From 80b373fbf189e33017d20cbb1513acc1725ce905 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Elvira=20Garc=C3=ADa=20Ruiz?= <egarciar@redhat.com>
Date: Fri, 20 Nov 2020 14:01:45 +0100
Subject: [PATCH] [ovn]: Remove unwanted IP addresses from OVN ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

MAC learning has been added in OVN v21.03[0]. Now, if DHCP and port
security are disabled, then the addresses field of a port should not
include its MAC-IP address pairs. This allows the use of OVN MAC
learning capabilities. Existing tests now match this requirement too.

[0] http://patchwork.ozlabs.org/project/ovn/list/?series=228135i&state=%2A&archive=both

Change-Id: I485762b46567a99b9ebd6eb047c7088fed8071d1
Closes-Bug: 1904412
Signed-off-by: Elvira García Ruiz <egarciar@redhat.com>
(cherry picked from commit 24fddc760edcf2004f4608a42ae75f82b3b72b76)
---
 .../ovn/mech_driver/ovsdb/ovn_client.py       | 26 ++++++++++++-------
 .../ovn/mech_driver/test_mech_driver.py       |  9 +++----
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
index 3ec4d32abe8..2c34e30db40 100644
--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
+++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
@@ -219,6 +219,8 @@ class OVNClient(object):
 
         port_type = ''
         cidrs = ''
+        dhcpv4_options = self._get_port_dhcp_options(port, const.IP_VERSION_4)
+        dhcpv6_options = self._get_port_dhcp_options(port, const.IP_VERSION_6)
         if vtep_physical_switch:
             vtep_logical_switch = binding_prof.get('vtep-logical-switch')
             port_type = 'vtep'
@@ -253,11 +255,6 @@ class OVNClient(object):
                         options[ovn_const.LSP_OPTIONS_VIRTUAL_PARENTS_KEY] = (
                             ','.join(parents))
 
-            port_security, new_macs = (
-                self._get_allowed_addresses_from_port(port))
-            addresses = [address]
-            addresses.extend(new_macs)
-
             # Only adjust the OVN type if the port is not owned by Neutron
             # DHCP agents.
             # TODO(mjozefcz): Remove const.DEVICE_OWNER_DHCP
@@ -279,9 +276,21 @@ class OVNClient(object):
                     LOG.warning('The version of OVN used does not support '
                                 'the "external ports" feature used for '
                                 'SR-IOV ports with OVN native DHCP')
+            addresses = []
+            port_security, new_macs = (
+                self._get_allowed_addresses_from_port(port))
+            # TODO(egarciar): OVN supports MAC learning from v21.03. This
+            # if-else block is stated so as to keep compability with older OVN
+            # versions and should be removed in the future.
+            if self._sb_idl.is_table_present('FDB'):
+                if (port_security or port_type or dhcpv4_options or
+                        dhcpv6_options):
+                    addresses.append(address)
+                    addresses.extend(new_macs)
+            else:
+                addresses = [address]
+                addresses.extend(new_macs)
 
-            # The "unknown" address should only be set for the normal LSP
-            # ports (the ones which type is empty)
             if not port_security and not port_type:
                 # Port security is disabled for this port.
                 # So this port can send traffic with any mac address.
@@ -290,9 +299,6 @@ class OVNClient(object):
                 # So add it.
                 addresses.append(ovn_const.UNKNOWN_ADDR)
 
-        dhcpv4_options = self._get_port_dhcp_options(port, const.IP_VERSION_4)
-        dhcpv6_options = self._get_port_dhcp_options(port, const.IP_VERSION_6)
-
         # HA Chassis Group will bind the port to the highest
         # priority Chassis
         if port_type != ovn_const.LSP_TYPE_EXTERNAL:
diff --git a/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py b/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py
index 921421f2497..b8c526a76db 100644
--- a/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py
+++ b/neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py
@@ -564,8 +564,8 @@ class TestOVNMechanismDriver(test_plugin.Ml2PluginV2TestCase):
                     self.assertEqual([],
                                      called_args_dict.get('port_security'))
 
-                    self.assertEqual(ovn_const.UNKNOWN_ADDR,
-                                     called_args_dict.get('addresses')[1])
+                    self.assertIn(ovn_const.UNKNOWN_ADDR,
+                            called_args_dict.get('addresses'))
                     data = {'port': {'mac_address': '00:00:00:00:00:01'}}
                     req = self.new_update_request(
                         'ports',
@@ -577,9 +577,8 @@ class TestOVNMechanismDriver(test_plugin.Ml2PluginV2TestCase):
                          ).call_args_list[0][1])
                     self.assertEqual([],
                                      called_args_dict.get('port_security'))
-                    self.assertEqual(2, len(called_args_dict.get('addresses')))
-                    self.assertEqual(ovn_const.UNKNOWN_ADDR,
-                                     called_args_dict.get('addresses')[1])
+                    self.assertIn(ovn_const.UNKNOWN_ADDR,
+                            called_args_dict.get('addresses'))
 
                     # Enable port security
                     data = {'port': {'port_security_enabled': 'True'}}