From 390d617d3d3c4d12284028247f5cbf19a925fc9b Mon Sep 17 00:00:00 2001
From: Luis Tomas Bolivar <ltomasbo@redhat.com>
Date: Fri, 20 Jan 2023 12:16:06 +0100
Subject: [PATCH] [OVN] Ensure traffic for provider vlan networks is not
 tunneled

This patch adds an extra checking to ensure the
"reside-on-redirect-chassis" is set to true for the logical
router port associated to vlan provider network despite having
the "ovn_distributed_floating_ip" enabled or not. This is needed
as there is an OVN bug [1] making it not work as expected.

Note setting this to true has implications as the traffic will be
centrallized (but not tunneled) through the node with the gateway
port.

The expected behavior of this flag, once [1] is fixed is:
- reside-on-redirect-chassis flag to False: means traffic goes
  tunneled to the controller with the gateway port. Means it requires
  extra MTU reduction to work.
- reside-on-redirect-chassis flag to True: means traffic is not
  tunneled to the controller with the gateway port, but the traffic is
  centralized through the controller with the gateway port. Thus it
  does not require extra MTU reduction.
- reside-on-redirect-chassis to False, but with ovn-chassis-mac-mappings
  configured: means the traffic is fully distributed and it is not being
  tunneled, nor sent, through the controller with the gateway port. This
  is the preferred option as it does not require MTU reduction and it
  avoids the extra hop. However it is not working as expected, therefore
  the fallback to set reside-on-redirect-chassis to True.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2162756

Closes-Bug: #2003455
Change-Id: I662cb30c842e54bb9f7dabac5519283aa7c7f8d0
(cherry picked from commit acb809eea422f417d4bfb2d46918839d7d379e4c)
---
 neutron/common/ovn/utils.py                   |  5 +++++
 .../ovn/mech_driver/ovsdb/maintenance.py      |  5 ++++-
 .../ovn/mech_driver/ovsdb/ovn_client.py       | 12 ++++++++----
 .../notes/bug-2003455-b502cc637427560e.yaml   | 19 +++++++++++++++++++
 4 files changed, 36 insertions(+), 5 deletions(-)
 create mode 100644 releasenotes/notes/bug-2003455-b502cc637427560e.yaml

diff --git a/neutron/common/ovn/utils.py b/neutron/common/ovn/utils.py
index 8a0edabc85c..2be82aa42fa 100644
--- a/neutron/common/ovn/utils.py
+++ b/neutron/common/ovn/utils.py
@@ -21,6 +21,7 @@ from neutron_lib.api.definitions import extra_dhcp_opt as edo_ext
 from neutron_lib.api.definitions import l3
 from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api.definitions import portbindings
+from neutron_lib.api.definitions import provider_net
 from neutron_lib.api import validators
 from neutron_lib import constants as const
 from neutron_lib import context as n_context
@@ -626,6 +627,10 @@ def is_gateway_chassis_invalid(chassis_name, gw_chassis,
 
 
 def is_provider_network(network):
+    return network.get(provider_net.PHYSICAL_NETWORK, False)
+
+
+def is_external_network(network):
     return network.get(external_net.EXTERNAL, False)
 
 
diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/maintenance.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/maintenance.py
index 90cd2ec6bc8..56ea1089640 100644
--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/maintenance.py
+++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/maintenance.py
@@ -723,7 +723,10 @@ class DBInconsistenciesPeriodics(SchemaAwarePeriodicsBase):
         # Get router ports belonging to VLAN networks
         vlan_nets = self._ovn_client._plugin.get_networks(
             context, {pnet.NETWORK_TYPE: [n_const.TYPE_VLAN]})
-        vlan_net_ids = [vn['id'] for vn in vlan_nets]
+        # FIXME(ltomasbo): Once Bugzilla 2162756 is fixed the
+        # is_provider_network check should be removed
+        vlan_net_ids = [vn['id'] for vn in vlan_nets
+                        if not utils.is_provider_network(vn)]
         router_ports = self._ovn_client._plugin.get_ports(
             context, {'network_id': vlan_net_ids,
                       'device_owner': n_const.ROUTER_PORT_OWNERS})
diff --git a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
index 5272d0fe9af..04171e3a5cc 100644
--- a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
+++ b/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py
@@ -1246,7 +1246,7 @@ class OVNClient(object):
                 # leak the RAs generated for the tenant networks via the
                 # provider network
                 ipv6_ra_configs['send_periodic'] = 'true'
-                if is_gw_port and utils.is_provider_network(net):
+                if is_gw_port and utils.is_external_network(net):
                     ipv6_ra_configs['send_periodic'] = 'false'
                 ipv6_ra_configs['mtu'] = str(net['mtu'])
 
@@ -1570,9 +1570,12 @@ class OVNClient(object):
         # logical router port is centralized in the chassis hosting the
         # distributed gateway port.
         # https://github.com/openvswitch/ovs/commit/85706c34d53d4810f54bec1de662392a3c06a996
+        # FIXME(ltomasbo): Once Bugzilla 2162756 is fixed the
+        # is_provider_network check should be removed
         if network.get(pnet.NETWORK_TYPE) == const.TYPE_VLAN:
             options[ovn_const.LRP_OPTIONS_RESIDE_REDIR_CH] = (
-                'false' if ovn_conf.is_ovn_distributed_floating_ip()
+                'false' if (ovn_conf.is_ovn_distributed_floating_ip() and
+                            not utils.is_provider_network(network))
                 else 'true')
 
         is_gw_port = const.DEVICE_OWNER_ROUTER_GW == port.get(
@@ -1987,8 +1990,9 @@ class OVNClient(object):
                 for subnet in subnets:
                     self.update_subnet(context, subnet, network, txn)
 
-                if utils.is_provider_network(network):
-                    # make sure to use admin context as this is a providernet
+                if utils.is_external_network(network):
+                    # make sure to use admin context as this is a external
+                    # network
                     self.set_gateway_mtu(n_context.get_admin_context(),
                                          network, txn)
 
diff --git a/releasenotes/notes/bug-2003455-b502cc637427560e.yaml b/releasenotes/notes/bug-2003455-b502cc637427560e.yaml
new file mode 100644
index 00000000000..2e89cf055f2
--- /dev/null
+++ b/releasenotes/notes/bug-2003455-b502cc637427560e.yaml
@@ -0,0 +1,19 @@
+---
+fixes:
+  - |
+    [`bug 2003455 <https://bugs.launchpad.net/neutron/+bug/2003455>`_]
+    It is added an extra checking to ensure the "reside-on-redirect-chassis"
+    is set to true for the logical router port associated to vlan provider
+    network despite having the "ovn_distributed_floating_ip" enabled or not.
+    This is needed as there is an OVN bug
+    (https://bugzilla.redhat.com/show_bug.cgi?id=2162756) making it not work
+    as expected. Until that is fixed, we need these workaround
+    that makes the traffic centrallized, but not tunneled, through the node
+    with the gateway port, thus avoiding MTU issues.
+issues:
+  - |
+    Until the OVN bug (https://bugzilla.redhat.com/show_bug.cgi?id=2162756)
+    is fixed, setting the "reside-on-redirect-chassis" to true for the logical
+    router port associated to vlan provider network is needed. This workaround
+    makes the traffic centrallized, but not tunneled, through the node
+    with the gateway port, thus avoiding MTU issues.