neutron

[OVN] Virtual ports are always DOWN

Bug #1961184 reported by Rodolfo Alonso
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Low
Rodolfo Alonso

Bug Description

Related bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2052243

In OVN (same as in OVS), virtual ports are always down.

Steps to Reproduce:
1. Define a port for our server, and allow it to use a vip:
   $ openstack port create --network private --security-group prodlike serverport
   $ openstack server create --security-group prodlike --port serverport \
     --key-name stack --flavor m1.small --image cirros myserver \
     --availability-zone nova:cpu35d
   $ openstack floating ip set --port serverport 10.64.154.3
   $ openstack port create myvip --network private \
     --fixed-ip ip-address=192.168.200.20
   $ openstack port set --allowed-address ip-address=192.168.200.20 serverport

At this moment, ovn-sbctl should not show the port "myvip" on any chassis:
$ ovn-sbctl show
Chassis "1126ea9a-2860-4e5c-9ab5-ca1e8959edee"
    hostname: cpu35d
    Encap geneve
        ip: "10.64.145.100"
        options: {csum="true"}
    Port_Binding cr-lrp-52d45a86-6cbf-43ff-9700-755490192441
    Port_Binding "d4aafa35-ab96-4451-9623-983a164f28dd"

The port is not bound yet:
$ openstack port show myvip -c status -c binding_host_id -c id
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| binding_host_id | |
| id | 55c03aa0-2a21-4f28-bf5d-6ec2dcc5f7e3 |
| status | DOWN |
+-----------------+--------------------------------------+

2. Make the VM own the port:
Login into the VM and assign the virtual IP to the port:
  $ ssh 10.64.154.3 -l cirros
  $ sudo ip addr add 192.168.200.20 dev eth0
  $ sudo arping -U 192.168.200.20
    ARPING 192.168.200.20 from 192.168.200.20 eth0
    ^CSent 2 probe(s) (2 broadcast(s))
  Received 0 response(s) (0 request(s), 0 broadcast(s))

When OVN detects traffic from/to a port with the IP of the virtual port, binds this VIP to the chassis hosting the port:
Chassis "1126ea9a-2860-4e5c-9ab5-ca1e8959edee"
    hostname: cpu35d
    Encap geneve
        ip: "10.64.145.100"
        options: {csum="true"}
    Port_Binding "55c03aa0-2a21-4f28-bf5d-6ec2dcc5f7e3"
    Port_Binding cr-lrp-52d45a86-6cbf-43ff-9700-755490192441
    Port_Binding "d4aafa35-ab96-4451-9623-983a164f28dd"

3. Check the state of the port in Neutron
openstack port show myvip -c status -c binding_host_id -c id

Actual results:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| binding_host_id | |
| id | 55c03aa0-2a21-4f28-bf5d-6ec2dcc5f7e3 |
| status | DOWN |
+-----------------+--------------------------------------+

Expected results:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| binding_host_id | cpu35d |
| id | 55c03aa0-2a21-4f28-bf5d-6ec2dcc5f7e3 |
| status | ACTIVE |
+-----------------+--------------------------------------+

***QUESTION***: in OVN is easy to detect when a VIP port has been bound/released and we can easily update the VIP port status and host ID. Should we implement this feature for OVN only, adding a gap between OVS and OVN?

See original description
Rodolfo Alonso (rodolfo-alonso-hernandez)
description: updated
Changed in neutron:
assignee: nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
Revision history for this message
Slawek Kaplonski (slaweq) wrote :

Hmm, I wonder if we could maybe change (again) our approach in https://review.opendev.org/c/openstack/neutron/+/601336 and instead of marking allowed_address_pair as "active", mark port to be "bound" and ACTIVE on host with one of the vms. That way we could maybe have finally solved https://launchpad.net/bugs/1774459 and not have parity gap between backends. Wdyt?

Slawek Kaplonski (slaweq)
tags: added: ovn
Changed in neutron:
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Rodolfo Alonso (rodolfo-alonso-hernandez) wrote :

Hi Slawek:

I would not modify the "status" field but the host binding field. As commented by Francois in [1], this parameter could be useful for operators to know where the VIP is attached to. In this case he is referring to OVN but as you commented, [2] will do the same for OVS.

Regards.

[1]https://bugzilla.redhat.com/show_bug.cgi?id=2052243
[2]https://review.opendev.org/c/openstack/neutron/+/601336

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/830624

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/830624
Committed: https://opendev.org/openstack/neutron/commit/bdbabdf362a0755fa5a86222a7a223c727f0ec4e
Submitter: "Zuul (22348)"
Branch: master

commit bdbabdf362a0755fa5a86222a7a223c727f0ec4e
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed Feb 9 19:04:45 2022 +0000

    [OVN] Update VIP port host ID when traffic detected

    A virtual IP port is a port with an IP address assigned. This IP
    address is used as an allowed address pair in a bound port (or ports).
    This port is marked as "virtual" and a list of "virtual-parents"
    (ports with the VIP assigned as allowed address pair) will be
    populated accordingly.

    This patch updates the "binding:host_id" of the port when OVN detects
    traffic from the corresponding VIP address. OVN updates the VIP port
    SB "Port_Binding" register with the chassis ID. The hostname of this
    chassis is used to update the port host ID.

    The VIP port is always unbound and down; this patch only populates the
    host information to provide to the user this information using the
    OpenStack CLI, instead of making this search using the OVN CLI.

    Closes-Bug: #1961184
    Change-Id: I75b04d056ba0df9e34a99673c689a69cdbfa097e

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron/+/833668

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/neutron/+/833670

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/833668
Committed: https://opendev.org/openstack/neutron/commit/46c49aedfa6675db714dee74a2da915b40a6f2d3
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 46c49aedfa6675db714dee74a2da915b40a6f2d3
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed Feb 9 19:04:45 2022 +0000

    [OVN] Update VIP port host ID when traffic detected

    A virtual IP port is a port with an IP address assigned. This IP
    address is used as an allowed address pair in a bound port (or ports).
    This port is marked as "virtual" and a list of "virtual-parents"
    (ports with the VIP assigned as allowed address pair) will be
    populated accordingly.

    This patch updates the "binding:host_id" of the port when OVN detects
    traffic from the corresponding VIP address. OVN updates the VIP port
    SB "Port_Binding" register with the chassis ID. The hostname of this
    chassis is used to update the port host ID.

    The VIP port is always unbound and down; this patch only populates the
    host information to provide to the user this information using the
    OpenStack CLI, instead of making this search using the OVN CLI.

    Closes-Bug: #1961184
    Change-Id: I75b04d056ba0df9e34a99673c689a69cdbfa097e
    (cherry picked from commit bdbabdf362a0755fa5a86222a7a223c727f0ec4e)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 20.0.0.0rc2

This issue was fixed in the openstack/neutron 20.0.0.0rc2 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/833670
Committed: https://opendev.org/openstack/neutron/commit/6b6abd0718746ca55c2eb302570b874b7e2362c8
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 6b6abd0718746ca55c2eb302570b874b7e2362c8
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed Feb 9 19:04:45 2022 +0000

    [OVN] Update VIP port host ID when traffic detected

    A virtual IP port is a port with an IP address assigned. This IP
    address is used as an allowed address pair in a bound port (or ports).
    This port is marked as "virtual" and a list of "virtual-parents"
    (ports with the VIP assigned as allowed address pair) will be
    populated accordingly.

    This patch updates the "binding:host_id" of the port when OVN detects
    traffic from the corresponding VIP address. OVN updates the VIP port
    SB "Port_Binding" register with the chassis ID. The hostname of this
    chassis is used to update the port host ID.

    The VIP port is always unbound and down; this patch only populates the
    host information to provide to the user this information using the
    OpenStack CLI, instead of making this search using the OVN CLI.

    Closes-Bug: #1961184
    Change-Id: I75b04d056ba0df9e34a99673c689a69cdbfa097e
    (cherry picked from commit bdbabdf362a0755fa5a86222a7a223c727f0ec4e)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 19.2.0

This issue was fixed in the openstack/neutron 19.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron/+/844810

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/844810
Committed: https://opendev.org/openstack/neutron/commit/c4a5b8348ad1f1bb7c0c2ec137da1124df76f7fe
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit c4a5b8348ad1f1bb7c0c2ec137da1124df76f7fe
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed Feb 9 19:04:45 2022 +0000

    [OVN] Update VIP port host ID when traffic detected

    A virtual IP port is a port with an IP address assigned. This IP
    address is used as an allowed address pair in a bound port (or ports).
    This port is marked as "virtual" and a list of "virtual-parents"
    (ports with the VIP assigned as allowed address pair) will be
    populated accordingly.

    This patch updates the "binding:host_id" of the port when OVN detects
    traffic from the corresponding VIP address. OVN updates the VIP port
    SB "Port_Binding" register with the chassis ID. The hostname of this
    chassis is used to update the port host ID.

    The VIP port is always unbound and down; this patch only populates the
    host information to provide to the user this information using the
    OpenStack CLI, instead of making this search using the OVN CLI.

    Conflicts:
        neutron/common/ovn/constants.py
        neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py
        neutron/plugins/ml2/plugin.py
        neutron/tests/functional/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_ovsdb_monitor.py

    Closes-Bug: #1961184

    Change-Id: I75b04d056ba0df9e34a99673c689a69cdbfa097e
    (cherry picked from commit bdbabdf362a0755fa5a86222a7a223c727f0ec4e)
    (cherry picked from commit 6b6abd0718746ca55c2eb302570b874b7e2362c8)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 18.5.0

This issue was fixed in the openstack/neutron 18.5.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 21.0.0.0rc1

This issue was fixed in the openstack/neutron 21.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.