VMware: no VM connectivity when opaque network does not match bridge id

Bug #1225002 reported by Gary Kotton on 2013-09-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
High
Gary Kotton
Grizzly
High
Gary Kotton

Bug Description

When the opqaue network does not match the bridge ID we need to fallback to the configured 'integration_bridge' pararmeter in the vmware section. If this is not done there is no network connectivity with the VM

Gary Kotton (garyk) on 2013-09-13
Changed in nova:
importance: Undecided → Medium
Changed in nova:
assignee: nobody → Gary Kotton (garyk)
status: New → In Progress
Gary Kotton (garyk) on 2013-09-13
Changed in nova:
importance: Medium → High
tags: added: grizzly-backport-potential vmware
Changed in nova:
milestone: none → havana-rc1
Russell Bryant (russellb) wrote :

It sounds like this is basically a config error case? If so, I don't think it's High

tags: added: havana-rc-potential
Changed in nova:
milestone: havana-rc1 → none
importance: High → Medium
Shawn Hartsock (hartsock) wrote :

I'm not sure I understand this one. I think I need more context to form an opinion.

Gary Kotton (garyk) wrote :

https://review.openstack.org/#/c/41977/

This is critical when using quantum. If no opaque network is matched then traffic will be discarded meaning that no traffic will get to the VM

Changed in nova:
milestone: none → havana-rc1
Gary Kotton (garyk) wrote :

sorry for the slip - not quantum, neutron

Changed in nova:
milestone: havana-rc1 → none

I would actually mark this as critical/high because without this fix we found out that vsphere 5.5 (with embedded ovs) will fail to work properly with the base Neutron NVP plugin, which is what most of current customers are using.

More importantly, the Havana release for Neutron will also include advanced extensions that leverage new capabilities of the NSX vCloud Networking and Security Suite (this is stuff that's been worked on after the acquisition of Nicira and the NVP technologies). Without this minor addition to the vmwareapi virt layer, vsphere will be unable to leverages these advanced extensions correctly.

Changed in nova:
importance: Medium → High
Russell Bryant (russellb) wrote :

What does "fail to work properly with the base Neutron NVP plugin" mean? What is the failure, why and how does it occur?

Apologies for the late reply. Comments below:

- As per bug report title, "fail to work properly with the base Neutron plugin" means "no VM connectivity"
- What is the failure? Compute fails to find the right network
- Why? With the embedded ovs plugin, vsphere expects opaque networks to exists and be configured on the hypervisor; these are not created by the base Neutron plugin.
- How does it occur? As I mentioned above, this occurs with vsphere 5.5 and Neutron NVP plugin.

I can dive into the technical details a lot more if you are really interested (as it seems you are), but I hope this suffices.

Gary Kotton (garyk) on 2013-10-04
Changed in nova:
milestone: none → 2013.1.4
milestone: 2013.1.4 → none

Hi,
Can you guys please take a look. I have addressed Johns comments.
Thanks
Gary

Reviewed: https://review.openstack.org/41977
Committed: http://github.com/openstack/nova/commit/a0546fd3f42c37e8cd6e4e9b70d59ae1e689b4b7
Submitter: Jenkins
Branch: master

commit a0546fd3f42c37e8cd6e4e9b70d59ae1e689b4b7
Author: Gary Kotton <email address hidden>
Date: Wed Aug 14 02:05:27 2013 -0700

    VMware: Network fallback in case specified one not found

    In the case that opqaue network does not match the bridge ID then
    we will fall back on a predefined network (configurable by the admin
    via 'integration_bridge' in the 'vmware' section).

    Fixes bug 1225002

    Change-Id: Icfe2cb40feada33e5d86e669e1c88f2ce0dd1c5d

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-10-10
Changed in nova:
milestone: none → havana-rc2
tags: removed: havana-rc-potential

Reviewed: https://review.openstack.org/50352
Committed: http://github.com/openstack/nova/commit/a4e214ec8193f0aecf5e7c73f514a48c8d8e996c
Submitter: Jenkins
Branch: milestone-proposed

commit a4e214ec8193f0aecf5e7c73f514a48c8d8e996c
Author: Gary Kotton <email address hidden>
Date: Wed Aug 14 02:05:27 2013 -0700

    VMware: Network fallback in case specified one not found

    In the case that opqaue network does not match the bridge ID then
    we will fall back on a predefined network (configurable by the admin
    via 'integration_bridge' in the 'vmware' section).

    Fixes bug 1225002

    (cherry picked from commit a0546fd3f42c37e8cd6e4e9b70d59ae1e689b4b7)

    Change-Id: I7508a13f116b539fef1f771fc5ab4c32ffa520bc

Changed in nova:
status: Fix Committed → Fix Released

Reviewed: https://review.openstack.org/50375
Committed: http://github.com/openstack/nova/commit/6ea2d8a8523de5e292feea1dd17ccd5cf9bfa1d2
Submitter: Jenkins
Branch: stable/grizzly

commit 6ea2d8a8523de5e292feea1dd17ccd5cf9bfa1d2
Author: Gary Kotton <email address hidden>
Date: Wed Aug 14 02:05:27 2013 -0700

    VMware: Network fallback in case specified one not found

    In the case that opqaue network does not match the bridge ID then
    we will fall back on a predefined network (configurable by the admin
    via 'integration_bridge' in the 'vmware' section).

    Fixes bug 1225002

    (cherry picked from commit a0546fd3f42c37e8cd6e4e9b70d59ae1e689b4b7)

    Conflicts:

     nova/tests/test_vmwareapi_vif.py
     nova/virt/vmwareapi/vif.py

    Change-Id: Idd28986aac12461754194d3fdd04004748a14893

tags: added: in-stable-grizzly
Thierry Carrez (ttx) on 2013-10-17
Changed in nova:
milestone: havana-rc2 → 2013.2
Alan Pevec (apevec) on 2014-03-30
tags: removed: grizzly-backport-potential in-stable-grizzly
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers