Currently IPs present on the bgp_nic are not cleaned up during regular
reconciliation syncs so if ovn-bgp-agent misses an update from OVN NB
or that update is not delivered correctly for whatever reason, the IPs
on bgp_nic remain uncleared.
Usually this leads to issues whenever an IP got used and then released
for future use: the fabric keeps using a route advertised by FRR
pointing to the old host that contains the residual IP and not to the
new host that is supposed to be the next hop for this IP.
The underlying reasons for leftover IPs being present still need to be
debugged and fixed so a warning is logged (the warning level is used
as normally the IPs are cleaned up based on NB DB events and this
usually not a normal situation).
Closes-Bug: #2096736
Change-Id: I6f55b5a77f1f9d6a50ef00be48b6c41d00d54b24
A usecase posisble when operator wants to have a peering established
per-VRF. This would mean, that they need to enslave a unique
interface inside of the VRF and define peers for the router in FRR.
Current logic with removal of the VRF upon disconnect makes such
usecase impossible, as there are no means inside of the agent
to recover FRR and VRF configuration to intended by operator state.
This serves as motivation to allow operator to disable VRF removal
through configuration option.
Closes-Bug: #2097121
Change-Id: I2155508b167f84289de8f6510dfca1d5fc6a2a74
Neutron keeps track of which host is hosting the virtual ip.
This we can use to match floating ip's attached to virtual ports.
Closes-Bug: #2096663
Change-Id: Ie7739926f3377c88a3bc58f06ccec7865594eaa4
The job has 4 nodes:
- a spine node serving as a spine switch and a place where the tempest
tests are executed from
- 2 leaf nodes serving as route reflectors to the spine node
- controller running all-in-one openstack with
ovn-bgp-agent and frr configured to peer with the leaf nodes
The job is non-voting for now to assess its stability and replaces
ovn-bgp-agent-tempest-plugin job because that job was one node only and
hence the BGP protocol couldn't be validated.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/938697
Change-Id: If8d2d59c6bc06124d98204770d7689b66d9b9cae
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Python 3.7 support was already removed so it should no longer be in
the default envlist. Also use unversioned target instead of versioned
ones so that we don't have to update the envlist when supported python
versions are updated.
Change-Id: Ic463ee939274817b4a824c064edcb92d58472d6f
The function does two completely distinct things consuming distinct
parameters based on one differentiating direction parameter. It's better
to have dedicated function to each routine to avoid unnecessary
complexity.
It also fixes a bug in the unittest where it cmds were empty.
Change-Id: Ic22981037777d5dfdb633459df5f914563801193
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Without a static entry in the FDB the MAC address we use both for the
internal port of the bridge and the bgp-router LRP is re-learned using
the normal Ethernet switch FDB learning logic: whenever the guest
traffic is sent out via the bgp-router LR, the port is set to the patch
port leading to br-bgp. Sending traffic from the internal port then
rewrites that back. Until then the traffic destined to the internal
port is being sent to br-bgp which results in flow table misses and
drop flows being cached.
Adding a static entry to the FDB effectively disables learning based
on the traffic coming out of the patch port leading to br-bgp.
Closes-Bug: #2089297
Change-Id: I8563adb49db8fa94c51f9ba47275e8c7812997ea
The patch adds events that match on gateway chassis hosting the cr lrp
ports for the given floating ips. If there is a failover detected and
the CR LRP moves to a different chassis, all the floating IPs are moved
to with it.
It also adds functional tests for agent and its watchers. The watchers
part can be improved and the functional framework can be used further to
extend testing coverage.
Closes-Bug: #2056477
Change-Id: Ia857df921eb32e5e822fc790064179b07351d8d3
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
At the moment device name length is hardcoded in code. At the same time
there is a constant inside neutron_lib which defines maximum length
for intraface names.
Change-Id: I2432fd3a61434ecd9e5960f55c35a9c01b711e30
At the moment vlan interfaces would be trimmed in an unexpected manner,
where instead of the interface vlan UUID will be trimmed when provider
bridge is long enough.
For example, vlan 1001 on `br-provider` will result in interface
`br-provider.100` which can lead to non-unique names, ie if there's also
vlan 1002 on the same br-provider.
Moreover, current code fails to ensure required sysctl parameters are
present, since interface name is trimmed.
This is basically continuation of the fix originally proposed in [1]
[1] https://review.opendev.org/c/openstack/ovn-bgp-agent/+/909788
Closes-Bug: #2054599
Change-Id: Ie1470138eb9ada627deead84863710f7ea43fd76
The patch creates a base classes that inherit from the ovsdbapp project.
A new API fixture is added to be able to use OVN BGP agent OVN IDL in
the functional tests.
Change-Id: I139d6798a1ed2f51d447c86f16dad2aa3892412b
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
This is aligned with the requirements project. The patch removes the
code that is present in the current ovsdbapp and uses it from the
library.
Change-Id: Iacc1af5d5f98f5008fb01234c4af0a6461146d51
Currently the job doesn't validate everything and just consumes time and
resources. I have some ideas to push this forward but for now
experimental seems like a better suited place for the job.
Change-Id: Idad9338b2a445f5b58218590c0ee9ee4555bf0b5
There is a repeated code that can be replaced by function calls.
Change-Id: Ia04e251a6014b10d0a3e1f75df71f1f4a00a1f8b
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
If the external_mac in the NAT entry is not set then it means two
things:
1) The DVR is disabled (see [2])
2) The external_mac has not been set yet because Neutron doesn't
populate the external_mac column of the FIP NAT entry until
the associated port with the FIP is bound to a chassis. This is
because of LB VIPs that don't get bound [1].
For case 1) we need to expose the FIP on the gateway node where the LRP
is hosted. For case 2) we can ignore if the external_mac is not set but
then we need another event that would re-act on setting the
external_mac. This will be done in a followup patch.
[1] https://bugs.launchpad.net/networking-ovn/+bug/1789686
[2] https://bugs.launchpad.net/ovn-bgp-agent/+bug/2056477
Related-Bug: #2073403
Change-Id: Ie24f1f370c44f95840af2d4d2010c20655738ebc
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
OVN doesn't set external_mac on NAT until the port was brought up. This
patch adds an event that exposes the FIP if it gets the external_mac
column set.
Resolves-Bug: #2073403
Change-Id: Ib732e0e2ba3af4acb32d5d587deed5d049b12cf5
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
When ovs commands fail, we re-try after adding `-O OpenFlow13`, but that
is only valid for `ovs-ofctl`.
To fix this issue, this patch implements a small refactor of the module
in order to separete calls to ovs-ofctl and ovs-vsctl.
Related-Bug: #2080258
Change-Id: Ib8ee872d4bd587ade325bc4f6da3e9d8804c28c0
The in_port structure is always list but in case there is a failure when
obtaining the list of ports on the bridge, it was set to a set type.
This patch initializes it as a list.
TrivialFix
Change-Id: Iec62246f730b9aa80d4145b357da49612b850243
When a live migration happens, another flow is happening,
so we need to take this into consideration.
Change-Id: Ib27bbc95a0853f32354f743dcec2bdb4bb797097
Closes-Bug: #2082085
Add file to the reno documentation build to show release notes for
stable/2024.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.2.
Sem-Ver: feature
Change-Id: Ifb5ff641dd97e6bb9fed2672ef6772cad05e1326
The method was made function to be able to use it in more generic
manner.
Change-Id: I33a24f6942a4e2b1c12c9bdaf80d88757795f24b
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The methods are moved to a function to ports utility module as the
methods were not reading or modifying the instance state.
Change-Id: Iae9d1d1f2f5d5bab38c290a5d6e8f5cf8136e108
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The methods that do not modify object state or don't read from the state
are moved out to utils module so they can be re-used elsewhere too.
Change-Id: I4169ae38552b96092f6eae43e082bd6313d730a4
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The method was tied to an event instance but didn't actually
modify the state of the instance. It was replaced with a helper
function.
Change-Id: I25b6ba95f0fd2731737d014eae54d3d7e27a5513
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The method was tied to an instance of some events but didn't actually
modify state of the instance. It was replaced with a generic helper
function.
Change-Id: I0d24ead8e44cde1df62df77408801cbbc758c4a6
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The method should be a helper function as it does not modify any state
of the Event instance.
Change-Id: Id744b40d3203fa864bbdf6c541ca7c311c16f9ce
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
The function returned a tuple but the second returned object was always
ignored. The patch also deletes redunant unittest.
TrivialFix
Change-Id: I85b3b9a58c8d07aa6bbce240d22cceccbb8a7588