ovn-kubernetes uses a pattern where they have a "join" switch that connects to multiple gateway routers. They make use of IPAM on the switch to allocate IP addresses on the switch ports. They then create the logical router port, connect the switch port to it, and copy the assigned addresses to the router port. In 2.9, this worked, but it fails in 2.10+.
Inspecting the ovn-northd code in 2.9, one can make inferences about the intent of a couple of sections of code. 1) In ipam_add_port_addresses(), if the passed in ovn_port is a logical router port, and it is connected to a logical switch that has an IPv4 subnet configured, then that router's IP addresses are added to the connected switch's IPAM. In other words, the router port's addresses cannot be assigned by the switch. 2) In build_ipam(), if a logical switch port has no addresses configured, then the dynamic_addresses are cleared. With these in place, one would expect that the switch port on the "join" switch would have its dynamic addresses cleared. One would also expect that the fact the address is assigned on the peered logical router port means that the address would be added to the "join" switch's IPAM. However, it does not work this way. Section (1) does not work at all. This is because ipam_add_port_addresses() runs before any ovn_port peer fields are set. Section (2) does not work because clearing the switch port dynamic_addreses is skipped for switch ports connected to a router. So why does this work in 2.9? It's actually *because* section (2) doesn't work. The uncleared dynamic_addresses on the switch port get added to IPAM, thus not allowing them to be allocated to new ports. In 2.10, IPAM was overhauled and the explicit addition of switch port's dynamic_addresses was removed as part of it. Now, dynamic_addresses are added based on detection of associated configuration. In the ovn-kubernetes scenario, the switch port has its "addresses" set to "router" instead of "dynamic", so its previously-allocated dynamic_addresses are not added to IPAM. The fix presented here is to correct sections (1) and (2) discussed above. Patch 1 clears the dynamic_addresses on a logical switch port when it has no addresses configured on it. This also works for the case where the logical switch port changes from having "dynamic" addresses to having the special "router" or "unknown" designation. Patch 2 makes logical router ports' assigned addresses added to their peer logical switch's IPAM. There are tests included with each patch as well. Mark Michelson (2): ovn: Clear dynamic_addresses when addresses are not "dynamic" ovn: Add port addresses to IPAM later. ovn/northd/ovn-northd.c | 6 +++--- tests/ovn.at | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 3 deletions(-) -- 2.14.5 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
