9dc8bca740
Prior to this patch the IGMP configuration for ML2/OVN was inconsistent with the configuration option description and also the ML2/OVS driver because it was flooding traffic to unregistered VMs [0]. The "igmp_snooping_enable" configuration option says: "Setting this option to True will also enable Open vSwitch mcast-snooping-disable-flood-unregistered flag. This option will disable flooding of unregistered multicast packets to all ports." But, in ML2/OVN that behavior was inconsistent prior to this patch because it allowed traffic to flood to unregistered VMs. This patch fixes it. [0] https://opendev.org/openstack/neutron/src/branch/master/neutron/conf/agent/ovs_conf.py#L36-L47 Change-Id: I5cbe09e26120905b29351d61bbadb30b5dd14938 Closes-Bug: #1904399 Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
3.0 KiB
IP Multicast: IGMP snooping configuration guide for OVN
How to enable it
In order to enable IGMP snooping with the OVN driver the following
configuration needs to be set in the
/etc/neutron/neutron.conf file of the controller nodes:
# OVN does reuse the OVS option, therefore the option group is [ovs]
[ovs]
igmp_snooping_enable = True
...Upon restarting the Neutron service all existing networks
(Logical_Switch, in OVN terms) will be updated in OVN to enable or
disable IGMP snooping based on the igmp_snooping_enable
configuration value.
Note
Currently the OVN driver does not configure IGMP querier in OVN so ovn-controller will not send IGMP group memberships IP querier to retrieve IGMP membership reports from active members.
OVN Database information
The igmp_snooping_enable configuration from Neutron is
translated into the mcast_snoop option set in the
other_config column from the Logical_Switch
table in the OVN Northbound Database
(mcast_flood_unregistered is always "false"):
$ ovn-nbctl list Logical_Switch
_uuid : d6a2fbcd-aaa4-4b9e-8274-184238d66a15
other_config : {mcast_flood_unregistered="false", mcast_snoop="true"}
...To find more information about the learnt IGMP groups by OVN use the command below (populated only when igmp_snooping_enable is True):
$ ovn-sbctl list IGMP_group
_uuid : 2d6cae4c-bd82-4b31-9c63-2d17cbeadc4e
address : "225.0.0.120"
chassis : 34e25681-f73f-43ac-a3a4-7da2a710ecd3
datapath : eaf0f5cc-a2c8-4c30-8def-2bc1ec9dcabc
ports : [5eaf9dd5-eae5-4749-ac60-4c1451901c56, 8a69efc5-38c5-48fb-bbab-30f2bf9b8d45]
...Note
Since IGMP querier is not yet supported in the OVN driver, restarting the ovn-controller service(s) will result in OVN unlearning the IGMP groups and broadcast all the multicast traffic. This behavior can impact when updating/upgrading the OVN services.
Extra information
When multicast IP traffic is sent to a multicast group address which is in the 224.0.0.X range, the multicast traffic will be flooded, even when IGMP snooping is enabled. See the RFC 4541 session 2.1.2:
2) Packets with a destination IP (DIP) address in the 224.0.0.X range
which are not IGMP must be forwarded on all ports.The permutations from different configurations are:
- With IGMP snooping disabled: IP Multicast traffic flooded to all ports.
- With IGMP snooping enabled and multicast group address not in the 224.0.0.X range: IP Multicast traffic is not flooded.
- With IGMP snooping enabled and multicast group address is in the 224.0.0.X range: IP Multicast traffic is flooded.