← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #84426

[Bug 1904412] [NEW] [ovn] Don't include IP addresses for OVN ports if both port security and DHCP are disabled

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Right now, when port security is disabled the ML2/OVN plugin will set
the addresses field to ["unknown", "mac IP1 IP2..."]. Eg.:

port 2da76786-51f0-4217-a09b-0c16e6728588 (aka servera-port-2)
        addresses: ["52:54:00:02:FA:0A 192.168.0.245", "unknown"]

There are scenarios (eg. NIC teaming) where the traffic may come from
two different ports with the same source MAC address. While this is
fine, on the way back, OVN doesn't learn the location of the MAC and it
will deliver to the port which has the MAC address defined in the DB.

E.g

port1 - MAC1
port2 - MAC2

If traffic goes out from port2 with smac=MAC1, then the traffic will be delivered by OVN.
However, for incoming traffic getting to br-int with dmac=MAC1, OVN will deliver that to port1 instead of port2 because of the above configuration.

If OVN is not configured with any MAC(s) then the traffic will be
flooded to all ports which have addresses=["unknown"].

The reason why "MAC IP" is added is merely so that OVN can install the
necessary flows to serve DHCP natively.

In order to cover these use cases, the ML2/OVN driver could clear up the
MAC-IP(s) from the 'addresses' column of those ports that belong to a
network with DHCP disabled.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1904412

Title:
  [ovn] Don't include IP addresses for OVN ports if both port security
  and DHCP are disabled

Status in neutron:
  New

Bug description:
  Right now, when port security is disabled the ML2/OVN plugin will set
  the addresses field to ["unknown", "mac IP1 IP2..."]. Eg.:

  port 2da76786-51f0-4217-a09b-0c16e6728588 (aka servera-port-2)
          addresses: ["52:54:00:02:FA:0A 192.168.0.245", "unknown"]

  There are scenarios (eg. NIC teaming) where the traffic may come from
  two different ports with the same source MAC address. While this is
  fine, on the way back, OVN doesn't learn the location of the MAC and
  it will deliver to the port which has the MAC address defined in the
  DB.

  E.g

  port1 - MAC1
  port2 - MAC2

  If traffic goes out from port2 with smac=MAC1, then the traffic will be delivered by OVN.
  However, for incoming traffic getting to br-int with dmac=MAC1, OVN will deliver that to port1 instead of port2 because of the above configuration.

  If OVN is not configured with any MAC(s) then the traffic will be
  flooded to all ports which have addresses=["unknown"].

  The reason why "MAC IP" is added is merely so that OVN can install the
  necessary flows to serve DHCP natively.

  In order to cover these use cases, the ML2/OVN driver could clear up
  the MAC-IP(s) from the 'addresses' column of those ports that belong
  to a network with DHCP disabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1904412/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next