Bug 1527023

Summary: No connectivity between instances on different networks connected to the same router when using VLAN setup
Product: Red Hat OpenStack Reporter: Itzik Brown <itbrown>
Component: opendaylightAssignee: Aswin Suryanarayanan <asuryana>
Status: CLOSED ERRATA QA Contact: Itzik Brown <itbrown>
Severity: high Docs Contact:
Priority: high    
Version: 12.0 (Pike)CC: asuryana, jschluet, mkolesni, nyechiel, oblaut, trozet
Target Milestone: betaKeywords: AutomationBlocker, Triaged
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: opendaylight-8.0.0-3.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
N/A
Last Closed: 2018-06-27 13:40:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Flows dump from the source compute none

Description Itzik Brown 2017-12-18 11:29:16 UTC
Created attachment 1369383 [details]
Flows dump from the source compute

Description of problem:
Using a setup with VLAN networks.
Launching instances connected each to a different network and both connected to same router and the router also connected to an external network.
Connectivity to the FIP of each instance works.
There is no connectivity between the instances internal IPs.


Version-Release number of selected component (if applicable):
opendaylight-6.2.0-4.el7ost.noarch

How reproducible:


Steps to Reproduce:
1. Bring a setup with OpenDaylight and VLAN networks
2. Create an external network, two networks , a router.
3. Connect the router to each networks
4. Launch two instances , one connected to the first network and another to the second network
5. Ping from one of the instances to the other one and verify there is no connectivity

Actual results:


Expected results:


Additional info:

Comment 1 Itzik Brown 2017-12-18 12:48:14 UTC
After having a session with Aswin:
When launching instances connected to each network on each compute node and then removing the interfaces from the router and adding a them back - there is connectivity.

Comment 2 Aswin Suryanarayanan 2018-01-22 14:02:25 UTC
Nir,

This bug breaks the tenant network connectivity between vm in different tenant vlan network. This fix may require some significant changes in the netvirt code. Would like to know how important is this usecase for us, vlan tenant networks?

Comment 3 Nir Yechiel 2018-02-05 11:20:14 UTC
(In reply to Aswin Suryanarayanan from comment #2)
> Nir,
> 
> This bug breaks the tenant network connectivity between vm in different
> tenant vlan network. This fix may require some significant changes in the
> netvirt code. Would like to know how important is this usecase for us, vlan
> tenant networks?

To clarify, we are talking about east/west routing (one project/tenant, different subnets)? Does it apply for VLAN networks only? IPv4, IPv6, or both?

Thanks,
Nir

Comment 4 Aswin Suryanarayanan 2018-02-08 15:11:47 UTC
(In reply to Nir Yechiel from comment #3)
> (In reply to Aswin Suryanarayanan from comment #2)
> > Nir,
> > 
> > This bug breaks the tenant network connectivity between vm in different
> > tenant vlan network. This fix may require some significant changes in the
> > netvirt code. Would like to know how important is this usecase for us, vlan
> > tenant networks?
> 
> To clarify, we are talking about east/west routing (one project/tenant,
> different subnets)? Does it apply for VLAN networks only? IPv4, IPv6, or
> both?
> 
> Thanks,
> Nir

Yes it is one tenant different subnets. This affects vlan n/w only , but should affect both Ipv4 and Ipv6.

Comment 10 Aswin Suryanarayanan 2018-02-13 09:49:49 UTC
The connectivity between two tenant vlan n/w seems to be broken with the changes done as a part of [2]. The issue occurs in case where two dpn has just one vm belonging to two different vlan tenant n/w .

The table 21 flows will be added only if the dpn has a port in that network. To solve this a pseudo port(uses router port uuid of that n/w) will be added to all vlan network in all dpn when vlan n/w is the part of a router. Thus ensuring necessary flows are programmed. This pseudo-port will be added only in elan-dpn-interfaces model of elan.yang.   This port will be removed once the n/w is deleted from the router.

Comment 11 Aswin Suryanarayanan 2018-02-13 09:50:39 UTC
(In reply to Aswin Suryanarayanan from comment #10)
> The connectivity between two tenant vlan n/w seems to be broken with the
> changes done as a part of [2]. The issue occurs in case where two dpn has
> just one vm belonging to two different vlan tenant n/w .
> 
> The table 21 flows will be added only if the dpn has a port in that network.
> To solve this a pseudo port(uses router port uuid of that n/w) will be added
> to all vlan network in all dpn when vlan n/w is the part of a router. Thus
> ensuring necessary flows are programmed. This pseudo-port will be added only
> in elan-dpn-interfaces model of elan.yang.   This port will be removed once
> the n/w is deleted from the router.

The link 
[2]https://github.com/opendaylight/netvirt/blob/stable/nitrogen/docs/specs/vlan-provider-enhancement.rst

Comment 13 Itzik Brown 2018-04-09 16:13:39 UTC
The scenario fails.

Checked with:
opendaylight-8.0.0-5.el7ost.noarch

Comment 14 Itzik Brown 2018-04-10 11:36:47 UTC
It seem that there were stale flow
s.
Fresh setup works.
opendaylight-8.0.0-5.el7ost.noarch

Comment 16 errata-xmlrpc 2018-06-27 13:40:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086