Browse Source

[ovn]: Remove unwanted IP addresses from OVN ports

MAC learning has been added in OVN v21.03[0]. Now, if DHCP and port
security are disabled, then the addresses field of a port should not
include its MAC-IP address pairs. This allows the use of OVN MAC
learning capabilities. Existing tests now match this requirement too.

[0] http://patchwork.ozlabs.org/project/ovn/list/?series=228135i&state=%2A&archive=both

Change-Id: I485762b46567a99b9ebd6eb047c7088fed8071d1
Closes-Bug: 1904412
Signed-off-by: Elvira García Ruiz <egarciar@redhat.com>
(manually cherry picked from commit 24fddc760edcf2004f4608a42ae75f82b3b72b76)
changes/96/784096/2
Elvira García 3 months ago
parent
commit
31e50e577f
2 changed files with 20 additions and 15 deletions
  1. +16
    -10
      networking_ovn/common/ovn_client.py
  2. +4
    -5
      networking_ovn/tests/unit/ml2/test_mech_driver.py

+ 16
- 10
networking_ovn/common/ovn_client.py View File

@ -217,6 +217,8 @@ class OVNClient(object):
port_type = ''
cidrs = ''
dhcpv4_options = self._get_port_dhcp_options(port, const.IP_VERSION_4)
dhcpv6_options = self._get_port_dhcp_options(port, const.IP_VERSION_6)
if vtep_physical_switch:
vtep_logical_switch = binding_prof.get('vtep-logical-switch')
port_type = 'vtep'
@ -251,11 +253,6 @@ class OVNClient(object):
options[ovn_const.LSP_OPTIONS_VIRTUAL_PARENTS_KEY] = (
','.join(parents))
port_security, new_macs = (
self._get_allowed_addresses_from_port(port))
addresses = [address]
addresses.extend(new_macs)
# Only adjust the OVN type if the port is not owned by Neutron
# DHCP agents.
if (port['device_owner'] == const.DEVICE_OWNER_DHCP and
@ -273,9 +270,21 @@ class OVNClient(object):
LOG.warning('The version of OVN used does not support '
'the "external ports" feature used for '
'SR-IOV ports with OVN native DHCP')
addresses = []
port_security, new_macs = (
self._get_allowed_addresses_from_port(port))
# TODO(egarciar): OVN supports MAC learning from v21.03. This
# if-else block is stated so as to keep compability with older OVN
# versions and should be removed in the future.
if self._sb_idl.is_table_present('FDB'):
if (port_security or port_type or dhcpv4_options or
dhcpv6_options):
addresses.append(address)
addresses.extend(new_macs)
else:
addresses = [address]
addresses.extend(new_macs)
# The "unknown" address should only be set for the normal LSP
# ports (the ones which type is empty)
if not port_security and not port_type:
# Port security is disabled for this port.
# So this port can send traffic with any mac address.
@ -284,9 +293,6 @@ class OVNClient(object):
# So add it.
addresses.append(ovn_const.UNKNOWN_ADDR)
dhcpv4_options = self._get_port_dhcp_options(port, const.IP_VERSION_4)
dhcpv6_options = self._get_port_dhcp_options(port, const.IP_VERSION_6)
# HA Chassis Group will bind the port to the highest
# priority Chassis
if port_type != ovn_const.LSP_TYPE_EXTERNAL:


+ 4
- 5
networking_ovn/tests/unit/ml2/test_mech_driver.py View File

@ -387,8 +387,8 @@ class TestOVNMechanismDriver(test_plugin.Ml2PluginV2TestCase):
self.assertEqual([],
called_args_dict.get('port_security'))
self.assertEqual('unknown',
called_args_dict.get('addresses')[1])
self.assertIn(ovn_const.UNKNOWN_ADDR,
called_args_dict.get('addresses'))
data = {'port': {'mac_address': '00:00:00:00:00:01'}}
req = self.new_update_request(
'ports',
@ -400,9 +400,8 @@ class TestOVNMechanismDriver(test_plugin.Ml2PluginV2TestCase):
).call_args_list[0][1])
self.assertEqual([],
called_args_dict.get('port_security'))
self.assertEqual(2, len(called_args_dict.get('addresses')))
self.assertEqual('unknown',
called_args_dict.get('addresses')[1])
self.assertIn(ovn_const.UNKNOWN_ADDR,
called_args_dict.get('addresses'))
# Enable port security
data = {'port': {'port_security_enabled': 'True'}}


Loading…
Cancel
Save