Commit Graph

523 Commits (master)

Author SHA1 Message Date
Rodolfo Alonso Hernandez 236f8d0b97 [OVN] Add a log message after the "post_fork_initialize" method
Related-Bug: #2036607
Change-Id: I84a7a6cff5921488686ebf9ab95aa270d22b4e31
2023-09-22 08:22:49 +00:00
Zuul a280a8d25f Merge "Check the device ID and host ID during virtual port binding" 2023-09-05 14:01:53 +00:00
Elvira García a3a113aedb [OVN] Fix rate and burst for stateless security groups
Right now, as per kernel limitation, the burst limit is not correctly
enforcing the rate and burst when using the ovn "log-related" option and
stateless security groups. We log exactly double the burst. Creating a
new meter that limits the rate and burst to half of the expected ones is
a workaround that solves the issue.

Closes-bug: #2032929

Signed-off-by: Elvira García <>
Change-Id: Ib0047d38c58bcebb23c8887e7934987ff8c8a432
2023-08-31 15:10:20 +02:00
Lucas Alvares Gomes 7f777c223e [OVN] Cleanup old Hash Ring node entries
This patch introduces a maintenance task that runs once a day and is
responsible for cleaning up Hash Ring nodes that haven't been updated in
5 days or more.

Change-Id: Ibed9e0d77500570c3d0f9f39bfe40cb9239d0d7a
Closes-Bug: #2033281
Signed-off-by: Lucas Alvares Gomes <>
2023-08-29 12:09:00 +01:00
Rodolfo Alonso Hernandez a3b00768d6 Check the device ID and host ID during virtual port binding
If a port receives a device ID and a binding profile host ID
fields update, at the same time, this is because Nova is trying
to bind the port to a VM (device ID) in a host (host ID). In
ML2/OVN, a virtual port cannot be bound to a VM.

* A virtual port can receive a host ID update. That happens when
  the fixed IP port that has the virtual port IP address as
  allowed address pair is bound.
* A virtual port can receive a devide ID update. Octavia uses
  the devide ID to identify to what load balancer the virtual
  port belongs.

This check was introduced in [1].


Closes-Bug: #2028651
Related-Bug: #2018529
Change-Id: I8784c6716f5a53b91d43323771e6f30fa8e8e506
2023-08-28 09:50:10 +00:00
Zuul 20e26f9bb6 Merge "[OVN] Skip the port status UP update during a live migration" 2023-08-25 18:01:17 +00:00
Zuul 3578543ce0 Merge "[OVN] Disable the mcast_flood_reports option for LSPs" 2023-08-25 10:15:54 +00:00
Rodolfo Alonso Hernandez e1f887ca9f [OVN] Skip the port status UP update during a live migration
Skip the port status UP update during a live migration due to a
``PortBindingChassisUpdateEvent`` event.

The port status will be set by  the ``LogicalSwitchPortCreateUpEvent``
and ``LogicalSwitchPortCreateDownEvent`` events, that will be issued
when the port is deleted from the source host and created in the
destination host. This is a planned operation and controlled by Nova,
not a reactive event due to an unplanned host down event.

Related-Bug: #2027605
Change-Id: I81390af2ea2fc384423518b84de3acf7adaf9193
2023-08-23 03:11:16 +00:00
Zuul e92e9463ac Merge "Create is_ovn_metadata_port() method" 2023-08-21 10:45:56 +00:00
Lucas Alvares Gomes 06dbc5227b [OVN] Disable the mcast_flood_reports option for LSPs
The mcast_flood_reports option was being enabled on LSPs as a workaround
for a problem in core OVN. The issue in core OVN has been fixed and this
workaround is now causing an increase in the number of actions on the
table 38 of OVN (at the risk of hitting a size limit).

This patch disables the mcast_flood_reports option on newer versions of
OVN while keeping the backward compatibility with the old ones.

Since the fix in core OVN does not expose any information to the CMS to
tell us that the issue is fixed this patch uses the NB DB schema version
to determine if this is an old or a new OVN version.

Change-Id: I8f3f0c2d516e37145eb298b8f51d92fe9905158a
Closes-Bug: #2026825
Signed-off-by: Lucas Alvares Gomes <>
2023-08-17 09:36:17 +01:00
Zuul 186e87e389 Merge "[OVN] ovn-db-sync check for router port differences" 2023-08-15 14:10:29 +00:00
Lucas Alvares Gomes 3044b938b9 [OVN] Retry retrieving LSP hosting information
There's a sync issue while trying to fetch the hosting information for
the LSP before we write it to the OVN database, sometimes the
information is not yet present and we end up with an empty string ("")
for the host attribute of portbindings. This patch adds a retry
mechanism to solve this sync issue.

Change-Id: I52ec4b346271889ebaa7b7f84981eae5503d02d3
Related-Bug: #2020058
Signed-off-by: Lucas Alvares Gomes <>
2023-08-10 13:51:12 +01:00
Lucas Alvares Gomes 4693836a1b [OVN] ovn-db-sync check for router port differences
Prior to this patch the ovn-db-sync script did not check if the router
ports were actually out-of-sync before marking them to be updated. This
behavior introduced irrelevant information in the sync report (specially
when ran in "log" mode) making the user think that the databases were
out-of-sync even when they were not.

This patch adds the code checking for differences in the Neutron Router
Ports and OVN Logical Router Port entries prior to updating them.

Change-Id: Id7bf5a6aa547795ba78724eed59ba9d4fb74f758
Closes-Bug: #2030773
Signed-off-by: Lucas Alvares Gomes <>
2023-08-09 15:10:05 +01:00
Brian Haley 5b7031841e Create is_ovn_metadata_port() method
There are a few different places that check if a port
is for OVN metadata. Create a common method in
neutron.common.ovn.utils so the same check is done in
all cases and change all current code to use it.


Change-Id: Id61a6af5f3c55d6caef273b70263ae3a6760c912
2023-08-03 17:29:15 -04:00
Zuul cbdde881a1 Merge "[OVN] Hash Ring: Better handle Neutron worker failures" 2023-08-02 18:09:28 +00:00
Zuul 62bbfad8ff Merge "Fix some new pylint "W" warnings" 2023-08-02 11:03:07 +00:00
Brian Haley 4757b46646 Fix some new pylint "W" warnings
After updating pylint, it started emitting additional "W"
warnings in some cases, fix some of them.



Change-Id: I7deb5f1e0aa2852cb033c78dcb4c8bc87e34be1e
2023-08-01 15:40:22 -04:00
Lucas Alvares Gomes 9e8e3a7867 [OVN] Hash Ring: Better handle Neutron worker failures
This patch implements a more resilient approach to handle the case
where Neutron API workers are killed and restarted. Instead of marking
all nodes for that host as offline, this patch tries to remove the
worker that was killed from the Hash Ring leaving all others nodes for
that host online.

In case the we fail to remove the node and another entry is added upon the
restart of the worker this patch also logs a clear critical log message to
alert the operator that there are more Hash Ring nodes than API workers
(it's expect to be the same) and that OVSDB events could go missing if
they are routed to the previous node that failed to be removed from the

Closes-Bug: #2024205
Change-Id: I4b7376cf7df45fcc6e487970b068d06b4e74e319
Signed-off-by: Lucas Alvares Gomes <>
2023-08-01 10:05:36 +01:00
Zuul d32c5f8f32 Merge "Fix some new pylint "R" warnings" 2023-07-28 06:58:46 +00:00
Miro Tomaska 321182980d Follow up on a small nit from patch 875989 [1]
Using boolean instead of an integer for one time resync


Change-Id: If4b03e42c5eaedad926e3b8efb8f72ed6872c9b6
2023-07-19 17:31:30 +00:00
Brian Haley 929b383743 Fix some new pylint "R" warnings
After updating pylint, it started emitting additional "R"
warnings in some cases, fix some of them.



Change-Id: Ife6565cefcc30b4e8a0df9121c9454cf744225df
2023-07-18 18:06:51 -04:00
Zuul b6a3315091 Merge "Fix ACL sync when default sg group is created" 2023-07-17 14:58:15 +00:00
Zuul 58c8493ff9 Merge "[neutron-api] remove leader_only for sb connection" 2023-07-12 10:29:57 +00:00
maximkorezkij a9c8bf5c06 [neutron-api] remove leader_only for sb connection
The maintenance worker from the neutron-api uses a southbound
connection. Since the southbound does not use any locking and all the
ovsdb locking is used for the northbound this changes should not have a
big impact.

This commit removes the leader_only flag for the maintenance worker.
This should also enable the neutron api to connect to relays instead of only
the sb directly.

Closes-Bug: #2022914
Change-Id: Ia7937390867e45af34ebcd65bd76fc89b6adafe9
Signed-off-by: maximkorezkij <>
2023-07-12 08:15:39 +02:00
Zuul eee897323c Merge "[OVN] Prevent binding a virtual type port" 2023-07-06 19:41:38 +00:00
Zuul bad15e38e2 Merge "[OVN][L3] Optimize FIP update operation" 2023-07-06 12:28:05 +00:00
Zuul 8850b588bb Merge "Set result when lswitch port exist" 2023-07-05 17:57:07 +00:00
Zuul dffc73ee7b Merge "Ensure traffic is not centralized if DVR is enabled" 2023-07-04 16:01:41 +00:00
zhouhenglc 65bbbcee76 Set result when lswitch port exist
A TypeError was thrown during a synchronization
command(neutron-ovn-db-sync-util) execution. From the code[1][2], it
can be seen. The result of the AddLSwitchPortCommand command will be
passed as a parameter to the UpdateLSwitchPortQosOptionsCommand. But
if the logical switch port exists, the result will not be set. Therefore,
when the UpdateLSwitchPortQosOptionsCommand is executed, the port_id
will not be obtained, thereby throwing an exception TypeError.
This patch sets the result when the logical switch port exists.

[1] b71f7ceb3e/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ (L488)
[2] b71f7ceb3e/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ (L505)

Closes-Bug: #2025202

Change-Id: Ie09d9d3e5efa8a57ad11655c2eb31d2604bab326
2023-07-04 19:24:01 +08:00
Rodolfo Alonso Hernandez 68ecae5ff9 [OVN] Prevent binding a virtual type port
A LSP is type=virtual when its IP address is used by other ports
as allowed address. If a LSP is type=virtual, this port cannot be
bound (that means cannot be used as a port for a virtual machine).

Closes-Bug: #2018529
Change-Id: I1943e6e0d7d8e255e95f93881cc3caec16ab67fe
2023-07-03 08:14:58 +00:00
Lucas Alvares Gomes 28926957d6 [OVN] Expose chassis hosting information in LSP
Expose chassis hosting information via LSP's external_ids. This allows
for projects such as ovn-bgp-agent NB driver that only connects to the
NB database to consume such information (avoiding more connections to
the SB database).

Also stop populating the "requested-chassis" options for ports of the
type virtual because it's ignored by OVN.

See LP #2020058 for more information.

Closes-Bug: #2020058
Change-Id: I1fb6a9ff94376ab5f695d311b6fa8034d73cf556
Signed-off-by: Lucas Alvares Gomes <>
2023-06-30 15:45:28 +01:00
Zuul d68f848b85 Merge "[OVN] Hash Ring: Set nodes as offline upon exit" 2023-06-29 12:45:42 +00:00
Zuul c192f9c168 Merge "[OVN] Remove SB "Chassis"/"Chassis_Private" duplicated registers" 2023-06-29 09:51:45 +00:00
Luis Tomas Bolivar 0090572b93 Ensure traffic is not centralized if DVR is enabled
There is no need to clear the external_mac if DVR is enabled, not
even when the port is down. This patch ensures the external_mac is
only deleted when DVR is not enabled.

Without this patch, if a VM with a floating IP gets deleted, and
DVR is enabled, during some time the traffic gets (wrongly)
centralized while it should not. And it is also generating more
load on the OVN side unnecesarily.

Closes-Bug: #2025264

Change-Id: I89db15dd1b629bc963f3b63926391a4a02cbedf7
2023-06-28 17:05:26 +02:00
Rodolfo Alonso Hernandez 7b85f9c244 [OVN][L3] Optimize FIP update operation
If the floating IP updates only the QoS policy, the method now
skips the OVN NAT rules update and updates only the QoS policy.
That avoids the OVN NAT rules deletion and creation and the
``FIPAddDeleteEvent`` event that deletes the MAC binding entries
for an active floating IP, causing a disruption.

Closes-Bug: #2025144

Change-Id: Ib9ec45d643c6162c526cd5a02db270094b575e34
2023-06-26 22:09:26 +00:00
Brian Haley 126d54badc Fix some new pylint "E" warnings
After updating pylint, it started emitting additional "E"
warnings in some cases, fix them.


These were associated with the OVN AgentCache code. Instead
of using a subscript, create get/delete methods to do the
same thing.


Re-factor some code so it's clear to pylint variables are
being assigned properly.


Change-Id: I4a5ccb7f33465705e59b5274c41db3c371862b1e
2023-06-22 20:41:29 -04:00
Rodolfo Alonso Hernandez 9d9f47c20c [OVN] Remove SB "Chassis"/"Chassis_Private" duplicated registers
A new OVN maintenance method is added. This method lists all existing
OVN SB Chassis registers and checks if any of them has the same
hostname. In case of having duplicated "Chassis"/"Chassis_Private"
registers, the maintenance method will remove those with older
(lower) timestamp, that is stored in
"Chassis_Private.nb_cfg_timestamp", leaving only the newer one.

Closes-Bug: #2016158
Change-Id: Ib3c6f0dc01efd31430691e720ba23ccb4ede65fa
2023-06-22 13:08:32 +00:00
Lucas Alvares Gomes f2e3ab3805 [OVN] Hash Ring: Set nodes as offline upon exit
This patch implements the proposed solution from LP #2024205 where upon
a Neutron being killed, it could trigger the deletion of the entries
from the ovn_hash_ring table that matches the server hostname. When
this happens on all controllers this could lead to the ovn_hash_ring
being rendered empty which will result in ML2/OVN not processing any
OVSDB events.

Instead of removing the nodes from the ovn_hash_ring table at exit, this
patch changes the code to just mark them as offline instead. That way,
the nodes will remain registered in the table and the heartbeat thread
will set them as online again on the next beat. If the service is
stopped properly there won't be any heartbeat anymore and the nodes will
be seeing as offline by the Hash Ring Manager (same as if they were

For more info see LP #2024205.

Closes-Bug: #2024205
Change-Id: I052841c87651773c4988fcf39f9f978094297704
Signed-off-by: Lucas Alvares Gomes <>
2023-06-21 15:20:35 +01:00
Zuul 31b425953d Merge "Delete the "Chassis_Private" register when deleting an agent" 2023-06-20 22:38:00 +00:00
Zuul 6baa186ece Merge "[OVN] The L3 scheduler does not use all chassis by default" 2023-06-09 20:37:12 +00:00
Rodolfo Alonso Hernandez 9ca0e34a5e Delete the "Chassis_Private" register when deleting an agent
The method ``delete_agent`` [1] now deletes both the OVN SB
"Chassis" and "Chassis_Private" registers when called.

[1]ad81687e29/neutron/plugins/ml2/drivers/ovn/mech_driver/ (L1400-L1401)

Closes-Bug: #2023171
Change-Id: Ibb1285f61c172d2b6e281f41315415ce8b8526e7
2023-06-09 11:52:38 +00:00
Zuul 7431d2f86e Merge "Improve the ``PortBindingUpdateVirtualPortsEvent`` match filter" 2023-06-06 18:34:22 +00:00
Zuul 5d80a01520 Merge "Move ``determine_bind_host`` to ``ovn.utils``" 2023-06-02 12:47:28 +00:00
Zuul 8828ec8dc9 Merge "Implement ``get_port_type_virtual_and_parents`` method" 2023-06-02 12:34:53 +00:00
Zuul 5bce1ff51a Merge "Implement ``get_subnets_address_scopes`` method" 2023-06-01 21:30:45 +00:00
Zuul 3fc97633a0 Merge "Revert "[OVN] Remove backwards compatibility with OVN < v20.09"" 2023-05-31 18:25:44 +00:00
Rodolfo Alonso f070ba6f9d Revert "[OVN] Remove backwards compatibility with OVN < v20.09"
This reverts commit be4e150de9.

Reason for revert: some CI gates (devstack for example) are still
using some OS (Ubuntu Focal) that provide older OVN version. On
these jobs we are not manually compiling OVN.

Change-Id: Ia716f73dffa94c9fecbcc1a7dd0f10cb62639671
2023-05-30 17:22:18 +00:00
Zuul 940a1b6cea Merge "Improve "sync_ha_chassis_group" method" 2023-05-30 10:07:42 +00:00
Zuul 167f4e4ab8 Merge "Handle no more IP addresses available during a network sync" 2023-05-29 19:23:03 +00:00
Zuul 19472f6584 Merge "[OVN] Remove backwards compatibility with OVN < v20.09" 2023-05-29 19:16:09 +00:00