Bug 1107522
| Summary: | No external connectivity when allocating multiple external networks per L3 Agent (ML2+OVS+VXLAN) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Miguel Gómez <miguelg> | ||||
| Component: | openstack-neutron | Assignee: | RHOS Maint <rhos-maint> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Ofer Blaut <oblaut> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 5.0 (RHEL 7) | CC: | chrisw, miguelg, nyechiel, tvvcox, yeylon | ||||
| Target Milestone: | --- | ||||||
| Target Release: | 5.0 (RHEL 7) | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-06-10 11:22:56 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Not a bug, just additional cfg is required in Icehouse: - Including the following params in m2l_conf.ini: [ml2] type_drivers = vxlan,flat ... [ml2_type_flat] flat_networks = physnet1,physnet2 - Adding the following parameters when creating the external networks with neutron net-create: --provider:network_type flat --provider:physical_network physnet2 Regards, Miguel |
Created attachment 907024 [details] neutron.conf, l3_agent.ini and m2l_conf.ini files Description of problem: The support for multiple external networks in a single L3 agent seems to be broken in Icehouse, at least when using OVS + VXLAN or GRE. Tenant networks do not have access to/from the external provider networks since Neutron only creates the drop flow entries in br-ex and br-int, but the flow entries actually permitting the traffic do not get created. Thus, the IP namespace associated to the router cannot even learn the external network gateway’s MAC address through ARP. For example, from the text quoted below (coming from a working RHOS 4.0 environment), only the last two rules would get created. The first one does not get created in Icehouse: # ovs-ofctl dump-flows br-ex NXST_FLOW reply (xid=0x4): cookie=0x0, duration=2847982.442s, table=0, n_packets=1405397, n_bytes=172344711, idle_age=26, hard_age=65534, priority=4,in_port=2,dl_vlan=3 actions=strip_vlan,NORMAL cookie=0x0, duration=5432430.259s, table=0, n_packets=8936, n_bytes=641927, idle_age=1085, hard_age=65534, priority=2,in_port=2 actions=drop cookie=0x0, duration=5432431.285s, table=0, n_packets=20214007, n_bytes=12285645709, idle_age=0, hard_age=65534, priority=1 actions=NORMAL Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Associate multiple external networks with a single L3 Agent by leaving the external_network_bridge and gateway_external_network_id parameters empty in l3_agent.ini and creating the appropriate bridge mappings in the [OVS] section of m2l_conf.ini 2. Create a router, setting the Gateway in one of the external networks and and internal interface towards a vxlan-backed tenant network. 3. From a VM connected to the external network or the IP namespace associated to the router, try to ping the external network's gateway. Check the IP namespace's ARP table to see that the gateway's MAC is not learnt. Sniffing traffic, it can be seen that the outgoing ARP requests get dropped at the phy-br-ex port of the br-ex bridge. Checking br-ex's flows table, it can be seen that only the drop rules get created, by the flow entries actually allowing the traffic do no appear. Actual results: No traffic can be exchanged between the VXLAN-backed tenant networks and the external networks. Expected results: Connectivity to/from the external network (and beyond through the external network's Gateway) Additional info: You may find attached the neutron.conf, l3_Agent.ini and m2l_conf.ini files used in our environment.