[Bug 1751396] Re: DVR: Inter Tenant Traffic between two networks and connected through a shared network not reachable with DVR routers

Arjun Baindur xagent at gmail.com
Wed Jul 25 23:07:44 UTC 2018 

Hi, this appears to have broken DVR functionality for a simple shared
tenant network. The DVR flows translating the DVR macs are missing on
the physical bridges now for a VLAN based network. This tenant network
is shared, and only attached to 1 router.

As you can see port_shared_only is set to True here because its shared
and not an external network.

2018-07-25 15:53:02.386 673 DEBUG neutron.api.rpc.handlers.dvr_rpc [req-7ebadd38-bce9-4d2c-971a-50894cc78046 - - - - -] neutron.api.rpc.handlers.dvr_rpc.DVRServerRpcApi method get_network_info_for_id called with arguments (<neutron_lib.context.ContextBase object at 0x7f67cb87fd50>, u'3f6ec232-7649-4639-b828-c3af9960481b') {} wrapper /opt/pf9/pf9-neutron/lib/python2.7/site-packages/oslo_log/helpers.py:66
2018-07-25 15:53:02.779 673 INFO neutron.common.rpc [req-7ebadd38-bce9-4d2c-971a-50894cc78046 - - - - -] PF9_EVENT: RPC_get_network_info_for_id elapsed: 0.39 seconds
2018-07-25 15:53:02.781 673 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_dvr_neutron_agent [req-7ebadd38-bce9-4d2c-971a-50894cc78046 - - - - -] ARJUN3: port_net_info = [{u'provider:physical_network': u'dogfood-internal', u'ipv6_address_scope': None, u'dns_domain': u'', u'revision_number': 7, u'port_security_enabled': True, u'mtu': 1500, u'id': u'3f6ec232-7649-4639-b828-c3af9960481b', u'router:external': False, u'availability_zone_hints': [], u'availability_zones': [u'nova'], u'ipv4_address_scope': None, u'shared': True, u'project_id': u'f175f441ebbb4c2b8fedf6469d6415fc', u'status': u'ACTIVE', u'subnets': [u'3707b250-b6f5-4701-9b17-01a8f288c17a'], u'description': None, u'tags': [], u'provider:segmentation_id': 795, u'name': u'df-tenant-795-dont-delete', u'admin_state_up': True, u'tenant_id': u'f175f441ebbb4c2b8fedf6469d6415fc', u'provider:network_type': u'vlan', u'vlan_transparent': None}]
2018-07-25 15:53:02.782 673 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_dvr_neutron_agent [req-7ebadd38-bce9-4d2c-971a-50894cc78046 - - - - -] ARJUN3: net_shared_only = True
2018-07-25 15:53:02.784 673 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_dvr_neutron_agent [req-7ebadd38-bce9-4d2c-971a-50894cc78046 - - - - -] ARJUN3: Not applying DVR rules to tunnel bridge because 3f6ec232-7649-4639-b828-c3af9960481b is a shared network
2018-07-25 15:53:02.785 673 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_dvr_neutron_agent [req-7ebadd38-bce9-4d2c-971a-50894cc78046 - - - - -] ARJUN3: vlan = 1, port.vif_mac = fa:16:3e:42:a2:ec, dvr_mac = fa:16:3f:1a:bf:de


I think we need more checks here - seems like it was intended only for a shared network that acts as a link between 2 routers, but doesnt attach any compute ports?

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1751396

Title:
  DVR: Inter Tenant Traffic between two networks and connected through a
  shared network not reachable with DVR routers

Status in Ubuntu Cloud Archive:
  Fix Committed
Status in Ubuntu Cloud Archive pike series:
  Fix Committed
Status in Ubuntu Cloud Archive queens series:
  Fix Released
Status in neutron:
  Fix Released
Status in neutron package in Ubuntu:
  Fix Released
Status in neutron source package in Artful:
  Triaged
Status in neutron source package in Bionic:
  Fix Released

Bug description:
  Inter Tenant Traffic between Two Tenants on two different private
  networks connected through a common shared network (created by Admin)
  is not route able through DVR routers

  Steps to reproduce it:

  (NOTE: No external, just shared network)
  This is only reproducable in Multinode scenario. ( 1 Controller - 2 compute ).
  Make sure that the two VMs are isolated in two different computes.

  openstack network create --share shared_net

  openstack subnet create shared_net_sn --network shared_net --subnet-
  range 172.168.10.0/24

  
  openstack network create net_A
  openstack subnet create net_A_sn --network net_A --subnet-range 10.1.0.0/24

  
  openstack network create net_B
  openstack subnet create net_B_sn --network net_B --subnet-range 10.2.0.0/24

  
  openstack router create router_A

  openstack port create --network=shared_net --fixed-ip subnet=shared_net_sn,ip-address=172.168.10.20 port_router_A_shared_net
  openstack router add port router_A port_router_A_shared_net
  openstack router add subnet router_A net_A_sn

  openstack router create router_B
  openstack port create --network=shared_net --fixed-ip subnet=shared_net_sn,ip-address=172.168.10.30 port_router_B_shared_net
  openstack router add port router_B port_router_B_shared_net
  openstack router add subnet router_B net_B_sn

  openstack server create server_A --flavor m1.tiny --image cirros --nic net-id=net_A
  openstack server create server_B --flavor m1.tiny --image cirros --nic net-id=net_B
    
  Add static routes to the router.
  openstack router set router_A --route destination=10.1.0.0/24,gateway=172.168.10.20
  openstack router set router_B --route destination=10.2.0.0/24,gateway=172.168.10.30
  ```

  Ping from one instance to the other times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1751396/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list