_router.py
        neutron/objects/port/extensions/allowedaddresspairs.py
        neutron/tests/unit/db/test_l3_dvr_db.py

    Closes-Bug: #1928466
    Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
    (cherry picked from commit 7b59b5069b1402730602b430416a15b1609253ea)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/792756
Committed: https://opendev.org/openstack/neutron/commit/0ce952609071b8c7873361b4679aec187f1cf9a8
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 0ce952609071b8c7873361b4679aec187f1cf9a8
Author: Slawek Kaplonski <email address hidden>
Date: Fri May 14 16:07:14 2021 +0200

    [DVR] Send allowed address pairs info to the L3 agents

    When new dvr router is going to be created on the node, L3 agent
    asks server for list of ports plugged to the subnets, to populate
    arp entries for all fixed IPs from those ports.
    There was missing info about allowed address pairs there, so those
    IPs were not populated in the qrouter namespace.
    Now it's added and L3 agent can add those arp entries to the qrouter
    namespaces too.

    Conflicts:
        neutron/tests/unit/db/test_l3_dvr_db.py

    Closes-Bug: #1928466
    Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
    (cherry picked from commit 7b59b5069b1402730602b430416a15b1609253ea)

tags: added: in-stable-victoria
tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/792757
Committed: https://opendev.org/openstack/neutron/commit/ab31406d77a29278a9a0360e375bb3689526aec0
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit ab31406d77a29278a9a0360e375bb3689526aec0
Author: Slawek Kaplonski <email address hidden>
Date: Fri May 14 16:07:14 2021 +0200

    [DVR] Send allowed address pairs info to the L3 agents

    When new dvr router is going to be created on the node, L3 agent
    asks server for list of ports plugged to the subnets, to populate
    arp entries for all fixed IPs from those ports.
    There was missing info about allowed address pairs there, so those
    IPs were not populated in the qrouter namespace.
    Now it's added and L3 agent can add those arp entries to the qrouter
    namespaces too.

    Conflicts:
        neutron/tests/unit/db/test_l3_dvr_db.py

    Closes-Bug: #1928466
    Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
    (cherry picked from commit 7b59b5069b1402730602b430416a15b1609253ea)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/792791
Committed: https://opendev.org/openstack/neutron/commit/888ab6a2fc9a26b2dc30a58b29694fe7df50426e
Submitter: "Zuul (22348)"
Branch: stable/train

commit 888ab6a2fc9a26b2dc30a58b29694fe7df50426e
Author: Slawek Kaplonski <email address hidden>
Date: Fri May 14 16:07:14 2021 +0200

    [DVR] Send allowed address pairs info to the L3 agents

    When new dvr router is going to be created on the node, L3 agent
    asks server for list of ports plugged to the subnets, to populate
    arp entries for all fixed IPs from those ports.
    There was missing info about allowed address pairs there, so those
    IPs were not populated in the qrouter namespace.
    Now it's added and L3 agent can add those arp entries to the qrouter
    namespaces too.

    Conflicts:
        neutron/agent/l3/dvr_local_router.py
        neutron/objects/port/extensions/allowedaddresspairs.py
        neutron/tests/unit/db/test_l3_dvr_db.py

    Closes-Bug: #1928466
    Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
    (cherry picked from commit 7b59b5069b1402730602b430416a15b1609253ea)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/stein)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/792792
Committed: https://opendev.org/openstack/neutron/commit/e8e38d67b23cc061c41dee52b837abc57dcb237a
Submitter: "Zuul (22348)"
Branch: stable/stein

commit e8e38d67b23cc061c41dee52b837abc57dcb237a
Author: Slawek Kaplonski <email address hidden>
Date: Fri May 14 16:07:14 2021 +0200

    [DVR] Send allowed address pairs info to the L3 agents

    When new dvr router is going to be created on the node, L3 agent
    asks server for list of ports plugged to the subnets, to populate
    arp entries for all fixed IPs from those ports.
    There was missing info about allowed address pairs there, so those
    IPs were not populated in the qrouter namespace.
    Now it's added and L3 agent can add those arp entries to the qrouter
    namespaces too.

    Conflicts:
        neutron/agent/l3/dvr_local_router.py
        neutron/objects/port/extensions/allowedaddresspairs.py
        neutron/tests/unit/db/test_l3_dvr_db.py

    Closes-Bug: #1928466
    Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
    (cherry picked from commit 7b59b5069b1402730602b430416a15b1609253ea)

tags: added: in-stable-stein
tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/792760
Committed: https://opendev.org/openstack/neutron/commit/581174d5f676167d7eb536d4354224d4dadd2fa5
Submitter: "Zuul (22348)"
Branch: stable/queens

commit 581174d5f676167d7eb536d4354224d4dadd2fa5
Author: Slawek Kaplonski <email address hidden>
Date: Fri May 14 16:07:14 2021 +0200

    [DVR] Send allowed address pairs info to the L3 agents

    When new dvr router is going to be created on the node, L3 agent
    asks server for list of ports plugged to the subnets, to populate
    arp entries for all fixed IPs from those ports.
    There was missing info about allowed address pairs there, so those
    IPs were not populated in the qrouter namespace.
    Now it's added and L3 agent can add those arp entries to the qrouter
    namespaces too.

    Conflicts:
        neutron/agent/l3/dvr_local_router.py
        neutron/objects/port/extensions/allowedaddresspairs.py
        neutron/tests/unit/db/test_l3_dvr_db.py

    Closes-Bug: #1928466
    Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
    (cherry picked from commit 7b59b5069b1402730602b430416a15b1609253ea)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron-tempest-plugin (master)

Reviewed: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/794788
Committed: https://opendev.org/openstack/neutron-tempest-plugin/commit/1536b57c8f1116ba48fdd72b6edc7202d5870fbf
Submitter: "Zuul (22348)"
Branch: master

commit 1536b57c8f1116ba48fdd72b6edc7202d5870fbf
Author: Slawek Kaplonski <email address hidden>
Date: Fri Jun 4 13:55:31 2021 +0200

    Remove "active" attribute from the allowed_address_pairs

    Attribute "active" is going to be added to the allowed_address_pairs
    in the patch [1] and will not be available in older branches.
    To make our existing allowed_address_pairs API tests to be passing in
    both cases, with and without that "active" attribute, this patch
    removes that field from the allowed_address_pairs which are returned
    by the Neutron server.

    We could make expected results of those tests to be dependend on the
    available Neutron's API extensions but in that case existing tests may
    fail randomly as all tests are always using same IP addresses thus
    allowed_address_pair may be active=True or active=False.

    To properly check active/inactive allowed address pairs there will be
    additional tests added to the neutron-tempest-plugin in the follow up
    patch.

    [1] https://review.opendev.org/c/openstack/neutron/+/601336

    Related-Bug: #1928466
    Change-Id: I368ca13291055f43896beb905cf19ff933fa797c

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 16.4.0

This issue was fixed in the openstack/neutron 16.4.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 17.2.0

This issue was fixed in the openstack/neutron 17.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 18.1.0

This issue was fixed in the openstack/neutron 18.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 19.0.0.0rc1

This issue was fixed in the openstack/neutron 19.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron queens-eol

This issue was fixed in the openstack/neutron queens-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron rocky-eol

This issue was fixed in the openstack/neutron rocky-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron stein-eol

This issue was fixed in the openstack/neutron stein-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron train-eol

This issue was fixed in the openstack/neutron train-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.