Bug 1123458
| Summary: | setting libvirt_vif_driver to LibvirtHybridOVSBridgeDriver causes multicast to fail | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Jeff Dexter <jdexter> |
| Component: | openstack-nova | Assignee: | Brent Eagles <beagles> |
| Status: | CLOSED NOTABUG | QA Contact: | Ami Jeain <ajeain> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.0 | CC: | beagles, benglish, jdexter, ndipanov, yeylon |
| Target Milestone: | --- | Keywords: | ZStream |
| Target Release: | 4.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-08-06 16:56:32 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jeff Dexter
2014-07-25 17:57:02 UTC
Is there an error in the description of this BZ? The BZ title indicates the generic VIF driver, but the steps to reproduce indicates configuring the HybridOVSBridgeDriver. Please see above comment for reason for NEEDINFO. Clearing NEEDINFO. The hybrid driver does appear to have been configured as would have been required for security group support for the release indicated. This appears to be the same issue as reported here: https://bugzilla.redhat.com/show_bug.cgi?id=902922. Brent, I update the title, but the issue is when the customer uses the LibvirtHybridOVSBridgeDriver driver, which supports Security groups, it also has multicast_snooping enabled on the brport within the tapdevice Considering the similarity to the bz mentioned above, I'd say this is a source of the problem and is not necessarily OpenStack specific. In order to properly address this, we need to: - Determine whether it is expected to have to disable multicast snooping or not when doing this kind of thing. If it should not be necessary then it looks like a bug with linux bridging or similar and we should fix it there. - If it is not a bug with linux bridging and it is expected that spoofing be disabled then we need to determine whether this is something libvirt should do when constructing bridges for the VMs, etc. If so, the issue should either be reassigned to libvirt or associated with other similar bugs already reported against libvirt. - Regardless of either of the above, there probably should be some discussion if this is something that is appropriate to somehow workaround within OpenStack. Brent, Issue is fixed in RHOS5 as it no longer requires the use of the OVSHybridDriver, At this point finding a workaround that would allow then to allow multicast_snooping for an entire host would be useful. The HybridOVSBridgeDriver was obsoleted but the functionality was rolled up into the generic driver. Are you inferring that linux bridges are therefore no longer used, rendering this issue in 5 moot? Linux bridges are actually still created to implement security groups so if this works in 5 it is for some other reason. Multicast reliability seems to have been related to kernel versions (e.g. https://bugzilla.redhat.com/show_bug.cgi?id=880035) so maybe there is a kernel fix underway already. Brent, The issue we have is customer currently has to use the OVSHybrid driver becuase of the security groups not working otherwise. However when they use the OVSHybrid driver they lose the ability to use multicast. this is a moot point becuase they when the upgrade to 5, then both the security groups and multicast work with the generic driver, however they are looking for a workaround or a fix for 4, as that is what they are currently on. Upgrading kernel to 2.6.32-431.23.3.el6.x86_64 solved the issue. Pushing update to customer. I'm closing this report as the root cause of the bug is a kernel issue. |