[DVR] Block ARP to dvr router's port instead of subnet's gateway

It may happen that subnet is connected to dvr router using IP address
different than subnet's gateway_ip.
So in br-tun arp to dvr router's port should be dropped instead of
dropping arp to subnet's gateway_ip (or mac in case of IPv6).

Conflicts:
        neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py

Change-Id: Ida6b7ae53f3fc76f54e389c5f7131b5a66f533ce
Closes-bug: #1831575
(cherry picked from commit ae3aa28f5a)
changes/61/663161/2
Slawek Kaplonski 4 years ago
parent 4bdd17a743
commit 151c6a030a
  1. 7
      neutron/plugins/ml2/drivers/openvswitch/agent/ovs_dvr_neutron_agent.py
  2. 21
      neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py

@ -419,12 +419,11 @@ class OVSDVRNeutronAgent(object):
# TODO(vivek) remove the IPv6 related flows once SNAT is not
# used for IPv6 DVR.
if ip_version == 4:
if subnet_info['gateway_ip']:
br.install_dvr_process_ipv4(
vlan_tag=lvm.vlan, gateway_ip=subnet_info['gateway_ip'])
br.install_dvr_process_ipv4(
vlan_tag=lvm.vlan, gateway_ip=fixed_ip['ip_address'])
else:
br.install_dvr_process_ipv6(
vlan_tag=lvm.vlan, gateway_mac=subnet_info['gateway_mac'])
vlan_tag=lvm.vlan, gateway_mac=port.vif_mac)
br.install_dvr_process(
vlan_tag=lvm.vlan, vif_mac=port.vif_mac,
dvr_mac_address=self.dvr_mac_address)

@ -2511,7 +2511,7 @@ class TestOvsDvrNeutronAgent(object):
return resp
def _expected_install_dvr_process(self, lvid, port, ip_version,
gateway_ip, gateway_mac):
gateway_ip):
if ip_version == 4:
ipvx_calls = [
mock.call.install_dvr_process_ipv4(
@ -2522,7 +2522,7 @@ class TestOvsDvrNeutronAgent(object):
ipvx_calls = [
mock.call.install_dvr_process_ipv6(
vlan_tag=lvid,
gateway_mac=gateway_mac),
gateway_mac=port.vif_mac),
]
return ipvx_calls + [
mock.call.install_dvr_process(
@ -2536,12 +2536,13 @@ class TestOvsDvrNeutronAgent(object):
ip_version=4):
self._setup_for_dvr_test()
if ip_version == 4:
gateway_ip = '1.1.1.1'
gateway_ip = '1.1.1.10'
cidr = '1.1.1.0/24'
else:
gateway_ip = '2001:100::1'
cidr = '2001:100::0/64'
self._port.vif_mac = gateway_mac = 'aa:bb:cc:11:22:33'
self._port.vif_mac = 'aa:bb:cc:11:22:33'
gateway_mac = 'aa:bb:cc:66:66:66'
self._compute_port.vif_mac = '77:88:99:00:11:22'
physical_network = self._physical_network
segmentation_id = self._segmentation_id
@ -2589,8 +2590,7 @@ class TestOvsDvrNeutronAgent(object):
port=self._port,
lvid=lvid,
ip_version=ip_version,
gateway_ip=gateway_ip,
gateway_mac=gateway_mac)
gateway_ip=self._fixed_ips[0]['ip_address'])
expected_on_int_br = [
mock.call.provision_local_vlan(
port=int_ofp,
@ -2678,8 +2678,7 @@ class TestOvsDvrNeutronAgent(object):
port=self._port,
lvid=lvid,
ip_version=ip_version,
gateway_ip=gateway_ip,
gateway_mac=gateway_mac)
gateway_ip=gateway_ip)
self.assertEqual(expected_on_int_br, int_br.mock_calls)
self.assertEqual(expected_on_tun_br, tun_br.mock_calls)
self.assertEqual([], phys_br.mock_calls)
@ -2931,8 +2930,7 @@ class TestOvsDvrNeutronAgent(object):
port=self._port,
lvid=lvid,
ip_version=ip_version,
gateway_ip=gateway_ip,
gateway_mac=gateway_mac)
gateway_ip=gateway_ip)
self.assertEqual(expected_on_tun_br, tun_br.mock_calls)
int_br.reset_mock()
@ -3032,8 +3030,7 @@ class TestOvsDvrNeutronAgent(object):
port=self._port,
lvid=lvid,
ip_version=ip_version,
gateway_ip=gateway_ip,
gateway_mac=gateway_mac)
gateway_ip=gateway_ip)
self.assertEqual(expected_on_tun_br, tun_br.mock_calls)
int_br.reset_mock()
tun_br.reset_mock()

Loading…
Cancel
Save