From c823e8ccb951a4abdf247dd094a794b7741d7cca Mon Sep 17 00:00:00 2001
From: Mark McClain <mark@mcclain.xyz>
Date: Wed, 10 Feb 2016 13:28:21 -0500
Subject: [PATCH] add arp_responder flag to linuxbridge agent

When the ARP responder is enabled, secondary IP addresses explicitly
allowed by via the allowed-address-pairs extensions do not resolve.
This change adds the ability to enable the local ARP responder similar
to the feature in the OVS agent.  This change disables local ARP
responses by default, so ARP traffic will be sent over the overlay.

DocImpact
UpgradeImpact

Change-Id: I5da4afa44fc94032880ea59ec574df504470fb4a
Closes-Bug: 1445089
(cherry picked from commit bbd881f3a970143e1954cb277e5235dddd26c5d0)
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 etc/neutron/plugins/ml2/linuxbridge_agent.ini             | 5 +++++
 .../ml2/drivers/linuxbridge/agent/common/config.py        | 6 ++++++
 .../linuxbridge/agent/linuxbridge_neutron_agent.py        | 2 +-
 .../linuxbridge/agent/test_linuxbridge_neutron_agent.py   | 8 ++++++--
 .../linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml | 7 +++++++
 5 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml

diff --git a/etc/neutron/plugins/ml2/linuxbridge_agent.ini b/etc/neutron/plugins/ml2/linuxbridge_agent.ini
index 2ea019ed620..ee89ebe038a 100644
--- a/etc/neutron/plugins/ml2/linuxbridge_agent.ini
+++ b/etc/neutron/plugins/ml2/linuxbridge_agent.ini
@@ -40,6 +40,11 @@
 # iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10)
 # l2_population = False
 
+# (BoolOpt) Flag to disable local ARP responder which provides local responses
+# instead of performing ARP broadcast into the overlay. Enabling local ARP
+# responder is not fully compatible with the allowed-address-pairs extension.
+# arp_responder = True
+
 [agent]
 # Agent's polling interval in seconds
 # polling_interval = 2
diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py
index bb2c43d0035..1db42fb1adf 100644
--- a/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py
+++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py
@@ -41,6 +41,12 @@ vxlan_opts = [
                 help=_("Extension to use alongside ml2 plugin's l2population "
                        "mechanism driver. It enables the plugin to populate "
                        "VXLAN forwarding table.")),
+    cfg.BoolOpt('arp_responder', default=True,
+                help=_("Enable local ARP responder which provides local "
+                       "responses instead of performing ARP broadcast into "
+                       "the overlay. Enabling local ARP responder is not fully"
+                       "compatible with the allowed-address-pairs extension.")
+                ),
 ]
 
 bridge_opts = [
diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
index 960f9007498..5e0b1ed7248 100644
--- a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
+++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py
@@ -320,7 +320,7 @@ class LinuxBridgeManager(object):
             if cfg.CONF.VXLAN.tos:
                 args['tos'] = cfg.CONF.VXLAN.tos
             if cfg.CONF.VXLAN.l2_population:
-                args['proxy'] = True
+                args['proxy'] = cfg.CONF.VXLAN.arp_responder
             try:
                 int_vxlan = self.ip.add_vxlan(interface, segmentation_id,
                                               **args)
diff --git a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
index 1544824b878..8bcc92d321f 100644
--- a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
+++ b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py
@@ -738,7 +738,7 @@ class TestLinuxBridgeManager(base.BaseTestCase):
                 self.assertIsNone(self.lbm.ensure_vlan("eth0", "1"))
                 self.assertEqual(exec_fn.call_count, 3)
 
-    def test_ensure_vxlan(self):
+    def test_ensure_vxlan(self, expected_proxy=True):
         seg_id = "12345678"
         self.lbm.local_int = 'eth0'
         self.lbm.vxlan_mode = lconst.VXLAN_MCAST
@@ -760,7 +760,11 @@ class TestLinuxBridgeManager(base.BaseTestCase):
                 add_vxlan_fn.assert_called_with("vxlan-" + seg_id, seg_id,
                                                 group="224.0.0.1",
                                                 dev=self.lbm.local_int,
-                                                proxy=True)
+                                                proxy=expected_proxy)
+
+    def test_ensure_vxlan_arp_responder_disabled(self):
+        cfg.CONF.set_override('arp_responder', False, 'VXLAN')
+        self.test_ensure_vxlan(expected_proxy=False)
 
     def test_update_interface_ip_details(self):
         gwdict = dict(gateway='1.1.1.1',
diff --git a/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml b/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml
new file mode 100644
index 00000000000..a036c37d551
--- /dev/null
+++ b/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+    The Linuxbridge agent now supports the ability to toggle the local ARP
+    responder when L2Population is enabled. This ensures compatibility with
+    the allowed-address-pairs extension.
+  - closes bug 1445089
+