add arp_responder flag to linuxbridge agent
When the ARP responder is enabled, secondary IP addresses explicitly allowed by via the allowed-address-pairs extensions do not resolve. This change adds the ability to enable the local ARP responder similar to the feature in the OVS agent. This change disables local ARP responses by default, so ARP traffic will be sent over the overlay. DocImpact UpgradeImpact Change-Id: I5da4afa44fc94032880ea59ec574df504470fb4a Closes-Bug: 1445089
This commit is contained in:
parent
1dce58a960
commit
bbd881f3a9
|
@ -44,6 +44,12 @@ vxlan_opts = [
|
||||||
help=_("Extension to use alongside ml2 plugin's l2population "
|
help=_("Extension to use alongside ml2 plugin's l2population "
|
||||||
"mechanism driver. It enables the plugin to populate "
|
"mechanism driver. It enables the plugin to populate "
|
||||||
"VXLAN forwarding table.")),
|
"VXLAN forwarding table.")),
|
||||||
|
cfg.BoolOpt('arp_responder', default=False,
|
||||||
|
help=_("Enable local ARP responder which provides local "
|
||||||
|
"responses instead of performing ARP broadcast into "
|
||||||
|
"the overlay. Enabling local ARP responder is not fully"
|
||||||
|
"compatible with the allowed-address-pairs extension.")
|
||||||
|
),
|
||||||
]
|
]
|
||||||
|
|
||||||
bridge_opts = [
|
bridge_opts = [
|
||||||
|
|
|
@ -261,7 +261,7 @@ class LinuxBridgeManager(amb.CommonAgentManagerBase):
|
||||||
if cfg.CONF.VXLAN.tos:
|
if cfg.CONF.VXLAN.tos:
|
||||||
args['tos'] = cfg.CONF.VXLAN.tos
|
args['tos'] = cfg.CONF.VXLAN.tos
|
||||||
if cfg.CONF.VXLAN.l2_population:
|
if cfg.CONF.VXLAN.l2_population:
|
||||||
args['proxy'] = True
|
args['proxy'] = cfg.CONF.VXLAN.arp_responder
|
||||||
try:
|
try:
|
||||||
int_vxlan = self.ip.add_vxlan(interface, segmentation_id,
|
int_vxlan = self.ip.add_vxlan(interface, segmentation_id,
|
||||||
**args)
|
**args)
|
||||||
|
|
|
@ -333,7 +333,7 @@ class TestLinuxBridgeManager(base.BaseTestCase):
|
||||||
self.assertIsNone(self.lbm.ensure_vlan("eth0", "1"))
|
self.assertIsNone(self.lbm.ensure_vlan("eth0", "1"))
|
||||||
self.assertEqual(3, exec_fn.call_count)
|
self.assertEqual(3, exec_fn.call_count)
|
||||||
|
|
||||||
def test_ensure_vxlan(self):
|
def test_ensure_vxlan(self, expected_proxy=False):
|
||||||
seg_id = "12345678"
|
seg_id = "12345678"
|
||||||
self.lbm.local_int = 'eth0'
|
self.lbm.local_int = 'eth0'
|
||||||
self.lbm.vxlan_mode = lconst.VXLAN_MCAST
|
self.lbm.vxlan_mode = lconst.VXLAN_MCAST
|
||||||
|
@ -355,7 +355,11 @@ class TestLinuxBridgeManager(base.BaseTestCase):
|
||||||
add_vxlan_fn.assert_called_with("vxlan-" + seg_id, seg_id,
|
add_vxlan_fn.assert_called_with("vxlan-" + seg_id, seg_id,
|
||||||
group="224.0.0.1",
|
group="224.0.0.1",
|
||||||
dev=self.lbm.local_int,
|
dev=self.lbm.local_int,
|
||||||
proxy=True)
|
proxy=expected_proxy)
|
||||||
|
|
||||||
|
def test_ensure_vxlan_arp_responder_enabled(self):
|
||||||
|
cfg.CONF.set_override('arp_responder', True, 'VXLAN')
|
||||||
|
self.test_ensure_vxlan(expected_proxy=True)
|
||||||
|
|
||||||
def test_update_interface_ip_details(self):
|
def test_update_interface_ip_details(self):
|
||||||
gwdict = dict(gateway='1.1.1.1',
|
gwdict = dict(gateway='1.1.1.1',
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
When using ML2 and the Linux Bridge agent, the default value for the ARP
|
||||||
|
Responder under L2Population has changed. The responder is now disabled to
|
||||||
|
improve compatibility with the allowed-address-pair extension and to match
|
||||||
|
the default behavior of the ML2 OVS agent. The logical network will now
|
||||||
|
utilize traditional flood and learn through the overlay. When upgrading,
|
||||||
|
existing vxlan devices will retain their old setup and be unimpacted by
|
||||||
|
changes to this flag. To apply this to older devices created with the
|
||||||
|
Liberty agent, the vxlan device must be removed and then the Mitaka agent
|
||||||
|
restarted. The agent will recreate the vxlan devices with the current
|
||||||
|
settings upon restart. To maintain pre-Mitaka behavior, enable the
|
||||||
|
arp_responder in the Linux Bridge agent VXLAN config file prior to starting
|
||||||
|
the updated agent.
|
||||||
|
|
||||||
|
fixes:
|
||||||
|
The Linuxbridge agent now supports the ability to toggle the local ARP
|
||||||
|
responder when L2Population is enabled. This ensures compatibility with
|
||||||
|
the allowed-address-pairs extension.
|
||||||
|
- closes bug 1445089
|
||||||
|
|
Loading…
Reference in New Issue