[Bug 1884723] Re: [OVS] multicast between VM instances on different compute nodes is broken with IGMP snooping enabled
OpenStack Infra
1884723 at bugs.launchpad.net
Tue Jun 1 19:33:23 UTC 2021
Reviewed: https://review.opendev.org/c/openstack/neutron/+/770794
Committed: https://opendev.org/openstack/neutron/commit/5d21998524514c0cab6a40e7fa415d9ff6a88f4a
Submitter: "Zuul (22348)"
Branch: stable/rocky
commit 5d21998524514c0cab6a40e7fa415d9ff6a88f4a
Author: Slawek Kaplonski <skaplons at redhat.com>
Date: Thu Dec 10 00:10:38 2020 +0100
Fix multicast traffic with IGMP snooping enabled
In the ML2/OVS when igmp_snooping is enabled but there is no
external querier multicast traffic will stop working after few minutes
as packets will not be flooded to tunnel/external bridges.
So this patch sets "mcast-snooping-disable-flood-unregistered" option
of the br-int to False (default value) even when igmp_snooping is
enabled in the neutron-ovs-agent's config file.
Additionally it configures "mcast-snooping-flood-reports" and
"mcast-snooping-flood" on patch ports in br-int to True.
That way we can provide best effort snooping: multicast isolation where
IGMP queriers are available and flood everywhere else?
Conflicts:
neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
neutron/tests/functional/agent/common/test_ovs_lib.py
neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py
neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_tunnel.py
Closes-Bug: #1884723
Change-Id: Iefa0044dba9e92592295a79448e5d57d9e14a40b
(cherry picked from commit b4070c975274f53a4a2caaabeb5af55683232d3d)
** Tags added: in-stable-rocky
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1884723
Title:
[OVS] multicast between VM instances on different compute nodes is
broken with IGMP snooping enabled
Status in neutron:
Fix Committed
Status in neutron package in Ubuntu:
New
Bug description:
It was originally reported by Matt Flusche in Red Hat's bugzilla.
Below is description of the issue:
I was verifying these OVS configuration options and the impact on
tenant networking. My thought going into testing was vxlan would not
be impacted but vlan tenant would break; however, for vxlan tenant
networks it looks like these options will break multicast also.
In a lab test (osp13), multicast is broken between VM instances on
different compute nodes after applying:
> # ovs-vsctl set Bridge br-int mcast_snooping_enable=true
> # ovs-vsctl set Bridge br-int other_config:mcast-snooping-disable-flood-unregistered=true
The following can be used to temporarily allow multicast over vxlan:
ovs-vsctl set Port patch-tun other_config:mcast-snooping-flood-
reports=true
This will flood reports to br-tun and the other vxlan endpoints will
learn the remote port. This allows multicast snooping to work for a
period of time; however, since there is no IGMP querier to continue to
solicit IGMP reports once the Age timer expires (300 secs) the traffic
will be blocked.
It seems that this solution as suggested will work if only provider
networking is used. Is that correct?
An options that might work would be:
ovs-vsctl set Bridge br-int mcast_snooping_enable=true
ovs-vsctl set Bridge br-int other_config:mcast-snooping-disable-flood-unregistered=false #<--- change to false; default
Then, for each patch on br-int:
ovs-vsctl set Port <patch> other_config:mcast-snooping-flood-reports=true
ovs-vsctl set Port <patch> other_config:mcast-snooping-flood=true
This might provide best effort snooping. multicast isolation where
IGMP queriers are available and flood everywhere else?
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1884723/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list