Bug 1889463

Summary: [RFE] OVN should provide a readiness indicator for a given port when all the OVS flows for the vport are installed
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Aniket Bhat <anbhat>
Component: OVNAssignee: Dumitru Ceara <dceara>
Status: CLOSED DUPLICATE QA Contact: Zhiqiang Fang <zfang>
Severity: medium Docs Contact:
Priority: high    
Version: FDP 20.CCC: avishnoi, ctrautma, dceara, nusiddiq
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-03 08:27:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aniket Bhat 2020-10-19 17:56:45 UTC 
Description of problem:

Currently, there is no readiness indicator for when OVN has installed all the flows for a given pod and the pod is "provisioned" completely. 

This is particularly seen during the object density scale test, where many containers are in "Init:Error". This is because the first thing they do is try to issue a dns request to github.com and git clone. The DNS fails because we are missing flows in OVS. This is only temporary and subsequent DNS lookups work. Before we return that CNI has succeeded in ovn-k8s we need to check for the presence of flows in port security out table. A temporary fix to this is tracked by: https://bugzilla.redhat.com/show_bug.cgi?id=1885761. But we need something more long term and more reliable than checking arbitrary flow tables for entries.

What this RFE is asking for is a indicator either in the port_binding table in sbdb or in the port/interface table in OVS (as external_id or some status) that will indicate that the port is ready for use.

Version-Release number of selected component (if applicable):
20.03-11

How reproducible:
Always

Steps to Reproduce:
1. Create a pod in an openshift cluster that immediately on creating accesses the Internet
2. A few times the DNS requests made by the pod will be rejected because of a race condition between when pods make the DNS requests and when the port security flows show up


Actual results:
Pods are stuck in Init:Error state.

Expected results:
Pods are running and able to make DNS requests to the Internet.

Additional info:
Comment 1 Numan Siddique 2021-01-18 07:36:06 UTC 
The patches to support this feature are merged upstream.