Commit Graph

23883 Commits (de490c54db80851199d493fd76b1d565ec8b7d57)

Author SHA1 Message Date
Zuul de490c54db Merge "Check subnet in "_remove_subnet_dhcp_options"" into stable/ussuri 2022-01-03 17:09:11 +00:00
Zuul 7a04a8a7e4 Merge "bw-limit: Pass int parameters to Open vSwitch" into stable/ussuri 2022-01-02 22:31:43 +00:00
Rodolfo Alonso Hernandez 9151f4a396 Check subnet in "_remove_subnet_dhcp_options"
Since [1], "get_subnet_dhcp_options" returns always a dictionary
in "subnet" instead of None. This patch checks not only that "subnet"
is None but also the dictionary is not empty.


Closes-Bug: #1948466

Change-Id: Ie93cf3e47e09b3e5051be1ffad512251775b0492
(cherry picked from commit 95c2801da8)
2021-12-23 15:21:58 +00:00
Slawek Kaplonski eb1190d206 [Stable only] Fix callback function arguments
Fixes [1] and [2] for bug [3] are using new callabacks mechanism and
expects payload as one of the arguments passed to the callback functions.
This works fine in Xena+ releases but not in Wallaby and olders where
old callbacks mechanism is still used, at least for the security group
So this patch fixes that by changing to the old callbacks mechanism in
the logging service plugin in stable/wallaby and older branches only.

Closes-Bug: #1955546


Change-Id: I0003bd566dc769436ad1342351ad058394bd52da
2021-12-22 07:51:08 +00:00
Bence Romsics 7687cf1280 bw-limit: Pass int parameters to Open vSwitch
Make sure we pass integer values to ovs when configuring bandwidth
limit. This was likely working properly with Python2, and we may have
missed this when migrating to Python3:

Change-Id: I2f8d974d6644657aea95302d94ca0095d70a7e62
Closes-Bug: #1936839
Co-Authored-By: Tamás Trásy <>
(cherry picked from commit 8261b67b6e)
(cherry picked from commit 38551777e0)
(cherry picked from commit 82e2a3d362)
2021-12-21 09:03:31 +00:00
Zuul 607dacdd18 Merge "Do no use "--strict" for OF deletion in TRANSIENT_TABLE" into stable/ussuri 2021-12-15 01:20:19 +00:00
Rodolfo Alonso Hernandez d384849918 [stable-only] "_clean_logs_by_target_id" to use old notifications
"LoggingPlugin._clean_logs_by_resource_id" method receives PORT,
AFTER_DELETE events, in the old format (not using payloads but
kwargs). New implementation was added in Xena release.

Closes-Bug: #1954666
Change-Id: I736fef3a10bc2887efb26c95e9fc1eea14969ccf
(cherry picked from commit aaa0e99bac)
2021-12-13 13:57:26 +00:00
Zuul 45db6b45e1 Merge "Cleanup router for which processing added router failed" into stable/ussuri 2021-12-13 10:26:36 +00:00
Zuul 29a8837b32 Merge "[OVN] Fix gateway_mtu option should not always be set" into stable/ussuri 2021-12-09 14:07:56 +00:00
Zuul c23f20ad33 Merge "[OVS][FW] Initialize ConjIdMap._max_id depending on the current OFs" into stable/ussuri 2021-12-07 00:23:49 +00:00
Rodolfo Alonso Hernandez 3ab6aea263 Do no use "--strict" for OF deletion in TRANSIENT_TABLE
There are two types of OF rules in TRANSIENT_TABLE:
- With priority 100: these rules match by "in_port", that is a
  unique identifier.
- With priority 90: these rules match by MAC address and VLAN ID.
  This combination (MAC, VLAN) is unique.

That means when a deleting an OF rule in TRANSIENT_TABLE, it is
enough to specify the "in_port" or the (MAC, VLAN) tuple. The
"--strict" parameter, added to also define the priority, is not

By removing the "--strict" parameter, these deletion commands can
be executed synchronously at the end of the OVS deferred context,
when all the OF rule commands (addition or deletion), are executed
at the same time. That removes the small window, detected in the
related bug, when the OF rule set for a port is not complete.

Closes-Bug: #1952770
Change-Id: I9f5bd8a1404dde3a0aa163ce72aef2961f537676
(cherry picked from commit ef7f673098)
2021-12-06 09:04:00 +00:00
Elvira García 41703c0a56 [OVN] Fix gateway_mtu option should not always be set
OVN Driver currently fixes gateway_mtu MTU to the provider MTU value
without considering if the private networks in the associated router
have greater MTU values than the provider. This is unnecesary and
adds extra actions for each packet. This patch fixes that, as now
gateway_mtu is only set in case the provider MTU is smaller than the
private MTU.

The changes in create_router_port and delete_router_port were necessary
as there could be a use case when the user first sets the gateway
router and later adds subnets from networks with greater MTU, so this
parameter needs to be checked after adding a subnet.

Closes-Bug: #1951559

Signed-off-by: Elvira García <>
Change-Id: If56f1a3dcdc8c57303d5641df79ea919ba7c170d
(cherry picked from commit 0725533a6f)
2021-11-29 11:08:36 +00:00
Zuul 7f974d5ad8 Merge "ovn: Filter ACL columns when syncing the DB" into stable/ussuri 2021-11-26 19:50:52 +00:00
Rodolfo Alonso Hernandez cfc7763506 [OVS][FW] Initialize ConjIdMap._max_id depending on the current OFs
The OVS Firewall has a singleton class that manages the conjuction IDs
to used in the OF rules. Those conjuntions are used to group rules
related to remote security group IDs.

Now each time the OVS agent is started, the OVS Firewall initial
conjunction ID is calculated based on the present OF rules. This value
and the next one used won't clash with any present rule in the
integration bridge during the initial transient period.

Related-Bug: #1934917

Change-Id: Ie2e4441f766947a2164dec2d1555c7049428903f
(cherry picked from commit 0634dcc6d0)
2021-11-26 12:31:45 +00:00
Zuul 107ac0cd88 Merge "[OVS][QOS] Dataplane enforcement is limited to min-bw egress direction" into stable/ussuri 2021-11-24 15:53:26 +00:00
Zuul 46a94978d8 Merge "Enhanced set of warnings if an answers file or a templates directory is used." into stable/ussuri 2021-11-24 12:00:07 +00:00
Zuul 55de7e5471 Merge "Check interface presence in new namespace" into stable/ussuri 2021-11-24 05:42:19 +00:00
Zuul 290f96caec Merge "Wait until workers have been launched" into stable/ussuri 2021-11-24 01:41:05 +00:00
Daniel Alvarez Sanchez 15e2da82c2 [ovn] Add timeout option to ovsdb-client command
Today, we invoke ovsdb-client to cleanup the MAC_Binding entries
without specifying any timeout. This can lead to workers blocking
forever if there's an issue with the connection to the server.

This patch is adding a timeout parameter to the command line to
prevent this condition.

Closes-Bug: #1948891
Related-Bug: #1946318


Signed-off-by: Daniel Alvarez Sanchez <>
Change-Id: Id393cbec31dd64a795e85d756b7b843c9dfc59f3
(cherry picked from commit 7874c57601)
2021-11-22 13:14:42 -03:00
Vincent S. Cojot ea00902575 Enhanced set of warnings if an answers file or a templates directory is used.
Change-Id: I66074cab1692c7a9ad520148a3c7898a91589c7e
(cherry picked from commit 09019f1ffa)
2021-11-22 10:00:44 +00:00
Jakub Libosvar 1255eded3c ovn: Filter ACL columns when syncing the DB
The patch filters columns from OVN DB only to those that are used by the
ovn mechanism driver. It means generated ACLs from Neutron DB and ACLs
obtained from the OVN DB will always have the same columns. This is
useful for db sync script when comparing if given security group rule
has corresponding ACL in the OVN DB.

Closes-Bug: #1951296
Signed-off-by: Jakub Libosvar <>
Change-Id: I39e3b987b8546fd970a933b846ed23c8a2588258
(cherry picked from commit 23b99e2f12)
2021-11-18 19:56:16 +00:00
Rodolfo Alonso Hernandez 7a81360ff3 [OVS][QOS] Dataplane enforcement is limited to min-bw egress direction
OVS QoS extension only enforces dataplane traffic shapping for minimum
bandwidth rules with egress direction.


Change-Id: I57b274387505f42778f1d9d3ec2aa9feb5ae929d
Closes-Bug: #1949607
(cherry picked from commit 5627c87137)
2021-11-18 16:37:18 +00:00
Rodolfo Alonso Hernandez 3d69ad2d26 Wait until workers have been launched
In "test_restart_rpc_on_sighup_multiple_workers", the test needs to
wait until the RPC workers have been properly launched by
``oslo_service.service.ProcessLauncher.launch_service``. Once this
method returns, it is guaranteed that the child worker processes
are running and the signal process handlers are attending the
SIGHUP signal that will reset them.

Closes-Bug: #1938428
Change-Id: I1dc56092d099223accc3aefa8e303310c4f6787e
(cherry picked from commit fafcabdbe0)
2021-11-18 08:51:43 +00:00
Rodolfo Alonso Hernandez 9417defcdf Check interface presence in new namespace
When an interface is moved to a new namespace, specially with OVS
internal ports, the interface first dissapears from any network
namespace and then is added again. ovs-vswitchd service detects
this interface change as reported in [1]. This delay is the cause
of the related bug, where some interfaces are not present when
the L3 agent needs to manipulate them.



Closes-Bug: #1948832

Change-Id: I3af4d0afa784899689ccb595ce6ba64495431eb9
(cherry picked from commit ebc4766990)
(cherry picked from commit 9c41365041)
2021-11-18 08:46:22 +00:00
Slawek Kaplonski 3732c66d7d Cleanup router for which processing added router failed
In the _process_added_router() method of the L3 agent, if processing
router will fail, router_info should be cleaned to e.g. be removed from
the router cache so it will not be treated as updated router in next
iteration of the agent.


Closes-Bug: #1947993
Change-Id: Ic0bc3d951d32efadc116708bfe518a711730429d
(cherry picked from commit 41159bd9a4)
(cherry picked from commit 1c17019f6c)
2021-11-12 09:01:17 +00:00
Zuul ee67324c17 Merge "[DVR] Fix update of the MTU in the DVR HA routers" into stable/ussuri 2021-11-11 10:07:34 +00:00
Slawek Kaplonski 3c99c719d0 [DVR] Fix update of the MTU in the DVR HA routers
This is follow up of the patch [1] which fixed updating MTU in the
snat namespace for the DVR routers.
In case of DVR-HA routers there was additional issue with that as
L3 agent tried to update MTU for the qr- interface in the
self.ha_namespace which, for DVR-HA routers is snat namespace.

This patch fixes that issue by setting MTU on the qr- interface in
qrouter namespace and also setting MTU on the snat interface in snat



Closes-bug: #1933273
Change-Id: I409bc674b65e4f495ebd42d03e97a09d51482339
(cherry picked from commit 21eabbcf03)
2021-11-10 11:35:59 +01:00
Zuul 1a54650d48 Merge "Don't setup bridge controller if it is already set" into stable/ussuri 2021-11-08 12:46:09 +00:00
Zuul acb3ef55e1 Merge "Check a namespace existence by checking only its own directory" into stable/ussuri 2021-11-06 04:31:52 +00:00
Zuul f561d9be26 Merge "[OVN Migration] Remove trunk's subports from the nodes" into stable/ussuri 2021-11-04 09:40:53 +00:00
Zuul 59756534f9 Merge "[DVR] Fix update of the MTU in the SNAT namespace" into stable/ussuri 2021-11-04 09:40:48 +00:00
Rodolfo Alonso Hernandez f144ba95a5 Check a namespace existence by checking only its own directory
To check the existance of a namespace, instead of listing the
namespaces directory (by default "/var/run/netns"), this patch
directly checks the existence of the namespace directory, using

This check is faster than listing the whole directory and avoids
timeout problems as reported in the related bug.


Closes-Bug: #1947974
Change-Id: I558d50d28378beb3710d98a2113ff9549c82ae17
(cherry picked from commit 8127221479)
(cherry picked from commit 6a9c05a924)
2021-11-03 14:15:01 +00:00
Slawek Kaplonski 11fe2bff17 Don't setup bridge controller if it is already set
Setting new controller for bridge every time when neutron-ovs-agent
is restarted or is doing full-sync may cause some short data plane
connectivity loss and is not needed if same controller is already
configured for the bridge.
With this patch neutron-ovs-agent will first check if controller is
configured for the bridge and if it's the same as what should be
configured, it will skip setting it up.

With this patch also protocols added to the bridge will be first checked
if they aren't already there and only missing ones will be added if

Setting of the connectivity mode and inactivity probe is
always performed as this don't cause connectivity issues and is cheap
so we can always ensure that those parameters are configured properly.


Closes-Bug: #1948642
Change-Id: Idfa763df8c60d8ae46cd6351d1b6dc7d950b4c67
(cherry picked from commit 11d166be68)
(cherry picked from commit b1eccf5a2d)
2021-11-03 11:13:26 +00:00
Zuul 72fb594473 Merge "Fix OVN migration workload creation order" into stable/ussuri 2021-10-28 11:11:39 +00:00
Zuul a848ed3dc6 Merge "[ovn] Stop monitoring the SB MAC_Binding table to reduce mem footprint" into stable/ussuri 2021-10-28 11:11:36 +00:00
Roman Safronov a805f175ae Fix OVN migration workload creation order
Currently workload VMs start before subnet is connected to router.
When DVR is enabled this causes sometimes that one of the VMs is not
able to get metadata.

Closes bug: #1947547

Change-Id: Ifd686d7ff452abd1226fbbc97f499e05102e4596
(cherry picked from commit d49ce1652d)
2021-10-27 11:46:31 +01:00
Daniel Alvarez Sanchez b767825d13 [ovn] Stop monitoring the SB MAC_Binding table to reduce mem footprint
The MAC_Binding table in the SB database may grow indefinitely (due
to a lack of an aging mechanism of its entries) and eventually
lead to OOM killers for neutron-server which maintains an in-memory
copy of the database.

In order to stop monitoring this table, this patch is invoking
the ovsdb-client tool to remove the entries associated to
Floating IPs that have just been detached. The execution of this
tool is really fast as it will just invoke a JSON-RPC transact command
which doesn't require downloading the database contents.

In a scale test, the memory consumption of neutron-server dropped
from 75GB to 7GB with this patch.

Closes-Bug: #1946318


Note: The functional test has been changed for this stable branch
because the update_tables() method from ovsdbapp is not availabie for
this version of Neutron. So I changed the functional test to add the
MAC_Binding entry via ovsdb-client instead of using ovsdbapp to do so.

Signed-off-by: Daniel Alvarez Sanchez <>
Change-Id: Id84bf17953527c415d611bfc198038fb6f811de3
(cherry picked from commit f6c3552769)
2021-10-26 13:32:15 +01:00
Zuul bd842cde06 Merge "Delete log entries when SG or port is deleted" into stable/ussuri 2021-10-26 12:13:04 +00:00
Zuul 8b45725e6b Merge "Delete SG log entries when SG is deleted" into stable/ussuri 2021-10-26 12:10:36 +00:00
Slawek Kaplonski 753be029a9 [OVN Migration] Remove trunk's subports from the nodes
After migration from ML2/OVS to ML2/OVN trunk subports which were created
by the neutron-ovs-agent to connect br-int with trunk bridges (tbr-)
aren't needed anymore and should be deleted.

Closes-Bug: #1946479
Change-Id: Ib1e3b78597ebdde1aa9d2b242e2005a05a7db89f
(cherry picked from commit bf6831e0d2)
2021-10-26 10:32:23 +00:00
Rodolfo Alonso Hernandez 226367eed1 Delete log entries when SG or port is deleted
NOTE: this patch is an ammend of [1].

When a SG or a port is deleted, the related log entry should be
too. A log entry has the following fields:
- log.resource_id = SG ID
- log.target_id = port ID

[1] was deleting all log entries, related or not with the SG ID
deleted. This is because "get_logs_bound_sg" returned all log entries,
including those ones without any "resource_id" or "target_id".

Now this method can return only the log entries related to a port or
a SG, excluding those ones without those two parameters populated.

Closes-Bug: #1939558



Change-Id: Icb92327a06486e168ce064532d819347e6031cc1
(cherry picked from commit 41f78c678b)
(cherry picked from commit 2c4ab468ae)
(cherry picked from commit d5fd9f035a)
(cherry picked from commit 7790cecfc8)
2021-10-25 15:37:09 +02:00
Slawek Kaplonski 0c5a5ef921 [OVN Migration] Remove qr and dhcp ports from the nodes
After migration from ML2/OVS to ML2/OVN tap ports which were created
by the DHCP agents and router ports (like e.g. qr- or qg-) which were
created by the L3 agents aren't needed at all and should be deleted.
Previously those ports were set to be DOWN only. With this patch
all such ports will be simply deleted from the openvswitch.

Related-bug: #1946479
Change-Id: I74cd5820389c86819c6884d3d61c9b2f7907cc88
(cherry picked from commit 5092f3fb98)
2021-10-25 12:18:42 +00:00
Zuul 45e4dbc335 Merge "[OVN] Tune OVN routers to reduce the mem footprint for ML2/OVN" into stable/ussuri 2021-10-20 18:23:19 +00:00
Zuul f3195b1b43 Merge "[OVN] Update the DHCP options when the metadata port is modified" into stable/ussuri 2021-10-20 09:08:23 +00:00
Zuul 94948d289c Merge "Implement namespace creation method" into stable/ussuri 2021-10-19 10:31:59 +00:00
Lucas Alvares Gomes e814e93e8e [OVN] Tune OVN routers to reduce the mem footprint for ML2/OVN
In order to avoid having a MAC_Binding table explosion and helping
lowering the memory footprint when using ML2/OVN this patch is setting
two options to the OVN routers:

* always_learn_from_arp_request: By setting this to False we
  avoid learning from ARP replies observed in the network. Only the
  ARP requests sent by OVN will generate a MAC_Binding entry in the
  OVSDB database. For larger broadcasts domains this avoids having a
  MAC_Binding table explosion, reduce the DB size and memory footprint
  of ML2/OVN.

* dynamic_neigh_routers: By setting this to True we avoid
  pre-populating flows for router to router communication, reduding
  the number of flows, DB size and memory footprint of ML2/OVN.

For more information on these option for core OVN please refer to:

This patch also includes a new maintenance task to include these options
to existing routers in the system.

Related-Bug: #1946318
Change-Id: I056acdec9b6ee2341d2bc4f7bd9a678f3bf91972
Signed-off-by: Lucas Alvares Gomes <>
(cherry picked from commit a278c5ba78)
2021-10-18 13:29:09 +01:00
Rodolfo Alonso Hernandez 8b7597ea9d [OVN] Update the DHCP options when the metadata port is modified
Always update the DHCP options when the metadata port is created,
updated or deleted. If the metadata port IP addresses are updated,
the DHCP options register should be too, modifying the static routes
defined in "DHCP_Options.options.classless_static_route".

These static routes will be injected in the VM in the DHCP request.
The IP address of the metadata port should match with the static
route redirecting the traffic to the metadata IP address

  $ ip r
  default via dev eth0 dev eth0 scope link  src via dev eth0  # is the metadata
                                         # port IP address

Closes-Bug: #1942794
Change-Id: Id5d4909caa521a899b97d83bdc1963b010e97dac
(cherry picked from commit bd0ded15ca)
(cherry picked from commit 7efce62b4f)
(cherry picked from commit f4dd0b80ac)
2021-10-15 10:07:17 +00:00
Slawek Kaplonski 384f2bb2aa [DVR] Fix update of the MTU in the SNAT namespace
When network's MTU is changed, Neutron sends notification about it
to the L3 agents. In case of DVR (and DVR HA) MTU is then changed in
the qrouter- namespace but should be also changed on snat interfaces
in the snat namespace. And that part was missing.

This patch adds special implementation of the internal_network_updated()
method in the DvrEdgeRouter class so it can configure MTU also for
in the snat namespace.

This patch also removed passing attributes "interface_name",
"ip_cidrs" and "mtu" to the internal_network_updated() method and adds
"port" dict to be passed there. It is consistent with what is already
done in e.g. internal_network_added() method and "port" dict is actually
necessary to configure properly snat internal interface in the snat

This patch adds also functional test of update network mtu for all types
of routers as there was no such test at all.

There is additional issue with DVR-HA which isn't fixed with that patch
and for which follow up will be proposed. Because of that this patch is
marked as partial fix for the related bug.


Related-Bug: #1933273
Change-Id: I200acfcaaae7f056ea9a563fead9ff2de8464971
(cherry picked from commit b5dd6efdca)
2021-10-13 12:35:00 +00:00
Elvira García 1db798fab5 [ovn] Add logs for ovs to ovn migration
Log the results of the Ansible playbooks by default so that it is easier
to go through them later in case there's something unexpected. The log
is located in $HOME instead of /var/log/ to avoid the need of privileges.

Signed-off-by: Elvira García <>
Change-Id: Ida2fc11f28200030fff9ddf1e56fc442a2016bab
(cherry picked from commit 744e906f87)
2021-10-13 11:22:15 +00:00
Zuul 72b16aeac0 Merge "[OVN] Allow IP allocation with different segments for OVN service ports" into stable/ussuri 2021-10-13 10:48:39 +00:00