neutron

[OVN] Virtual ports cannot be used as VM ports

Bug #2018529 reported by Rodolfo Alonso on 2023-05-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	In Progress	Medium	Rodolfo Alonso

Bug Description

Related bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2190348

Since [1], all ports used as virtual IP ports, as marked as virtual in the OVN NB:
LSP.type=virtual

A virtual port is used to reserve an IP address in a network. When this IP address is assigned as "allowed address" to another port, the ML2/OVN mech driver detects that the virtual port has parents [2] and sets the port type.

These ports cannot be used as VM ports because of this: these are virtual ports from OVN point of view. These ports cannot be bound and are just a representation of this VIP. The OVN SB "Port_Binding" register (that reflects the type=virtual mark), is assigned to a chassis by the ovn-controller, when an ARP packet with the VIP crosses a compute integration bridge. In other words: if many VM ports have this "allowed address" VIP (as a floating VIP between several ports), the port transmitting with this IP (can be only one) will claim the chassis.

[1]https://review.opendev.org/c/openstack/neutron/+/842297
[2]https://review.opendev.org/c/openstack/neutron/+/842297/2/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py#251

See original description

Tags:

Rodolfo Alonso (rodolfo-alonso-hernandez) on 2023-05-04

Changed in neutron:
assignee:	nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
importance:	Undecided → Medium
description:	updated

Oleg Bondarev (obondarev) on 2023-05-05

tags:	added: ovn
Changed in neutron:
status:	New → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-08: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/882540

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-08:

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/882557

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-08:

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/882562

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-05-08: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/882588

Changed in neutron:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-01: Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/882540
Committed: https://opendev.org/openstack/neutron/commit/a22b1dedc2fdc522e3079e2e7668c69f5246d784
Submitter: "Zuul (22348)"
Branch: master

commit a22b1dedc2fdc522e3079e2e7668c69f5246d784
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon May 8 10:08:15 2023 +0200

Implement ``get_subnets_address_scopes`` method

    This patch implement a method to retrieve the IPv4 and IPv6
    address scopes of several subnets, providing a list of fixed
    IP addresses that belong to a port.

The goal of this patch is to decouple the address scope retrieval
from the logic that determines if an OVN LSP is virtual or not.

Related-Bug: #2018529

Change-Id: Id4ab755293627119455cbcd15602690c8ce7a3c1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-02:

Reviewed: https://review.opendev.org/c/openstack/neutron/+/882557
Committed: https://opendev.org/openstack/neutron/commit/ac24dbed1c57a92741a9f2a637e7f8026e265d38
Submitter: "Zuul (22348)"
Branch: master

commit ac24dbed1c57a92741a9f2a637e7f8026e265d38
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon May 8 13:10:42 2023 +0200

Implement ``get_port_type_virtual_and_parents`` method

    This patch implements a method to determine if a LSP is virtual or
    not. In case the port is virtual, the method returns the type name,
    the virtual IP address and the parents (the ports that are using this
    virtual IP address as allowed address)

The goal of this patch is to decouple this method from the
``_get_port_options`` method code.

Related-Bug: #2018529
Change-Id: I58b213f79bad9de91a6181745da526500dc9c615

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-02:

Reviewed: https://review.opendev.org/c/openstack/neutron/+/882562
Committed: https://opendev.org/openstack/neutron/commit/37dda9bc69f31af7c9c38de7e462480aa54c1f60
Submitter: "Zuul (22348)"
Branch: master

commit 37dda9bc69f31af7c9c38de7e462480aa54c1f60
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon May 8 15:05:00 2023 +0200

Move ``determine_bind_host`` to ``ovn.utils``

This method could be used outside the OVNClient instance.

Related-Bug: #2018529
Change-Id: Iecc5e633573b15d71158ed2c10df768feef6df99

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-08-31: Fix included in openstack/neutron 23.0.0.0b3

This issue was fixed in the openstack/neutron 23.0.0.0b3 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-09-05: Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/892564
Committed: https://opendev.org/openstack/neutron/commit/a3b00768d648742034a4e834875fc4586655787c
Submitter: "Zuul (22348)"
Branch: master

commit a3b00768d648742034a4e834875fc4586655787c
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed Aug 23 00:19:24 2023 +0000

Check the device ID and host ID during virtual port binding

    If a port receives a device ID and a binding profile host ID
    fields update, at the same time, this is because Nova is trying
    to bind the port to a VM (device ID) in a host (host ID). In
    ML2/OVN, a virtual port cannot be bound to a VM.

    NOTE:
    * A virtual port can receive a host ID update. That happens when
      the fixed IP port that has the virtual port IP address as
      allowed address pair is bound.
    * A virtual port can receive a devide ID update. Octavia uses
      the devide ID to identify to what load balancer the virtual
      port belongs.

This check was introduced in [1].

[1]https://review.opendev.org/c/openstack/neutron/+/882588

    Closes-Bug: #2028651
    Related-Bug: #2018529
    Change-Id: I8784c6716f5a53b91d43323771e6f30fa8e8e506

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-09-15: Related fix proposed to neutron (stable/2023.1)

#10

Related fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/neutron/+/895433

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-09-26: Related fix merged to neutron (stable/2023.1)

#11

Reviewed: https://review.opendev.org/c/openstack/neutron/+/895433
Committed: https://opendev.org/openstack/neutron/commit/4adbc85de70f106e7b358a62f2d9a715bc8701ca
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 4adbc85de70f106e7b358a62f2d9a715bc8701ca
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed Aug 23 00:19:24 2023 +0000

Check the device ID and host ID during virtual port binding

This check was introduced in [1].

[1]https://review.opendev.org/c/openstack/neutron/+/882588

    Closes-Bug: #2028651
    Related-Bug: #2018529
    Change-Id: I8784c6716f5a53b91d43323771e6f30fa8e8e506
    (cherry picked from commit a3b00768d648742034a4e834875fc4586655787c)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.