Ensure no GARPs are sent for Load Balancer VIPs on tenant networks

When a loadbalancer is created in tenant network (VIP and members), and that tenant network is connected to a router, which is connected to the provider network, the ovn loadbalancer gets associated to the ovn logical router. If the "router" option is used for "nat-addresses" (as currently done), ovn-controller will send GARPs for that VIP. As there is nothing blocking different tenants in openstack to create a subnet with the same CIDR and then a loadbalancer with the same VIP, there may be several ovn-controllers generating GARPs on the provider network for the same IP, each one with the MAC of the logical router port belonging to each tenant. This could be a problem for the physical network infrastructure. This patch fixes it by setting a new option added in OVN[1], named "exclude-lb-vips-from-garp", on the router gateway port, ensuring no GARPs are sent for the load balancer VIPs. [1] 183edfc446.1645793899.git.lorenzo.bianconi@redhat.com/ Closes-Bug: #1964901 Change-Id: Ifc2e5b2cc64c0b3beafd0a2e6eb9b9f248970cc5 (cherry picked from commit 9d4e6edd5b)
2022-03-08 13:04:58 +01:00 · 2022-03-08 13:04:58 +01:00 · 391af6c158
parent c6d3f90bee
commit 391af6c158
3 changed files with 7 additions and 2 deletions
--- a/neutron/common/ovn/constants.py
+++ b/neutron/common/ovn/constants.py
@ -50,10 +50,12 @@ OVN_PORT_BINDING_PROFILE_PARAMS = [{'parent_name': str,
                                   {'vtep-physical-switch': str,
                                    'vtep-logical-switch': str}]
 MIGRATING_ATTR = 'migrating_to'
-OVN_ROUTER_PORT_OPTION_KEYS = ['router-port', 'nat-addresses']
+OVN_ROUTER_PORT_OPTION_KEYS = ['router-port', 'nat-addresses',
+                               'exclude-lb-vips-from-garp']
 OVN_GATEWAY_CHASSIS_KEY = 'redirect-chassis'
 OVN_CHASSIS_REDIRECT = 'chassisredirect'
 OVN_GATEWAY_NAT_ADDRESSES_KEY = 'nat-addresses'
+OVN_ROUTER_PORT_EXCLUDE_LB_VIPS_GARP = 'exclude-lb-vips-from-garp'
 OVN_DROP_PORT_GROUP_NAME = 'neutron_pg_drop'
 OVN_ROUTER_PORT_GW_MTU_OPTION = 'gateway_mtu'

--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/commands.py
+++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/commands.py
@ -406,6 +406,7 @@ class SetLRouterPortInLSwitchPortCommand(command.BaseCommand):
        options = {'router-port': self.lrouter_port}
        if self.is_gw_port:
            options[ovn_const.OVN_GATEWAY_NAT_ADDRESSES_KEY] = 'router'
+            options[ovn_const.OVN_ROUTER_PORT_EXCLUDE_LB_VIPS_GARP] = 'true'
        setattr(port, 'options', options)
        setattr(port, 'type', 'router')
        setattr(port, 'addresses', self.lsp_address)
--- a/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_commands.py
+++ b/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_commands.py
@ -677,7 +677,9 @@ class TestSetLRouterPortInLSwitchPortCommand(TestBaseCommand):
                self.ovn_api, fake_lsp.name, lrp_name, True, True, 'router')
            cmd.run_idl(self.transaction)
            self.assertEqual({'router-port': lrp_name,
-                             'nat-addresses': 'router'}, fake_lsp.options)
+                              'nat-addresses': 'router',
+                              'exclude-lb-vips-from-garp': 'true'},
+                             fake_lsp.options)
            self.assertEqual('router', fake_lsp.type)
            self.assertEqual('router', fake_lsp.addresses)