i guess we just need to test it an verify.
in principal i belive seting
[os_vif_ovs]
isolate_vif=true
with master should close this issue as the ovs port will be created on vlan 4095 which will result in all packet being droped.
admin-state-up=false will not alter the behaivor of nova/os-vif so at that point connectivy to the port is entirely up to the l2 agent to establish when admin-state-up=true is set.
for ovn you cannot use [os_vif_ovs]/isolate_vif=true
but we do not expect this issue to be present with ovn.
i can try and retest this later in the week but if anyone else can test it in the interim that would be awesome.
if im being totally honest this bug and all it forms has somewhat burnt me out so im not
sure i have the mental enery to back port this to all affected brnahces.
sepcially when it comes to checkign all the depencies across nova,os-vif and neutron but i think we shoudl be able to move nova to fix released if we can confirm https://review.opendev.org/c/openstack/nova/+/602432 + [os_vif_ovs]/isolate_vif=true works.
https:/ /review. opendev. org/c/openstack /nova/+ /602432 has now merged yes but i have not tested if it also fixes this.
in principal it should when combinid with the os-vif config option for port isolation. /github. com/openstack/ os-vif/ blob/master/ vif_plug_ ovs/ovs. py#L90- L94
https:/
i guess we just need to test it an verify.
in principal i belive seting
[os_vif_ovs]
isolate_vif=true
with master should close this issue as the ovs port will be created on vlan 4095 which will result in all packet being droped. up=false will not alter the behaivor of nova/os-vif so at that point connectivy to the port is entirely up to the l2 agent to establish when admin-state-up=true is set.
admin-state-
for ovn you cannot use [os_vif_ ovs]/isolate_ vif=true
but we do not expect this issue to be present with ovn.
i can try and retest this later in the week but if anyone else can test it in the interim that would be awesome.
i have propsosed an inital backport of https:/ /review. opendev. org/c/openstack /nova/+ /602432 /review. opendev. org/c/openstack /nova/+ /790447
to stable wallaby https:/
if im being totally honest this bug and all it forms has somewhat burnt me out so im not
sure i have the mental enery to back port this to all affected brnahces.
sepcially when it comes to checkign all the depencies across nova,os-vif and neutron but i think we shoudl be able to move nova to fix released if we can confirm https:/ /review. opendev. org/c/openstack /nova/+ /602432 + [os_vif_ ovs]/isolate_ vif=true works.