[OVN] A route inferred from a subnet's default gateway is not added to ovn-nb if segment_id is not None for a subnet
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Invalid
|
Medium
|
Unassigned |
Bug Description
Context:
* Neutron is configured to use OVN
* An external provider network with one segment is created
* A subnet with a default gateway IP set is associated with this segment explicitly (segment_id != None)
* A router's gateway port is set to use the provider network (external_
Result: OVN NB does not contain a default route and instance traffic is blackholed.
--
Detailed description:
The first time a external gateway info is set as follows
$ openstack router set --external-gateway pubnet r1
does not result in OVN getting a default route with the next-hop set to the subnet's gateway IP:
$ sudo ovn-nbctl list logical_
0
Doing it twice in a row does (the default route appears in the table after the second command):
$ openstack router set --external-gateway pubnet r1 && openstack router set --external-gateway pubnet r1
$ sudo ovn-nbctl list logical_
_uuid : df7c6020-
bfd : []
external_ids : {"neutron:
ip_prefix : "0.0.0.0/0"
nexthop : "10.1.1.1"
options : {}
output_port : []
policy : []
route_table : ""
The inferred route is normally installed by this portion of code:
https:/
Based on the result from _get_gw_info:
https:/
`_get_gw_info` returns an empty list since `external_
self._l3_
{'id': 'd51ec4b0-
Meanwhile, the `external_
https:/
https:/
https:/
Port state after it gets created in the unbound state (the code trying to add a default route is trying to find fixed IPs at the same time the gateway port is unbound and does not have any):
openstack port list --router r1
+------
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+------
| 2da99728-
| 97d604f2-
+------
openstack port show 2da99728-
+------
| Field | Value |
+------
| admin_state_up | UP |
| allowed_
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2023-01-
| data_plane_status | None |
| description | |
| device_id | d51ec4b0-
| device_owner | network:
| device_profile | None |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | |
| id | 2da99728-
| ip_allocation | deferred |
| mac_address | fa:16:3e:eb:cf:76 |
| name | |
| network_id | eef0120b-
| numa_affinity_
| port_security_
| project_id | |
| propagate_
| qos_network_
| qos_policy_id | None |
| resource_request | None |
| revision_number | 1 |
| security_group_ids | |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2023-01-
+------
Tested on Yoga, references are for the master branch.
tags: | added: ovn |
Changed in neutron: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Hello Dmitrii:
This is not an OVN error but an error during the router GW port creation. When the router GW port is created in first place, the port host is not assigned yet. This is because the port has not been bound yet. Because of [1], the IPAM module doesn't return any valid subnet and thus the GW port has not fixed IPs on any subnet. This is what you have already described in the definition.
This is because the routed provided networks functionality, that allows to have multiple segments attached to a network, it is supposed to leverage the L3 routing capability of the underlying network. That means the routing processing is done outside Neutron. What Neutron needs to configure is the host segments according to the physical deployment.
In other words, a Neutron router can't be connected as a GW router on a routed provider network. In fact [3] applies only to ML2/OVS. This functionality, as you have seen, doesn't work with ML2/OVN.
Regards.
[1]https:/ /github. com/openstack/ neutron/ blob/21927e7907 5ce0f3e521e56fc a0bed8f1de61066 /neutron/ objects/ subnet. py#L332- L343 /docs.openstack .org/neutron/ latest/ admin/config- routed- networks. html /review. opendev. org/c/openstack /neutron/ +/791178
[2]https:/
[3]https:/