yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2038422] [NEW] [OVN] virtual ports not working upon failover

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Michel Nederlof <2038422@xxxxxxxxxxxxxxxxxx>
Date: Wed, 04 Oct 2023 08:49:11 -0000
Reply-to: Bug 2038422 <2038422@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

When we're doing a failover of a VIP in OVN, it does work internally,
but not when used with Floating IP's.

When reviewing the flows (using ovs-dpctl dump-flows) we see that it
will try to deliver the packets for the VIP to the port that originally
acquired the VIP.

Upon further investigation we see this is because the IP->MAC binding is
stored in the OVN SB DB table Mac_Binding.

Steps to reproduce (on our end at least):
Create 3 ports:
- virtual port (used for VIP)
- internal port 1 - attached to vm1
- internal port 2 - attached to vm2

Then create keepalived config (or just manually assign the vip ip to one
of the internal ports), and send out gratuitous arp replies or ping from
the other vm so there is a normal arp reply so OVN binds the port to the
virtual port.

On our env the Mac_Binding table shows a entry for the VIP address.

When doing a failover (so moving the ip from vm1 to vm2), the mac
address is not updated in the Mac_Binding table.

Since there is already something in place for removing bindings for new
floating ip's, i'd suggest to use the same method to clear any virtual
ip's stored in the mac-binding table.

Worst case scenario, the table is filled up again with the same
information, but we've not been able to detect any downtime during this
period (not even when doing a `ping -f`  during the deletion).

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2038422

Title:
  [OVN] virtual ports not working upon failover

Status in neutron:
  New

Bug description:
  When we're doing a failover of a VIP in OVN, it does work internally,
  but not when used with Floating IP's.

  When reviewing the flows (using ovs-dpctl dump-flows) we see that it
  will try to deliver the packets for the VIP to the port that
  originally acquired the VIP.

  Upon further investigation we see this is because the IP->MAC binding
  is stored in the OVN SB DB table Mac_Binding.

  Steps to reproduce (on our end at least):
  Create 3 ports:
  - virtual port (used for VIP)
  - internal port 1 - attached to vm1
  - internal port 2 - attached to vm2

  Then create keepalived config (or just manually assign the vip ip to
  one of the internal ports), and send out gratuitous arp replies or
  ping from the other vm so there is a normal arp reply so OVN binds the
  port to the virtual port.

  On our env the Mac_Binding table shows a entry for the VIP address.

  When doing a failover (so moving the ip from vm1 to vm2), the mac
  address is not updated in the Mac_Binding table.

  Since there is already something in place for removing bindings for
  new floating ip's, i'd suggest to use the same method to clear any
  virtual ip's stored in the mac-binding table.

  Worst case scenario, the table is filled up again with the same
  information, but we've not been able to detect any downtime during
  this period (not even when doing a `ping -f`  during the deletion).

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2038422/+subscriptions

Follow ups

[Bug 2038422] Re: [OVN] virtual ports not working upon failover
From: Michel Nederlof, 2023-10-24