From 131bbc9a53411033cf27664d8f1fd7afc72c57bf Mon Sep 17 00:00:00 2001
From: shenjiatong <yshxxsjt715@gmail.com>
Date: Thu, 18 Jun 2020 15:33:13 +0800
Subject: [PATCH] Do not block connection between br-int and br-phys on startup

Block traffic between br-int and br-physical is over kill
and will at least

1. interrupt vlan flow during startup, and is particularly
so if dvr enabled
2. if let's rabbitmq is not stable, it is possible data plane
will be affected and vlan will never work.

Using openstack on k8s particularly amplifies the problem
because pod could be killed pretty easily by liveness
probes.

Conflicts:
    neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py

Change-Id: I51050c600ba7090fea71213687d94340bac0674a
Closes-Bug: #1869808
(cherry picked from commit 90212b12cdf62e92d811997ebba699cab431d696)
---
 .../drivers/openvswitch/agent/ovs_neutron_agent.py  | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py b/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
index 6708644736c..eb864960052 100644
--- a/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
+++ b/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
@@ -1274,9 +1274,16 @@ class OVSNeutronAgent(l2population_rpc.L2populationRpcCallBackTunnelMixin,
             self.int_ofports[physical_network] = int_ofport
             self.phys_ofports[physical_network] = phys_ofport
 
-            # block all untranslated traffic between bridges
-            self.int_br.drop_port(in_port=int_ofport)
-            br.drop_port(in_port=phys_ofport)
+            # following drop operations are not necessary for
+            # dvr agent setup_dvr_flows. So skip it if dvr enabled
+            # the reason is for br_int it is duplicate
+            # for br_physical drop_port is dangerous because when dvr
+            # enabled the highest flow on table=0 is 2 which means
+            # basically everything will be dropped until setup_dvr_flows
+            # got executed.
+            if not self.enable_distributed_routing:
+                self.int_br.drop_port(in_port=int_ofport)
+                br.drop_port(in_port=phys_ofport)
 
             if self.use_veth_interconnection:
                 # enable veth to pass traffic