yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2075207] [NEW] Neutron ports don't work for certain names

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jakub Libosvar <2075207@xxxxxxxxxxxxxxxxxx>
Date: Tue, 30 Jul 2024 17:03:43 -0000
Reply-to: Bug 2075207 <2075207@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Neutron functionality relies on the port names that is specified by a
user when OVN mechanism driver is used.

Steps to reproduce:

 - Create network and a subnet (assuming ipv4 network with /24 subnet)
 - (Optional) Create a testing workload to make sure traffic will work later
 - Create a port on the network (openstack port create --network private foo)
 - Create a port on the same network with ovn-lb-vip prefix (openstack port create --network private ovn-lb-vip-foo)

Bind the foo port to a compute node:
ip net add vm-foo
ovs-vsctl add-port br-int vm-foo-port -- set interface vm-foo-port external_ids:iface-id="<the_port_id>" -- set interface vm-foo-port type=internal
ip l s dev vm-foo-port netns vm-foo
ip net e vm-foo ip l s dev vm-foo-port address <the_port_mac>
ip net e vm-foo ip a a <the_port_ip_address>/24 dev vm-foo-port
ip net e vm-foo ip l s vm-foo-port up

Bind the ovn-lb-vip-foo port to a compute node:
ip net add vm-lb-foo
ovs-vsctl add-port br-int vm-lb-port -- set interface vm-lb-port external_ids:iface-id="<the_second_port_id>" -- set interface vm-lb-port type=internal
ip l s dev vm-lb-port netns vm-lb-foo
ip net e vm-lb-foo ip l s dev vm-lb-port address <the_second_port_mac>
ip net e vm-lb-foo ip a a dev vm-lb-port address <the_second_port_ip_address>/24


Try to communicate between the two ports:
ip net e vm-foo ping <the_second_port_ip_address>

Now set `addresses` field for the LSP in the OVN NB that's belonging to
the ovn-lb-vip to the same value that is in its `port_security` column

Try to ping again - the ping works.

That is because ovn_client uses port names for functionality for 3rd
party services -
https://opendev.org/openstack/neutron/src/commit/2937080d6302fbf63fb5ea097c1eecbdc1a34ad3/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py#L593

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2075207

Title:
  Neutron ports don't work for certain names

Status in neutron:
  New

Bug description:
  Neutron functionality relies on the port names that is specified by a
  user when OVN mechanism driver is used.

  Steps to reproduce:

   - Create network and a subnet (assuming ipv4 network with /24 subnet)
   - (Optional) Create a testing workload to make sure traffic will work later
   - Create a port on the network (openstack port create --network private foo)
   - Create a port on the same network with ovn-lb-vip prefix (openstack port create --network private ovn-lb-vip-foo)

  Bind the foo port to a compute node:
  ip net add vm-foo
  ovs-vsctl add-port br-int vm-foo-port -- set interface vm-foo-port external_ids:iface-id="<the_port_id>" -- set interface vm-foo-port type=internal
  ip l s dev vm-foo-port netns vm-foo
  ip net e vm-foo ip l s dev vm-foo-port address <the_port_mac>
  ip net e vm-foo ip a a <the_port_ip_address>/24 dev vm-foo-port
  ip net e vm-foo ip l s vm-foo-port up

  Bind the ovn-lb-vip-foo port to a compute node:
  ip net add vm-lb-foo
  ovs-vsctl add-port br-int vm-lb-port -- set interface vm-lb-port external_ids:iface-id="<the_second_port_id>" -- set interface vm-lb-port type=internal
  ip l s dev vm-lb-port netns vm-lb-foo
  ip net e vm-lb-foo ip l s dev vm-lb-port address <the_second_port_mac>
  ip net e vm-lb-foo ip a a dev vm-lb-port address <the_second_port_ip_address>/24

  
  Try to communicate between the two ports:
  ip net e vm-foo ping <the_second_port_ip_address>

  Now set `addresses` field for the LSP in the OVN NB that's belonging
  to the ovn-lb-vip to the same value that is in its `port_security`
  column

  Try to ping again - the ping works.

  That is because ovn_client uses port names for functionality for 3rd
  party services -
  https://opendev.org/openstack/neutron/src/commit/2937080d6302fbf63fb5ea097c1eecbdc1a34ad3/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py#L593

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2075207/+subscriptions