Bug 2166261 - nova.exception.VirtualInterfaceCreateException: Virtual Interface creation failed
Summary: nova.exception.VirtualInterfaceCreateException: Virtual Interface creation fa...
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Amit Uniyal
QA Contact: OSP DFG:Compute
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-02-01 10:49 UTC by Joaquín Veira
Modified: 2023-08-11 07:02 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: There is a network security vulnerability with RARP packets and inconsistent OVS port handling. https://bugs.launchpad.net/neutron/+bug/1734320, https://bugs.launchpad.net/neutron/+bug/1815989 Consequence: It's possible for other VM's on the same network to access the data of live-migrating VM. Fix: This fix ensure that proper security measures are in place to prevent such unauthorized access and protect the data transferred during live-migration. Result: This fix is a part of 2 patches, it makes sure that OVS ports are securely managed and that network remains protected while virtual machines are live-migrating.
Clone Of:
Environment:
Last Closed: 2023-06-21 09:03:46 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 790447 0 None MERGED libvirt: Delegate OVS plug to os-vif 2023-05-10 10:52:03 UTC
Red Hat Issue Tracker OSP-21958 0 None None None 2023-02-01 10:52:16 UTC
Red Hat Issue Tracker OSP-24719 0 None None None 2023-05-05 21:06:38 UTC

Description Joaquín Veira 2023-02-01 10:49:06 UTC 
Description of problem:

While testing the evacuation of instances in HA by crashing a compute node, 1 of the VMs, not always the same one, fails with "nova.exception.VirtualInterfaceCreateException: Virtual Interface creation failed" in the destination compute node.

I followed the steps in similar BZ opened like https://bugzilla.redhat.com/show_bug.cgi?id=2162423 or https://bugzilla.redhat.com/show_bug.cgi?id=2135363 and here I can see in Neutron the vif_plugin calls and DHCP assignments and still Nova fails with a timeout.

We increased vif_plugging_timeout to 600 and issue is still happening.

Version-Release number of selected component (if applicable):
RHOSP 17.0 with InstanceHA, OVS and network nodes.

How reproducible:


Steps to Reproduce:
1. Deploy RHOSP 17.0 with OVS and Instance HA, probably independent network nodes
2. Crash a compute node hosting VMs


Actual results:
Failed to evacuate

Expected results:
Evacuation

Additional info:
In next comments and in attachments in case
Comment 26 Alex Stupnikov 2023-04-26 07:26:49 UTC 
Setting needinfo for reporter. We need to try recent workaround proposed by Sean and possibly ask customer to update to latest RHOSP 17.0
Note You need to log in before you can comment on or make changes to this bug.