[Bug 1884723] Re: [OVS] multicast between VM instances on different compute nodes is broken with IGMP snooping enabled

OpenStack Infra 1884723 at bugs.launchpad.net
Tue Jun 1 19:33:23 UTC 2021


Reviewed:  https://review.opendev.org/c/openstack/neutron/+/770794
Committed: https://opendev.org/openstack/neutron/commit/5d21998524514c0cab6a40e7fa415d9ff6a88f4a
Submitter: "Zuul (22348)"
Branch:    stable/rocky

commit 5d21998524514c0cab6a40e7fa415d9ff6a88f4a
Author: Slawek Kaplonski <skaplons at redhat.com>
Date:   Thu Dec 10 00:10:38 2020 +0100

    Fix multicast traffic with IGMP snooping enabled
    
    In the ML2/OVS when igmp_snooping is enabled but there is no
    external querier multicast traffic will stop working after few minutes
    as packets will not be flooded to tunnel/external bridges.
    
    So this patch sets "mcast-snooping-disable-flood-unregistered" option
    of the br-int to False (default value) even when igmp_snooping is
    enabled in the neutron-ovs-agent's config file.
    
    Additionally it configures "mcast-snooping-flood-reports" and
    "mcast-snooping-flood" on patch ports in br-int to True.
    
    That way we can provide best effort snooping: multicast isolation where
    IGMP queriers are available and flood everywhere else?
    
    Conflicts:
        neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
        neutron/tests/functional/agent/common/test_ovs_lib.py
        neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py
        neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_tunnel.py
    
    Closes-Bug: #1884723
    Change-Id: Iefa0044dba9e92592295a79448e5d57d9e14a40b
    (cherry picked from commit b4070c975274f53a4a2caaabeb5af55683232d3d)


** Tags added: in-stable-rocky

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1884723

Title:
  [OVS] multicast between VM instances on different compute nodes is
  broken with IGMP snooping enabled

Status in neutron:
  Fix Committed
Status in neutron package in Ubuntu:
  New

Bug description:
  It was originally reported by Matt Flusche in Red Hat's bugzilla.
  Below is description of the issue:

  I was verifying these OVS configuration options and the impact on
  tenant networking.  My thought going into testing was vxlan would not
  be impacted but vlan tenant would break; however, for vxlan tenant
  networks it looks like these options will break multicast also.

  In a lab test (osp13), multicast is broken between VM instances on
  different compute nodes after applying:

  >  # ovs-vsctl set Bridge br-int mcast_snooping_enable=true
  >  # ovs-vsctl set Bridge br-int other_config:mcast-snooping-disable-flood-unregistered=true

  The following can be used to temporarily allow multicast over vxlan:

  ovs-vsctl set Port patch-tun other_config:mcast-snooping-flood-
  reports=true

  This will flood reports to br-tun and the other vxlan endpoints will
  learn the remote port.  This allows multicast snooping to work for a
  period of time; however, since there is no IGMP querier to continue to
  solicit IGMP reports once the Age timer expires (300 secs) the traffic
  will be blocked.

  It seems that this solution as suggested will work if only provider
  networking is used.  Is that correct?

  An options that might work would be:

  ovs-vsctl set Bridge br-int mcast_snooping_enable=true
  ovs-vsctl set Bridge br-int other_config:mcast-snooping-disable-flood-unregistered=false  #<--- change to false; default

  Then, for each patch on br-int:

  ovs-vsctl set Port <patch> other_config:mcast-snooping-flood-reports=true
  ovs-vsctl set Port <patch> other_config:mcast-snooping-flood=true

  This might provide best effort snooping.  multicast isolation where
  IGMP queriers are available and flood everywhere else?

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1884723/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list