Description of problem: IGMP snooping behavior is inconsistent. It is working only if there are subscribed clients and until idle timeout expires. In other cases multicast works as broadcast, i.e. there is flooding to all ports. Note: igmp querier is not configured by default. With the following logical switch configuration igmp snooping works consistently. other_config : {mcast_flood_unregistered="false", mcast_snoop="true"} so workaround is to disable mcast_flood_unregistered for the logical switch: ovn-nbctl set Logical_Switch <switch ID> other_config:mcast_flood_unregistered="false" Version-Release number of selected component (if applicable): RHOS-16.1-RHEL-8-20201110.n.1 How reproducible: 100% Steps to Reproduce: 1. Deploy OSP16.1 with NeutronEnableIgmpSnooping set to True 2. Create a network, subnet, security group allowing ssh, icmp, igmp and port for multicast udp traffic (e.g. 5001) 3. Create 2 VMs connected to the network: sender and unregistered (this one will not subscribe to multicast). If you want to test steps 6-8 create also 2 receiver VMs. 4. On the unregistered VM run tcpdump e.g. tcpdump -i any -vvneA -s0 -l host 225.0.0.1 5. On sender run multicast server script: python3 multicast -s -g 225.0.0.1 -p 5001 -m qweqwe -c 10 Traffic reaches unregistered VM - not as expected. Also 6. On receivers run multicast client script (see attached file), e.g. python3 multicast -r -g 225.0.0.1 -p 5001 7. On sender run multicast server script (i.e. repeat step 5) Make sure multicast stream reached both receivers and did not reach the unregistered - as expected 8. Wait at least for 300 seconds until clients subscription expires and repeat step 5 Traffic reaches unregistered VM - not as expected. Actual results: Traffic reaches the unregistered VM - BUG Expected results: Traffic does not reach unregistered VM even when there are no subscribed clients Additional info: [heat-admin@controller-0 ~]$ nb list Logical_Switch _uuid : 620f6ceb-23d4-4cd8-b356-6ce614e46f18 acls : [] dns_records : [] external_ids : {"neutron:mtu"="1500", "neutron:network_name"=nova, "neutron:revision_number"="4"} forwarding_groups : [] load_balancer : [] name : neutron-2cd400a5-7ae4-430c-97d2-67a800d3821c other_config : {mcast_flood_unregistered="true", mcast_snoop="true"} ports : [3d7b766f-1cd7-4024-8c69-f281c3baff4a, 50dc46c1-5f6b-4381-bf50-239d4c0d58eb, 73a32d4f-7abc-4c11-9fd3-d0c78b4840e4, 8d818d45-ddbe-49bd-8235-abf6c3365635, 9d333c4b-7972-4a31-bf50-628f6c835778, c7cae370-6fb4-4a47-a5b7-5358926402f1] qos_rules : [] [heat-admin@controller-0 ~]$ ovn-sbctl list ip_multicast _uuid : 3ce47104-3805-4aee-81fa-268b05bbe7d3 datapath : 01eabea6-a967-41ec-ad6f-32c2a037c063 enabled : true eth_src : "" idle_timeout : 300 ip4_src : "" ip6_src : "" querier : true query_interval : 150 query_max_resp : 1 seq_no : 0 table_size : 2048
Created attachment 1729748 [details] multicast script I used for tests Taken from https://github.com/redhat-openstack/nfv-tempest-plugin/blob/master/nfv_tempest_plugin/tests/scenario/tests_scripts/multicast_traffic.py, but I also added a fix to support python3 as well
We have a scratch build with this fix, while we obtain the exception permission for 16.1 z4 branch merge. It is located here: http://brew-task-repos.usersys.redhat.com/repos/scratch/ffernand/python-networking-ovn/7.3.1/1.20201114024049.el8ost/noarch/ rsafrono was kind enough to verify the fix in job: https://rhos-ci-jenkins.lab.eng.tlv2.redhat.com/view/DFG/view/network/view/networking-ovn/job/DFG-network-networking-ovn-16.1_director-rhel-virthost-3cont_2comp-ipv4-geneve/107/testReport/neutron_plugin.tests.scenario.test_multicast/MulticastTestIPv4/test_igmp_snooping_same_network_and_unsubscribe_id_9f6cd7af_ca52_4979_89e8_ab7436905712_/ @jmelvin to see if that can be used in the meantime.
Verified on puddle RHOS-16.1-RHEL-8-20210120.n.1 with python3-networking-ovn-7.3.1-1.20201114024050.el8ost.noarch Verified that there is no flooding of multicast traffic to all ports of logical switch when there are no subscribed clients. Verified also that igmp snooping works properly when there are subscribed clients.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenStack Platform 16.1.4 director bug fix advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0817
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days