diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py index c8fa665eb57..5f5df99f440 100644 --- a/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py +++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/common/config.py @@ -44,6 +44,12 @@ vxlan_opts = [ help=_("Extension to use alongside ml2 plugin's l2population " "mechanism driver. It enables the plugin to populate " "VXLAN forwarding table.")), + cfg.BoolOpt('arp_responder', default=False, + help=_("Enable local ARP responder which provides local " + "responses instead of performing ARP broadcast into " + "the overlay. Enabling local ARP responder is not fully" + "compatible with the allowed-address-pairs extension.") + ), ] bridge_opts = [ diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py index 9c7a1d8597a..42d8586f6e5 100644 --- a/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py +++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py @@ -261,7 +261,7 @@ class LinuxBridgeManager(amb.CommonAgentManagerBase): if cfg.CONF.VXLAN.tos: args['tos'] = cfg.CONF.VXLAN.tos if cfg.CONF.VXLAN.l2_population: - args['proxy'] = True + args['proxy'] = cfg.CONF.VXLAN.arp_responder try: int_vxlan = self.ip.add_vxlan(interface, segmentation_id, **args) diff --git a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py index eef6a8bbf2d..88c87595f6d 100644 --- a/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py +++ b/neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_linuxbridge_neutron_agent.py @@ -333,7 +333,7 @@ class TestLinuxBridgeManager(base.BaseTestCase): self.assertIsNone(self.lbm.ensure_vlan("eth0", "1")) self.assertEqual(3, exec_fn.call_count) - def test_ensure_vxlan(self): + def test_ensure_vxlan(self, expected_proxy=False): seg_id = "12345678" self.lbm.local_int = 'eth0' self.lbm.vxlan_mode = lconst.VXLAN_MCAST @@ -355,7 +355,11 @@ class TestLinuxBridgeManager(base.BaseTestCase): add_vxlan_fn.assert_called_with("vxlan-" + seg_id, seg_id, group="224.0.0.1", dev=self.lbm.local_int, - proxy=True) + proxy=expected_proxy) + + def test_ensure_vxlan_arp_responder_enabled(self): + cfg.CONF.set_override('arp_responder', True, 'VXLAN') + self.test_ensure_vxlan(expected_proxy=True) def test_update_interface_ip_details(self): gwdict = dict(gateway='1.1.1.1', diff --git a/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml b/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml new file mode 100644 index 00000000000..ba7cc088b8d --- /dev/null +++ b/releasenotes/notes/linuxbridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml @@ -0,0 +1,21 @@ +--- +upgrade: + When using ML2 and the Linux Bridge agent, the default value for the ARP + Responder under L2Population has changed. The responder is now disabled to + improve compatibility with the allowed-address-pair extension and to match + the default behavior of the ML2 OVS agent. The logical network will now + utilize traditional flood and learn through the overlay. When upgrading, + existing vxlan devices will retain their old setup and be unimpacted by + changes to this flag. To apply this to older devices created with the + Liberty agent, the vxlan device must be removed and then the Mitaka agent + restarted. The agent will recreate the vxlan devices with the current + settings upon restart. To maintain pre-Mitaka behavior, enable the + arp_responder in the Linux Bridge agent VXLAN config file prior to starting + the updated agent. + +fixes: + The Linuxbridge agent now supports the ability to toggle the local ARP + responder when L2Population is enabled. This ensures compatibility with + the allowed-address-pairs extension. + - closes bug 1445089 +