add arp_responder flag to linuxbridge agent

When the ARP responder is enabled, secondary IP addresses explicitly
allowed by via the allowed-address-pairs extensions do not resolve.
This change adds the ability to enable the local ARP responder similar
to the feature in the OVS agent.  This change disables local ARP
responses by default, so ARP traffic will be sent over the overlay.

DocImpact
UpgradeImpact

Change-Id: I5da4afa44fc94032880ea59ec574df504470fb4a
Closes-Bug: 1445089
(cherry picked from commit bbd881f3a9)
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>

etc/neutron/plugins/ml2/linuxbridge_agent.ini

@@ -40,6 +40,11 @@
 # iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10)
 # l2_population = False
 
+# (BoolOpt) Flag to disable local ARP responder which provides local responses
+# instead of performing ARP broadcast into the overlay. Enabling local ARP
+# responder is not fully compatible with the allowed-address-pairs extension.
+# arp_responder = True
+
 [agent]
 # Agent's polling interval in seconds
 # polling_interval = 2

neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py

@@ -41,6 +41,12 @@ vxlan_opts = [
                 help=_("Extension to use alongside ml2 plugin's l2population "
                        "mechanism driver. It enables the plugin to populate "
                        "VXLAN forwarding table.")),
+    cfg.BoolOpt('arp_responder', default=True,
+                help=_("Enable local ARP responder which provides local "
+                       "responses instead of performing ARP broadcast into "
+                       "the overlay. Enabling local ARP responder is not fully"
+                       "compatible with the allowed-address-pairs extension.")
+                ),
 ]
 
 bridge_opts = [

neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py

@@ -320,7 +320,7 @@ class LinuxBridgeManager(object):
             if cfg.CONF.VXLAN.tos:
                 args['tos'] = cfg.CONF.VXLAN.tos
             if cfg.CONF.VXLAN.l2_population:
-                args['proxy'] = True
+                args['proxy'] = cfg.CONF.VXLAN.arp_responder
             try:
                 int_vxlan = self.ip.add_vxlan(interface, segmentation_id,
                                               **args)

neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py

@@ -738,7 +738,7 @@ class TestLinuxBridgeManager(base.BaseTestCase):
                 self.assertIsNone(self.lbm.ensure_vlan("eth0", "1"))
                 self.assertEqual(exec_fn.call_count, 3)
 
-    def test_ensure_vxlan(self):
+    def test_ensure_vxlan(self, expected_proxy=True):
         seg_id = "12345678"
         self.lbm.local_int = 'eth0'
         self.lbm.vxlan_mode = lconst.VXLAN_MCAST
@@ -760,7 +760,11 @@ class TestLinuxBridgeManager(base.BaseTestCase):
                 add_vxlan_fn.assert_called_with("vxlan-" + seg_id, seg_id,
                                                 group="224.0.0.1",
                                                 dev=self.lbm.local_int,
-                                                proxy=True)
+                                                proxy=expected_proxy)
+
+    def test_ensure_vxlan_arp_responder_disabled(self):
+        cfg.CONF.set_override('arp_responder', False, 'VXLAN')
+        self.test_ensure_vxlan(expected_proxy=False)
 
     def test_update_interface_ip_details(self):
         gwdict = dict(gateway='1.1.1.1',

releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+    The Linuxbridge agent now supports the ability to toggle the local ARP
+    responder when L2Population is enabled. This ensures compatibility with
+    the allowed-address-pairs extension.
+  - closes bug 1445089
+