Browse Source

Merge "Do not block connection between br-int and br-phys on startup"

changes/51/738551/1
Zuul 1 year ago
committed by Gerrit Code Review
parent
commit
885cce39b7
  1. 37
      neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py

37
neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py

@ -1561,20 +1561,29 @@ class OVSNeutronAgent(l2population_rpc.L2populationRpcCallBackTunnelMixin,
self.int_ofports[physical_network] = int_ofport
self.phys_ofports[physical_network] = phys_ofport
# These two drop flows are the root cause for the bug #1803919.
# And now we add a rpc check during agent start procedure. If
# ovs agent can not reach any neutron server, or all neutron
# servers are down, these flows will not be installed anymore.
# Bug #1803919 was fixed in that way.
# And as a reminder, we can not do much work on this. Because
# the bridge mappings can be varied. Provider (external) network
# can be implicitly set on any physical bridge due to the basic
# NORMAL flow. Different vlan range networks can also have many
# bridge map settings, these tenant network traffic can also be
# blocked by the following drop flows.
# block all untranslated traffic between bridges
self.int_br.drop_port(in_port=int_ofport)
br.drop_port(in_port=phys_ofport)
# following drop operations are not necessary for
# dvr agent setup_dvr_flows. So skip it if dvr enabled
# the reason is for br_int it is duplicate
# for br_physical drop_port is dangerous because when dvr
# enabled the highest flow on table=0 is 2 which means
# basically everything will be dropped until setup_dvr_flows
# got executed.
if not self.enable_distributed_routing:
# These two drop flows are the root cause for the bug #1803919.
# And now we add a rpc check during agent start procedure. If
# ovs agent can not reach any neutron server, or all neutron
# servers are down, these flows will not be installed anymore.
# Bug #1803919 was fixed in that way.
# And as a reminder, we can not do much work on this. Because
# the bridge mappings can be varied. Provider (external)
# network can be implicitly set on any physical bridge
# due to the basic NORMAL flow.
# Different vlan range networks can also have many
# bridge map settings, these tenant network traffic can also be
# blocked by the following drop flows.
# block all untranslated traffic between bridges
self.int_br.drop_port(in_port=int_ofport)
br.drop_port(in_port=phys_ofport)
if self.use_veth_interconnection:
# enable veth to pass traffic

Loading…
Cancel
Save