[OVN] VLAN networks for North / South Traffic Broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Unassigned |
Bug Description
## Environment
### Deployment
- Ubuntu 22.04 LTS
- Openstack Release ZED
- Kolla-ansible - stable/zed repo
- Kolla - stable/zed repo
- Containers built with ubuntu 22.04 LTS
- Containers built on 2023-08-23
- OVN+DVR+VLAN tenant networks.
- We have three controllers occ00001, occ00002 occ00003
- Neutron version neutron-
- ovn-nbctl 22.09.1
- Open vSwitch Library 3.0.3
- DB Schema 6.3.0
1. New provider network deployed into openstack, on vlan 504.
2. Router connected to this provider network.
3. Instance connected to provider network no FIP
## Issues
Attempting to send north/south traffic (ping 8.8.8.8), results in the following symptoms. 2 pings are successful, all other pings fail, until the ping is cancelled, and a couple of minutes pass, then two pings will be successful again, then back to failing.
New routers with vlan networks attached don't create all three ports on the controllers.
Even when fixing the localnet ports on the router to have three with changing the priority when attaching a FIP the N/S traffic is limited to 2 pings
Only when setting `reside-
## Diagnostics
After looking at the ovn-controller logs on the control nodes we can see that it tries to claim the port on occ0001. which matches the gateway chassis on the routers LRP port.
```
2023-09-
2023-09-
```
Gateway chassis of the LRP port.
```
ovn-nbctl list Gateway_Chassis | grep -A2 -B4 lrp-71cf7286-
_uuid : cf26be06-
chassis_name : occ00002
external_ids : {}
name : lrp-71cf7286-
options : {}
priority : 2
--
_uuid : 1d9e8314-
chassis_name : occ00001
external_ids : {}
name : lrp-71cf7286-
options : {}
priority : 3
--
_uuid : b1e41ceb-
chassis_name : occ00003
external_ids : {}
name : lrp-71cf7286-
options : {}
priority : 1
```
We see nothing about `occ00002` or `occ00003` trying to claim the LRP port but we found that when you change the priority around to try resolve, we can see that the port is not on `occ00001` but is on occ0002
We change occ0001 = 1 and occ0003 = 3 which means `occ00003` will be come the highest gateway.
```
ovn-nbctl set gateway_chassis 1d9e8314-
ovn-nbctl set gateway_chassis b1e41ceb-
```
the logs show the following.
occ0001
```
2023-09-
2023-09-
```
occ0002
```
2023-09-
2023-09-
```
occ0003
```
2023-09-
2023-09-
```
on `occ00003` we can see that `occ00002` had the gateway and not `occ00001` which it should of had. This happens on creating new routers on the vlan provider network.All exisiting Routers before upgrade are working and that they have the same priority.
## Second diagnostics
Looking at each Logical Router we can see that when the router is first created that only two of the three ports are created.
Broken router:
```
_uuid : 773bb527-
copp : []
enabled : true
external_ids : {"neutron:
load_balancer : []
load_balancer_group : []
name : neutron-
nat : [f22e6004-
options : {always_
policies : []
ports : [c59b5f9e-
static_routes : [36ad39c0-
```
The working Router has all three ports after we make the priority change this means that the change forces the ports to be created.
Working Router:
```
_uuid : 8734ea01-
copp : []
enabled : true
external_ids : {"neutron:
load_balancer : []
load_balancer_group : []
name : neutron-
nat : [4bba0f50-
options : {always_
policies : []
ports : [a9590024-
static_routes : [8e89f98e-
```
## Resolution
When we look at the Logical Router Port of the internal interface (the one attached to the vlan) we can see that options has the following.
```
name : lrp-d6e063e5-
networks : ["192.168.0.1/24"]
options : {reside-
```
And on the External LRP we have the following.
```
mac : "fa:16:3e:fc:ba:cf"
name : lrp-1a089d8f-
networks : ["1xx.xx.
options : {redirect-
```
My understanding is that `reside-
When I change this to true `ovn-nbctl set logical_router_port lrp-d6e063e5-
When looking at the merged https:/
description: | updated |
summary: |
- VLAN networks for North / South Traffic Broken + [OVN] VLAN networks for North / South Traffic Broken |
tags: | added: ovn |
Hey all,
Do we need anymore information on this, or a discussion about a way forward?