Commit Graph

40 Commits (1c2e10f8595d2286bd9bec513bc5a346a84a6f7c)

Author SHA1 Message Date
LIU Yulong eaf3ff5786 Ignore first local port update notification
Ovs-agent will scan and process the ports during the
first rpc_loop, and a local port update notification
will be sent out. This will cause these ports to
be processed again in the ovs-agent next (second)
This patch passes the restart flag (iteration num 0)
to the local port_update call trace. After this patch,
the local port_update notification will be ignored in
the first RPC loop.

Related-Bug: #1813703
Change-Id: Ic5bf718cfd056f805741892a91a8d45f7a6e0db3
2019-07-04 12:06:11 +00:00
Ihar Hrachyshka 4aeec20001 Drop of_interface option
Default value for "of_interface" config option was switched
to "native" in Pike release.
In the same release this option was deprecated to removal.
Now it's time to remove it and force use of "native" driver to
manage openflows.

Change-Id: Ic900209868acfbe3bbb56fabbbf5c4472857e412
Co-Authored-By: Ihar Hrachyshka <>
Co-Authored-By: Slawek Kaplonski <>
2019-05-24 10:33:48 +02:00
LIU Yulong a5244d6d44 More accurate agent restart state transfer
Ovs-agent can be very time-consuming in handling a large number
of ports. At this point, the ovs-agent status report may have
exceeded the set timeout value. Some flows updating operations
will not be triggerred. This results in flows loss during agent
restart, especially for hosts to hosts of vxlan tunnel flow.

This fix will let the ovs-agent explicitly, in the first rpc loop,
indicate that the status is restarted. Then l2pop will be required
to update fdb entries.

Closes-Bug: #1813703
Closes-Bug: #1813714
Closes-Bug: #1813715
Closes-Bug: #1794991
Closes-Bug: #1799178

Change-Id: I8edc2deb509216add1fb21e1893f1c17dda80961
2019-03-21 15:12:31 +00:00
Rodolfo Alonso Hernandez 92f1281b69 Add a more robust method to check OVSDB values in BaseOVSTestCase
Sometimes, when the OVSDB is too loaded (that could happen during the
functional tests), there is a delay between the OVSDB post transaction
end and when the register (new or updated) can be read. Although this is
something that should not happen (considering the OVSDB is transactional),
tests should deal with this inconvenience and provide a robust method to
retrieve a value and at the same time check the value. This new method
should provide a retrieving mechanism to read again the value in case of

In order to solve the gate problem ASAP, another bug is fixed in this
patch: to skip the QoS removal when OVS agent is initialized during
funtional tests

When executing functional tests, several OVS QoS policies specific for
minimum bandwidth rules [1]. Because during the functional tests
execution several threads can create more than one minimum bandwidth
QoS policy (something in a production environment cannot happen), the
OVS QoS driver must skip the execution of [2] to avoid removing other
QoS created in parellel in other tests.

This patch is marking as unstable "test_min_bw_qos_policy_rule_lifecycle"
and "test_bw_limit_qos_port_removed". Those tests will be investigated
once the CI gates are stable.

[1] Those QoS policies are created only to hold minimum bandwidth rules.
    Those policies are marked with:
       external_ids: {'_type'='minimum_bandwidth'}
[2] d6fba30781/neutron/plugins/ml2/drivers/openvswitch/agent/extension_drivers/ (L43)

Closes-Bug: #1818613
Closes-Bug: #1818859
Related-Bug: #1819125

Change-Id: Ia725cc1b36bc3630d2891f86f76b13c16f6cc37c
2019-03-09 15:46:59 +00:00
Lucian Petrut 585b6f0af7 Windows OVS: minimize polling
Now, that the ovsdb monitor is also available on Windows, we can
use it on Windows as well, minimizing polling.

We're simply moving the bits to the common polling module.

Change-Id: Ia12ad970085f2cff8c8ac5b7d3d69e7dc9214c40
2018-08-14 09:54:07 +03:00
Miguel Angel Ajo 88f5e11d8b Avoid agents adding ports as trunk by default.
Agent OVS interface code adds ports without a vlan tag,
if neutron-openvswitch-agent fails to set the tag, or takes
too long, the port will be a trunk port, receiving
traffic from the external network or any other port
sending traffic on br-int.

Also, those kinds of ports are triggering a code path
on the ovs-vswitchd revalidator thread which can eventually
hog the CPU of the host (that's a bug under investigation [1])


Co-Authored-By: Slawek Kaplonski <>
Change-Id: I024bbbdf7059835b2f23c264b48478c71633a43c
Closes-Bug: 1767422
2018-05-09 14:07:27 +02:00
Ali Sanhaji 6bf0788da0 Adding DSCP mark and inheritance in OVS and LB tunnels outer header
Adding ability to set DSCP field in OVS tunnels outer header, or
inherit it from the inner header's DSCP value for OVS and linuxbridge.

Change-Id: Ia59753ded73cd23019605668e60cfbc8841e803d
Closes-Bug: #1692951
2018-01-17 10:54:46 +01:00
Boden R 95f1e03446 use plugin constants from neutron-lib
neutron-lib contains a number of the plugin related constants from
neutron.plugins.common.constants. This patch consumes those constants
from neutron-lib and removes them from neutron. In addition the notion
of the dummy plugin service type is moved strictly into the test
package of neutron since it's not a real service plugin.


Change-Id: I767c626f3fe6159ab3abd6a7ae3cb9893b79bf66
2017-10-16 09:32:20 -06:00
Ihar Hrachyshka 45be804b40 ovs: log config options when all of them are registered
Otherwise we don't see some of them for the agent, for example,
AGENT.root_helper is missing.

To make sure the logging is as early as possible, and to make sure that
options that may be registered by extensions are also logged, some
refactoring was applied to the code to move the extension manager
loading as early as possible, even before agent's __init__ is called.

Related-Bug: #1718767
Change-Id: I823150cf6406f709d1e4ffa74897d598e80f5329
2017-09-22 14:13:05 +00:00
sindhu devale 51ca683797 Refactoring agent linux&ovsdb config
Refactoring neutron agent linux and ovsdb config opts
to be in neutron/conf/agent so that all the config options
reside in a centralized location. This simplifies the
process of looking up the config opts and provides an easy
way to import.


Change-Id: Ib1e0e63dec2985c417412d1ecc68e2a74ef87182
Partial-Bug: #1563069
2017-08-25 10:41:39 -04:00
Kevin Benton 01a97d926c Remove deprecated prevent_arp_spoofing option
This was deprecated over a year ago in [1] so let's
get rid of it to clean up some code.

1. Ib63ba8ae7050465a0786ea3d50c65f413f4ebe38

Change-Id: I6039fb7e743c5d9a1a313e3c174ada36c9874c70
2017-07-20 13:57:14 -07:00
John Perkins 7f23ccce23 Agent common config
Refactoring Neutron configuration options for agent common config to be
in neutron/conf/agent/common. This will allow centralization of all
configuration options and provide an easy way to import.

Partial-Bug: #1563069
Change-Id: Iebac0cdd3bcfd0135349128921b7ad7a1a939ab8
Needed-By: Ib676003bbe909b5a9013a3178b12dbe291d936af
2017-03-15 09:52:18 -06:00
Trevor McCasland ae3b344be3 use neutron_lib's get_random_mac
Neutron-lib 1.1.0 is now out and contains the get_random_mac
definition[1]. This patch moves neutron references over to
the neutron-lib version.


[1] ee0f5b2ab27c828cfedb771735d237a968423da2

Change-Id: I28a2a1d85a85461f7a4344b86d18da7f68066c95
2017-03-07 09:13:47 -06:00
Bernard Cafarelli a8b6a597b6 Revert "Setup firewall filters only for required ports"
This reverts commit 75edc1ff28.

Ports with port security disabled require firewall entries in
neutron-openvswi-FORWARD chain to work properly.
Ports created with no security groups will not get skipped with current
With fixed security groups check, these ports' security groups can not
be updated after creation.

Change-Id: I95ddbe38d8ac8a927a860a98f54e41e17fb71d43
Closes-Bug: #1549443
2017-01-16 03:06:21 +00:00
Aradhana Singh 42031f7547 Refactoring config opts for ml2 plugin openvswitch
Refactoring ml2 plugin openvswitch driver configuration options to be
in neutron/conf/plugins/ml2/drivers. This would allow centralization
of all configuration options and provides an easy way to import.

Change-Id: Ie8c6023b2d012eae7ecdb99d5d413956608f4294
Partial-Bug: #1563069
2016-12-01 11:13:54 -06:00
rossella 08f2af18f9 Handle add/remove subports events loss due to agent failures
Upon restart the agent reconciles the logical with the physical
state by removing/adding physical subports that are used to
be/are current present in the logical view.

This patch adds a functional test to demonstrate that there's
no need to handle the resync in the trunk driver, since the ovs
agent already takes care of it.

Change-Id: I164153c79313f2ae7a1fca0414736d5987656185
Partially-implements: blueprint vlan-aware-vms
Partial-bug: #1623708
2016-09-23 14:24:38 +00:00
Ihar Hrachyshka 31e1aeb66b Forbid importing neutron.tests.* from outside tests subtree
neutron-sanity-check tool was importing neutron.tests.base module, which
may be not present on some systems (f.e. RDO splits neutron/tests/
subtree in a separate python-neutron-tests package). It made the tool
not usable in some setups.

This is not the first time when we by mistake import from
neutron.tests.* and break distributions. It's time to stop it by
proactively forbidding that pattern via a new hacking check.

Some functions were moved from neutron.tests.base to
neutron.common.utils to fulfill the need requirement. They were moved
using debtcollector, no current consumers should be affected.

Closes-Bug: #1621782
Change-Id: I790777ddcbd1b02218b3db54ae3d5c931d72d4fa
2016-09-15 18:42:45 +00:00
Anindita Das 414ceed4f3 Refactoring config options for common config opts
Refactoring neutron common config opts to be in neutron/conf/common so
that all the configuration options reside in a centralized location.
This simplifies the process of looking up the config opts and provides
an easy way to import.

Moved conf/common/ to conf/ as per review comments.

Partial-Bug: #1563069

Change-Id: Ib5fa294906549237630f87b9c848eebe0644088c
2016-07-26 15:55:49 +00:00
Jenkins 122a971656 Merge "Generalize agent extension mechanism" 2016-07-19 17:14:34 +00:00
Nate Johnston 01a6c9c426 Generalize agent extension mechanism
This change generalizes agent extension code so that all agents can take
advantage of a common mechanism.

Co-Authored-By: Margaret Frances <>

Partially-Implements: blueprint l3-agent-extensions

Change-Id: I9380343c09d28eec67077c9e6d77c33a195e516b
2016-07-19 13:45:22 +00:00
Edan David 151d94521f Replace device owners hard coded strings to neutron_lib constants
Change-Id: I821f0def82164ab1303188d3f1bdfd85473470cd
2016-07-12 04:11:35 -04:00
Jakub Libosvar a626172706 Move wait_until_true to neutron.common.utils
We need to be able to re-use wait_until_true in tempest scenario tests.
There is tempest bug
that prevents us to do so.

Also wait_until_true is not linux specific so it makes more sense to
have it in common package.

Change-Id: Ib8b0e51dbd9edaa58391774d428a737836dfdf77
2016-06-27 11:40:11 +00:00
Frode Nordahl 773394a188 OVS: Add support for IPv6 addresses as tunnel endpoints
Remove IPv4 restriction for local_ip configuration statement.

Check for IP version mismatch of local_ip and remote_ip before creating

Create hash of remote IPv6 address for OVS interface/port name with least
posibility for collissions.

Fix existing tests that fail because of the added check for IP version
and subsequently valid IP addresses in _setup_tunnel_port.


Change-Id: I9ec137ef8c688b678a0c61f07e9a01382acbeb13
Closes-Bug: #1525895
2016-05-03 21:07:21 -04:00
Henry Gessau 4148a347b3 Use constants from neutron-lib
With this we enable the deprecation warnings by default.

Related-Blueprint: neutron-lib

Change-Id: I5b9e53751dd164010e5bbeb15f534ac0fe2a5105
2016-04-23 21:23:56 -04:00
Hynek Mlnarik cacde308ee Cleanup stale OVS flows for physical bridges
Perform deletion of the stale flows in physical bridges consistently with
br-int and br-tun, respecting drop_flows_on_start configuration option.
Added tests for auxiliary bridge and functional tests for the physical
bridge using VLAN/flat external network. Fixes part of the bug 1514056;
together with [1] and [2], the bug should be considered fixed.

The commit also fixes inconsistency between netmask of allocated IP
addresses assigned in _create_test_port_dict and ip_len in _plug_ports


Co-Authored-By: Jian Wen <>
Partial-Bug: 1514056
Change-Id: I9801b76829021c9a0e6358982e1136637634a521
2016-03-31 12:30:23 +00:00
rossella 584faf47e2 Don't sync all devices when some fail
With the new RPC calls get_devices_details_and_failed_devices
and update_device_list the agent gets a list of devices
for which some operation failed. The agent can now make use
of this information and instead of syncing all the devices
can sync only those which failed.
With the current change if a device keeps failing, the agent
will try to sync it forever. In a following patch I will limit
the number of retrials.

Partially-Implements: blueprint restructure-l2-agent
Change-Id: I295dc79031a0547f8687c5835c7ba7bbc43df36d
2016-01-18 14:32:55 +00:00
Terry Wilson 71fa182000 Make sure datapath_type is updated on bridges changed
When changing datapath_type in the config, physical and tunnel bridges
do not have their datapath_type updated. Calling create() on already
created bridges should be safe as it passes '--may-exist' when adding
the bridge, which will do nothing if the bridge already exists, but
the second part of the transaction will still update things like

It should be noted that ancillary bridges (like br-ex) are not
modified by this patch as datapath_type was never applied to them to
begin with.

Incidentally, the native and vsctl versions behaved slightly
differently when handling datapath_type: vsctl builds the multi-cmd
transaction with add-br ... -- set ..., so that the second cmd would
actually complete. The native just bailed if may_exist and the bridge
existed. This is fixed as part of this patch.

Change-Id: Ib8bc817c7bc724d80193d0ca7af480a7ea103f77
Closes-Bug: 1532273
2016-01-12 16:10:49 +00:00
ChangBo Guo(gcb) 06174a41e4 Trival: Remove unused logging import
Change-Id: I13298e642f25c9f70dcff9b1e056b418edf0a461
2015-12-26 12:49:56 +08:00
rossella ccdf211b4c Revert "Revert "OVS agent reacts to events instead of polling""
The original change had to be reverted because it caused
tests failing in the gate. The failures were due to the
fact that when a port was not ready, an exception was
thrown to trigger a full resync of the agent. This
behavior was meant to be temporary and was fixed in a
dependent patch that was not merged though. This revert
moves the handling of not ready ports in this patch.
It also refactors the unit tests a bit.

This reverts commit e7270d9505.

Change-Id: I6574cef3c95525ace6a98cf968ee159190681394
2015-12-02 08:23:42 +00:00
Sergey Belous a88fdfc8e1 Refactor OVS-agent init-method
Removed create_agent_config_map method which creates specific
configurations dictionary according to cfg.CONF and call the OVS-agent
with that structure. Passing oslo_config directly to init-method
of OVS-agent is more straightforward and makes it more testable.
Also refactored unit and functional tests of OVS-agent in accordance
with the changes in init-method.

Closes-bug: #1464394
Change-Id: I88742e4d454709e35481f2c505c9d64995497cac
2015-11-23 16:29:46 +03:00
Yi Zhao 0be80d2041 Fix some reST field lists in docstrings
This patch updates some docstrings to comply with the reST field
lists syntax.

Change-Id: I1b4469f3c90915cdfd6462c0517f6924b263fef6
2015-11-15 08:54:32 +08:00
Armando Migliaccio e7270d9505 Revert "OVS agent reacts to events instead of polling"
This might be associated to manifestation of bug #1514935

This reverts commit 1992d52d63.

Closes-Bug: #1514935
Change-Id: If01cc87b6735e1bc039f99c4c6121e7c5ce547d0
2015-11-11 05:16:53 +00:00
rossella 1992d52d63 OVS agent reacts to events instead of polling
OVSDB monitor generates the events that the OVS agent
needs to process (device added or updated). Instead of
polling the agent processes the queue of events.

Change-Id: I168a3cc3aa96a809153a30635ad7bda29e8ee47c
Partially-Implements: blueprint restructure-l2-agent
2015-11-05 18:40:24 +01:00
Gary Kotton 6af52340ff Fix usage of mutable object as default value
Commit 0a300a2277 added a bad parameter.
Please see

Change-Id: I0550c4c86774f8761287c596350f7461fec05fe4
2015-10-29 06:48:48 -07:00
Paul Ward 0a300a2277 Better tolerate deleted OVS ports in OVS agent
This change will not force a resync in the case where a virtual machine is
deleted, and therefore its OVS port deleted, in between the time an RPC
call was made to get the devices and where we make the call to correlate
those devices to vif ports.

Change-Id: Ie55eb69ad7ee177f0cf8ee8fc7fc585fbd0d4a22
Closes-Bug: #1499488
2015-10-22 14:45:42 -05:00
YAMAMOTO Takashi cd0ba162ae OVSAgentTestFramework: Remove _bind_ports
As it isn't used anymore.

Related-bug: #1475498
Change-Id: I33cf1b41d77b39b8f28f1809d3c7d5a8457e2718
2015-09-10 12:00:16 +09:00
Jenkins 6616c9f745 Merge "Graceful ovs-agent restart" 2015-08-21 00:47:56 +00:00
Eugene Nikanorov 73673beacd Graceful ovs-agent restart
When agent is restarted it drops all existing flows. This
breaks all networking until the flows are re-created.

This change adds an ability to drop only old flows.
Agent_uuid_stamp is added for agents. This agent_uuid_stamp is set as
cookie for flows and then flows with stale cookies are deleted during

Co-Authored-By: Ann Kamyshnikova<>

Closes-bug: #1383674


Change-Id: I95070d8218859d4fff1d572c1792cdf6019dd7ea
2015-08-20 11:00:15 +03:00
Sudhakar Babu Gariganti 75edc1ff28 Setup firewall filters only for required ports
We can skip trying to setup firewall filters for ports which are
having port_security_enabled as False or which are not associated
to any security group.

Closes-Bug: #1482554

Change-Id: Ie65201308d93c746fe4ef38f402ec300227b7d27
2015-08-18 12:36:41 +05:30
Miguel Angel Ajo a034115e61 OVS agent QoS extension functional test for bandwidth limit rules
This functional test spawns the OVS agent, with bandwidth limit rules in
a policy attached to ports. Then it asserts that the low level OVS
bandwidth limits are set for each port.

To make this possible we refactor and extract the base OVS agent test
framework into neutron.tests.functional.agent.l2.base.

Partially-Implements: blueprint ml2-qos
Change-Id: Ie5424a257b9ca07afa72a39ae6f1551d6ad351e7
2015-08-08 15:39:11 +02:00