From ae3aa28f5a4749b4e4cb3f0ae0d009c0734db405 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Tue, 4 Jun 2019 12:14:37 +0200 Subject: [PATCH] [DVR] Block ARP to dvr router's port instead of subnet's gateway It may happen that subnet is connected to dvr router using IP address different than subnet's gateway_ip. So in br-tun arp to dvr router's port should be dropped instead of dropping arp to subnet's gateway_ip (or mac in case of IPv6). Change-Id: Ida6b7ae53f3fc76f54e389c5f7131b5a66f533ce Closes-bug: #1831575 --- .../agent/ovs_dvr_neutron_agent.py | 7 +++---- .../agent/test_ovs_neutron_agent.py | 21 ++++++++----------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_dvr_neutron_agent.py b/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_dvr_neutron_agent.py index 592a69b51d9..fbbb3a9174f 100644 --- a/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_dvr_neutron_agent.py +++ b/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_dvr_neutron_agent.py @@ -416,12 +416,11 @@ class OVSDVRNeutronAgent(object): # TODO(vivek) remove the IPv6 related flows once SNAT is not # used for IPv6 DVR. if ip_version == 4: - if subnet_info['gateway_ip']: - br.install_dvr_process_ipv4( - vlan_tag=lvm.vlan, gateway_ip=subnet_info['gateway_ip']) + br.install_dvr_process_ipv4( + vlan_tag=lvm.vlan, gateway_ip=fixed_ip['ip_address']) else: br.install_dvr_process_ipv6( - vlan_tag=lvm.vlan, gateway_mac=subnet_info['gateway_mac']) + vlan_tag=lvm.vlan, gateway_mac=port.vif_mac) br.install_dvr_process( vlan_tag=lvm.vlan, vif_mac=port.vif_mac, dvr_mac_address=self.dvr_mac_address) diff --git a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py index cab88f84d15..a94b5e11c1b 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py +++ b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py @@ -2856,7 +2856,7 @@ class TestOvsDvrNeutronAgent(object): return resp def _expected_install_dvr_process(self, lvid, port, ip_version, - gateway_ip, gateway_mac): + gateway_ip): if ip_version == n_const.IP_VERSION_4: ipvx_calls = [ mock.call.install_dvr_process_ipv4( @@ -2867,7 +2867,7 @@ class TestOvsDvrNeutronAgent(object): ipvx_calls = [ mock.call.install_dvr_process_ipv6( vlan_tag=lvid, - gateway_mac=gateway_mac), + gateway_mac=port.vif_mac), ] return ipvx_calls + [ mock.call.install_dvr_process( @@ -2881,12 +2881,13 @@ class TestOvsDvrNeutronAgent(object): self, device_owner, ip_version=n_const.IP_VERSION_4): self._setup_for_dvr_test() if ip_version == n_const.IP_VERSION_4: - gateway_ip = '1.1.1.1' + gateway_ip = '1.1.1.10' cidr = '1.1.1.0/24' else: gateway_ip = '2001:100::1' cidr = '2001:100::0/64' - self._port.vif_mac = gateway_mac = 'aa:bb:cc:11:22:33' + self._port.vif_mac = 'aa:bb:cc:11:22:33' + gateway_mac = 'aa:bb:cc:66:66:66' self._compute_port.vif_mac = '77:88:99:00:11:22' physical_network = self._physical_network segmentation_id = self._segmentation_id @@ -2934,8 +2935,7 @@ class TestOvsDvrNeutronAgent(object): port=self._port, lvid=lvid, ip_version=ip_version, - gateway_ip=gateway_ip, - gateway_mac=gateway_mac) + gateway_ip=self._fixed_ips[0]['ip_address']) expected_on_int_br = [ mock.call.provision_local_vlan( port=int_ofp, @@ -3023,8 +3023,7 @@ class TestOvsDvrNeutronAgent(object): port=self._port, lvid=lvid, ip_version=ip_version, - gateway_ip=gateway_ip, - gateway_mac=gateway_mac) + gateway_ip=gateway_ip) self.assertEqual(expected_on_int_br, int_br.mock_calls) self.assertEqual(expected_on_tun_br, tun_br.mock_calls) self.assertEqual([], phys_br.mock_calls) @@ -3285,8 +3284,7 @@ class TestOvsDvrNeutronAgent(object): port=self._port, lvid=lvid, ip_version=ip_version, - gateway_ip=gateway_ip, - gateway_mac=gateway_mac) + gateway_ip=gateway_ip) self.assertEqual(expected_on_tun_br, tun_br.mock_calls) int_br.reset_mock() @@ -3390,8 +3388,7 @@ class TestOvsDvrNeutronAgent(object): port=self._port, lvid=lvid, ip_version=ip_version, - gateway_ip=gateway_ip, - gateway_mac=gateway_mac) + gateway_ip=gateway_ip) self.assertEqual(expected_on_tun_br, tun_br.mock_calls) int_br.reset_mock() tun_br.reset_mock()