diff --git a/etc/neutron/plugins/ml2/linuxbridge_agent.ini b/etc/neutron/plugins/ml2/linuxbridge_agent.ini index 2ea019ed620..ee89ebe038a 100644 --- a/etc/neutron/plugins/ml2/linuxbridge_agent.ini +++ b/etc/neutron/plugins/ml2/linuxbridge_agent.ini @@ -40,6 +40,11 @@ # iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10) # l2_population = False +# (BoolOpt) Flag to disable local ARP responder which provides local responses +# instead of performing ARP broadcast into the overlay. Enabling local ARP +# responder is not fully compatible with the allowed-address-pairs extension. +# arp_responder = True + [agent] # Agent's polling interval in seconds # polling_interval = 2 diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py index bb2c43d0035..1db42fb1adf 100644 --- a/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py +++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py @@ -41,6 +41,12 @@ vxlan_opts = [ help=_("Extension to use alongside ml2 plugin's l2population " "mechanism driver. It enables the plugin to populate " "VXLAN forwarding table.")), + cfg.BoolOpt('arp_responder', default=True, + help=_("Enable local ARP responder which provides local " + "responses instead of performing ARP broadcast into " + "the overlay. Enabling local ARP responder is not fully" + "compatible with the allowed-address-pairs extension.") + ), ] bridge_opts = [ diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py index 960f9007498..5e0b1ed7248 100644 --- a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py +++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py @@ -320,7 +320,7 @@ class LinuxBridgeManager(object): if cfg.CONF.VXLAN.tos: args['tos'] = cfg.CONF.VXLAN.tos if cfg.CONF.VXLAN.l2_population: - args['proxy'] = True + args['proxy'] = cfg.CONF.VXLAN.arp_responder try: int_vxlan = self.ip.add_vxlan(interface, segmentation_id, **args) diff --git a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py index 1544824b878..8bcc92d321f 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py +++ b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py @@ -738,7 +738,7 @@ class TestLinuxBridgeManager(base.BaseTestCase): self.assertIsNone(self.lbm.ensure_vlan("eth0", "1")) self.assertEqual(exec_fn.call_count, 3) - def test_ensure_vxlan(self): + def test_ensure_vxlan(self, expected_proxy=True): seg_id = "12345678" self.lbm.local_int = 'eth0' self.lbm.vxlan_mode = lconst.VXLAN_MCAST @@ -760,7 +760,11 @@ class TestLinuxBridgeManager(base.BaseTestCase): add_vxlan_fn.assert_called_with("vxlan-" + seg_id, seg_id, group="224.0.0.1", dev=self.lbm.local_int, - proxy=True) + proxy=expected_proxy) + + def test_ensure_vxlan_arp_responder_disabled(self): + cfg.CONF.set_override('arp_responder', False, 'VXLAN') + self.test_ensure_vxlan(expected_proxy=False) def test_update_interface_ip_details(self): gwdict = dict(gateway='1.1.1.1', diff --git a/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml b/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml new file mode 100644 index 00000000000..a036c37d551 --- /dev/null +++ b/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml @@ -0,0 +1,7 @@ +--- +fixes: + The Linuxbridge agent now supports the ability to toggle the local ARP + responder when L2Population is enabled. This ensures compatibility with + the allowed-address-pairs extension. + - closes bug 1445089 +