yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1842988] Re: OVN deployment with DVR environment incorrectly routes FIP traffic through Controller/Chassis-GW

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1842988@xxxxxxxxxxxxxxxxxx>
Date: Fri, 31 Jan 2020 13:37:02 -0000
Reply-to: Bug 1842988 <1842988@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Reviewed:  https://review.opendev.org/703813
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=c471c7330c6c7a642e11ceae5fd604177059a3e8
Submitter: Zuul
Branch:    master

commit c471c7330c6c7a642e11ceae5fd604177059a3e8
Author: Lucas Alvares Gomes <lucasagomes@xxxxxxxxx>
Date:   Wed Jan 22 15:00:32 2020 +0000

    [OVN] Remove VLAN check when setting external_mac
    
    This patch reverts [0].
    
    The code wasn't accounting for VLAN provider networks, as stated in the
    bug #1842988, DVR won't work if the provider network (where the FIP is
    created) is VLAN.
    
    There was also an incosistency in how the external_mac was set for the
    VLAN networks. Upon creating the FIP the code was checking for the
    network type and not setting the external_mac attribute in case the
    network was VLAN type. But, if the port went down and up again (e.g if
    you reboot the VM) the event handler that set/unset the external_mac [1]
    wasn't check for the type. This is how people worked around the DVR
    problem (as stated in bug #1842988).
    
    For more information see bug #1842988.
    
    [0]
    https://github.com/openstack/networking-ovn/commit/c5aef51edc9843db605303ec8bd8610b6c55e9c2
    [1]
    https://github.com/openstack/networking-ovn/blob/eda5d7f80d877601170631c5f5485370ea701f42/networking_ovn/ml2/mech_driver.py#L794-L800
    
    Change-Id: Ifb795626dc9c2ac4f0104f491dd38c9b4cc902c9
    Closes-Bug: #1842988
    Signed-off-by: Lucas Alvares Gomes <lucasagomes@xxxxxxxxx>


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1842988

Title:
  OVN deployment with DVR environment incorrectly routes FIP traffic
  through Controller/Chassis-GW

Status in neutron:
  Fix Released
Status in tripleo:
  New

Bug description:
  TripleO Stein.  OVN deployment with DVR environment file incorrectly
  routes FIP traffic through Controller/Chassis-GW rather than locally.

  Steps to reproduce
  ===========
  1. Deployed overcloud enabling ovn with DVR.

  The following neutron environment files were used (in additional to
  network isolation using bonded VLAN and other customizations)

   -e $TD/environments/services/neutron-ovn-dvr-ha.yaml \
   -e $TD/environments/services/neutron-ovn-dpdk.yaml \
   -e $TD/environments/services/neutron-ovn-sriov.yaml

  2. After overcloud deployment confirmed that the neutron conf files
  and chassis settings are correct.

  neutron.conf   -> enable_dvr=True
  ml2_conf.ini   -> enable_distributed_floating_ip=True
  bridge_mapping on compute chassis  -> ovn-bridge-mappings="datacentre:br-ex"

  3. Deployed instance with Geneve Tenant network with floating IP on
  VLAN external ‘datacentre’ network.

  Expected Result
  =============
  FIP traffic is routed through the same compute node as instance via a local NAT rule.

  Actual Result
  ============
  FIP is operational but traffic routed through the Controller/Chassis-GW.

  The matching NAT entry for the FIP shows that the external_mac is Null
  and logical port was not set, so there is no local NAT routing
  occurring as observed.

  
  Environment
  ===========

  1.      Tripleo Stein using the latest current-tripleo-rdo container
  images with standard Compute role plus OvsDpdk and SR-IOV roles.

  2.	Ceph and Pure Storage
  3.	OVN networking (default in Stein) with the following neutron environment

    -e $TD/environments/services/neutron-ovn-dvr-ha.yaml \
    -e $TD/environments/services/neutron-ovn-dpdk.yaml \
    -e $TD/environments/services/neutron-ovn-sriov.yaml

      (in additional to network isolation using bonded VLAN and other
  customizations)

  Confirmed that after deployment

  •	neutron.conf   -> enable_dvr=True
  •	ml2_conf.ini   -> enable_distributed_floating_ip=True
  •	bridge_mapping on compute chassis  -> ovn-bridge-mappings="datacentre:br-ex"

  
  Logs & Configs
  ===========

  neutron.conf   -> enable_dvr=True
  ml2_conf.ini   -> enable_distributed_floating_ip=True
  bridge_mapping on compute chassis  -> ovn-bridge-mappings="datacentre:br-ex"

  ovn-nbctl lr-nat-list neutron-a53687de-ac06-400a-9104-748d2807c55a

  TYPE             EXTERNAL_IP        LOGICAL_IP            EXTERNAL_MAC         LOGICAL_PORT
  dnat_and_snat    10.3.27.20         192.168.0.18
  snat             10.3.25.207        192.168.0.0/24

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1842988/+subscriptions