Bug 1704596

Summary: FIP traffix does not work on OVN-DVR setup when using VLAN tenant network type
Product: Red Hat OpenStack Reporter: Eran Kuris <ekuris>
Component: python-networking-ovnAssignee: Jakub Libosvar <jlibosva>
Status: CLOSED NEXTRELEASE QA Contact: Eran Kuris <ekuris>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: akaris, alink, apevec, ffernand, fsilva, jlibosva, lhh, lmartins, majopela, mvalsecc, nusiddiq, pmannidi, scohen
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-25 13:47:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1766930, 2009222, 2101937, 2102017    
Bug Blocks:    

Description Eran Kuris 2019-04-30 07:46:59 UTC 
Description of problem:
When we are trying to use FIP traffic to instances on OVN-DVR setup while using VLAN tenant network type the traffic does not pass. 
Because of limitations with VLAN tenant network type, we can't have distributed VLAN routing.  
Vlan routing is centralized whether  the deployment is DVR or not

Version-Release number of selected component (if applicable):
OpenStack/13.0-RHEL-7/2019-04-23.1
python-networking-ovn-metadata-agent-4.0.3-6.el7ost.noarch
openvswitch-ovn-host-2.9.0-103.el7fdp.x86_64
puppet-ovn-12.4.0-2.el7ost.noarch
python-networking-ovn-4.0.3-6.el7ost.noarch
novnc-0.6.1-1.el7ost.noarch
openvswitch-ovn-central-2.9.0-103.el7fdp.x86_64
openvswitch-ovn-common-2.9.0-103.el7fdp.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Deploy OVN-DVR setup with VLAN tenant network type support
2. Create a VLAN network 
3. Create an External network with a router  
4. Boot instance & Assign FIP to the VM 
5. open security group access

Ping to the FIP of the instance.
Actual results:
Traffic blocked 

Expected results:
Traffic pass 

Additional info:
Comment 1 Numan Siddique 2019-04-30 07:49:50 UTC 
python-networking-ovn should not set external_mac in the NAT table for the FIP which belongs to the logical port of a VLAN tenant logical switch.
Otherwise, the compute node which is binding the logical port will send the GARP where as the routing for VLAN tenant networks is centralized.
Comment 2 Brian Haley 2020-02-04 20:26:47 UTC 
The upstream fix for this broke something else and was reverted, so this will need more investigation.  Re-assigning to default maintainer.
Comment 3 Andreas Karis 2020-05-05 14:19:46 UTC 
*** Bug 1830743 has been marked as a duplicate of this bug. ***
Comment 9 Jakub Libosvar 2021-03-25 13:47:47 UTC 
This will be fixed in OSP 16