The neutron.plugins.ml2.drivers.agent.config module registers options
commonly used by the ml2 agents but in fact it is used only by linux
bridge agent and macvtap agent.
This change makes all ml2 agents use that base module consistently in
individual config modules.
Change-Id: Ib3ec8a8eaf347721bb06f092a0887e62f3a6bffd
Adding ability to set DSCP field in OVS tunnels outer header, or
inherit it from the inner header's DSCP value for OVS and linuxbridge.
Change-Id: Ia59753ded73cd23019605668e60cfbc8841e803d
Closes-Bug: #1692951
Refactoring Neutron configuration options for agent common config to be
in neutron/conf/agent/common. This will allow centralization of all
configuration options and provide an easy way to import.
Partial-Bug: #1563069
Change-Id: Iebac0cdd3bcfd0135349128921b7ad7a1a939ab8
Needed-By: Ib676003bbe909b5a9013a3178b12dbe291d936af
Refactoring ml2 plugin openvswitch driver configuration options to be
in neutron/conf/plugins/ml2/drivers. This would allow centralization
of all configuration options and provides an easy way to import.
Change-Id: Ie8c6023b2d012eae7ecdb99d5d413956608f4294
Partial-Bug: #1563069
The IPv6 header is twice the size of the IPv4 header, 40 vs 20
bytes, but the tunnel overhead constants are static, only
accounting for an IPv4 header in all cases. In order to be
correct it needs to treat the tunnel overhead different from
the IP overhead at L3.
This required removing the 20 byte IP overhead from the tunnel
type overhead constants and creating a new option,
ml2.overlay_ip_version, in order for the server to know which
version will be used, since it calculates the MTU for the network.
A version mis-match will now cause a tunnel sync to fail on
the server.
Moved all MTU tests to a common location to remove duplication.
DocImpact
Change-Id: Ia2546c4c71ff48b9fe2817fbad22b1fbf85f325b
Closes-bug: #1584940
Update document and configuration help.
A release-note for removing ofagent is added in the following.
I5dbcd38b0ccc156a6c1cbac4d7fa7f9d297ec466
Change-Id: I586c0d5a7f9d3b742e8c65ff7e2986fd5d837f94
Partial-Bug: #1521477
Remove IPv4 restriction for local_ip configuration statement.
Check for IP version mismatch of local_ip and remote_ip before creating
tunnel.
Create hash of remote IPv6 address for OVS interface/port name with least
posibility for collissions.
Fix existing tests that fail because of the added check for IP version
and subsequently valid IP addresses in _setup_tunnel_port.
DocImpact
Change-Id: I9ec137ef8c688b678a0c61f07e9a01382acbeb13
Closes-Bug: #1525895
The reason for reverting this is that when we tested this OVS
port is show as DOWN and it can actually send traffic.
An explanation is below:
The DHCP port has "tap" in the name, but doesn't appear to be
a tap device. It appears to be an OVS internal device. That device
was then put into a different network namespace, which isn't
visible to the root namespace in which ovs-vswitchd is running.
Using internal devices in this manor is kind of a hack since
ovs-vswitchd can't actually see the device, but it can still
send and receive traffic on it.
This reverts commit 850b4c025f.
Closes-bug: #1571553
Change-Id: I82d53d62bfd42cb17e3ce7f739369be3bbf44c02
This option was originally intended to deprecate in Mitaka
and remove in Newton, but we missed to announce it in Mitaka
release note. It looks better to deprecate it in Newton release
and remove it in Ocata release.
Change-Id: Iad466abbb0716da77801315d1a8766ba2f7c06b9
Closes-Bug: #1546010
These were added to support an old kernel bug with
patch ports in OVS. This should no longer be an issue
with distros new enough ship Ocata.
Closes-Bug: #1550501
Change-Id: I8cd3d74f4d7dbe57fbff180d344f21534d590ce1
Unfortunately we may have to continue to support veth connections
in the OVS agent for QoS use-cases. Related discussion:
https://bugs.launchpad.net/bugs/1550501
For the particular veth connections that reference the 'veth_mtu'
setting, they are constructed long before we know the MTUs of the
networks that will be going over them. So this patch changes their
default to be 9000 to try to ensure they won't be silently dropping
frames in jumbo MTU deployments.
Change-Id: I6859ebdde1f7e3a8163b49d705620e522ada606a
Related-bug: #1542475
This protection should always be enabled unless its explicitly
shutoff via the port security extension via the API. The primary
reason it was a config option was because it was merged at the end
of Kilo development so it wasn't considered stable. Now that it
has been enabled by default for all of Liberty and the development
of Mitaka, it's a good idea to just get rid of the option completely.
DocImpact: Remove references to prevent_arp_spoofing and replace
with pointer to port security extension for disabling
security features.
Change-Id: Ib63ba8ae7050465a0786ea3d50c65f413f4ebe38
This adds a new tox environment, genconfig, which generates sample
neutron core configuration file using oslo-config-generator.
Updates to some configuration option help messages to reflect useful
details that were missing in the code but were present in config files.
It also adds details to devref on how to update config files.
Partially-Implements: blueprint autogen-neutron-conf-file
DocImpact
Change-Id: I1c6dc4e7d479f1b7c755597caded24a0f018c712
Closes-bug: #1199963
Co-Authored-By: Louis Taylor <louis@kragniz.eu>
Adds the ovs 'config' property which returns the contents of the
single row of the Open_vSwitch table. This gives access to certain
OVS capabilities such as datapath_types and iface_types.
Using this information in concert with the datapath_type config
option, vif details are calculated by the OVS mech driver. If
datapath_type == 'netdev' and OVS on the agent host is capable of
supporting dpdkvhostuser, then it is used.
Authored-By: Terry Wilson <twilson@redhat.com>
Co-Authored-By: Sean Mooney <sean.k.mooney@intel.com>
Closes-Bug: #1506127
Change-Id: I5047f1d1276e2f52ff02a0cba136e222779d059c
Commit 44d73d1ad3 added support
for oslo.config 2.6.
Commit 4d2cb851b7 added this to Neutron.
The patch adds a few missing items.
Change-Id: Id36515e28458c354ddb6fe3656f182d17df08f8a
The oslo_config library provides new type PortOpt to validate the
range of port now.
Change-Id: I40792ddcee0f89c47defa726fed24f26c4b88ce2
Depends-On: I9c0e3f44cf93db020933d8d766cedfc2e3f3bb8b
This change introduces a new agent_type config option which
allows the ovs agent to be reused by out of tree
mechanism drivers.
DocImpact
Change-Id: I48f4be4b1d51bcff62e86e5814c12bd9bfa3c902
Closes-Bug: #1469871
The new option for the ovs agent will enable to set/unset the
csum option for the vxlan/gre tunnels. The default is maintained as False.
Change-Id: I18dcd8946b585e70f8890a5c222ea37059c4a0c5
Implements: bp ovs-tunnel-csum-option
Closes-bug: #1492111
Introduce an alternative OpenFlow implementation, "native",
implemented using Ryu ofproto python library from Ryu SDN Framework.
Make it selectable with of_driver=native agent option.
The aim is to replace the existing ovs-ofctl based implementation
eventually.
It introduces node-local OpenFlow controller embedded in
OVS agent. Benefits include:
* Reduce the overhead of invoking ovs-ofctl command (and associated
rootwrap)
* Make future uses of OpenFlow asynchronous messages (e.g. Packet-In,
Port-Status, etc) easier
* Make XenAPI integration simpler
Highlights:
* Switch to OpenFlow 1.3.
* Make OVS-agent act as an OpenFlow controller
* Configure OVS on the node to connect to the controller
DocImpact
Implements: blueprint ovs-ofctl-to-python
Co-Authored-by: IWAMOTO Toshihiro <iwamoto@valinux.co.jp>
Change-Id: I02e65ea7c6083b2c0a686fed2ab04da4d92b21a3
This change introduces a new datapath_type parameter
to allow specification of the ovs datapath to be used.
This change introduces new functional and unit tests.
DocImpact
Change-Id: I929d8d15fc6cfdb799c53ef0f3722f4ed5c1096d
Partial-Bug: #1469871
When agent is restarted it drops all existing flows. This
breaks all networking until the flows are re-created.
This change adds an ability to drop only old flows.
Agent_uuid_stamp is added for agents. This agent_uuid_stamp is set as
cookie for flows and then flows with stale cookies are deleted during
cleanup.
Co-Authored-By: Ann Kamyshnikova<akamyshnikova@mirantis.com>
Closes-bug: #1383674
DocImpact
Change-Id: I95070d8218859d4fff1d572c1792cdf6019dd7ea
This patch adds ARP spoofing protection for the Linux Bridge
agent based on ebtables. This code was written to be minimally
invasive with the intent of back-porting to Kilo.
The protection is enabled and disabled with the same
'prevent_arp_spoofing' agent config flag added for the OVS agent
in I7c079b779245a0af6bc793564fa8a560e4226afe.
The protection works by setting up an ebtables chain for each port
and jumping all ARP traffic to that chain. The port-specific chains
have a default DROP policy and then have allow rules installed that
only allow ARP traffic with a source CIDR that matches one of the
port's fixed IPs or an allowed address pair.
Closes-Bug: #1274034
Change-Id: I0b0e3b1272472385dff060897ecbd25e93fd78e7
This commit moves the L2 agents (Linuxbridge and OVS) into the
ML2 directory, while at the same time also moving the ML2 server
bits into toplevel directories. It also moves the configuration
files and unit tests. We also move the l2pop RPC mixin while
here as well.
DocImpact
UpgradeImpact
Partially-Implements: blueprint reference-implementation-split
Partial-Bug: #1468433
Closes-Bug: #1427317
Change-Id: If6feca7b7a6bdd6c3c6feb929fa26fb4b1f72770
Signed-off-by: Kyle Mestery <mestery@mestery.com>