L3-agent restart causes VM connectivity loss

Hi i tried this on master I am able to ping and ssh if
- i bring down l3
- delete qrouter namespace
-restart l3-agent

I was able to ping ssh on l3-agt restart
but weird thing i am noticing is when it recovered qrouter

ip a i qrouternamespace shows http://paste.openstack.org/show/480037/

before i stopped l3-agt it was http://paste.openstack.org/show/480036/

Only issue here i see is it does not update new router namespace completely.

l3-agt logs

http://paste.openstack.org/show/480038/

i am using single node devstack where i was able to ping ssh vm
after bringing down l3-agt, deleting qrouter namespace and restarting l3 agent

I can reproduce it in my devstack with latest code, I will look into it.

I tried to reproduce this problem by rebooting the network node instead of killing the L3-agent and deleting the qrouter namespace. I cannot reproduce the problem. This time I am able to ping and ssh the VMs after the L3-agent is started up again.

The steps taken are:

Repeat steps 1-3. The node has the neutron-server, neutron-dhcp-agent, neutron-metadata-agent, neutron-openvswitch-agent, as well as the neutron-l3-agent running.

Then
4. reboot the node.
5. After the node comes back up, start all the neutron components that were previously running:
    a. start the neutron-server,
    b. start the neutron-openvswitch-agent
    c. start the neutron-dhcp-agent
    d. start the neutron-metadata-agent
    e. start the neutron-l3-agent.
6. Afterwards, ping and ssh to the VM works. The qrouter namespace has the same interfaces and IP addresses as before the node reboot.

I'm going to reduce this severity to Medium based on Stephen's report. To me, it feels a bit contrived though I agree that the L3 agent should handle this case.

Sorry to miss the discussion about the bug in IRC last night, I did a basic investigation last week. I think this bug is an avoidable issue, the root cause might be some ovs command don't take effect when rebuild the port of router. But I still don't have time to continue working on it since last investigation.
Since the severity is lowered, I would work on it in next week.

I just tested it in a kilo env follow the steps in description, and it will have the same problem. the log is at [1], which is the same as @manjeet-s-bhatia posted in comment #1.

So, @stephen-ma, can you confirm that it will not happen in kilo?

[1] http://paste.openstack.org/show/481028/

Fix proposed to branch: master
Review: https://review.openstack.org/254579

@xiaohhui Yes, the same problem is reproduced with stable/kilo.

Reviewed: https://review.openstack.org/254579
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=8b7e5997dae54a03ad2850c43b7070bc00c90273
Submitter: Jenkins
Branch: master

commit 8b7e5997dae54a03ad2850c43b7070bc00c90273
Author: Hong Hui Xiao <email address hidden>
Date: Tue Dec 8 01:17:54 2015 -0500

    Separate the command for replace_port to delete and add

    When a port has been added to router namespace, trying to replace the
    port by adding del-port and add-port in one command, will not bring
    the new port to kernel. Even if the port is updated in ovs db and can
    be found on br-int, system can't see the new port. This will break
    the following actions, which will manipulate the new port by ip
    commands. A mail list has been filed to discuss this issue at [1].

    The problem here will break the scenario that namespace is deleted
    unexpectedly, and l3-agent tries to rebuild the namespace at restart.

    Separating replace_port to two commands: del-port and add-port,
    matches the original logic and has been verified that it can resolve
    the problem here.

    [1] http://openvswitch.org/pipermail/discuss/2015-December/019667.html

    Change-Id: If36bcf5a0cccb667f3087aea1e9ea9f20eb3a563
    Closes-Bug: #1519926

This issue was fixed in the openstack/neutron 8.0.0.0b2 development milestone.

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/270271

Reviewed: https://review.openstack.org/270271
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=54f8819935fa2439220704cb128d1e4335422dd0
Submitter: Jenkins
Branch: stable/liberty

commit 54f8819935fa2439220704cb128d1e4335422dd0
Author: Hong Hui Xiao <email address hidden>
Date: Tue Dec 8 01:17:54 2015 -0500

    Separate the command for replace_port to delete and add

    When a port has been added to router namespace, trying to replace the
    port by adding del-port and add-port in one command, will not bring
    the new port to kernel. Even if the port is updated in ovs db and can
    be found on br-int, system can't see the new port. This will break
    the following actions, which will manipulate the new port by ip
    commands. A mail list has been filed to discuss this issue at [1].

    The problem here will break the scenario that namespace is deleted
    unexpectedly, and l3-agent tries to rebuild the namespace at restart.

    Separating replace_port to two commands: del-port and add-port,
    matches the original logic and has been verified that it can resolve
    the problem here.

    [1] http://openvswitch.org/pipermail/discuss/2015-December/019667.html

    Conflicts:
     neutron/tests/functional/agent/l3/test_legacy_router.py

    Change-Id: If36bcf5a0cccb667f3087aea1e9ea9f20eb3a563
    Closes-Bug: #1519926
    (cherry picked from commit 8b7e5997dae54a03ad2850c43b7070bc00c90273)

This issue was fixed in the openstack/neutron 7.1.0 release.