Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1993681

Summary:	ovn mechanism driver accepts a single bridge used for multiple physical networks, which results in conflicting network creation
Product:	Red Hat OpenStack	Reporter:	Takashi Kajinami <tkajinam>
Component:	python-networking-ovn	Assignee:	Rodolfo Alonso <ralonsoh>
Status:	CLOSED ERRATA	QA Contact:	Eran Kuris <ekuris>
Severity:	low	Docs Contact:
Priority:	low
Version:	16.1 (Train)	CC:	apevec, averdagu, jamsmith, jlibosva, lhh, majopela, pmannidi, scohen
Target Milestone:	z8	Keywords:	Triaged
Target Release:	16.1 (Train on RHEL 8.2)
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	python-networking-ovn-7.3.1-1.20220113103413.4e24f4c.el8ost	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-03-24 11:00:58 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Takashi Kajinami 2021-08-15 12:49:18 UTC

Description of problem:

Since the following change[1] was merged, networking-ovn accepts the configuration which uses a single bridge for multiple physical networks.
 [1] https://github.com/openstack/networking-ovn/commit/a4781fd0f9c59603638b41069a175547a24c4b1c

However this allows conflicting networks created on a single physical network.

For example, let's create datacentre and datecentre2 on the same br-ex.
~~~
[heat-admin@controller-0 ~]$ sudo ovs-vsctl get Open_vSwitch . external-ids
{hostname=controller-0.redhat.local, ovn-bridge=br-int, ovn-bridge-mappings="datacentre:br-ex,tenant:br-isolated", ovn-cms-options=enable-chassis-as-gw, ovn-encap-ip="172.17.2.29", ovn-encap-type=geneve, ovn-openflow-probe-interval="60", ovn-remote="tcp:172.17.1.100:6642", ovn-remote-probe-interval="60000", rundir="/var/run/openvswitch", system-id="ab8fdf4b-b323-4bea-acdb-996436ec8338"}
[heat-admin@controller-0 ~]$ sudo ovs-vsctl get Open_vSwitch . external-ids:ovn-bridge-mappings="datacentre:br-ex,datacentre2:br-ex,tenant:br-isolated"
[heat-admin@controller-0 ~]$ sudo ovs-vsctl get Open_vSwitch . external-ids
{hostname=controller-0.redhat.local, ovn-bridge=br-int, ovn-bridge-mappings="datacentre:br-ex,datacentre2:br-ex,tenant:br-isolated", ovn-cms-options=enable-chassis-as-gw, ovn-encap-ip="172.17.2.29", ovn-encap-type=geneve, ovn-openflow-probe-interval="60", ovn-remote="tcp:172.17.1.100:6642", ovn-remote-probe-interval="60000", rundir="/var/run/openvswitch", system-id="ab8fdf4b-b323-4bea-acdb-996436ec8338"}
~~~

And register both datacentre and datacentre2 as flat_networks
~~~
$ sudo grep -B 1 flat_networks /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_flat]
flat_networks=datacentre,datacentre2
~~~

Create the first flat external network on datacentre.
~~~
(overcloud) [stack@undercloud-0 ~]$ openstack network show nova
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field                     | Value                                                                                                                                                            |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up            | UP                                                                                                                                                               |
| availability_zone_hints   |                                                                                                                                                                  |
| availability_zones        |                                                                                                                                                                  |
| created_at                | 2021-08-15T09:00:19Z                                                                                                                                             |
| description               |                                                                                                                                                                  |
| dns_domain                |                                                                                                                                                                  |
| id                        | e932ada0-344d-4732-bbd5-72bff36e42b9                                                                                                                             |
| ipv4_address_scope        | None                                                                                                                                                             |
| ipv6_address_scope        | None                                                                                                                                                             |
| is_default                | False                                                                                                                                                            |
| is_vlan_transparent       | None                                                                                                                                                             |
| location                  | cloud='', project.domain_id=, project.domain_name='Default', project.id='42fc69d405ce493aa322ae1051f727d9', project.name='admin', region_name='regionOne', zone= |
| mtu                       | 1500                                                                                                                                                             |
| name                      | nova                                                                                                                                                             |
| port_security_enabled     | True                                                                                                                                                             |
| project_id                | 42fc69d405ce493aa322ae1051f727d9                                                                                                                                 |
| provider:network_type     | flat                                                                                                                                                             |
| provider:physical_network | datacentre                                                                                                                                                       |
| provider:segmentation_id  | None                                                                                                                                                             |
| qos_policy_id             | None                                                                                                                                                             |
| revision_number           | 3                                                                                                                                                                |
| router:external           | External                                                                                                                                                         |
| segments                  | None                                                                                                                                                             |
| shared                    | False                                                                                                                                                            |
| status                    | ACTIVE                                                                                                                                                           |
| subnets                   | 21137431-b7c0-43c5-be6d-448d7477c522, 5915b48c-9d3a-4562-b35b-8c0cd0b8c520                                                                                       |
| tags                      |                                                                                                                                                                  |
| updated_at                | 2021-08-15T09:00:34Z                                                                                                                                             |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
(overcloud) [stack@undercloud-0 ~]$ openstack subnet show external_subnet
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field             | Value                                                                                                                                                            |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools  | 10.0.0.151-10.0.0.254                                                                                                                                            |
| cidr              | 10.0.0.0/24                                                                                                                                                      |
| created_at        | 2021-08-15T09:00:27Z                                                                                                                                             |
| description       |                                                                                                                                                                  |
| dns_nameservers   |                                                                                                                                                                  |
| enable_dhcp       | False                                                                                                                                                            |
| gateway_ip        | 10.0.0.1                                                                                                                                                         |
| host_routes       |                                                                                                                                                                  |
| id                | 5915b48c-9d3a-4562-b35b-8c0cd0b8c520                                                                                                                             |
| ip_version        | 4                                                                                                                                                                |
| ipv6_address_mode | None                                                                                                                                                             |
| ipv6_ra_mode      | None                                                                                                                                                             |
| location          | cloud='', project.domain_id=, project.domain_name='Default', project.id='42fc69d405ce493aa322ae1051f727d9', project.name='admin', region_name='regionOne', zone= |
| name              | external_subnet                                                                                                                                                  |
| network_id        | e932ada0-344d-4732-bbd5-72bff36e42b9                                                                                                                             |
| prefix_length     | None                                                                                                                                                             |
| project_id        | 42fc69d405ce493aa322ae1051f727d9                                                                                                                                 |
| revision_number   | 0                                                                                                                                                                |
| segment_id        | None                                                                                                                                                             |
| service_types     |                                                                                                                                                                  |
| subnetpool_id     | None                                                                                                                                                             |
| tags              |                                                                                                                                                                  |
| updated_at        | 2021-08-15T09:00:27Z                                                                                                                                             |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
~~~

Neutron doesn't allow creating another subnet in the first flat network with range 10.0.0.0/24 because it is conflicting with the external_subnet.
~~~
(overcloud) [stack@undercloud-0 ~]$ openstack subnet create external2_subnet --subnet-range 10.0.0.0/24 --allocation-pool start=10.0.0.200,end=10.0.0.254 --network nova
BadRequestException: 400: Client Error for url: http://10.0.0.123:9696/v2.0/subnets, Invalid input for operation: Requested subnet with cidr: 10.0.0.0/24 for network: e932ada0-344d-4732-bbd5-72bff36e42b9 overlaps with another subnet.
~~~

Create the second flat network on datacentre2.
datacentre and datacentre2 are both backed by br-ex so actually these two are the same, so it should be rejected.
However neutron accepts network creation.
~~~
(overcloud) [stack@undercloud-0 ~]$ openstack network create nova2 --provider-network-type flat --provider-physical-network datacentre2
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field                     | Value                                                                                                                                                            |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up            | UP                                                                                                                                                               |
| availability_zone_hints   |                                                                                                                                                                  |
| availability_zones        |                                                                                                                                                                  |
| created_at                | 2021-08-15T12:34:56Z                                                                                                                                             |
| description               |                                                                                                                                                                  |
| dns_domain                |                                                                                                                                                                  |
| id                        | f6a12328-d453-4360-b0d0-a9cf680ea39e                                                                                                                             |
| ipv4_address_scope        | None                                                                                                                                                             |
| ipv6_address_scope        | None                                                                                                                                                             |
| is_default                | False                                                                                                                                                            |
| is_vlan_transparent       | None                                                                                                                                                             |
| location                  | cloud='', project.domain_id=, project.domain_name='Default', project.id='42fc69d405ce493aa322ae1051f727d9', project.name='admin', region_name='regionOne', zone= |
| mtu                       | 1500                                                                                                                                                             |
| name                      | nova2                                                                                                                                                            |
| port_security_enabled     | True                                                                                                                                                             |
| project_id                | 42fc69d405ce493aa322ae1051f727d9                                                                                                                                 |
| provider:network_type     | flat                                                                                                                                                             |
| provider:physical_network | datacentre2                                                                                                                                                      |
| provider:segmentation_id  | None                                                                                                                                                             |
| qos_policy_id             | None                                                                                                                                                             |
| revision_number           | 1                                                                                                                                                                |
| router:external           | Internal                                                                                                                                                         |
| segments                  | None                                                                                                                                                             |
| shared                    | False                                                                                                                                                            |
| status                    | ACTIVE                                                                                                                                                           |
| subnets                   |                                                                                                                                                                  |
| tags                      |                                                                                                                                                                  |
| updated_at                | 2021-08-15T12:34:56Z                                                                                                                                             |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
~~~

In addition, we can create the conflicting subnet in the second flat network.
~~~
(overcloud) [stack@undercloud-0 ~]$ openstack subnet create external2_subnet --subnet-range 10.0.0.0/24 --allocation-pool start=10.0.0.200,end=10.0.0.254 --network nova2
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field             | Value                                                                                                                                                            |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools  | 10.0.0.200-10.0.0.254                                                                                                                                            |
| cidr              | 10.0.0.0/24                                                                                                                                                      |
| created_at        | 2021-08-15T12:37:05Z                                                                                                                                             |
| description       |                                                                                                                                                                  |
| dns_nameservers   |                                                                                                                                                                  |
| enable_dhcp       | True                                                                                                                                                             |
| gateway_ip        | 10.0.0.1                                                                                                                                                         |
| host_routes       |                                                                                                                                                                  |
| id                | 683e0492-8ee5-48e0-ab30-21213e6d8f4a                                                                                                                             |
| ip_version        | 4                                                                                                                                                                |
| ipv6_address_mode | None                                                                                                                                                             |
| ipv6_ra_mode      | None                                                                                                                                                             |
| location          | cloud='', project.domain_id=, project.domain_name='Default', project.id='42fc69d405ce493aa322ae1051f727d9', project.name='admin', region_name='regionOne', zone= |
| name              | external2_subnet                                                                                                                                                 |
| network_id        | f6a12328-d453-4360-b0d0-a9cf680ea39e                                                                                                                             |
| prefix_length     | None                                                                                                                                                             |
| project_id        | 42fc69d405ce493aa322ae1051f727d9                                                                                                                                 |
| revision_number   | 0                                                                                                                                                                |
| segment_id        | None                                                                                                                                                             |
| service_types     |                                                                                                                                                                  |
| subnetpool_id     | None                                                                                                                                                             |
| tags              |                                                                                                                                                                  |
| updated_at        | 2021-08-15T12:37:05Z                                                                                                                                             |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
~~~


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create two physical networks mapped to the same physical network
2. Enable both two physical networks as flat network providers
3. Create a flat network and a subnet with range 10.0.0.0/24 on the first physical network
3. Create another flat network and a subnet with range 10.0.0.0/24 on the second physical network

Actual results:
The second subnet is created though it is conflicting with the first subnet

Expected results:
The second network is not created because of conflicts

Additional info:

Comment 1 Takashi Kajinami 2021-08-15 12:50:46 UTC

Note that current puppet-ovn doesn't allow using a single bridge for multiple physical networks,
and deployment fails with the following error when a single bridge is used for multiple physical networks.

~~~
parameter_defaults:    ...
    NeutronBridgeMappings: datacentre:br-ex,datacentre2:br-ex,tenant:br-isolated
~~~


/var/log/containers/stdouts/container-puppet-ovn_controller.log
~~~
2021-08-15T09:35:06.340675537+00:00 stderr F <13>Aug 15 09:35:06 puppet-user: Error: Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Exec[br-ex] is already declared at (file: /etc/puppet/modules/ovn/manifests/controller.pp, line: 164); cannot redeclare (file: /etc/puppet/modules/ovn/manifests/controller.pp, line: 164) (file: /etc/puppet/modules/ovn/manifests/controller.pp, line: 164, column: 9) on node controller-0.redhat.local
~~~

Comment 17 errata-xmlrpc 2022-03-24 11:00:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.8 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0986