yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #92757
[Bug 2028651] Re: [ovn] IPv6 VIPs broken with ML2/OVN
Reviewed: https://review.opendev.org/c/openstack/neutron/+/892564
Committed: https://opendev.org/openstack/neutron/commit/a3b00768d648742034a4e834875fc4586655787c
Submitter: "Zuul (22348)"
Branch: master
commit a3b00768d648742034a4e834875fc4586655787c
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date: Wed Aug 23 00:19:24 2023 +0000
Check the device ID and host ID during virtual port binding
If a port receives a device ID and a binding profile host ID
fields update, at the same time, this is because Nova is trying
to bind the port to a VM (device ID) in a host (host ID). In
ML2/OVN, a virtual port cannot be bound to a VM.
NOTE:
* A virtual port can receive a host ID update. That happens when
the fixed IP port that has the virtual port IP address as
allowed address pair is bound.
* A virtual port can receive a devide ID update. Octavia uses
the devide ID to identify to what load balancer the virtual
port belongs.
This check was introduced in [1].
[1]https://review.opendev.org/c/openstack/neutron/+/882588
Closes-Bug: #2028651
Related-Bug: #2018529
Change-Id: I8784c6716f5a53b91d43323771e6f30fa8e8e506
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2028651
Title:
[ovn] IPv6 VIPs broken with ML2/OVN
Status in neutron:
Fix Released
Bug description:
Originally reported in the Octavia launchpad:
https://bugs.launchpad.net/octavia/+bug/2028524
The commit https://review.opendev.org/c/openstack/neutron/+/882588
introduced a regression in Octavia
It adds a validate_port_binding_and_virtual_port function that raises an exception when a port:
- has non-empty binding:host_id
- has fixed_ips/subnets
- has VIRTUAL type (in ovn)
When we create a load balancer in Octavia (with an IPv6 VIP)
$ openstack loadbalancer create --vip-subnet ipv6-public-subnet --name lb1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone | None |
| created_at | 2023-07-25T07:11:25 |
| description | |
| flavor_id | None |
| id | 75cf51d2-4576-4878-8bfe-ad55584a7d76 |
| listeners | |
| name | lb1 |
| operating_status | OFFLINE |
| pools | |
| project_id | 86f57e2e56874381a0d586263fc8d900 |
| provider | amphora |
| provisioning_status | PENDING_CREATE |
| updated_at | None |
| vip_address | 2001:db8::b1 |
| vip_network_id | 2d16ac53-8438-435d-a787-e5ceb4b783be |
| vip_port_id | 83e51017-8f02-4916-bcd2-ebe0475b1ce6 |
| vip_qos_policy_id | None |
| vip_subnet_id | 813adce0-21de-44c9-958a-6967441b8623 |
| tags | |
| additional_vips | [] |
+---------------------+--------------------------------------+
The VIP port contains:
$ openstack port show 83e51017-8f02-4916-bcd2-ebe0475b1ce6
+-------------------------+--------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------------------------------------------------------------------------+
| admin_state_up | DOWN |
| allowed_address_pairs | |
| binding_host_id | gthiemon-devstack |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2023-07-25T07:11:25Z |
| data_plane_status | None |
| description | |
| device_id | lb-75cf51d2-4576-4878-8bfe-ad55584a7d76 |
| device_owner | Octavia |
| device_profile | None |
| dns_assignment | fqdn='host-2001-db8--b1.openstackgate.local.', hostname='host-2001-db8--b1', ip_address='2001:db8::b1' |
| dns_domain | |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | ip_address='2001:db8::b1', subnet_id='813adce0-21de-44c9-958a-6967441b8623' |
| id | 83e51017-8f02-4916-bcd2-ebe0475b1ce6 |
| ip_allocation | None |
| mac_address | fa:16:3e:c9:4f:7e |
| name | octavia-lb-75cf51d2-4576-4878-8bfe-ad55584a7d76 |
| network_id | 2d16ac53-8438-435d-a787-e5ceb4b783be |
| numa_affinity_policy | None |
| port_security_enabled | True |
| project_id | 86f57e2e56874381a0d586263fc8d900 |
| propagate_uplink_status | None |
| qos_network_policy_id | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 10 |
| security_group_ids | 7c8d8935-9445-4e74-a815-a24246af757a |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2023-07-25T07:12:14Z |
+-------------------------+--------------------------------------------------------------------------------------------------------+
The port is not bound and has a binding_host_id, has a fixed_ips with a subnet and there's another port that has an allowed_address_pair with the VIP port's allocated address (so the port is a virtual port in OVN)
Any updates of this port result in a BadRequest Exception:
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow Traceback (most recent call last):
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow File "/opt/stack/octavia/octavia/network/drivers/neutron/base.py", line 129, in _add_security_group_to_port
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow self.network_proxy.update_port(
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow File "/opt/stack/openstacksdk/openstack/network/v2/_proxy.py", line 2979, in update_port
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow return self._update(_port.Port, port, if_revision=if_revision, **attrs)
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow File "/opt/stack/openstacksdk/openstack/proxy.py", line 64, in check Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow return method(self, expected, actual, *args, **kwargs)
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow File "/opt/stack/openstacksdk/openstack/network/v2/_proxy.py", line 189, in _update
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow return res.commit(self, base_path=base_path, if_revision=if_revision) Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow File "/opt/stack/openstacksdk/openstack/resource.py", line 1794, in commit
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow return self._commit(
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow File "/opt/stack/openstacksdk/openstack/resource.py", line 1839, in _commit
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow self._translate_response(response, has_body=has_body)
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow File "/opt/stack/openstacksdk/openstack/resource.py", line 1278, in _translate_response
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow exceptions.raise_from_response(response, error_message=error_message)
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow File "/opt/stack/openstacksdk/openstack/exceptions.py", line 263, in raise_from_response
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow raise cls(
Jul 24 03:08:07 gthiemon-devstack octavia-worker[97901]: ERROR octavia.common.base_taskflow openstack.exceptions.BadRequestException: BadRequestException: 400: Client Error for url: http://192.168.1.101:9696/networking/v2.0/ports/618567c4-78c7-4398-b889-b567f6fd6aeb, Bad port request: A virtual logical switch port cannot be bound to a host.
The goal of this validation function seems to raise an exception when the binding_host_id is not empty, but the PortBindingUpdateVirtualPortsEvent class sets the binding_host_id of virtual ports.
https://opendev.org/openstack/neutron/src/commit/58c8493ff9defbb4544803ec3fc0432c0685c592/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py#L532-L537
Interestingly, it's not 100% reproducible (around 90%) and it is not reproducible with IPv4 VIPs, with IPv4 ports, the binding_host_id is always empty.
I have a couple of questions:
- is the validation function correct? should the binding_host_id be empty for VIP ports?
- why is binding_host_id set for IPv6 VIPs but not for IPv4 VIPs?
I can provide more logs if needed
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2028651/+subscriptions
References
