From bbd881f3a970143e1954cb277e5235dddd26c5d0 Mon Sep 17 00:00:00 2001
From: Mark McClain <mark@mcclain.xyz>
Date: Wed, 10 Feb 2016 13:28:21 -0500
Subject: [PATCH] add arp_responder flag to linuxbridge agent

When the ARP responder is enabled, secondary IP addresses explicitly
allowed by via the allowed-address-pairs extensions do not resolve.
This change adds the ability to enable the local ARP responder similar
to the feature in the OVS agent.  This change disables local ARP
responses by default, so ARP traffic will be sent over the overlay.

DocImpact
UpgradeImpact

Change-Id: I5da4afa44fc94032880ea59ec574df504470fb4a
Closes-Bug: 1445089
---
 .../linuxbridge/agent/common/config.py        |  6 ++++++
 .../agent/linuxbridge_neutron_agent.py        |  2 +-
 .../agent/test_linuxbridge_neutron_agent.py   |  8 +++++--
 ..._vxlan_arp_responder-e9ea91552e1b62a7.yaml | 21 +++++++++++++++++++
 4 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml

diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py
index c8fa665eb57..5f5df99f440 100644
--- a/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py
+++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py
@@ -44,6 +44,12 @@ vxlan_opts = [
                 help=_("Extension to use alongside ml2 plugin's l2population "
                        "mechanism driver. It enables the plugin to populate "
                        "VXLAN forwarding table.")),
+    cfg.BoolOpt('arp_responder', default=False,
+                help=_("Enable local ARP responder which provides local "
+                       "responses instead of performing ARP broadcast into "
+                       "the overlay. Enabling local ARP responder is not fully"
+                       "compatible with the allowed-address-pairs extension.")
+                ),
 ]
 
 bridge_opts = [
diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
index 9c7a1d8597a..42d8586f6e5 100644
--- a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
+++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
@@ -261,7 +261,7 @@ class LinuxBridgeManager(amb.CommonAgentManagerBase):
             if cfg.CONF.VXLAN.tos:
                 args['tos'] = cfg.CONF.VXLAN.tos
             if cfg.CONF.VXLAN.l2_population:
-                args['proxy'] = True
+                args['proxy'] = cfg.CONF.VXLAN.arp_responder
             try:
                 int_vxlan = self.ip.add_vxlan(interface, segmentation_id,
                                               **args)
diff --git a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
index eef6a8bbf2d..88c87595f6d 100644
--- a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
+++ b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
@@ -333,7 +333,7 @@ class TestLinuxBridgeManager(base.BaseTestCase):
                 self.assertIsNone(self.lbm.ensure_vlan("eth0", "1"))
                 self.assertEqual(3, exec_fn.call_count)
 
-    def test_ensure_vxlan(self):
+    def test_ensure_vxlan(self, expected_proxy=False):
         seg_id = "12345678"
         self.lbm.local_int = 'eth0'
         self.lbm.vxlan_mode = lconst.VXLAN_MCAST
@@ -355,7 +355,11 @@ class TestLinuxBridgeManager(base.BaseTestCase):
                 add_vxlan_fn.assert_called_with("vxlan-" + seg_id, seg_id,
                                                 group="224.0.0.1",
                                                 dev=self.lbm.local_int,
-                                                proxy=True)
+                                                proxy=expected_proxy)
+
+    def test_ensure_vxlan_arp_responder_enabled(self):
+        cfg.CONF.set_override('arp_responder', True, 'VXLAN')
+        self.test_ensure_vxlan(expected_proxy=True)
 
     def test_update_interface_ip_details(self):
         gwdict = dict(gateway='1.1.1.1',
diff --git a/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml b/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml
new file mode 100644
index 00000000000..ba7cc088b8d
--- /dev/null
+++ b/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml
@@ -0,0 +1,21 @@
+---
+upgrade:
+    When using ML2 and the Linux Bridge agent, the default value for the ARP
+    Responder under L2Population has changed. The responder is now disabled to
+    improve compatibility with the allowed-address-pair extension and to match
+    the default behavior of the ML2 OVS agent. The logical network will now
+    utilize traditional flood and learn through the overlay. When upgrading,
+    existing vxlan devices will retain their old setup and be unimpacted by
+    changes to this flag. To apply this to older devices created with the
+    Liberty agent, the vxlan device must be removed and then the Mitaka agent
+    restarted. The agent will recreate the vxlan devices with the current
+    settings upon restart. To maintain pre-Mitaka behavior, enable the
+    arp_responder in the Linux Bridge agent VXLAN config file prior to starting
+    the updated agent.
+
+fixes:
+    The Linuxbridge agent now supports the ability to toggle the local ARP
+    responder when L2Population is enabled. This ensures compatibility with
+    the allowed-address-pairs extension.
+  - closes bug 1445089
+