[DVR] Block ARP to dvr router's port instead of subnet's gateway

It may happen that subnet is connected to dvr router using IP address
different than subnet's gateway_ip.
So in br-tun arp to dvr router's port should be dropped instead of
dropping arp to subnet's gateway_ip (or mac in case of IPv6).

Change-Id: Ida6b7ae53f3fc76f54e389c5f7131b5a66f533ce
Closes-bug: #1831575
(cherry picked from commit ae3aa28f5a)
This commit is contained in:
Slawek Kaplonski 2019-06-04 12:14:37 +02:00
parent a9d291bd84
commit a7c9cc870e
2 changed files with 12 additions and 16 deletions

View File

@ -416,12 +416,11 @@ class OVSDVRNeutronAgent(object):
# TODO(vivek) remove the IPv6 related flows once SNAT is not
# used for IPv6 DVR.
if ip_version == 4:
if subnet_info['gateway_ip']:
br.install_dvr_process_ipv4(
vlan_tag=lvm.vlan, gateway_ip=subnet_info['gateway_ip'])
br.install_dvr_process_ipv4(
vlan_tag=lvm.vlan, gateway_ip=fixed_ip['ip_address'])
else:
br.install_dvr_process_ipv6(
vlan_tag=lvm.vlan, gateway_mac=subnet_info['gateway_mac'])
vlan_tag=lvm.vlan, gateway_mac=port.vif_mac)
br.install_dvr_process(
vlan_tag=lvm.vlan, vif_mac=port.vif_mac,
dvr_mac_address=self.dvr_mac_address)

View File

@ -2644,7 +2644,7 @@ class TestOvsDvrNeutronAgent(object):
return resp
def _expected_install_dvr_process(self, lvid, port, ip_version,
gateway_ip, gateway_mac):
gateway_ip):
if ip_version == n_const.IP_VERSION_4:
ipvx_calls = [
mock.call.install_dvr_process_ipv4(
@ -2655,7 +2655,7 @@ class TestOvsDvrNeutronAgent(object):
ipvx_calls = [
mock.call.install_dvr_process_ipv6(
vlan_tag=lvid,
gateway_mac=gateway_mac),
gateway_mac=port.vif_mac),
]
return ipvx_calls + [
mock.call.install_dvr_process(
@ -2669,12 +2669,13 @@ class TestOvsDvrNeutronAgent(object):
self, device_owner, ip_version=n_const.IP_VERSION_4):
self._setup_for_dvr_test()
if ip_version == n_const.IP_VERSION_4:
gateway_ip = '1.1.1.1'
gateway_ip = '1.1.1.10'
cidr = '1.1.1.0/24'
else:
gateway_ip = '2001:100::1'
cidr = '2001:100::0/64'
self._port.vif_mac = gateway_mac = 'aa:bb:cc:11:22:33'
self._port.vif_mac = 'aa:bb:cc:11:22:33'
gateway_mac = 'aa:bb:cc:66:66:66'
self._compute_port.vif_mac = '77:88:99:00:11:22'
physical_network = self._physical_network
segmentation_id = self._segmentation_id
@ -2722,8 +2723,7 @@ class TestOvsDvrNeutronAgent(object):
port=self._port,
lvid=lvid,
ip_version=ip_version,
gateway_ip=gateway_ip,
gateway_mac=gateway_mac)
gateway_ip=self._fixed_ips[0]['ip_address'])
expected_on_int_br = [
mock.call.provision_local_vlan(
port=int_ofp,
@ -2811,8 +2811,7 @@ class TestOvsDvrNeutronAgent(object):
port=self._port,
lvid=lvid,
ip_version=ip_version,
gateway_ip=gateway_ip,
gateway_mac=gateway_mac)
gateway_ip=gateway_ip)
self.assertEqual(expected_on_int_br, int_br.mock_calls)
self.assertEqual(expected_on_tun_br, tun_br.mock_calls)
self.assertEqual([], phys_br.mock_calls)
@ -3073,8 +3072,7 @@ class TestOvsDvrNeutronAgent(object):
port=self._port,
lvid=lvid,
ip_version=ip_version,
gateway_ip=gateway_ip,
gateway_mac=gateway_mac)
gateway_ip=gateway_ip)
self.assertEqual(expected_on_tun_br, tun_br.mock_calls)
int_br.reset_mock()
@ -3175,8 +3173,7 @@ class TestOvsDvrNeutronAgent(object):
port=self._port,
lvid=lvid,
ip_version=ip_version,
gateway_ip=gateway_ip,
gateway_mac=gateway_mac)
gateway_ip=gateway_ip)
self.assertEqual(expected_on_tun_br, tun_br.mock_calls)
int_br.reset_mock()
tun_br.reset_mock()