Bug 2166261

Summary: nova.exception.VirtualInterfaceCreateException: Virtual Interface creation failed
Product: Red Hat OpenStack Reporter: Joaquín Veira <jveiraca>
Component: openstack-novaAssignee: Amit Uniyal <auniyal>
Status: CLOSED WORKSFORME QA Contact: OSP DFG:Compute <osp-dfg-compute>
Severity: high Docs Contact:
Priority: high    
Version: 17.0 (Wallaby)CC: alifshit, astupnik, auniyal, dasmith, eglynn, gregraka, jhakimra, jlibosva, kchamart, ldavidde, ltamagno, ralonsoh, sbauza, sgordon, smooney, vromanso
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: There is a network security vulnerability with RARP packets and inconsistent OVS port handling. https://bugs.launchpad.net/neutron/+bug/1734320, https://bugs.launchpad.net/neutron/+bug/1815989 Consequence: It's possible for other VM's on the same network to access the data of live-migrating VM. Fix: This fix ensure that proper security measures are in place to prevent such unauthorized access and protect the data transferred during live-migration. Result: This fix is a part of 2 patches, it makes sure that OVS ports are securely managed and that network remains protected while virtual machines are live-migrating.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-21 09:03:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joaquín Veira 2023-02-01 10:49:06 UTC 
Description of problem:

While testing the evacuation of instances in HA by crashing a compute node, 1 of the VMs, not always the same one, fails with "nova.exception.VirtualInterfaceCreateException: Virtual Interface creation failed" in the destination compute node.

I followed the steps in similar BZ opened like https://bugzilla.redhat.com/show_bug.cgi?id=2162423 or https://bugzilla.redhat.com/show_bug.cgi?id=2135363 and here I can see in Neutron the vif_plugin calls and DHCP assignments and still Nova fails with a timeout.

We increased vif_plugging_timeout to 600 and issue is still happening.

Version-Release number of selected component (if applicable):
RHOSP 17.0 with InstanceHA, OVS and network nodes.

How reproducible:


Steps to Reproduce:
1. Deploy RHOSP 17.0 with OVS and Instance HA, probably independent network nodes
2. Crash a compute node hosting VMs


Actual results:
Failed to evacuate

Expected results:
Evacuation

Additional info:
In next comments and in attachments in case
Comment 26 Alex Stupnikov 2023-04-26 07:26:49 UTC 
Setting needinfo for reporter. We need to try recent workaround proposed by Sean and possibly ask customer to update to latest RHOSP 17.0