Bug 1623260

Summary: OVN: configurable dynamic mac range
Product: Red Hat Enterprise Linux 7 Reporter: Dan Kenigsberg <danken>
Component: openvswitchAssignee: lorenzo bianconi <lorenzo.bianconi>
Status: CLOSED ERRATA QA Contact: haidong li <haili>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: atelang, atragler, ctrautma, dalvarez, danken, fleitner, haili, igkioka, kfida, lorenzo.bianconi, ovs-qe, qding
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openvswitch-2.9.0-80.el7fdn Doc Type: Enhancement
Doc Text:
This update adds the possibility to specify an OUI for MAC addresses dynamically allocated by OVN. As a result, users can specify an OUI for each OVN deployment to avoid MAC address collisions.
 Story Points: ---
Clone Of:
: 1647750 (view as bug list) Environment:
Last Closed: 2019-01-02 17:54:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1647750    

Description Dan Kenigsberg 2018-08-28 20:42:16 UTC 
Currently, OVN allocate MAC addresses from a hard-coded range.

Users have multiple deployments of OVN accessing the same LAN (e.g. via localnet), causing MAC collisions.

As an OVN administrator, I would like to set the start_MAC address and end_MAC address from which my addresses would be allocated. I would set a different range for each of my OVN deployments to avoid collisions.

It would be nice if by default, each deployment would automatically have a big random range, e.g. a single random OUI of locally-administered unicast addresses
Comment 2 Daniel Alvarez Sanchez 2018-11-06 13:53:19 UTC 
Could this work for you [0]?

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1626217
Comment 3 Dan Kenigsberg 2018-11-06 15:00:08 UTC 
Yes, setting options:mac_prefix=<mac_prefix> in NB_Global table seems to solve my RFE.

Though I would like to see a sane (random) value there on any new installation.
When two OVN instances share the same underlying L2 network, each should have a different prefix (unless the customer is exponentially unlucky).
Comment 4 lorenzo bianconi 2018-11-06 17:28:24 UTC 
-upstream commit:
https://github.com/openvswitch/ovs/commit/282e53576530faab217c61b6eb7e0f5a49da0ce2
Comment 5 Dan Kenigsberg 2018-11-08 15:13:42 UTC 
(In reply to lorenzo bianconi from comment #4)
> -upstream commit:
> https://github.com/openvswitch/ovs/commit/
> 282e53576530faab217c61b6eb7e0f5a49da0ce2

Lorenzo, does this include setting a random default upon installation?
Comment 6 lorenzo bianconi 2018-11-09 14:38:03 UTC 
Hi Dan,

no, it does not. With current implementation you can specify the OUI used by IPAM/MACAM (or the default one if you do not specify it). I think select OUI in a random fashion could be dangerous since duplicate MAC address is a very hard issue to debug if the deployment is huge. Anyway if you think it is an important feature to have we can introduce something like "mac_prefix:random"
Comment 7 Dan Kenigsberg 2018-11-09 16:03:01 UTC 
Yes it is important. Without it, you effectively get mac_prefix:random on an incredibly huge range.

I'm asking to limit it, so that out of the box, people get a wide range that is very likely to differ from other installation nearby.

I'm not asking for logic change, but rather a default overwriable value.
Comment 8 lorenzo bianconi 2018-11-09 16:33:35 UTC 
(In reply to Dan Kenigsberg from comment #7)

Hi Dan,

> Yes it is important. Without it, you effectively get mac_prefix:random on an
> incredibly huge range.
> 

do you think specifying a given OUI for each deployment is not feasible?
If not (since we could have a huge number of deployments) we can add 'mac_prefix:random' where the OUI is chosen in a random fashion at ovn-northd bootstrap, but in order to maintain compatibility with old deployments I guess to not make it the default choice

> I'm asking to limit it, so that out of the box, people get a wide range that
> is very likely to differ from other installation nearby.
> 
> I'm not asking for logic change, but rather a default overwriable value.

what do you mean with 'a default overwriable value'?
Comment 10 haidong li 2018-12-03 03:19:48 UTC 
verified on the latest version:
[root@hp-dl388g8-19 ovn]# uname -a
Linux hp-dl388g8-19.rhts.eng.pek2.redhat.com 3.10.0-957.el7.x86_64 #1 SMP Thu Oct 4 20:48:51 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@hp-dl388g8-19 ovn]# rpm -qa | grep openvswitch
openvswitch-2.9.0-81.el7fdp.x86_64
kernel-kernel-networking-openvswitch-ovn-1.0-108.noarch
openvswitch-ovn-common-2.9.0-81.el7fdp.x86_64
openvswitch-ovn-host-2.9.0-81.el7fdp.x86_64
openvswitch-selinux-extra-policy-1.0-8.el7fdp.noarch
openvswitch-ovn-central-2.9.0-81.el7fdp.x86_64
[root@hp-dl388g8-19 ovn]#  ovn-nbctl ls-add sw6
[root@hp-dl388g8-19 ovn]# ovn-nbctl  set NB_Global . options:mac_prefix="00:11:22:33:44:55"
[root@hp-dl388g8-19 ovn]# ovn-nbctl  set Logical-Switch sw6 other_config:subnet=192.168.100.0/24
[root@hp-dl388g8-19 ovn]# ovn-nbctl lsp-add sw6 p6 -- lsp-set-addresses p6 dynamic
[root@hp-dl388g8-19 ovn]# ovn-nbctl get Logical-Switch-Port p6 dynamic_addresses
"00:11:22:a8:64:03 192.168.100.2"
[root@hp-dl388g8-19 ovn]# ovn-nbctl lsp-add sw6 p7 -- lsp-set-addresses p7 dynamic
[root@hp-dl388g8-19 ovn]#  ovn-nbctl get Logical-Switch-Port p7 dynamic_addresses
"00:11:22:a8:64:04 192.168.100.3"
Comment 12 Dan Kenigsberg 2018-12-19 07:56:41 UTC 
(In reply to lorenzo bianconi from comment #8)
> 
> what do you mean with 'a default overwriable value'?

You have introduced a new configurable: options:mac_prefix=<mac_prefix>
However, on installation of ovn, it is left unset. This means that out of the box, ovn would keep generating random MACs which may collide with MACs on other clusters.

You put the burden of setting this on your client.

Instead, I ask to add the following logic to ovn installation:

  if options:mac_prefix is not defined:
    options:mac_prefix=random_6_digit_prefix_of_a_locally_administered_unicast_mac

a user that hates your default can modify it, but most would be silently happy.
Could you add it?
(p.s I've missed your comment 8)
Comment 13 lorenzo bianconi 2018-12-19 15:10:45 UTC 
(In reply to Dan Kenigsberg from comment #12)
> (In reply to lorenzo bianconi from comment #8)
> > 
> > what do you mean with 'a default overwriable value'?
> 
> You have introduced a new configurable: options:mac_prefix=<mac_prefix>
> However, on installation of ovn, it is left unset. This means that out of
> the box, ovn would keep generating random MACs which may collide with MACs
> on other clusters.
> 
> You put the burden of setting this on your client.
> 
> Instead, I ask to add the following logic to ovn installation:
> 
>   if options:mac_prefix is not defined:
>    
> options:
> mac_prefix=random_6_digit_prefix_of_a_locally_administered_unicast_mac
> 
> a user that hates your default can modify it, but most would be silently
> happy.
> Could you add it?

Hi Dan,

I think it is doable, we should just choose mac_prefix in a random manner (let's say according to ovn-northd boot-time) if the user does not provide a value for it.
The only concern is about what happens if the user restart the ovn-northd daemon, is it ok to recompute dynamically allocated mac addresses?
If not, we need to save that info in the NBDB

> (p.s I've missed your comment 8)
Comment 14 Dan Kenigsberg 2018-12-19 15:35:34 UTC 
(In reply to lorenzo bianconi from comment #13)

> > 
> > Instead, I ask to add the following logic to ovn ***installation***:  <----------------
> > 
> >   if options:mac_prefix is not defined:
> >    
> > options:
> > mac_prefix=random_6_digit_prefix_of_a_locally_administered_unicast_mac
> > 
> > a user that hates your default can modify it, but most would be silently
> > happy.
> > Could you add it?
> 
> Hi Dan,
> 
> I think it is doable, we should just choose mac_prefix in a random manner
> (let's say according to ovn-northd boot-time) if the user does not provide a
> value for it.
> The only concern is about what happens if the user restart the ovn-northd
> daemon, is it ok to recompute dynamically allocated mac addresses?

I'd find it very confusing. OVN users shouldn't be aware of an OVN restart/reboot

> If not, we need to save that info in the NBDB

right. that's my preference.
Comment 15 lorenzo bianconi 2018-12-20 09:01:35 UTC 
(In reply to Dan Kenigsberg from comment #14)
> (In reply to lorenzo bianconi from comment #13)
> 
> > > 
> > > Instead, I ask to add the following logic to ovn ***installation***:  <----------------
> > > 
> > >   if options:mac_prefix is not defined:
> > >    
> > > options:
> > > mac_prefix=random_6_digit_prefix_of_a_locally_administered_unicast_mac
> > > 
> > > a user that hates your default can modify it, but most would be silently
> > > happy.
> > > Could you add it?
> > 
> > Hi Dan,
> > 
> > I think it is doable, we should just choose mac_prefix in a random manner
> > (let's say according to ovn-northd boot-time) if the user does not provide a
> > value for it.
> > The only concern is about what happens if the user restart the ovn-northd
> > daemon, is it ok to recompute dynamically allocated mac addresses?
> 
> I'd find it very confusing. OVN users shouldn't be aware of an OVN
> restart/reboot
> 
> > If not, we need to save that info in the NBDB
> 
> right. that's my preference.

ok, I will take care of it
Comment 17 errata-xmlrpc 2019-01-02 17:54:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0014