tripleo

vxlan traffic should not create conntrack entries

Bug #1962616 reported by Slawek Kaplonski on 2022-03-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Unassigned

Bug Description

Similary to what was done for Geneve tunnels in ML2/OVN case in https://bugs.launchpad.net/tripleo/+bug/1885551 we should also not send to conntrack vxlan packets in ML2/OVS case.

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-03-01: Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831444

Changed in tripleo:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-03-03: Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831444
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/1d77d9af27cf7b45738ab7af0fe3fa5cdf9d3c37
Submitter: "Zuul (22348)"
Branch: master

commit 1d77d9af27cf7b45738ab7af0fe3fa5cdf9d3c37
Author: Slawek Kaplonski <email address hidden>
Date: Tue Mar 1 21:24:25 2022 +0100

Don't add conntrack entries for vxlan

As vxlan UDP traffic is allowed, there's no reason to create
conntrack entries as it may result in a performance hit.

This patch is preventing vxlan traffic to be sent to conntrack.

Similar change was done some time ago for Geneve tunnels in
the ML2/OVN case with [1].

[1] https://review.opendev.org/c/openstack/tripleo-heat-templates/+/738419

Closes-Bug: #1962616
Change-Id: I15e341769b5c4cf1d3c98d985c39a52bce3a0f12

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-03-03: Fix proposed to tripleo-heat-templates (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831589

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-03-03: Fix proposed to tripleo-heat-templates (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831750

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-03-03: Fix proposed to tripleo-heat-templates (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831751

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-03-03: Fix proposed to tripleo-heat-templates (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831734

Bogdan Dobrelya (bogdando) on 2022-03-07

Changed in tripleo:
importance:	Undecided → High
tags:	added: train-backport-potential wallaby-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-04-12: Change abandoned on tripleo-heat-templates (stable/ussuri)

Change abandoned by "Marios Andreou <email address hidden>" on branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831751
Reason: abandoning per http://lists.openstack.org/pipermail/openstack-discuss/2022-April/028026.html - so we can move EOL https://review.opendev.org/c/openstack/releases/+/834049

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-04-12: Fix included in openstack/tripleo-heat-templates 16.0.0

This issue was fixed in the openstack/tripleo-heat-templates 16.0.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-04-13: Fix merged to tripleo-heat-templates (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831589
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/3265cd0cddc7064f312d93da113aa1559ccb8715
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 3265cd0cddc7064f312d93da113aa1559ccb8715
Author: Slawek Kaplonski <email address hidden>
Date: Tue Mar 1 21:24:25 2022 +0100

Don't add conntrack entries for vxlan

As vxlan UDP traffic is allowed, there's no reason to create
conntrack entries as it may result in a performance hit.

This patch is preventing vxlan traffic to be sent to conntrack.

Similar change was done some time ago for Geneve tunnels in
the ML2/OVN case with [1].

[1] https://review.opendev.org/c/openstack/tripleo-heat-templates/+/738419

    Closes-Bug: #1962616
    Change-Id: I15e341769b5c4cf1d3c98d985c39a52bce3a0f12
    (cherry picked from commit 1d77d9af27cf7b45738ab7af0fe3fa5cdf9d3c37)

tags:

added: in-stable-wallaby

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-04-29: Fix merged to tripleo-heat-templates (stable/victoria)

#10

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831750
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/437766609b954952d3515de04451af83a6b9494c
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 437766609b954952d3515de04451af83a6b9494c
Author: Slawek Kaplonski <email address hidden>
Date: Tue Mar 1 21:24:25 2022 +0100

Don't add conntrack entries for vxlan

As vxlan UDP traffic is allowed, there's no reason to create
conntrack entries as it may result in a performance hit.

This patch is preventing vxlan traffic to be sent to conntrack.

Similar change was done some time ago for Geneve tunnels in
the ML2/OVN case with [1].

[1] https://review.opendev.org/c/openstack/tripleo-heat-templates/+/738419

    Closes-Bug: #1962616
    Change-Id: I15e341769b5c4cf1d3c98d985c39a52bce3a0f12
    (cherry picked from commit 1d77d9af27cf7b45738ab7af0fe3fa5cdf9d3c37)

tags:

added: in-stable-victoria

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-05-02: Fix merged to tripleo-heat-templates (stable/train)

#11

Reviewed: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/831734
Committed: https://opendev.org/openstack/tripleo-heat-templates/commit/0f6101dffbddc940bff3020a30b9f2556dfe9ba1
Submitter: "Zuul (22348)"
Branch: stable/train

commit 0f6101dffbddc940bff3020a30b9f2556dfe9ba1
Author: Slawek Kaplonski <email address hidden>
Date: Tue Mar 1 21:24:25 2022 +0100

Don't add conntrack entries for vxlan

As vxlan UDP traffic is allowed, there's no reason to create
conntrack entries as it may result in a performance hit.

This patch is preventing vxlan traffic to be sent to conntrack.

Similar change was done some time ago for Geneve tunnels in
the ML2/OVN case with [1].

[1] https://review.opendev.org/c/openstack/tripleo-heat-templates/+/738419

Conflicts:
deployment/neutron/neutron-ovs-agent-container-puppet.yaml

    Closes-Bug: #1962616
    Change-Id: I15e341769b5c4cf1d3c98d985c39a52bce3a0f12
    (cherry picked from commit 1d77d9af27cf7b45738ab7af0fe3fa5cdf9d3c37)
    (cherry picked from commit 8c9c70d8001b3d1b6b8b239ce871cb3fde41e352)

tags:

added: in-stable-train

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-06-24: Fix included in openstack/tripleo-heat-templates victoria-eol

#12

This issue was fixed in the openstack/tripleo-heat-templates victoria-eol release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-02-06: Fix included in openstack/tripleo-heat-templates train-eol

#13

This issue was fixed in the openstack/tripleo-heat-templates train-eol release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.