neutron

[OVN] Disallow multiple physnets per bridge

Bug #1956476 reported by Rodolfo Alonso
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Low
Rodolfo Alonso

Bug Description

Related bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1993681

Patch [1] allowed to have multiple physical networks per bridge. Although this could be feasible in OVN, the ML2 OVN mechanism driver should not allow it. The OVN mech driver should have the same behaviour as OVS or LB.

In the related bugzilla there are some steps to reproduce a configuration that leads to a subnet CIDR range conflict, when both networks are in the same bridge, that is not prohibited by Neutron. Steps to Reproduce:
1. Create two physical networks mapped to the same physical network
2. Enable both two physical networks as flat network providers
3. Create a flat network and a subnet with range 10.0.0.0/24 on the first physical network
3. Create another flat network and a subnet with range 10.0.0.0/24 on the second physical network

[1]https://github.com/openstack/networking-ovn/commit/a4781fd0f9c59603638b41069a175547a24c4b1c

Rodolfo Alonso (rodolfo-alonso-hernandez)
Changed in neutron:
assignee: nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/823568

Changed in neutron:
status: New → In Progress
Lucas Alvares Gomes (lucasagomes)
summary: - [OVN] Disallow multiple physnets per brige
+ [OVN] Disallow multiple physnets per bridge
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/823568
Committed: https://opendev.org/openstack/neutron/commit/55afd9bc923f55bc8f621316a080ad4271182ebc
Submitter: "Zuul (22348)"
Branch: master

commit 55afd9bc923f55bc8f621316a080ad4271182ebc
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Thu Dec 23 11:00:09 2021 +0000

    [OVN] Allow only one physical network per bridge

    Same as in other ML2 plugins (OVS, Linux Bridge), OVN mechanism driver
    should allow only one physical network per bridge. The rule "one
    network, one bridge" should be present in OVN too.

    By allowing only one physical network per bridge, Neutron prevents
    having two networks with subnets with the same CIDR in the same bridge.
    Currently is possible and this CIDR clash is not prevented (shouldn't be
    by the API). This architectural limitation prevents this situation.

    This limitation is already present in deployment tools as TripleO.

    Closes-Bug: #1956476
    Change-Id: I74a2ca9a344a93219deb94d60247478ee3200659

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/neutron/+/824344

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron/+/824346

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/neutron/+/824347

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/neutron/+/824348

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/824344
Committed: https://opendev.org/openstack/neutron/commit/795a19bf35175e75dfffd7ba6c349b74f0ff3815
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 795a19bf35175e75dfffd7ba6c349b74f0ff3815
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Thu Dec 23 11:00:09 2021 +0000

    [OVN] Allow only one physical network per bridge

    Same as in other ML2 plugins (OVS, Linux Bridge), OVN mechanism driver
    should allow only one physical network per bridge. The rule "one
    network, one bridge" should be present in OVN too.

    By allowing only one physical network per bridge, Neutron prevents
    having two networks with subnets with the same CIDR in the same bridge.
    Currently is possible and this CIDR clash is not prevented (shouldn't be
    by the API). This architectural limitation prevents this situation.

    This limitation is already present in deployment tools as TripleO.

    Closes-Bug: #1956476
    Change-Id: I74a2ca9a344a93219deb94d60247478ee3200659
    (cherry picked from commit 55afd9bc923f55bc8f621316a080ad4271182ebc)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/824346
Committed: https://opendev.org/openstack/neutron/commit/eddb3a79025b8936292c0b89ca498d5d4899860c
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit eddb3a79025b8936292c0b89ca498d5d4899860c
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Thu Dec 23 11:00:09 2021 +0000

    [OVN] Allow only one physical network per bridge

    Same as in other ML2 plugins (OVS, Linux Bridge), OVN mechanism driver
    should allow only one physical network per bridge. The rule "one
    network, one bridge" should be present in OVN too.

    By allowing only one physical network per bridge, Neutron prevents
    having two networks with subnets with the same CIDR in the same bridge.
    Currently is possible and this CIDR clash is not prevented (shouldn't be
    by the API). This architectural limitation prevents this situation.

    This limitation is already present in deployment tools as TripleO.

    Conflicts:
      neutron/tests/functional/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_impl_idl.py

    Closes-Bug: #1956476
    Change-Id: I74a2ca9a344a93219deb94d60247478ee3200659
    (cherry picked from commit 55afd9bc923f55bc8f621316a080ad4271182ebc)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/824347
Committed: https://opendev.org/openstack/neutron/commit/cb67856d9f4c2e46991a713da33cd4a8c197e86a
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit cb67856d9f4c2e46991a713da33cd4a8c197e86a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Thu Dec 23 11:00:09 2021 +0000

    [OVN] Allow only one physical network per bridge

    Same as in other ML2 plugins (OVS, Linux Bridge), OVN mechanism driver
    should allow only one physical network per bridge. The rule "one
    network, one bridge" should be present in OVN too.

    By allowing only one physical network per bridge, Neutron prevents
    having two networks with subnets with the same CIDR in the same bridge.
    Currently is possible and this CIDR clash is not prevented (shouldn't be
    by the API). This architectural limitation prevents this situation.

    This limitation is already present in deployment tools as TripleO.

    Conflicts:
      neutron/tests/functional/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_impl_idl.py

    Closes-Bug: #1956476
    Change-Id: I74a2ca9a344a93219deb94d60247478ee3200659
    (cherry picked from commit 55afd9bc923f55bc8f621316a080ad4271182ebc)
    (cherry picked from commit eddb3a79025b8936292c0b89ca498d5d4899860c)

tags: added: in-stable-victoria
tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/824348
Committed: https://opendev.org/openstack/neutron/commit/02a986a01f3701695a78b3392920fd0dd6b7b789
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 02a986a01f3701695a78b3392920fd0dd6b7b789
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Thu Dec 23 11:00:09 2021 +0000

    [OVN] Allow only one physical network per bridge

    Same as in other ML2 plugins (OVS, Linux Bridge), OVN mechanism driver
    should allow only one physical network per bridge. The rule "one
    network, one bridge" should be present in OVN too.

    By allowing only one physical network per bridge, Neutron prevents
    having two networks with subnets with the same CIDR in the same bridge.
    Currently is possible and this CIDR clash is not prevented (shouldn't be
    by the API). This architectural limitation prevents this situation.

    This limitation is already present in deployment tools as TripleO.

    Conflicts:
      neutron/tests/functional/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_impl_idl.py

    Closes-Bug: #1956476
    Change-Id: I74a2ca9a344a93219deb94d60247478ee3200659
    (cherry picked from commit 55afd9bc923f55bc8f621316a080ad4271182ebc)
    (cherry picked from commit eddb3a79025b8936292c0b89ca498d5d4899860c)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 20.0.0.0rc1

This issue was fixed in the openstack/neutron 20.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 17.4.0

This issue was fixed in the openstack/neutron 17.4.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 18.3.0

This issue was fixed in the openstack/neutron 18.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 19.2.0

This issue was fixed in the openstack/neutron 19.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/858863

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/858863
Committed: https://opendev.org/openstack/neutron/commit/229d798a45c964783551cd61d7031698d452f72a
Submitter: "Zuul (22348)"
Branch: master

commit 229d798a45c964783551cd61d7031698d452f72a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Thu Sep 22 09:41:29 2022 +0200

    [OVN] Allow only one physical network per bridge

    Since [1], OVN allows only one physical network per bridge,
    same as other ML2 plugins (OVS, Linux Bridge). The rule "one
    network, one bridge" is present in OVN too.

    This patch fixes a small leftover in the ML2/OVN code.

    [1]https://review.opendev.org/c/openstack/neutron/+/823568

    Related-Bug: #1956476
    Change-Id: I955f2430ad1d817966ac49f33741f1d4452d1f76

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to neutron (stable/zed)

Related fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/863255

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Related fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/863256

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/zed)

Change abandoned by "Adrian Alexandrescu <email address hidden>" on branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/863255

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn train-eol

This issue was fixed in the openstack/networking-ovn train-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/zed)

Change abandoned by "Slawek Kaplonski <email address hidden>" on branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/863256
Reason: This review is > 4 weeks without comment, and failed Zuul jobs the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/863256
Committed: https://opendev.org/openstack/neutron/commit/d753b2ab44f38eb5b5f6b34e82c3f9e86680a0e9
Submitter: "Zuul (22348)"
Branch: stable/zed

commit d753b2ab44f38eb5b5f6b34e82c3f9e86680a0e9
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Thu Sep 22 09:41:29 2022 +0200

    [OVN] Allow only one physical network per bridge

    Since [1], OVN allows only one physical network per bridge,
    same as other ML2 plugins (OVS, Linux Bridge). The rule "one
    network, one bridge" is present in OVN too.

    This patch fixes a small leftover in the ML2/OVN code.

    [1]https://review.opendev.org/c/openstack/neutron/+/823568

    Related-Bug: #1956476

    Conflicts:
        neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/extensions/placement.py

    Change-Id: I955f2430ad1d817966ac49f33741f1d4452d1f76
    (cherry picked from commit 229d798a45c964783551cd61d7031698d452f72a)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron ussuri-eol

This issue was fixed in the openstack/neutron ussuri-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.