Commit Graph

672 Commits (master)

Author SHA1 Message Date
Zuul 5813a83487 Merge "ovs-agent: React to DB down just like to server down" 2023-08-10 14:55:16 +00:00
Zuul 4554639cc2 Merge "dvr: Avoid installing non-dvr openflow rule on startup" 2023-08-01 21:10:46 +00:00
Zuul d32c5f8f32 Merge "Fix some new pylint "R" warnings" 2023-07-28 06:58:46 +00:00
Jakub Libosvar ba6f7bf83e dvr: Avoid installing non-dvr openflow rule on startup
The tunneling bridge uses different openflow rules depending if the
agent is running in DVR mode or not. With DVR enabled initial rule was
installed that caused traffic coming from the integration bridge to be
flooded to all tunnels. After a few miliseconds this flow was replaced
by a DVR specific flow, correctly dropping the traffic. This small time
window caused a network loop on the compute node with restarted agent.

This patch skips installing the non-dvr specific flow in case OVS agent
is working in DVR mode. Hence the traffic is never flooded to the

Closes-bug: #2028795

Signed-off-by: Jakub Libosvar <>
Change-Id: I3ce026054286c8e28ec1500f1a4aa607fe73f337
2023-07-27 18:29:58 +00:00
Bence Romsics 6c513217c2 ovs-agent: React to DB down just like to server down
When neutron-server is down, ovs-agent waits for it to become available
during agent startup. When neutron-server is up, but it cannot reach the
DB, it can do nothing pretty much the same way. However ovs-agent
reacted differently to this failure. With this patch it reacts the same
way and delays its startup until neutron-server is up together with its

Change-Id: Ia55e82540aedc236e9b016bb58047d0b437eeb99
Closes-Bug: #2025341
2023-07-25 12:10:14 +02:00
Brian Haley 929b383743 Fix some new pylint "R" warnings
After updating pylint, it started emitting additional "R"
warnings in some cases, fix some of them.



Change-Id: Ife6565cefcc30b4e8a0df9121c9454cf744225df
2023-07-18 18:06:51 -04:00
LIU Yulong 02b12b0917 Refactor for ovs qos driver meter limit features
Move common functions create/update/delete_packet_rate_limit
to the QosOVSAgentDriver, and keep special driver methods in
their own classes.

Closes-Bug: #1964342
Change-Id: I758c376f55b71d7159fa3f5d83e47d2b05da3218
2023-07-05 17:40:10 +08:00
Zuul de1a3a84b6 Merge "port-hint-ovs-tx-steering: agent side" 2023-05-22 12:23:16 +00:00
Zuul beabb51938 Merge "Notify neutron-server ovs is restarted" 2023-05-15 17:09:37 +00:00
LIU Yulong 7573fca58c Notify neutron-server ovs is restarted
If openvswitch is restarted, try to notify neutron-server
that to refresh tunnel flows for every ports.

Closes-Bug: #2004041
Change-Id: Iba0ae947e3595674e63b998826daae2582bb7668
2023-05-11 05:38:16 +00:00
Bence Romsics 6b55589ae0 port-hint-ovs-tx-steering: agent side
In ovs-agent extract `other_config` from port `hints` and set/clear
ovs `other_config` accordingly.

Change-Id: I1106bc03061fd62e9baadadbe2bb4aaa8c3a6b1d
Partial-Bug: #1990842
Related-Change (spec):
2023-05-09 11:49:17 +02:00
LIU Yulong 5a17f2b24a Pass physical bridge informations to OVS agent extension API
The metadata agent extension needs the patch ports informations
between br-int and br-meta to add direct flows.

Partially-Implements: blueprint distributed-metadata-datapath
Change-Id: I58f3813ed9a4c4006ebb62e613ef4dc07a17a23b
2023-04-06 09:32:27 +08:00
Sahid Orentino Ferdjaoui cf96bd8bdf ovs: fix regression when vlan mapping is not already registered
Bug introduced by Ic3c147136549b17aea0fe78e930a41a5b33ab9d8, when a
VLAN mapping is not registered during a call to
update_network_segement, the function should return None.

Closes-Bug: #2009215
Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: I91f8e8bd18d9956216e5715c658dfb408a2cbf07
2023-03-07 08:37:54 +00:00
Zuul c078c6569f Merge "Support for minimum bandwidth rules in tunnelled networks" 2023-01-16 18:59:59 +00:00
Zuul 1374b01cfb Merge "Discard port with ofport -1 in _get_ofport_moves" 2023-01-09 06:33:29 +00:00
Rodolfo Alonso Hernandez 3ebdfe612a Support for minimum bandwidth rules in tunnelled networks
This patch adds support for QoS minimum bandwidth rules in tunnelled
networks. Now the ML2/OVS and ML2/OVN mechanism drivers can represent
in the Placement API the available bandwidth of the tunnelled networks
in each compute host.

Both mechanism drivers represent the compute VTEP (VXLAN) or TEP
(Geneve) interface as an IP address. This new resource provider
(by default called "rp_tunnelled") represents the available bandwidth
of this interface. Any new port created in a compute node that belongs
to a tunnelled network, will request to the Placement API the
corresponding bandwidth from the resource provider inventory.

This patch does not provide backend enforcement support for minimum
bandwidth rules.

RFE spec:

What is missing and will be added in next patches:
* Tempest tests, that will be pushed to the corresponding repository.


Partial-Bug: #1991965
Related-Bug: #1578989
Change-Id: I3bfc2c0f9566bcc6861ca91339e32257ea92c7e9
2023-01-02 11:14:50 +00:00
Zuul 2751d75383 Merge "Fix some pylint indentation warnings" 2022-12-20 20:45:51 +00:00
Brian Haley 86badcfe2d Fix some pylint indentation warnings
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
some remaining ones in miscellaneous directories.

Also cleanup any remaining code that I missed in this
series, or has changed since I started.


Change-Id: I17b4779020a7bfb369c3e721ab6638cd4a6ab50c
2022-12-12 11:48:25 -05:00
LIU Yulong dad23fdcdb Strictly delete arp_spoofing_protection flows
Port arp_spoofing_protection will install flows like this:
table=0, priority=9,in_port=2 actions=goto_table:25
table=25, priority=2,in_port=2,dl_src=fa:16:3e:54:f0:71 actions=goto_table:60

For network ports or port_security_enabled = False, those flows
will be delete by setup_arp_spoofing_protection in _bind_devices.

But the delete actions are a bit rough because it will delete any
flows with "table=0 in_port=2" and "table=25 in_port=2".

Besides, the ovs_agent extension handle_port will be run before
these actions [5]. So network or no security ports, if any flows
added by agent extesnion in table=0 with "in_port=2" will be delete
unexpectedly. Which also means any flows added before this call of
"uninstall_flows(table=0, in_port=2)" will be deleted.

This patch changes the uninstall flows to strict mode. Let it
delete the arp_spoofing_protection related flows only by verifying
the priority.

Closes-Bug: #2000046
Change-Id: Ifdd47b2ce8610e4b4b527fc3279e0bd7a8b21a1d
2022-12-19 15:32:46 +08:00
Arnaud Morin f22aa5dfdd Discard port with ofport -1 in _get_ofport_moves
When libvirt (nova) detach a port on OVS bridge, two events are sent:
* one event with 2 actions "old" and "new": a change on ofport (from a
  regular value to -1)
* a second event with action "delete"

If, for some reason, the second event is delayed, the rpc_loop iteration
will consider this port as "updated" instead of "deleted".
But, because ofport == -1, the port update will be discarded, and
finally removed from port_info["current"].

As a result, on next iteration, the deletion wont be performed.

Most of the time, we endup with some leftovers (like openflow rules,

The purpose of this patch is very simple, when looping over ports in
_get_ofport_moves, we will discards the ports that have ofport == -1, so
the port will not be considered as updated and next iteration will be
able to delete it correctly.

Closes-Bug: #1992109

Change-Id: Ib4a7183867e1b21810b6915a475a234278bf884c
Signed-off-by: Arnaud Morin <>
2022-12-05 10:34:26 +01:00
Zuul 1434a1e5dd Merge "Refactor for meter ID Generator" 2022-11-29 04:40:39 +00:00
LIU Yulong c3ebefa5f7 Refactor for meter ID Generator
Add a Singleton meter ID Generator for both bandwidth limit
and packet rate limit, because for one bridge the meter ID
is a sharing range.

Closes-Bug: #1964342
Change-Id: Ibb9762d57913ea701dcf2746a0e0db74c6a7ca01
2022-11-16 09:32:04 +08:00
Brian Haley b1714a2b9d Fix some pylint indentation warnings
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
the ones in neutron/plugins.


Change-Id: Id9138652f5f07ef12fa682e182fe210019e8f975
2022-11-03 22:27:55 -04:00
Slawek Kaplonski 8fcf00a36d Disable in-band management for bridges before setting up controllers
Disabling in-band management for bridge will effectively disable it for
all controllers which are or will be set for the bridge. This will
prevent us from having short time between configuring controller and
setting connection_mode of the controller to "out-of-band" when
controller works in the default "in-band" connection mode and adds some
hidden flows to the bridge.

Closes-Bug: #1992953
Change-Id: Ibca81eb59fbfad71f223832228f408fb248c5dfa
2022-10-16 08:51:16 +00:00
elajkat 7c1a894ce5 Nit: network_update in ovs_neutron_agent has a bad LOG
The log entry had %(tag)s but the dict has 'segmentation_id' as key,
so let's change tag to segmentation_id.

Change-Id: Ic6e82a31efe7798c9ec0c5e6bc743db4c280fd1a
Partial-Bug: #1956435
Partial-Bug: #1764738
2022-10-13 14:30:17 +02:00
Felix Huettner 2402145713 Cleanup fanout queues on ovs agent stop (part 2)
As a followup from the previous commit we here now also cleanup the
SubPort an Trunk fanout queues.

Closes-Bug: #1586731
Change-Id: I047603b647dec7787c2471d9edb70fa4ec599a2a
2022-09-09 09:03:45 +02:00
Felix Huettner 9ff46546cb Cleanup fanout queues on ovs agent stop
Previously when a neutron-openvswitch-agent was stopped it left
behind the following fanout queues in rabbitmq:

In this change we ensure that all but the SubPort and Trunk fanout
queues are correctly removed from rabbitmq by cleanly stopping the
RemoteResourceCache when the agent stops.

Partial-Bug: #1586731
Change-Id: I672f9414a1a8ed91e259e9379ca707a70f6b4467
2022-09-09 09:03:45 +02:00
Sahid Orentino Ferdjaoui 7a1e253851 ovs: use a local vlan per network/segmentation
This is using changes introduced before to support for a network more
than one vlan.

Partial-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: Ifd61e379c3cef3589803c96a276da9827051f660
2022-09-01 14:48:54 +02:00
Sahid Orentino Ferdjaoui 6ec0bc70a7 ovs: make vlanmanager to handle more vlan mapping per network
This change is updating the vlanmanager data structure to handle for a
given network more than one vlan mapping. This is a prerequisite work
needed to progress on accepting several segments per network per

The work done here is trying to avoid changing logic in the
current implementation. Unit test should not have value updated,
but probably signatures changed.

Partial-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: Ic3c147136549b17aea0fe78e930a41a5b33ab9d8
2022-09-01 14:48:08 +02:00
Zuul bc94e29361 Merge "Remove ovs agent's common constants module" 2022-08-09 13:17:20 +00:00
Slawek Kaplonski d82647215c Remove ovs agent's common constants module
It was rehomed to neutron_lib.constants and it's available in
neutron_lib already.

Change-Id: If91a5259b84e1a27b04f51f9ac7f496cec0ecc60
2022-08-01 14:09:46 +02:00
Sahid Orentino Ferdjaoui 672f949d95 ovs: add fdb_entries details to the logs
This is adding fdb entries in log add/dev/upt log messages.

Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: I3e72d6bc871c2cb54fc2f479e67cc222a397394c
2022-08-01 10:33:22 +02:00
Sahid Orentino Ferdjaoui 6037190580 ovs: remove unecessary condition on undefined variable
Based on current alorithm it seems that vif_port may never be None.

Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: I50f2b65f0bbefe8b7f7598876cd7804d17ccdb02
2022-08-01 10:33:22 +02:00
Sahid Orentino Ferdjaoui 5848c0dd1c ovs: improve log message when ofport is not configured
This switch the warning to error as we may be in a sitation of no
connectivity and this should never happen.

Also improves the condition for an ofport invalid.

Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: Ic6bd7bfadcba8deb132d8af3e295ec25a8d64b50
2022-07-21 08:18:41 +02:00
Rajesh Tailor 8ab5ee1d17 Fix remaining typos in comments and tests
Change-Id: I872422cffd1f9a2e59b5e18a86695e5cb6edc2cd
2022-07-06 21:20:27 +05:30
Sahid Orentino Ferdjaoui 1bfbc33ce0 ovs: handle segmentation ids per network ports
This is changing the datastructure that maintains the relationship
between ports and networks to also handle the segmenation ids related.

This will be necessary in future to support multiple segments per
networks on a same physical provider network.

Partial-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: Iaf40ddc20692a3a51a8d5f5acfc2094b2d5c00c4
2022-06-30 19:41:33 +02:00
Sahid Orentino Ferdjaoui c9abb2cec3 ovs: remove unused function _get_port_local_vlan
Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: I611ed3233ea689fe3a7218f0cca7e9b0a44aa9ce
2022-06-30 19:32:40 +02:00
Takashi Kajinami 17106dc6f5 ml2: Use the base module to register common ml2 agent config
The neutron.plugins.ml2.drivers.agent.config module registers options
commonly used by the ml2 agents but in fact it is used only by linux
bridge agent and macvtap agent.

This change makes all ml2 agents use that base module consistently in
individual config modules.

Change-Id: Ib3ec8a8eaf347721bb06f092a0887e62f3a6bffd
2022-06-24 12:58:31 +00:00
Slawek Kaplonski a22d6d6a95 Use ovs constants from neutron-lib
Ovs constants were moved from neutron to neutron_lib some time ago.
This patch switches to use them from neutron-lib already.

That decision was agreed during the Neutron team meeting. See [1] for



Change-Id: I2fd1954bec6a52856195190441d77ac8b7d97055
2022-06-17 10:36:44 +05:30
Zuul 0e40dfe862 Merge "Support pps limitation for openvswitch agent" 2022-06-14 16:58:27 +00:00
Zuul d76eab3122 Merge "Meter flows and ovsdb action for ovs bridge" 2022-06-14 16:58:22 +00:00
LIU Yulong 5765186516 Support pps limitation for openvswitch agent
Add packet rate limit rule to the openvswitch QoS
driver SUPPORTED_RULES list. This patch adds the
ability to limit neutron port packet I/O rate. We
will leverage the ovs meter to achieve the limitation.

The meter action is only supoorted when datapath is
in user mode (with ovs >= 2.7) or ovs kernel datapath with
kernel version >= 4.15 (and ovs >= 2.10).


Partially-Implements: bp/packet-rate-limit
Related-Bug: #1938966
Related-Bug: #1912460
Change-Id: Ib6341ad539afc9f94f1783a721cf5f793ccdc7d8
2022-05-07 13:11:46 +08:00
LIU Yulong 0232ead2c3 Meter flows and ovsdb action for ovs bridge
Add meter flows actions and ovsdb actions for pps
limitation. Meter flow actions are:
* list_meter_features
* create_meter
* delete_meter
* update_meter
* apply_meter_to_port
* remove_meter_from_port

Ovsdb actions are:
* get_port_tag_by_name
* get_value_from_other_config
* set_value_to_other_config
* remove_value_from_other_config

Partially-Implements: bp/packet-rate-limit
Related-Bug: #1938966
Related-Bug: #1912460
Change-Id: Idc9a2b1f39964fc3b603310ac7f22c1bc58d27f7
2022-05-07 13:09:39 +08:00
Sahid Orentino Ferdjaoui 601eeca281 ovs: add complete details to the log
Signed-off-by: Sahid Orentino Ferdjaoui <>
Change-Id: I48e6aaf97b57ff6ae0f23842510e2ebd5f534c6c
2022-05-04 16:34:15 +02:00
Rodolfo Alonso Hernandez 141f372c82 [OVS] Do not shadow "l2_agent_extensions_manager" module
"OVSNeutronAgent" input variable "ext_manager" was shadowing the
renamed module "l2_agent_extensions_manager".


Change-Id: Ib54f2d93630d81beab4fe533bbd9e1f51c6ce76e
2022-04-26 16:35:23 +00:00
Zuul bdd6d4daee Merge "Remove useless function _add_port_tag_info" 2022-04-21 09:09:33 +00:00
Zuul 0355ea6f37 Merge "Remove block flow when port UP" 2022-04-20 12:21:52 +00:00
LIU Yulong c4adec924a Remove useless function _add_port_tag_info
This reverts commit: b83fedbd78.

Since port is set to dead by default after the commits of:

And we add the local vlan tag to the port right after it is
bound to aviod trunk port flood issue:

So that _add_port_tag_info function is not necessary anymore,
and we will save a large OVSDB read action which is dumping
the entire table of Port, for hosts with a huge number of
ports this is time-comsuming. So removed it.

Related-Bug: #1968896
Related-Bug: #1952567
Change-Id: Iefd765d497c7e2d4bb093052478185125b907025
2022-04-20 09:24:48 +08:00
LIU Yulong 8dfb24a933 Remove block flow when port UP
Port admin state down will add 4095 tag to it while
it is adding a drop flow for this ofport.

When port is back UP again, remove the drop flow.

Closes-bug: #1968896
Change-Id: Ie8f67def69ae0e5d425d0e6fc43e35373a96bd88
2022-04-20 09:24:45 +08:00
Jakub Libosvar 4d3a274765 Don't register config options on imports
Importing some modules lead to registering config options that may
collide with config options from a project that calls the import. This
patch wraps the side effect that registers config options into a
function that needs to be called in case the caller wants to register
the options.

This solution is also not perfect as it guards the common options to be
registered only once even if the function is called multiple times. This
is to solve problems in unittests, ideally we should always call the
function just once even in our testing suites.

Resolves-Bug: #1968606
Change-Id: Ic1532eb8de887ff1b1085206df11f53e22f7f524
Signed-off-by: Jakub Libosvar <>
2022-04-13 05:49:15 +00:00