Public bug reported: Neutron agent ports are added to br-int without any tag. That makes them trunk ports (receiving traffic for all VLANs) until neutron-openvswitch- agent will handle them.
Sometimes the ports are left untagged forever, meaning that for example ha-router ha port will send and receive traffic directly on the external network (jumps to br-int to br-ex , and also back), or dnsmasq starts handling dhcp requests on the external network. Vague details here (it's all we have so far): This also becomes an issue (still under investigation) with the ovs-vswitchd agent and the revalidator thread (the thread that will check the kernel datapath flows under some circumstances to get stuck, for some reason it slows down a lot while analyzing trunk ports, eventually crashing the node on CPU usage). This is also related to one security lp here: https://bugs.launchpad.net/bugs/1734320 ** Affects: neutron Importance: High Assignee: Miguel Angel Ajo (mangelajo) Status: New ** Changed in: neutron Importance: Undecided => High ** Changed in: neutron Assignee: (unassigned) => Miguel Angel Ajo (mangelajo) ** Changed in: neutron Milestone: None => rocky-1 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1767422 Title: Neutron agent internal ports remain untagged for some time, which makes them trunk ports Status in neutron: New Bug description: Neutron agent ports are added to br-int without any tag. That makes them trunk ports (receiving traffic for all VLANs) until neutron- openvswitch-agent will handle them. Sometimes the ports are left untagged forever, meaning that for example ha-router ha port will send and receive traffic directly on the external network (jumps to br-int to br-ex , and also back), or dnsmasq starts handling dhcp requests on the external network. Vague details here (it's all we have so far): This also becomes an issue (still under investigation) with the ovs-vswitchd agent and the revalidator thread (the thread that will check the kernel datapath flows under some circumstances to get stuck, for some reason it slows down a lot while analyzing trunk ports, eventually crashing the node on CPU usage). This is also related to one security lp here: https://bugs.launchpad.net/bugs/1734320 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1767422/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
