[NETVIRT-276] External DVR flow missing when using external OVS bridge Created: 15/Nov/16  Updated: 19/Oct/17  Resolved: 18/Nov/16

Status: Resolved
Project: netvirt
Component/s: General
Affects Version/s: Boron
Fix Version/s: None

Type: Bug
Reporter: Tim Rozet Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: Linux
Platform: All

Attachments: Zip Archive karaf_no_external_flow.zip     Text File ovs_output.txt    
External issue ID: 7191

 Description   

When using an external bridge "br-ex" patched to br-int, br-int is missing the table0 flow to match traffic sent from br-ex patch port. See attached karaf logs and ovs output. There was one error message in OVS log:
2016-11-15T11:11:58.601Z|00039|connmgr|INFO|br-int<->tcp:192.0.2.10:6653: sending OFPBAC_BAD_OUT_GROUP error reply to OFPT_FLOW_MOD message

 Comments   
Comment by Tim Rozet [ 15/Nov/16 ]

Attachment karaf_no_external_flow.zip has been added with description: Karaf logs

Comment by Tim Rozet [ 15/Nov/16 ]

Attachment ovs_output.txt has been added with description: ovs outputs

Comment by Koby Aizer [ 16/Nov/16 ]

We are using this feature quite a lot in our lab.

Could you please add the following debug information:

  • neutron net-show <external-network>
  • DS outputs: config/ietf-interfaces:interfaces, operational/ietf-interfaces:interfaces-state, config:elan:elan-instances
Comment by Tim Rozet [ 17/Nov/16 ]

I found that the external network was being created without passing provider type "flat" or the physical network (in our case "datacentre"). This causes the external network to be created as a vxlan provider network. In L3 agent this has worked in the past because the agent just uses 'br-ex' by default, and this also used to work with old netvirt.

Once I re-created external network with --provider:network_type flat --provider:physical_network datacentre I see the flows. However, floating IP would still not work. After a fresh install with today's autorelease, I am able to create an external network and ssh into the instance over floating IP. However, I am unable to ping the router external IP. Also, after deleting and recreating the external network (and reassigning a new floating IP), floating IPs break and I cannot ssh into the instance anymore from external net.

I think these 2 issues are 2 different bugs from this one. But for this bug, I think we want to throw an error when an external network is created for type vxlan, right?

Comment by Koby Aizer [ 17/Nov/16 ]

Happy to hear you were able to find the problem, this was one of the options I wanted to rule out using "neutron net-show". I wonder whether this configuration should've been blocked by openstack or not.

In any case, both other bugs you were mentioning are already opened:

  • https://trello.com/c/aeVj3Qss - Task to implement router gateway interface ping responder in Carbon. Currently the new netvirt only implements a ping responder for router interfaces (internal interfaces of a router).

Do you think we can close this bug?

Comment by Koby Aizer [ 17/Nov/16 ]

Sorry, I missed your question regarding throwing an error for this. Let's keep this bug as a reminder, but we should probably lower its severity

Comment by Tim Rozet [ 18/Nov/16 ]

After talking with Assaf from Neutron team, VXLAN should not be an allowed external network type. I will take it up with the Neutron project and we can close this bug.

Comment by Koby Aizer [ 18/Nov/16 ]

Makes sense, thanks!

Generated at Wed Feb 07 20:21:09 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.