Reviewed: https://review.opendev.org/716302 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=eb775458c6da57426703289c7b969caddb83d677 Submitter: Zuul Branch: master
commit eb775458c6da57426703289c7b969caddb83d677 Author: Slawek Kaplonski <[email protected]> Date: Tue Mar 31 05:33:06 2020 +0200 [DVR] Don't populate unbound ports in router's ARP cache When user is using keepalived on their instances, he often creates additional port in Neutron to allocate some IP address which will be then used as VIP in keepalived and will be configured in allowed_address_pair of other ports plugged to instances with keepalived. This is e.g. Octavia's use case. This together with DVR caused problems with connectivity to such VIP as it was populated in router's arp cache with MAC address from Neutron db. As this port isn't bound, it is only Neutron db entry so there is no need to set it in arp cache of the router. This patch is doing exactly that to filter such "unbound" and "binding_failed" ports from the list. Change-Id: Ia885ce00dbb5f2968859e8d0850bc511016f0846 Closes-Bug: #1869887 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1869887 Title: L3 DVR ARP population gets incorrect MAC address in some cases Status in neutron: Fix Released Bug description: L3 dvr router is setting permanent arp entries in qrouter's namespace for all ports plugged to the subnets which are connected to the router. In most cases it's fine, but as it uses MAC address defined in Neutron DB for that (which is fine in general) it may cause connectivity problem in specific conditions. It happens for example with Octavia as Octavia creates unbound ports just to allocate IP address for their VIP in Neutron's db. And Octavia then sets this IP address in allowed_address_pair of other ports which are plugged to Amphora's VMs. But in DVR case such IP address is populated in arp cache with mac address from own port, it don't works fine when is configured as additional IP on interface with different MAC. Octavia is only one, most common known example of such use case, but we know that there are other users who are doing something similar with keepalived on their instances. So as this additional port is always "unbound", and "unbound" means that such port is basically just entry in Neutron DB, I think that there is no need to set it in arp cache. Only bound ports should be set there. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1869887/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
