Description of problem: Since the following change[1] was merged, networking-ovn accepts the configuration which uses a single bridge for multiple physical networks. [1] https://github.com/openstack/networking-ovn/commit/a4781fd0f9c59603638b41069a175547a24c4b1c However this allows conflicting networks created on a single physical network. For example, let's create datacentre and datecentre2 on the same br-ex. ~~~ [heat-admin@controller-0 ~]$ sudo ovs-vsctl get Open_vSwitch . external-ids {hostname=controller-0.redhat.local, ovn-bridge=br-int, ovn-bridge-mappings="datacentre:br-ex,tenant:br-isolated", ovn-cms-options=enable-chassis-as-gw, ovn-encap-ip="172.17.2.29", ovn-encap-type=geneve, ovn-openflow-probe-interval="60", ovn-remote="tcp:172.17.1.100:6642", ovn-remote-probe-interval="60000", rundir="/var/run/openvswitch", system-id="ab8fdf4b-b323-4bea-acdb-996436ec8338"} [heat-admin@controller-0 ~]$ sudo ovs-vsctl get Open_vSwitch . external-ids:ovn-bridge-mappings="datacentre:br-ex,datacentre2:br-ex,tenant:br-isolated" [heat-admin@controller-0 ~]$ sudo ovs-vsctl get Open_vSwitch . external-ids {hostname=controller-0.redhat.local, ovn-bridge=br-int, ovn-bridge-mappings="datacentre:br-ex,datacentre2:br-ex,tenant:br-isolated", ovn-cms-options=enable-chassis-as-gw, ovn-encap-ip="172.17.2.29", ovn-encap-type=geneve, ovn-openflow-probe-interval="60", ovn-remote="tcp:172.17.1.100:6642", ovn-remote-probe-interval="60000", rundir="/var/run/openvswitch", system-id="ab8fdf4b-b323-4bea-acdb-996436ec8338"} ~~~ And register both datacentre and datacentre2 as flat_networks ~~~ $ sudo grep -B 1 flat_networks /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/ml2_conf.ini [ml2_type_flat] flat_networks=datacentre,datacentre2 ~~~ Create the first flat external network on datacentre. ~~~ (overcloud) [stack@undercloud-0 ~]$ openstack network show nova +---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2021-08-15T09:00:19Z | | description | | | dns_domain | | | id | e932ada0-344d-4732-bbd5-72bff36e42b9 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | location | cloud='', project.domain_id=, project.domain_name='Default', project.id='42fc69d405ce493aa322ae1051f727d9', project.name='admin', region_name='regionOne', zone= | | mtu | 1500 | | name | nova | | port_security_enabled | True | | project_id | 42fc69d405ce493aa322ae1051f727d9 | | provider:network_type | flat | | provider:physical_network | datacentre | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 3 | | router:external | External | | segments | None | | shared | False | | status | ACTIVE | | subnets | 21137431-b7c0-43c5-be6d-448d7477c522, 5915b48c-9d3a-4562-b35b-8c0cd0b8c520 | | tags | | | updated_at | 2021-08-15T09:00:34Z | +---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack subnet show external_subnet +-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | allocation_pools | 10.0.0.151-10.0.0.254 | | cidr | 10.0.0.0/24 | | created_at | 2021-08-15T09:00:27Z | | description | | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 10.0.0.1 | | host_routes | | | id | 5915b48c-9d3a-4562-b35b-8c0cd0b8c520 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | location | cloud='', project.domain_id=, project.domain_name='Default', project.id='42fc69d405ce493aa322ae1051f727d9', project.name='admin', region_name='regionOne', zone= | | name | external_subnet | | network_id | e932ada0-344d-4732-bbd5-72bff36e42b9 | | prefix_length | None | | project_id | 42fc69d405ce493aa322ae1051f727d9 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2021-08-15T09:00:27Z | +-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ~~~ Neutron doesn't allow creating another subnet in the first flat network with range 10.0.0.0/24 because it is conflicting with the external_subnet. ~~~ (overcloud) [stack@undercloud-0 ~]$ openstack subnet create external2_subnet --subnet-range 10.0.0.0/24 --allocation-pool start=10.0.0.200,end=10.0.0.254 --network nova BadRequestException: 400: Client Error for url: http://10.0.0.123:9696/v2.0/subnets, Invalid input for operation: Requested subnet with cidr: 10.0.0.0/24 for network: e932ada0-344d-4732-bbd5-72bff36e42b9 overlaps with another subnet. ~~~ Create the second flat network on datacentre2. datacentre and datacentre2 are both backed by br-ex so actually these two are the same, so it should be rejected. However neutron accepts network creation. ~~~ (overcloud) [stack@undercloud-0 ~]$ openstack network create nova2 --provider-network-type flat --provider-physical-network datacentre2 +---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2021-08-15T12:34:56Z | | description | | | dns_domain | | | id | f6a12328-d453-4360-b0d0-a9cf680ea39e | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | location | cloud='', project.domain_id=, project.domain_name='Default', project.id='42fc69d405ce493aa322ae1051f727d9', project.name='admin', region_name='regionOne', zone= | | mtu | 1500 | | name | nova2 | | port_security_enabled | True | | project_id | 42fc69d405ce493aa322ae1051f727d9 | | provider:network_type | flat | | provider:physical_network | datacentre2 | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 1 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2021-08-15T12:34:56Z | +---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ~~~ In addition, we can create the conflicting subnet in the second flat network. ~~~ (overcloud) [stack@undercloud-0 ~]$ openstack subnet create external2_subnet --subnet-range 10.0.0.0/24 --allocation-pool start=10.0.0.200,end=10.0.0.254 --network nova2 +-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | allocation_pools | 10.0.0.200-10.0.0.254 | | cidr | 10.0.0.0/24 | | created_at | 2021-08-15T12:37:05Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | 683e0492-8ee5-48e0-ab30-21213e6d8f4a | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | location | cloud='', project.domain_id=, project.domain_name='Default', project.id='42fc69d405ce493aa322ae1051f727d9', project.name='admin', region_name='regionOne', zone= | | name | external2_subnet | | network_id | f6a12328-d453-4360-b0d0-a9cf680ea39e | | prefix_length | None | | project_id | 42fc69d405ce493aa322ae1051f727d9 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2021-08-15T12:37:05Z | +-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ~~~ Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Create two physical networks mapped to the same physical network 2. Enable both two physical networks as flat network providers 3. Create a flat network and a subnet with range 10.0.0.0/24 on the first physical network 3. Create another flat network and a subnet with range 10.0.0.0/24 on the second physical network Actual results: The second subnet is created though it is conflicting with the first subnet Expected results: The second network is not created because of conflicts Additional info:
Note that current puppet-ovn doesn't allow using a single bridge for multiple physical networks, and deployment fails with the following error when a single bridge is used for multiple physical networks. ~~~ parameter_defaults: ... NeutronBridgeMappings: datacentre:br-ex,datacentre2:br-ex,tenant:br-isolated ~~~ /var/log/containers/stdouts/container-puppet-ovn_controller.log ~~~ 2021-08-15T09:35:06.340675537+00:00 stderr F <13>Aug 15 09:35:06 puppet-user: Error: Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Exec[br-ex] is already declared at (file: /etc/puppet/modules/ovn/manifests/controller.pp, line: 164); cannot redeclare (file: /etc/puppet/modules/ovn/manifests/controller.pp, line: 164) (file: /etc/puppet/modules/ovn/manifests/controller.pp, line: 164, column: 9) on node controller-0.redhat.local ~~~
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenStack Platform 16.1.8 bug fix and enhancement advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:0986