Disabling in-band management for bridge will effectively disable it for
all controllers which are or will be set for the bridge. This will
prevent us from having short time between configuring controller and
setting connection_mode of the controller to "out-of-band" when
controller works in the default "in-band" connection mode and adds some
hidden flows to the bridge.
Closes-Bug: #1992953
Change-Id: Ibca81eb59fbfad71f223832228f408fb248c5dfa
- setup local ARP responder
- setup local ip translation flows (nat via conntrack)
- setup local gARP blocker to prevent undesired Local IP ARP updates
from other nodes (including real IP address owner)
2 new OF tables added for br-int:
- LOCAL_EGRESS_TABLE - to save local ports vlans
- LOCAL_IP_TABLE - for local ip handling
Partial-Bug: #1930200
Change-Id: I49923958d1d602e3af4e02fadbec1b17798c49c8
Setting new controller for bridge every time when neutron-ovs-agent
is restarted or is doing full-sync may cause some short data plane
connectivity loss and is not needed if same controller is already
configured for the bridge.
With this patch neutron-ovs-agent will first check if controller is
configured for the bridge and if it's the same as what should be
configured, it will skip setting it up.
With this patch also protocols added to the bridge will be first checked
if they aren't already there and only missing ones will be added if
necessary.
Setting of the connectivity mode and inactivity probe is
always performed as this don't cause connectivity issues and is cheap
so we can always ensure that those parameters are configured properly.
Closes-Bug: #1948642
Change-Id: Idfa763df8c60d8ae46cd6351d1b6dc7d950b4c67
Some (custom) OVS bridges could be created by nova/os-vif when
plugging VM interface. For such bridges neutron does not call create(),
only setup_controllers() - as a result such bridges support only
OpenFlow13 and ovs-ofctl command fails.
Please see bug for details.
Change-Id: I86dc7d5dd0cd7b19a042498d35785510fecc7446
Closes-Bug: #1905538
This parameter applies to the OVSDB Controller table when the
native openflow driver is used. There are reports that increasing
it can reduce errors on busy systems. This patch also sets the
default value to 10s which is more than the OVS default of 5s.
See the ovs-vswitchd.conf.db man page for full description.
Change-Id: If0d42919412dac75deb4d7f484c42cea630fbc59
Partial-Bug: #1817022
If the switch misbehaves, we may receive None from db_get_val. In this
case, int() on the return value will raise TypeError which is not
expected by callers and may result in ovs agent crash.
Instead of bubbling up the TypeError exception, we raise RuntimeError if
datapath id is None.
Change-Id: I53bea00b9a7302d694b8066e969c894bf64cb2d4
Closes-Bug: #1731494
Previously, DP ID was converted to integer and then back to string. As a
consequence of the conversion, DP IDs like 000123 were converted to 123
losing leading zeros. In case self._get_dp_by_dpid() method raises a
RuntimeError exception current DP ID of the bridge was compared to
cached DP ID and if IDs were different, original exception coming from
ryu library was swallowed. As conversion for cached DP ID removes
leading zeros, original exception was always swallowed if bridge's DP ID
started with zero.
This patch uses the integer for comparison between current and cached
bridge DP ID hence any exception coming from ryu is not swallowed.
Closes-bug: #1718235
Change-Id: I445aa61acc758b56c51a9403df4d92d9c1d40ace
Since Pike log messages should not be translated.
This patch removes calls to i18n _LC, _LI, _LE, _LW from
logging logic throughout the code. Translators definition
from neutron._i18n is removed as well.
This patch also removes log translation verification from
ignore directive in tox.ini.
Change-Id: If9aa76fcf121c0e61a7c08088006c5873faee56e
This change modifies the behavior of OVS native and ovs-ofctl bridge
implementations so that instead of configuring the bridge only for the
required OVS protocol version, they add the required version to the
already configured versions.
To achieve this, an add_protocols method is added to the OVSBridge
class, relying on the OVSDB add_db_attribute added in
Ib6ce75846f9b13c1c33f0ced5ccc619ee7860dc1, with the behavior of
making the provided set of versions supported in addition to already
configured ones.
It is aimed to be a cleaner solution to bug 1622644 than the quickfix merge
from I4475865c4f83cb9f3e12c709af752bc490692ca3 .
After this change, the set_protocols method appears useless and is
hence marked for future removal.
Depends-On: I4386aa293f9b18d2e17b4a80d9c7da4b9b46f3c9
Change-Id: Id5ac7e6431c97fc70d8404b16f89533b6f270eee
Related-Bug: 1622644
This change avoids issues where a piece of code restricts
a bridge to OF13 while there is code still needing OF10, and
vice-versa, by configuring bridge to both versions.
This is aimed to be a less complex and easier to merge fix than
Id5ac7e6431c97fc70d8404b16f89533b6f270eee.
Change-Id: I4475865c4f83cb9f3e12c709af752bc490692ca3
Closes-Bug: 1622644
In case there is some cached datapath id in OVSAgentBridge
and openflow switch does not respond in time for some
reason, a call to OVSAgentBridge._dpid() method will result
in UnboundLocalError.
This patch addresses the issue by calculating dpid_str
value from cached dpid instead of referencing unassigned
variable.
Some minor refactor also took place.
Closes-Bug: #1588042
Change-Id: If50183bf95cbe50c3a2393be8c2ab913c9715a10
By default openvswitch uses "in-band" controller connection mode ([1])
which adds hidden OpenFlow rules (only visible by issuing ovs-appctl
bridge/dump-flows <br>) and leads to a network loop on br-tun when
using native OpenFlow interface. As of now the OF controller is hosted
locally with OVS which fits the "out-of-band" mode. If the remote OF
controller is ever to be supported by openvswitch agent in the future,
"In-Band Control" [1] should be taken into consideration for physical
bridge only, but br-int and br-tun must be configured with the
"out-of-band" controller connection mode.
[1] https://github.com/openvswitch/ovs/blob/master/DESIGN.md
Change-Id: I792a89d37b5d5319cc027835f6a1bfcbe7297ffb
Closes-Bug: #1588393
- Introduces an API to allow l2-agents to access resources within
the Open vSwitch Agent, specifically the integration and tunnel bridges.
- adds consume_api method to the AgentCoreResourceExtension class.
- modifies the AgentExtensionManager class to accept the AgentExtensionAPI
class as an optional argument.
- adds the OVSAgentExtensionAPI class.
- modifies ovs_lib and ofswitch to include a list of uuid stamps
to exempt from flow deletion.
- adds the OVSBridgeCookieMixin class that manages the distribution of
cookies and maintains the list of reserved cookies.
- modifies OVSNeutronAgent to initialize OVSAgentExtensionAPI and pass
into the AgentExtensionManager.
Partial-Bug: #1517903
Co-Authored-By: Nate Johnston <nate_johnston@cable.comcast.com>
Co-Authored-By: Thomas Morin <thomas.morin@orange.com>
Implements: blueprint l2-api-extensions
Change-Id: I7cb61f30689dff2d7895d444060dedc1532a63ec
This firewall requires OVS 2.5+ version supporting conntrack and kernel
conntrack datapath support (kernel>=4.3). For more information, see
https://github.com/openvswitch/ovs/blob/master/FAQ.md
As part of this new entry points for current reference firewalls were
added.
Configuration:
in openvswitch_agent.ini:
- in securitygroup section set firewall_driver to openvswitch
DocImpact
Closes-bug: #1461000
Co-Authored-By: Miguel Angel Ajo Pelayo <mangelajo@redhat.com>
Co-Authored-By: Amir Sadoughi <amir.sadoughi@rackspace.com>
Change-Id: I13e5cda8b5f3a13a60b14d80e54f198f32d7a529
- This does NOT break other projects that rely on neutron.i18n,
as this change includes a debtcollector shim to maintain those
older entry points, until they can migrate.
- Also updates _i18n.py to the latest pattern defined by oslo_i18n
- Guidance and template are from the reference:
http://docs.openstack.org/developer/oslo.i18n/usage.html
Partially-Closes-Bug: #1519493
Change-Id: I1aa3a5fd837d9156da4643a367013c869ed8bf9d
Introduce an alternative OpenFlow implementation, "native",
implemented using Ryu ofproto python library from Ryu SDN Framework.
Make it selectable with of_driver=native agent option.
The aim is to replace the existing ovs-ofctl based implementation
eventually.
It introduces node-local OpenFlow controller embedded in
OVS agent. Benefits include:
* Reduce the overhead of invoking ovs-ofctl command (and associated
rootwrap)
* Make future uses of OpenFlow asynchronous messages (e.g. Packet-In,
Port-Status, etc) easier
* Make XenAPI integration simpler
Highlights:
* Switch to OpenFlow 1.3.
* Make OVS-agent act as an OpenFlow controller
* Configure OVS on the node to connect to the controller
DocImpact
Implements: blueprint ovs-ofctl-to-python
Co-Authored-by: IWAMOTO Toshihiro <iwamoto@valinux.co.jp>
Change-Id: I02e65ea7c6083b2c0a686fed2ab04da4d92b21a3