yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1472452] Re: arp spoofing protection flow install failed

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 03 Sep 2015 19:10:43 -0000
Reply-to: Bug 1472452 <1472452@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => liberty-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1472452

Title:
  arp spoofing protection flow install failed

Status in neutron:
  Fix Released

Bug description:
  Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
      def treat_devices_added_or_updated(self, devices, ovs_restarted):
              .....
              .....
              
              if self.prevent_arp_spoofing:
                 self.setup_arp_spoofing_protection(self.int_br, port, details)

  but then in function '_bind_devices', it will clear all flows for this
  new port, so the arp spoofing protection flow is also be clean

      def _bind_devices(self, need_binding_ports):
              .....
              ....
              if cur_tag != lvm.vlan:
                  self.int_br.set_db_attribute(
                      "Port", port.port_name, "tag", lvm.vlan)
                  if port.ofport != -1:
                      # NOTE(yamamoto): Remove possible drop_port flow
                      # installed by port_dead.
                      self.int_br.delete_flows(in_port=port.ofport)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1472452/+subscriptions

References

[Bug 1472452] [NEW] arp spoofing protection flow install failed
From: shihanzhang, 2015-07-08