Bug 1527023 - No connectivity between instances on different networks connected to the same router when using VLAN setup
Summary: No connectivity between instances on different networks connected to the same...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: opendaylight
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: beta
: 13.0 (Queens)
Assignee: Aswin Suryanarayanan
QA Contact: Itzik Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-12-18 11:29 UTC by Itzik Brown
Modified: 2018-10-18 07:23 UTC (History)
6 users (show)

Fixed In Version: opendaylight-8.0.0-3.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
N/A
Last Closed: 2018-06-27 13:40:26 UTC
Target Upstream Version:


Attachments (Terms of Use)
Flows dump from the source compute (23.41 KB, text/plain)
2017-12-18 11:29 UTC, Itzik Brown
no flags Details


Links
System ID Priority Status Summary Last Updated
OpenDaylight Bug NETVIRT-1020 None None None 2017-12-18 13:21:06 UTC
OpenDaylight gerrit 68430 None None None 2018-02-23 15:49:03 UTC
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 13:42:00 UTC

Description Itzik Brown 2017-12-18 11:29:16 UTC
Created attachment 1369383 [details]
Flows dump from the source compute

Description of problem:
Using a setup with VLAN networks.
Launching instances connected each to a different network and both connected to same router and the router also connected to an external network.
Connectivity to the FIP of each instance works.
There is no connectivity between the instances internal IPs.


Version-Release number of selected component (if applicable):
opendaylight-6.2.0-4.el7ost.noarch

How reproducible:


Steps to Reproduce:
1. Bring a setup with OpenDaylight and VLAN networks
2. Create an external network, two networks , a router.
3. Connect the router to each networks
4. Launch two instances , one connected to the first network and another to the second network
5. Ping from one of the instances to the other one and verify there is no connectivity

Actual results:


Expected results:


Additional info:

Comment 1 Itzik Brown 2017-12-18 12:48:14 UTC
After having a session with Aswin:
When launching instances connected to each network on each compute node and then removing the interfaces from the router and adding a them back - there is connectivity.

Comment 2 Aswin Suryanarayanan 2018-01-22 14:02:25 UTC
Nir,

This bug breaks the tenant network connectivity between vm in different tenant vlan network. This fix may require some significant changes in the netvirt code. Would like to know how important is this usecase for us, vlan tenant networks?

Comment 3 Nir Yechiel 2018-02-05 11:20:14 UTC
(In reply to Aswin Suryanarayanan from comment #2)
> Nir,
> 
> This bug breaks the tenant network connectivity between vm in different
> tenant vlan network. This fix may require some significant changes in the
> netvirt code. Would like to know how important is this usecase for us, vlan
> tenant networks?

To clarify, we are talking about east/west routing (one project/tenant, different subnets)? Does it apply for VLAN networks only? IPv4, IPv6, or both?

Thanks,
Nir

Comment 4 Aswin Suryanarayanan 2018-02-08 15:11:47 UTC
(In reply to Nir Yechiel from comment #3)
> (In reply to Aswin Suryanarayanan from comment #2)
> > Nir,
> > 
> > This bug breaks the tenant network connectivity between vm in different
> > tenant vlan network. This fix may require some significant changes in the
> > netvirt code. Would like to know how important is this usecase for us, vlan
> > tenant networks?
> 
> To clarify, we are talking about east/west routing (one project/tenant,
> different subnets)? Does it apply for VLAN networks only? IPv4, IPv6, or
> both?
> 
> Thanks,
> Nir

Yes it is one tenant different subnets. This affects vlan n/w only , but should affect both Ipv4 and Ipv6.

Comment 10 Aswin Suryanarayanan 2018-02-13 09:49:49 UTC
The connectivity between two tenant vlan n/w seems to be broken with the changes done as a part of [2]. The issue occurs in case where two dpn has just one vm belonging to two different vlan tenant n/w .

The table 21 flows will be added only if the dpn has a port in that network. To solve this a pseudo port(uses router port uuid of that n/w) will be added to all vlan network in all dpn when vlan n/w is the part of a router. Thus ensuring necessary flows are programmed. This pseudo-port will be added only in elan-dpn-interfaces model of elan.yang.   This port will be removed once the n/w is deleted from the router.

Comment 11 Aswin Suryanarayanan 2018-02-13 09:50:39 UTC
(In reply to Aswin Suryanarayanan from comment #10)
> The connectivity between two tenant vlan n/w seems to be broken with the
> changes done as a part of [2]. The issue occurs in case where two dpn has
> just one vm belonging to two different vlan tenant n/w .
> 
> The table 21 flows will be added only if the dpn has a port in that network.
> To solve this a pseudo port(uses router port uuid of that n/w) will be added
> to all vlan network in all dpn when vlan n/w is the part of a router. Thus
> ensuring necessary flows are programmed. This pseudo-port will be added only
> in elan-dpn-interfaces model of elan.yang.   This port will be removed once
> the n/w is deleted from the router.

The link 
[2]https://github.com/opendaylight/netvirt/blob/stable/nitrogen/docs/specs/vlan-provider-enhancement.rst

Comment 13 Itzik Brown 2018-04-09 16:13:39 UTC
The scenario fails.

Checked with:
opendaylight-8.0.0-5.el7ost.noarch

Comment 14 Itzik Brown 2018-04-10 11:36:47 UTC
It seem that there were stale flow
s.
Fresh setup works.
opendaylight-8.0.0-5.el7ost.noarch

Comment 16 errata-xmlrpc 2018-06-27 13:40:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086


Note You need to log in before you can comment on or make changes to this bug.