9d5cea0e2b
https://review.opendev.org/c/openstack/neutron/+/820897 added a dead vlan flow that pushes the dead vlan tag onto frames belonging to dead ports before these ports are reassigned to their proper vlans. However add_flow and delete_flows race and delete_flows may run before add_flow, in this case deleting 0 flows but not giving us a chance to detect this: neither does it throw an error nor does it return the number of deleted flows. This leads to port staying inaccessible forever and hence breaks corresponding DHCP or router. Current patch suggests another approach to make sure no packets are leaked from newly plugged ports: setting their "vlan_mode" attribute to "trunk" and "trunks"=[4095] (along with assigning dead VLAN tag). With this OVS normal pipeline will allow only packets tagged with 4095 from such ports [1], which normally not happens, but even if it does - default rule in br-int will drop them anyway. Thus untagged packets from such ports will also be dropped until ovs agent sets proper VLAN tag and clears vlan_mode to default ("access"). This approach avoids the race between dhcp/l3 and ovs agents because dhcp/l3 agents no longer modify flow table. This partially reverts commit |
||
|---|---|---|
| .. | ||
| agents | ||
| exclusive_resources | ||
| __init__.py | ||
| base.py | ||
| config_fixtures.py | ||
| conn_testers.py | ||
| helpers.py | ||
| l3_test_common.py | ||
| machine_fixtures.py | ||
| net_helpers.py | ||