add arp_responder flag to linuxbridge agent

When the ARP responder is enabled, secondary IP addresses explicitly
allowed by via the allowed-address-pairs extensions do not resolve.
This change adds the ability to enable the local ARP responder similar
to the feature in the OVS agent.  This change disables local ARP
responses by default, so ARP traffic will be sent over the overlay.

DocImpact
UpgradeImpact

Change-Id: I5da4afa44fc94032880ea59ec574df504470fb4a
Closes-Bug: 1445089
This commit is contained in:
Mark McClain 2016-02-10 13:28:21 -05:00 committed by mark mcclain
parent 1dce58a960
commit bbd881f3a9
4 changed files with 34 additions and 3 deletions

View File

@ -44,6 +44,12 @@ vxlan_opts = [
help=_("Extension to use alongside ml2 plugin's l2population "
"mechanism driver. It enables the plugin to populate "
"VXLAN forwarding table.")),
cfg.BoolOpt('arp_responder', default=False,
help=_("Enable local ARP responder which provides local "
"responses instead of performing ARP broadcast into "
"the overlay. Enabling local ARP responder is not fully"
"compatible with the allowed-address-pairs extension.")
),
]
bridge_opts = [

View File

@ -261,7 +261,7 @@ class LinuxBridgeManager(amb.CommonAgentManagerBase):
if cfg.CONF.VXLAN.tos:
args['tos'] = cfg.CONF.VXLAN.tos
if cfg.CONF.VXLAN.l2_population:
args['proxy'] = True
args['proxy'] = cfg.CONF.VXLAN.arp_responder
try:
int_vxlan = self.ip.add_vxlan(interface, segmentation_id,
**args)

View File

@ -333,7 +333,7 @@ class TestLinuxBridgeManager(base.BaseTestCase):
self.assertIsNone(self.lbm.ensure_vlan("eth0", "1"))
self.assertEqual(3, exec_fn.call_count)
def test_ensure_vxlan(self):
def test_ensure_vxlan(self, expected_proxy=False):
seg_id = "12345678"
self.lbm.local_int = 'eth0'
self.lbm.vxlan_mode = lconst.VXLAN_MCAST
@ -355,7 +355,11 @@ class TestLinuxBridgeManager(base.BaseTestCase):
add_vxlan_fn.assert_called_with("vxlan-" + seg_id, seg_id,
group="224.0.0.1",
dev=self.lbm.local_int,
proxy=True)
proxy=expected_proxy)
def test_ensure_vxlan_arp_responder_enabled(self):
cfg.CONF.set_override('arp_responder', True, 'VXLAN')
self.test_ensure_vxlan(expected_proxy=True)
def test_update_interface_ip_details(self):
gwdict = dict(gateway='1.1.1.1',

View File

@ -0,0 +1,21 @@
---
upgrade:
When using ML2 and the Linux Bridge agent, the default value for the ARP
Responder under L2Population has changed. The responder is now disabled to
improve compatibility with the allowed-address-pair extension and to match
the default behavior of the ML2 OVS agent. The logical network will now
utilize traditional flood and learn through the overlay. When upgrading,
existing vxlan devices will retain their old setup and be unimpacted by
changes to this flag. To apply this to older devices created with the
Liberty agent, the vxlan device must be removed and then the Mitaka agent
restarted. The agent will recreate the vxlan devices with the current
settings upon restart. To maintain pre-Mitaka behavior, enable the
arp_responder in the Linux Bridge agent VXLAN config file prior to starting
the updated agent.
fixes:
The Linuxbridge agent now supports the ability to toggle the local ARP
responder when L2Population is enabled. This ensures compatibility with
the allowed-address-pairs extension.
- closes bug 1445089