yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1293693] Re: libvirt OVS VLAN tag not set

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Aaron Rosen <aaronorosen@xxxxxxxxx>
Date: Tue, 18 Mar 2014 06:48:44 -0000
Reply-to: Bug 1293693 <1293693@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is a neutron issue as nova does not set the vlan tag the l2-agent
does. Removing nova.

** No longer affects: nova

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1293693

Title:
  libvirt OVS VLAN tag not set

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Trying to use icehouse, libvirt-Xen, OpenVswitch 1.11.0, with VLAN
  tagging.

  Problem is that networking is non-functional on instance launch. 'ovs-
  vsctl show' output shows that the tap interface for the instance does
  not have the appropriate (internal) VLAN tag (no tag is set).
  Consequently, the instance is unable to obtain an IP address from
  DHCP, etc. Setting the tag manually with 'ovs-vsctl set port tapXXX
  tag=1' is a workaround (but not a very good one).

  Exploring this, I find that the neutron OVS agent scans the OVS ports
  and examines the 'external-ids' to see which ones are of interest.
  When it sees a new port that is of interest, it sets the VLAN tag as
  required. In my case, the VIF port that's added when an instance is
  launched has empty 'external-ids', and so the agent ignores it. The
  port is getting added to the OVS integration bridge by the Xen
  scripts, but the 'external-ids' are not getting set (Xen knows nothing
  about this part).

  Looking further; when nova.conf has
  'firewall_driver=nova.virt.firewall.NoopFirewallDriver', the
  LibvirtBaseVIFDriver (nova/virt/libvirt/vif.py) uses function
  plug_ovs_bridge(), which is a no-op.  When
  firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver, a
  different function, plug_ovs_hybrid(), is used. When OVS is older than
  version 0.9.11, a function called plug_ovs_ethernet() is used. Both
  plug_ovs_hybrid() and plug_ovs_ethernet() call
  linux_net.create_ovs_vif_port(), and that's where the 'external-ids'
  get set.

  I tried modifying plug_ovs_bridge() to call
  linux_net.create_ovs_vif_port(), but that causes the Xen hotplug
  scripts to fail ("ovs-vsctl: cannot create a port named tap3ccfe10f-c4
  because a port named tap3ccfe10f-c4 already exists on bridge br-int")

  When the Noop firewall_driver is used in conjunction with newer OVS,
  something needs to set the 'external-ids' on the VIF port so that the
  neutron agent will see it and set the VLAN tag.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1293693/+subscriptions

References

[Bug 1293693] [NEW] libvirt OVS VLAN tag not set
From: Iain MacDonnell, 2014-03-17