[OVN] Fix inconsistent IGMP configuration

Prior to this patch the IGMP configuration for ML2/OVN was inconsistent
with the configuration option description and also the ML2/OVS driver
because it was flooding traffic to unregistered VMs [0].

The "igmp_snooping_enable" configuration option says:

"Setting this option to True will also enable Open vSwitch
mcast-snooping-disable-flood-unregistered flag. This option will disable
flooding of unregistered multicast packets to all ports."

But, in ML2/OVN that behavior was inconsistent prior to this patch
because it allowed traffic to flood to unregistered VMs. This patch
fixes it.

[0]
https://opendev.org/openstack/neutron/src/branch/master/neutron/conf/agent/ovs_conf.py#L36-L47

Change-Id: I5cbe09e26120905b29351d61bbadb30b5dd14938
Closes-Bug: #1904399
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This commit is contained in:
Lucas Alvares Gomes 2020-11-16 10:28:09 +00:00
parent f6e2c45bcd
commit 9dc8bca740
7 changed files with 19 additions and 11 deletions

View File

@ -35,15 +35,15 @@ OVN Database information
~~~~~~~~~~~~~~~~~~~~~~~~
The ``igmp_snooping_enable`` configuration from Neutron is translated
into the ``mcast_snoop`` and ``mcast_flood_unregistered`` options set
in the ``other_config`` column from the ``Logical_Switch`` table in the
OVN Northbound Database:
into the ``mcast_snoop`` option set in the ``other_config`` column
from the ``Logical_Switch`` table in the OVN Northbound Database
(``mcast_flood_unregistered`` is always "false"):
.. code-block:: bash
$ ovn-nbctl list Logical_Switch
_uuid : d6a2fbcd-aaa4-4b9e-8274-184238d66a15
other_config : {mcast_flood_unregistered="true", mcast_snoop="true"}
other_config : {mcast_flood_unregistered="false", mcast_snoop="true"}
...
.. end

View File

@ -566,7 +566,7 @@ class DBInconsistenciesPeriodics(SchemaAwarePeriodicsBase):
'Logical_Switch', ls.name,
('other_config', {
ovn_const.MCAST_SNOOP: value,
ovn_const.MCAST_FLOOD_UNREGISTERED: value})))
ovn_const.MCAST_FLOOD_UNREGISTERED: 'false'})))
raise periodics.NeverAgain()

View File

@ -1577,7 +1577,7 @@ class OVNClient(object):
vlan_transparent = (
'true' if network.get('vlan_transparent') else 'false')
params['other_config'] = {ovn_const.MCAST_SNOOP: value,
ovn_const.MCAST_FLOOD_UNREGISTERED: value,
ovn_const.MCAST_FLOOD_UNREGISTERED: 'false',
ovn_const.VLAN_PASSTHRU: vlan_transparent}
return params

View File

@ -846,7 +846,7 @@ class TestMaintenance(_TestMaintenanceHelper):
self.assertEqual('true', ls['other_config'][ovn_const.MCAST_SNOOP])
self.assertEqual(
'true', ls['other_config'][ovn_const.MCAST_FLOOD_UNREGISTERED])
'false', ls['other_config'][ovn_const.MCAST_FLOOD_UNREGISTERED])
def test_floating_ip(self):
ext_net = self._create_network('ext_networktest', external=True)

View File

@ -319,7 +319,7 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
attrs={'name': 'ls2',
'other_config': {
constants.MCAST_SNOOP: 'true',
constants.MCAST_FLOOD_UNREGISTERED: 'true'}})
constants.MCAST_FLOOD_UNREGISTERED: 'false'}})
nb_idl.ls_list.return_value.execute.return_value = [ls0, ls1, ls2]
@ -332,11 +332,11 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
mock.call('Logical_Switch', 'ls0',
('other_config', {
constants.MCAST_SNOOP: 'true',
constants.MCAST_FLOOD_UNREGISTERED: 'true'})),
constants.MCAST_FLOOD_UNREGISTERED: 'false'})),
mock.call('Logical_Switch', 'ls1',
('other_config', {
constants.MCAST_SNOOP: 'true',
constants.MCAST_FLOOD_UNREGISTERED: 'true'})),
constants.MCAST_FLOOD_UNREGISTERED: 'false'})),
]
nb_idl.db_set.assert_has_calls(expected_calls)

View File

@ -718,7 +718,7 @@ class TestOVNMechanismDriver(test_plugin.Ml2PluginV2TestCase):
ovn_utils.ovn_name(net['id']), external_ids=mock.ANY,
may_exist=True,
other_config={ovn_const.MCAST_SNOOP: value,
ovn_const.MCAST_FLOOD_UNREGISTERED: value,
ovn_const.MCAST_FLOOD_UNREGISTERED: 'false',
ovn_const.VLAN_PASSTHRU: 'false'})
def test_create_network_igmp_snoop_enabled(self):

View File

@ -0,0 +1,8 @@
---
issues:
- |
Even with the "igmp_snooping_enable" configuration option stating that
traffic would not be flooded to unregistered VMs when this option was
enabled, the ML2/OVN driver didn't follow that behavior. This
has now been fixed and ML2/OVN will no longer flood traffic to
unregistered VMs when this configuration option is set to True.