Bug 1898198
Summary: | Don't include IP addresses for OVN ports if both port security and DHCP are disabled | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Elvira <egarciar> |
Component: | python-networking-ovn | Assignee: | Elvira <egarciar> |
Status: | CLOSED ERRATA | QA Contact: | Eran Kuris <ekuris> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 16.1 (Train) | CC: | apevec, dalvarez, ftaylor, gregraka, lhh, lmartins, majopela, mflusche, scohen |
Target Milestone: | z7 | Keywords: | Reopened, Triaged |
Target Release: | 16.1 (Train on RHEL 8.2) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | python-networking-ovn-7.3.1-1.20210422143234.4e24f4c.el8ost | Doc Type: | Known Issue |
Doc Text: |
Currently, there is a known issue where it is not possible to simulate certain real-life scenarios when the MAC-IP addresses of a port are unknown. The RHOSP Networking service (neutron) directly specifies the MAC-IP of a port even if DHCP or security groups are not configured.
+
Workaround: upgrade to RHOSP 16.1.7 and install ML2/OVN v21.03. If DHCP and port security are disabled, then the addresses field of a port does not include its MAC-IP address pairs, and ML2/OVN can use the MAC learning capabilities to send traffic only to the desired port.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-12-09 20:17:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Elvira
2020-11-16 16:08:15 UTC
Build available at: https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1575419 There is a build with the fix available at brew: https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1585485 Thank Elvira, After upgrading to this build it looks good now! thanks for all the work on this one! [root@overcloud-controller-0 ~]# podman exec -ti neutron_api rpm -q python3-networking-ovn python3-networking-ovn-7.3.1-1.20210422143234.4e24f4c.el8ost.noarch $ openstack network create net1 $ openstack subnet create --subnet-range 10.10.10.0/24 --network net1 --no-dhcp subnet1 $ source overcloudrc $ openstack port create --disable-port-security --no-security-group --network net1 net1-port1 $ openstack port create --disable-port-security --no-security-group --network net1 net1-port2 $ openstack server add port rhel1 net1-port1 $ openstack server add port rhel1 net1-port2 # ovn-nbctl show |grep -A1 net1-port1 port 98c905bb-04fb-4101-82f0-67629d1d4bb0 (aka net1-port1) addresses: ["unknown"] # ovn-nbctl show |grep -A1 net1-port2 port 1137ac4c-0bd7-45da-bb08-1aaad4a990e0 (aka net1-port2) addresses: ["unknown"] # ovn-sbctl list fdb _uuid : e97c6301-3893-48b2-95b6-8f752609a844 dp_key : 2 mac : "fa:16:3e:01:41:ff" port_key : 3 Hi Matt, Nice to know!! Thanks to you for your patience. Looks good! Changed to z7 since z6 is now only accepting blockers. verified: overcloud) [stack@undercloud-0 tmp]$ cat ~/core_puddle_version RHOS-16.1-RHEL-8-20211007.n.1 [root@controller-1 ~]# podman exec -it neutron_api /bin/bash ^[[A()[neutron@controller-1 /]$ rpm -qa | grep ovn puppet-ovn-15.4.1-1.20210528102649.192ac4e.el8ost.noarch python3-networking-ovn-7.3.1-1.20210714143309.el8ost.noarch [root@controller-1 ~]# sudo podman exec -it ovn-dbs-bundle-podman-1 /bin/bash ()[root@controller-1 /]# ovn-nbctl show |grep -A1 net1-port1 port 548f16c7-c86b-4cac-a6d7-bb4eb97437c8 (aka net1-port1) addresses: ["unknown"] ()[root@controller-1 /]# ovn-nbctl show |grep -A1 net1-port2 port 0c608c07-a796-41b1-816c-3a18c610d01e (aka net1-port2) addresses: ["unknown"] Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenStack Platform 16.1.7 (Train) bug fix and enhancement advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3762 |