"IPWrapper.add_vxlan" method must have "dev" parameter as possitional
argument. A VXLAN interface must be always created on top of an existing
network device:
https://www.kernel.org/doc/Documentation/networking/vxlan.txt
Closes-Bug: #1954316
Change-Id: Ia082f8531ffcc1599206124774599dcdb500274a
Attempting to terminate a vxlan on the lo interface with
multiple ip addresses fails. This seems to be because only
the first ip address on the interface is used. If this address
is invalid for vxlan creation (ie. 127.0.0.1), the vxlan
interface will be created, but will not have a source ip
address, and will therefore be non-functional. To remedy this
issue, when L2population is used, we can set the local
argument to the local_ip, thus ensuring the intended ip
address is configured.
Closes-Bug: 1929998
Change-Id: I9c54a268fc4ef9705637556ecba161bd6523a047
Signed-off-by: Anthony Timmins <atimmins@datto.com>
Changed the logic of decorator "catch_exceptions" to provide a
Pythonic output: if succeeds, returns True; if fails, returns False.
Change-Id: Idbf2ffb4ef403f343973bde3b3599f9cd3aaddf2
Story: #2007686
Task: #39975
Recent changes in some versions of iproute2 CLI output (v4.18),
have invalidated the regular expression used to parse the
"ip link" output.
To solve this problem and avoid future ones, pyroute2 is used to
retrieve the virtual functions information and set the VF attributes
(spoofcheck, min_tx_rate, max_tx_rate and link_state).
pyroute2 extended the "ip link" support to retrieve this information,
adding "ext_mask=1" in the get command. If no virtual functions are
present in this particular network interface, the added method,
"get_link_vfs", will return an empty list.
The set commands can return a "InterfaceOperationNotSupported" in
case the operation is not supported. For min_tx_rate, if the driver
does not support to set a minimum bandwidth, an "InvalidArgument"
(from a pyroute2.NetlinkError(22)) exception will be raised.
Change-Id: I680da4f64bd114f1caecaaeedbf8a4b1915a0849
Closes-Bug: #1878042
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
This patch moves all references to "import mock" to
"from unittest import mock". It also cleans up some new line
inconsistency.
Fixed an inconsistency in the OVSBridge.deferred() definition
as it needs to also have an *args argument.
Fixed an issue where an l3-agent test was mocking
functools.partial, causing a python3.8 failure.
Unit tests only, removing from tests/base.py affects
functional tests which need additional work.
Change-Id: I40e8a8410840c3774c72ae1a8054574445d66ece
By default, if no metric is defined, the kernel interprets the
highest value (0).
The current implementation, using pyroute2, is a translation from
the CLI command "ip route". This command uses the netlink API to
communicate with the kernel. In IPv6, when the metric value is not
set is translated as 1024 as default [1].
[1]https://access.redhat.com/solutions/3659171
Change-Id: I0c5f9e320bbbf314a2d6a22c515bf903de84cdaf
Related-Bug: #1855759
The gateway IP address in the gateway dictionary returned by
"ip_lib.list_ip_routes" is stored in "via".
"priority" parameter is changed to "metric", to match input and
output parameters.
Change-Id: I67ae473dca8d706f963c3b55b9410f9a79d7f32b
Closes-Bug: #1855759
Removed E125 (continuation line does not distinguish itself
from next logical line) from the ignore list and fixed all
the indentation issues. Didn't think it was going to be
close to 100 files when I started.
Change-Id: I0a6f5efec4b7d8d3632dd9dbb43e0ab58af9dff3
"bridge" commands executed inside a namespace will be needed
initially to test the TC filter for VXLAN traffic. Those tests
will create two namespaces with VXLAN interfaces in order to check
the functionality of this new TC filter.
Related-Bug: #1560963
Change-Id: I3553b89fc0436c9cf83c66ab447ba4b4a6268ee1
Today the neutron common exceptions already live in neutron-lib and are
shimmed from neutron. This patch removes the neutron.common.exceptions
module and changes neutron's imports over to use their respective
neutron-lib exception module instead.
NeutronLibImpact
Change-Id: I9704f20eb21da85d2cf024d83338b3d94593671e
As part of the implementation of multiple port bindings [1], add binding
activation support to the linux bridge agent. This will enable the
execution with linux bridge agents of the complete sequence of steps
outlined in [1] during an instance migration:
1) Create inactive port bindings for destination host
2) Migrate the instance to the destination host and plug its VIFs
3) Activate the port bindings in the destination host
4) Delete the port bindings for the source host
[1] https://review.openstack.org/#/c/309416/
Change-Id: I2c937cc0a551e5ce0e8534c4dd4384ec2ca92da1
Partial-Bug: #1580880
This commit adds a binding_deactivate method to the Linux bridge agent
to receive messages from the ML2 plugin when a binding is de-activated
for a port. After receiving that message, the agent un-plugs the
corresponding tap interface from the port's network bridge.
To support this, a binding_deactivate method is also added to the agents
notifier. Finally, the activate method in the ML2 plugin is updated to
use the binding_deactivate method in the agents notifier.
Change-Id: I3f4e34766791c472a2c81842190094f697baa05c
Partial-Bug: #1580880
In case when MTU value configured for VXLAN network is
higher than physical device's MTU - VXLAN overhead
then Linuxbridge agent will not be able to create properly
vxlan interface with desired MTU value.
In patch [1] there was introduced validation if MTU of
physical device is big enough to create MTU with required
MTU value but it was working only for IPv4 tunnels as
for IPv6 overhead is bigger.
This patch changes this validation a bit and now it will
works properly for both IPv4 and IPv6 VXLAN tunnels.
[1] https://review.openstack.org/#/c/546291/
Change-Id: Ib707312adb45dae7295884aba4ece6538d330d56
Related-Bug: #1744101
Recent pep8 upgrade and corresponding pycodestyle update break
pep8 job due to the new rules.
This commit fixes the following new errors:
- E266 too many leading '#' for block comment
- E501 line too long
- H903 Windows style line endings not allowed in code
The following errors are added to the ignore list
as there are many errors:
- E402 module level import not at top of file
- E731 do not assign a lambda expression, use a def
- W503 line break before binary operator
Change-Id: I1fd3357479bb2ba3d89de92739ffac99900761b6
The linuxbridge agent was using its own version of
ensure_device_is_ready() called _bridge_exists_and_ensure_up(),
just use the one in ip_lib since it does an additional MAC
address check.
Trivialfix
Change-Id: I02cdbe40fddb220623e341b94edb3d8c96099581
In case when MTU value configured for VXLAN network is
higher than physical device's MTU - 50 (VXLAN overhead)
then Linuxbridge agent will log proper error message.
Change-Id: I2c1142877fee4ab2fa06e6e4d203c78a776d9591
Related-Bug: #1744101
Adding ability to set DSCP field in OVS tunnels outer header, or
inherit it from the inner header's DSCP value for OVS and linuxbridge.
Change-Id: Ia59753ded73cd23019605668e60cfbc8841e803d
Closes-Bug: #1692951
neutron-lib contains a number of the plugin related constants from
neutron.plugins.common.constants. This patch consumes those constants
from neutron-lib and removes them from neutron. In addition the notion
of the dummy plugin service type is moved strictly into the test
package of neutron since it's not a real service plugin.
NeutronLibImpact
Change-Id: I767c626f3fe6159ab3abd6a7ae3cb9893b79bf66
If network_deletes are received before port creates
are processed, the agent might not have the network in
it's map even though it has a bridge to delete.
This adjusts the logic to always try to delete the bridge
corresponding to a network_id even if it's not in the
network_map yet.
Change-Id: I5e72bff2ffd9568f272ed48187ad543ab5a3d1ec
Closes-Bug: #1698271
Introduce vxlan.{udp_srcport_min, udp_srcport_max and udp_dstport}
for setting the port range used for VXLAN communication.
Change-Id: I97999988090eee7aee9b533ac1dad2de95b29cbe
Closes-Bug: #1483853
DocImpact: vxlan.{udp_srcport_min, udp_srcport_max and udp_dstport}
can be used to set UDP port numbers used for VXLAN in LinuxBridge
agent.
If bridge IP address already exists, when we try and add
it an error will be raised. Check for the existence of
the IP to avoid the error.
Closes-Bug: #1697926
Change-Id: I9aae3b4f0fab053e8c215887f58b983d9549582d
This reverts commit 1b987be2b5.
This probably triggered a race between nova and l2 agent when
hot-detaching VIFs.
Change-Id: I2fc20666d43942446878da358ccf4472e04ad94c
Related-Bug: #1696125
Enable creation of VXLANs with different multicast addresses allocated
by VNI-address mappings. Dictionary of multicast addresses and
corresponding VXLAN VNI IDs should be loaded from settings. Usable to
not flood whole network when managing routers between more datacenters
and can not use L2population because VXLAN points to external device.
Co-Authored-By: Kevin Benton <kevin@benton.pub>
DocImpact: VXLAN addresses used by linux bridge can be specified per VNI
Closes-Bug: #1579068
Change-Id: I24f272ccd6d61d9fa7ea3b6f256fabd381f5434a
This adjusts the Linux Bridge mechanism driver to return
the 'tap' VIF type to Nova so the Linux Bridge agent is
responsible for plugging all ports into bridges.
This completely eliminates all of the work Nova was doing with
regard to bridges so we now have one consistent path how ports
(both compute and dhcp/l3) are connected into Linux Bridge
networks. Both Nova and the DHCP/L3 agents will now just create
a device and leave wiring to bridges to be completely the
responsibility of the L2 agent.
In order to preserve backwards compatibiliy with Ocata agents
that won't touch compute ports, we only report back vif_type='tap'
if the agent has a report_state value showing that it wires compute
ports.
This will also solve a longstanding bug (bug #1105488) that
is preventing Nova instances from using custom bridge mappings
since the agent will be guaranteed to be responsible for the
connection to the bridge.
Depends-On: I075595158d8f3b5a6811c4794aa7b91912940db5
Related-Bug: #1617447
Closes-Bug: #1673910
Closes-Bug: #1105488
Change-Id: I23c5faaeab69aede1fd038a36f4a0b8f928498ce
Libvirt does not set the MTU of the tap device it creates when creating
a bridge interface. It also does not set the MTU of the bridge itself.
This cannot be fixed on the Nova side since libvirt doesn't appear to
have support for setting MTUs on bridges until version 3x.
This results in a situation where the first VM tap interface attached to
a bridge will always have an MTU of 1500. The Neutron agent will then
add in VLAN/VXLAN interfaces with the correct MTU; however, the bridge
MTU will still be pinned to the smallest interface MTU attached to it.
This breaks jumbo frames until all small MTU tap devices are removed
from the bridge.
This patch explicitly sets the MTU on tap devices to match the network
MTU when processing the device.
We will have to carry this workaround until we stop Nova from
plugging taps into bridges[1] or until we drop support for older
libvirts on the Nova side and have it set the MTU.
This bug was introduced by change
I53c0eb57da956b36f09731d25db989719e9bc9dc which reverted automatic
setting of tap MTUs to match those of the physical device.
1. I23c5faaeab69aede1fd038a36f4a0b8f928498ce
Closes-Bug: #1684038
Change-Id: Ia245a3e22339fce026901e24a82e836c8b27cc28
This reverts commit 1feb19c83f.
Better fix in I23c5faaeab69aede1fd038a36f4a0b8f928498ce but that
make take time due to dependency on a nova patch.
Change-Id: Iaa4d85f63cb8e058d09858636ce1434352e39bed
Closes-Bug: #1673910
The linuxbridge agent tries to move all the IP addresses
from the first interface attached to a bridge at startup.
This can fail if the interface has an IPv6 address since
IPv6 is always disabled on bridge devices.
Change ensure_bridge() to not disable IPv6, and instead
move all IPs and default route by family - IPv4 and IPv6.
Change-Id: Ic236de04c0203633df49967a9a4528fda13c51df
Closes-bug: #1662324
Nova Ocata and Newton have protection against bridge
creation races in os-vif[1] so we no longer need
to special-case this port type in the Linux Bridge
loop going forward in Pike.
1. Ib0266086e0caffecf3f9f2a8291369cfa155f386
Related-Bug: #1617447
Change-Id: I2a23d0cbc4c4d0db6e9f48d91ca03b5007f91a84
The first device the agent happens to pick could be something
without a mac address like a 6in6 interface. This was causing
the agent to fail to start if it was unlucky enough to pick
that address.
This patch just adjusts the logic to keep iterating through
the list until we find a mac.
Closes-Bug: #1669087
Change-Id: I6e934a2dff8fd441e1c70c9a5857fd6150835e2a
In an earlier change[1], a filter was added to avoid Linuxbridge races
with Nova. This filter breaks anything else using device owners other
than n(eutron|etwork):.
[1] https://review.openstack.org/#/c/193485/
Closes-Bug: #1524004
Closes-Bug: #1664659
Change-Id: I31a8e0e255b8b0251c991d5e20a4b9441d4ec489
Changed the Linux Bridge agent and some functional tests
to use the new neighbour code in ip_lib.
Marked IpNeighCommand.show() as deprecated in favor of
using 'dump' instead.
Change-Id: I8d8d074010561aa7eba04b6a519ba18f8bac0312
This reverts commit 6cf9201114.
Conflicts:
neutron/plugins/linuxbridge/agent/linuxbridge_neutron_agent.py
neutron/tests/unit/plugins/linuxbridge/agent/test_linuxbridge_neutron_agent.py
This hack was used to copy MTU from physical bridges to tap devices to
support Jumbo frames. Now that we have proper MTU behaviour in interface
drivers, this is not needed.
This hack makes all efforts of the interface driver to set the correct
network MTU on all ports ineffective. It breaks multinode grenade
linuxbridge job, among other things.
Even back in Liberty times when it was introduced, there was no real
need to explicitly set Jumbo aware MTU on tap devices from Neutron side.
This could have been achieved by setting network_device_mtu on Nova side
in addition to Neutron:
https://github.com/openstack/nova/blob/liberty-eol/nova/network/linux_net.py#L1590
Change-Id: I53c0eb57da956b36f09731d25db989719e9bc9dc
Related-Bug: #1605271
The ip_lib code is able to get the MAC address of a device
already using the IpLinkCommand class, let's remove
get_interface_mac() since it's not necessary.
Changed all callers to use the new get_device_mac() code
and tagged get_interface_mac() for deprecation since it
could be in use by other callers outside the neutron tree.
Closes-Bug: #1630439
Change-Id: I1695d7e46efe5245eb581bd40d5420250a3bad89
An exception can happen when a network is deleted because the
lb-agent tries to removes the dhcp tap from the bridge at about
the same time as the dhcp-agent is deleting the tap. The unhandled
exception means the bridge does not get deleted and a log error.
Closes-Bug: #1611612
Change-Id: Ia9a6b5fc49e239769e850e9486454e81e3a4b96f
When arp_responder is not set, the proxy flag is not set on the VXLAN
VTEP interface so no ARP/ND responses are sent. In this (default case)
it is unnecessary to populate the neighbor table on each VxLAN VTEP
interface.
Change-Id: I0fff2228b5b819829edac0bb6597ecb8e5a036ad