diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/common/constants.py b/neutron/plugins/ml2/drivers/openvswitch/agent/common/constants.py index e22c0153a2f..3266bd3c7d3 100644 --- a/neutron/plugins/ml2/drivers/openvswitch/agent/common/constants.py +++ b/neutron/plugins/ml2/drivers/openvswitch/agent/common/constants.py @@ -189,6 +189,8 @@ OPENFLOW12 = "OpenFlow12" OPENFLOW13 = "OpenFlow13" OPENFLOW14 = "OpenFlow14" +OPENFLOW_MAX_PRIORITY = 65535 + # A placeholder for dead vlans. DEAD_VLAN_TAG = p_const.MAX_VLAN_TAG + 1 diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py b/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py index b6a8535481e..bcb1ee006fc 100644 --- a/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py +++ b/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py @@ -45,6 +45,9 @@ class OVSIntegrationBridge(ovs_bridge.OVSAgentBridge): self.install_goto(dest_table_id=constants.TRANSIENT_TABLE) self.install_normal(table_id=constants.TRANSIENT_TABLE, priority=3) self.install_drop(table_id=constants.ARP_SPOOF_TABLE) + self.install_drop(table_id=constants.LOCAL_SWITCHING, + priority=constants.OPENFLOW_MAX_PRIORITY, + vlan_vid=constants.DEAD_VLAN_TAG) def setup_canary_table(self): self.install_drop(constants.CANARY_TABLE) diff --git a/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_int.py b/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_int.py index d1e39e6d307..cd621c08d5d 100644 --- a/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_int.py +++ b/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_int.py @@ -37,6 +37,9 @@ class OVSIntegrationBridge(ovs_bridge.OVSAgentBridge): self.install_goto(dest_table_id=constants.TRANSIENT_TABLE) self.install_normal(table_id=constants.TRANSIENT_TABLE, priority=3) self.install_drop(table_id=constants.ARP_SPOOF_TABLE) + self.install_drop(table_id=constants.LOCAL_SWITCHING, + priority=constants.OPENFLOW_MAX_PRIORITY, + dl_vlan=constants.DEAD_VLAN_TAG) def setup_canary_table(self): self.install_drop(constants.CANARY_TABLE) diff --git a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/native/test_br_int.py b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/native/test_br_int.py index e0a238d2bf5..f6caf71d3da 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/native/test_br_int.py +++ b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/native/test_br_int.py @@ -64,6 +64,12 @@ class OVSIntegrationBridgeTest(ovs_bridge_test_base.OVSBridgeTestBase): match=ofpp.OFPMatch(), priority=0, table_id=24)), + call._send_msg(ofpp.OFPFlowMod(dp, + cookie=self.stamp, + instructions=[], + match=ofpp.OFPMatch(vlan_vid=4095), + priority=65535, + table_id=0)), ] self.assertEqual(expected, self.mock.mock_calls) diff --git a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/test_br_int.py b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/test_br_int.py index 83e319556a9..7c7850fc8c4 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/test_br_int.py +++ b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/test_br_int.py @@ -37,6 +37,8 @@ class OVSIntegrationBridgeTest(ovs_bridge_test_base.OVSBridgeTestBase): call.add_flow(priority=0, table=0, actions='resubmit(,60)'), call.add_flow(priority=3, table=60, actions='normal'), call.add_flow(priority=0, table=24, actions='drop'), + call.add_flow(actions='drop', dl_vlan=4095, + priority=65535, table=0) ] self.assertEqual(expected, self.mock.mock_calls)