Bug 2190107
| Summary: | allowed_address_pair use is must in case of transparent vlan | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Haresh Khandelwal <hakhande> |
| Component: | documentation | Assignee: | Greg Rakauskas <gregraka> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | RHOS Documentation Team <rhos-docs> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 17.0 (Wallaby) | CC: | chrisw, gregraka, jamsmith, jlibosva, mtomaska, scohen, skaplons |
| Target Milestone: | ga | Keywords: | Triaged |
| Target Release: | 17.1 | Flags: | mtomaska:
needinfo-
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-11 21:07:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Haresh Khandelwal
2023-04-27 07:21:18 UTC
I agree this needs fixing up. Funny thing is that if you reference --allowed_address_pairs documentation [1] it specifically notes to not set allowed-address pair that matches mac_address and ip_address. Which is the exact opposite if we ended up adding new documentation for the transparat vlan. Here is what we will do in meantime 1. I will look into netron code base to determine why the user is even required to set allowed-address pair <vm_mac> <vm_ip> even though that information is already know in Neutron DB and hence we should set it automatically 2. Meanwhile, as inidicated by James in c#2 we should update know issue list to which states something along this line. "When vlan transparency is enabled between VMs, allowed-address pair must be also set to allow traffic between the VLAN aware VMs." 3. Depending on the outcome of step 1 we will update official rhops documents. [1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/networking_guide/config-allowed-address-pairs_rhosp-network#add-allow-addr-pairs_config-allowed-address-pairs I setup a system with ML2/OVN and transparent network to refresh my memory. I confirmed that you must set --allowed-addres-pair ip-address=<IP set on the VLAN dev inside the VM> and therefore there is no way for neutron to know what to set this IP is set. The MAC address is optional and naturally remains same.
Here is neutron port where I set ` openstack port set --allowed-address ip-address=192.128.111.2 67568813-72bf-48d9-8af1-d34b4bc4b3f5 `
-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | ip_address='192.128.111.2', mac_address='fa:16:3e:e9:7e:5a' |
| binding_host_id | compute-0.redhat.local |
| binding_profile | |
| binding_vif_details | port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2023-05-10T17:31:23Z |
| data_plane_status | None |
| description | |
| device_id | d7b5c9ab-61e7-45d8-b114-cd8ff0da3b75 |
| device_owner | compute:nova |
| dns_assignment | fqdn='host-192-168-30-246.openstacklocal.', hostname='host-192-168-30-246', ip_address='192.168.30.246' |
| dns_domain | None |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | ip_address='192.168.30.246', subnet_id='952e7787-5474-4d7a-b47d-748f47d2539d' |
| id | 67568813-72bf-48d9-8af1-d34b4bc4b3f5 |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='cfd8e9499faf4a1fb2eff8daa715d72b', project.name='admin', region_name='regionOne', zone= |
| mac_address | fa:16:3e:e9:7e:5a |
| name | |
| network_id | e616fa4a-3684-4958-937a-951096e858f4 |
| port_security_enabled | True |
| project_id | cfd8e9499faf4a1fb2eff8daa715d72b |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 6 |
| security_group_ids | 009a57f3-d40a-430c-9d20-f9d5d1e97b5a, 92585414-b92a-4a73-8727-216eaf451587 |
| status | ACTIVE |
| tags | |
| trunk_details | None |
| updated_at | 2023-05-10T18:33:33Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
VM `ip a` output:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:9f:fa:d7 brd ff:ff:ff:ff:ff:ff
altname enp0s3
altname ens3
inet 192.168.30.199/24 brd 192.168.30.255 scope global dynamic noprefixroute eth0
valid_lft 37318sec preferred_lft 37318sec
inet6 fe80::f816:3eff:fe9f:fad7/64 scope link
valid_lft forever preferred_lft forever
3: vlan50@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1438 qdisc noqueue state UP group default qlen 1000
link/ether fa:16:3e:9f:fa:d7 brd ff:ff:ff:ff:ff:ff
inet 192.128.111.1/24 scope global vlan50
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe9f:fad7/64 scope link
valid_lft forever preferred_lft forever
I was under impression that the allowed-address-pair IP is set to the same ip as the VM port. In this case that would be 192.168.30.199 . So strikethrough my comment#4 item 1 and 2. We add just need to add one step to the existing documentation.
@Greg
In this document[1] procedure add step 5 that can can be something like this:
5. Set the IP address set on the VLAN interface set in step 4 as allowed-address-pair IP on the VM port
openstack port set --allowed-address ip-address=<VM VLAN Interface IP>[,<VM VLAN Interface MAC>] <vm_port_uuid>
Example:
openstack port set --allowed-address ip-address=192.128.111.2 <vm_port_uuid>
[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.0/html-single/networking_guide/index#enable-vlan-transparentpor_vlan-aware-instances
Hi, The RHOSP 16.1, 16.2, and 17.0 Networking Guides have been updated. Customers can see these changes here: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/networking_guide/vlan-aware-instances_rhosp-network#enable-vlan-transparentpor_vlan-aware-instances https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/networking_guide/vlan-aware-instances_rhosp-network#enable-vlan-transparentpor_vlan-aware-instances https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.0/html/networking_guide/vlan-aware-instances_rhosp-network#enable-vlan-transparentpor_vlan-aware-instances When RHOSP 17.1 ships, customers will see this fix there, too: --Greg |