← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2000046] [NEW] [ml2][ovs] port flows Unexpectedly deleted by arp_spoofing_protection

 

Public bug reported:

Port arp_spoofing_protection will install flows like this:

table=0, priority=9,in_port=2 actions=goto_table:25
table=25, priority=2,in_port=2,dl_src=fa:16:3e:54:f0:71 actions=goto_table:60

For network ports or port_security_enabled = False, those flows
will be delete by setup_arp_spoofing_protection in _bind_devices [1][2][3][4].

Besides, the ovs_agent extension handle_port will be run before
these actions [5]. So, if any extesnion adds flows in table=0 with "in_port=x".
will be delete unexpectedly.

[1] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py#L385
[2] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1300
[3] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1307
[4] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1241
[5] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L2038

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2000046

Title:
  [ml2][ovs] port flows Unexpectedly  deleted by arp_spoofing_protection

Status in neutron:
  New

Bug description:
  Port arp_spoofing_protection will install flows like this:

  table=0, priority=9,in_port=2 actions=goto_table:25
  table=25, priority=2,in_port=2,dl_src=fa:16:3e:54:f0:71 actions=goto_table:60

  For network ports or port_security_enabled = False, those flows
  will be delete by setup_arp_spoofing_protection in _bind_devices [1][2][3][4].

  Besides, the ovs_agent extension handle_port will be run before
  these actions [5]. So, if any extesnion adds flows in table=0 with "in_port=x".
  will be delete unexpectedly.

  [1] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py#L385
  [2] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1300
  [3] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1307
  [4] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1241
  [5] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L2038

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2000046/+subscriptions



Follow ups