[NETVIRT-1313] Orphaned vpn-portip-to-port entry after router unsets external-gateway Created: 18/Jun/18  Updated: 25/Jun/18  Resolved: 25/Jun/18

Status: Resolved
Project: netvirt
Component/s: None
Affects Version/s: None
Fix Version/s: Oxygen-SR3, Fluorine

Type: Bug Priority: Medium
Reporter: Vinh Nguyen Assignee: Vinh Nguyen
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Orphaned router external gateway IP's vpn-portip-to-port entry for the after router unsets external-gateway. This entry will prevent PNF with same IP to be discovered via Subnet Route.

Version Tested: master, nitrogen

Reproduction Steps:

1) Create network/subnet

2) Create VM 

3) Create Router

4) Attach subnet to router

5) create external network/subnet

Entry vpn-portip-to-port is added for the router's external gateway IP 192.168.56.13:
"neutron-vpn-portip-port-data": {
"vpn-portip-to-port": [

 

{     "mac-address": "fa:16:3e:e5:5f:67",     "port-fixedip": "192.168.56.13",     "port-name": "c7cb629c-9f61-4fa8-ac6a-ec34ef1ec33a",     "subnet-ip": false,     "vpn-name": "52e09bd3-84a1-495e-9f9e-0d7a99018025"     }

6) Unset the router's external gateway
openstack router unset --external-gateway router1

The entry vpn-portip-to-port for external gateway IP remains even though the neutron port
for 192.168.56.13 is deleted.

7) Re-set the router's external gateway to the same external network
openstack router set --external-gateway ext-net1 router1

New entry vpn-portip-to-port for new external gateway IP (192.168.56.11) is added.
The orphaned entry for obsoleted external gateway IP (192.168.56.13)  in 6) still remains:

"vpn-portip-to-port": [
 

{     "mac-address": "fa:16:3e:c9:46:18",     "port-fixedip": "192.168.56.11",     "port-name": "d774a2d5-07c9-4306-a635-bf889ab61640",     "subnet-ip": false,     "vpn-name": "52e09bd3-84a1-495e-9f9e-0d7a99018025"   }

,
 

{     "mac-address": "fa:16:3e:e5:5f:67",     "port-fixedip": "192.168.56.13",     "port-name": "c7cb629c-9f61-4fa8-ac6a-ec34ef1ec33a",     "subnet-ip": false,     "vpn-name": "52e09bd3-84a1-495e-9f9e-0d7a99018025"   }

Issue:

-------

Failure to communicate with PNF which has same IP as the obsoleted router's external gateway:

8) ssh to PNF which has same IP as the obsoleted router's external gateway (192.168.56.13)
Connection timeout, no PNF flows installed.

Reason:
Upon receiving the first packet from PNF, SubnetRoutePacketInHandler checks the neutron-vpn-portip-port-data DS if the target IP is known neutron port and ignores the packet if it is.

Since the PNF IP's is the same as the obsoleted gateways's IP, and there exists the orphaned entry in 6) the subnet route processing for the PNF target is ignored.

As a result the FIB entry for the PNF are not installed and communication to the PNF fails.

Related information from karaf.log:
2018-06-18T14:33:27,396 | INFO | pool-52-thread-1 | SubnetRoutePacketInHandler | 382 - org.opendaylight.netvirt.vpnmanager-impl - 0.7.0.SNAPSHOT | SUBNETROUTE: onPacketReceived: IPv4 Packet received with Target IP 192.168.56.13 source IP [-64, -88, 56, 11] vpnId 100006 is a valid Neutron port,ignoring subnet route processing

 
Generated at Wed Feb 07 20:23:45 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.