Do not block connection between br-int and br-phys on startup
Block traffic between br-int and br-physical is over kill and will at least 1. interrupt vlan flow during startup, and is particularly so if dvr enabled 2. if let's rabbitmq is not stable, it is possible data plane will be affected and vlan will never work. Using openstack on k8s particularly amplifies the problem because pod could be killed pretty easily by liveness probes. Change-Id: I51050c600ba7090fea71213687d94340bac0674a Closes-Bug: #1869808
This commit is contained in:
parent
2ac52607c2
commit
90212b12cd
|
@ -1551,20 +1551,29 @@ class OVSNeutronAgent(l2population_rpc.L2populationRpcCallBackTunnelMixin,
|
||||||
self.int_ofports[physical_network] = int_ofport
|
self.int_ofports[physical_network] = int_ofport
|
||||||
self.phys_ofports[physical_network] = phys_ofport
|
self.phys_ofports[physical_network] = phys_ofport
|
||||||
|
|
||||||
# These two drop flows are the root cause for the bug #1803919.
|
# following drop operations are not necessary for
|
||||||
# And now we add a rpc check during agent start procedure. If
|
# dvr agent setup_dvr_flows. So skip it if dvr enabled
|
||||||
# ovs agent can not reach any neutron server, or all neutron
|
# the reason is for br_int it is duplicate
|
||||||
# servers are down, these flows will not be installed anymore.
|
# for br_physical drop_port is dangerous because when dvr
|
||||||
# Bug #1803919 was fixed in that way.
|
# enabled the highest flow on table=0 is 2 which means
|
||||||
# And as a reminder, we can not do much work on this. Because
|
# basically everything will be dropped until setup_dvr_flows
|
||||||
# the bridge mappings can be varied. Provider (external) network
|
# got executed.
|
||||||
# can be implicitly set on any physical bridge due to the basic
|
if not self.enable_distributed_routing:
|
||||||
# NORMAL flow. Different vlan range networks can also have many
|
# These two drop flows are the root cause for the bug #1803919.
|
||||||
# bridge map settings, these tenant network traffic can also be
|
# And now we add a rpc check during agent start procedure. If
|
||||||
# blocked by the following drop flows.
|
# ovs agent can not reach any neutron server, or all neutron
|
||||||
# block all untranslated traffic between bridges
|
# servers are down, these flows will not be installed anymore.
|
||||||
self.int_br.drop_port(in_port=int_ofport)
|
# Bug #1803919 was fixed in that way.
|
||||||
br.drop_port(in_port=phys_ofport)
|
# And as a reminder, we can not do much work on this. Because
|
||||||
|
# the bridge mappings can be varied. Provider (external)
|
||||||
|
# network can be implicitly set on any physical bridge
|
||||||
|
# due to the basic NORMAL flow.
|
||||||
|
# Different vlan range networks can also have many
|
||||||
|
# bridge map settings, these tenant network traffic can also be
|
||||||
|
# blocked by the following drop flows.
|
||||||
|
# block all untranslated traffic between bridges
|
||||||
|
self.int_br.drop_port(in_port=int_ofport)
|
||||||
|
br.drop_port(in_port=phys_ofport)
|
||||||
|
|
||||||
if self.use_veth_interconnection:
|
if self.use_veth_interconnection:
|
||||||
# enable veth to pass traffic
|
# enable veth to pass traffic
|
||||||
|
|
Loading…
Reference in New Issue