Environment info:
OVN 21.06
OVS 2.12.0
Reproduction:
1. Create a port with neutronclient assign it to a node and close port security
group
2. Create a ovs port and add it to br-int, and set interface iface-id same as
neutron port uuid
After it Neutron will create a LSP in OVN NB, and append unknow into LSP’s
address field
Check it in script[1]
Port info:
()[root@ovn-tool-0 /]# ovn-nbctl find Logical_Switch_Port
name=6a8064f9-f2cc-407d-b8da-345c6a216cb3
_uuid : 88fd1a84-8695-4cef-b916-45531edaf0db
addresses : ["fa:16:3e:b3:c0:e5 192.168.111.42", unknown]
dhcpv4_options : 1a8ca1af-519c-4aa2-b3a3-cc74955dee1f
dhcpv6_options : []
dynamic_addresses : []
enabled : true
external_ids : {"neutron:cidrs"="192.168.111.42/24",
"neutron:device_id"="", "neutron:device_owner"="",
"neutron:network_name"=neutron-6ac00688-422f-4a4f-99ae-b092b2d87f7b,
"neutron:port_name"=lc-tap-2,
"neutron:project_id"="498e2a96e4cc4edeb0c525a081dd6830",
"neutron:revision_number"="4", "neutron:security_group_ids"=""}
ha_chassis_group : []
name : "6a8064f9-f2cc-407d-b8da-345c6a216cb3"
options : {mcast_flood_reports="true",
requested-chassis=node-1.domain.tld}
parent_name : []
port_security : []
tag : []
tag_request : []
type : ""
up : false
Results:
OVN will not build arp responder lfows for this LSP
Script:
[1]:
#!/usr/bin/bash
# Create port
# neutron port-create --name lucheng-tap --binding:host_id=node-3.domain.tld
share_net
HOST=""
MAC=""
get_port_info() {
source openrc
port_id="$1"
HOST=$(neutron port-show -F binding:host_id -f value "$port_id")
MAC=$(neutron port-show -F mac_address -f value "$port_id")
ip_info=$(neutron port-show -F fixed_ips -f value "$port_id")
echo Port "$port_id" Mac: "$MAC" HOST: "$HOST"
echo IP Info: "$ip_info"
}
create_ns() {
port_id="$1"
iface_name="lc-tap-${port_id:0:8}"
netns_name="lc-vm-${port_id:0:8}"
ssh "$HOST" ovs-vsctl add-port br-int "$iface_name" \
-- set Interface "$iface_name" type=internal \
-- set Interface "$iface_name" external_ids:iface-id="$port_id" \
-- set Interface "$iface_name" external_ids:attached-mac="$MAC" \
-- set Interface "$iface_name" external_ids:iface-status=active
ssh "$HOST" ip netns add "$netns_name"
ssh "$HOST" ip l set dev "$iface_name" address "$MAC"
ssh "$HOST" ip l set "$iface_name" netns "$netns_name"
ssh "$HOST" ip netns exec "$netns_name" ip l set lo up
ssh "$HOST" ip netns exec "$netns_name" ip l set "$iface_name" up
}
main() {
get_port_info "$1"
create_ns "$1"
}
main $@
neutron port-update --no-security-groups [port uuid]
neutron port-update --port_security_enabled=false [port uuid]
What I found:
When try to build_lswitch_arp_nd_responder_known_ips in ovn northd, it will
skip LSP, which has unknow flag.
static void
build_lswitch_arp_nd_responder_known_ips(struct ovn_port *op,
struct hmap *lflows,
struct hmap *ports,
struct ds *actions,
struct ds *match)
{
...
if (lsp_is_external(op->nbsp) || op->has_unknown) {
return;
}
从 Windows 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>发送
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
