Description of problem: Below section mention about transparent vlan feature in openstack networking. https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.0/html-single/networking_guide/index#overview-vlan-aware-instances_vlan-aware-instances However, it is mandatory to use allowed_address_pairs else child port traffic will be dropped. We should mention that "must use allowed_address_pairs" in this section. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I agree this needs fixing up. Funny thing is that if you reference --allowed_address_pairs documentation [1] it specifically notes to not set allowed-address pair that matches mac_address and ip_address. Which is the exact opposite if we ended up adding new documentation for the transparat vlan. Here is what we will do in meantime 1. I will look into netron code base to determine why the user is even required to set allowed-address pair <vm_mac> <vm_ip> even though that information is already know in Neutron DB and hence we should set it automatically 2. Meanwhile, as inidicated by James in c#2 we should update know issue list to which states something along this line. "When vlan transparency is enabled between VMs, allowed-address pair must be also set to allow traffic between the VLAN aware VMs." 3. Depending on the outcome of step 1 we will update official rhops documents. [1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/networking_guide/config-allowed-address-pairs_rhosp-network#add-allow-addr-pairs_config-allowed-address-pairs
I setup a system with ML2/OVN and transparent network to refresh my memory. I confirmed that you must set --allowed-addres-pair ip-address=<IP set on the VLAN dev inside the VM> and therefore there is no way for neutron to know what to set this IP is set. The MAC address is optional and naturally remains same. Here is neutron port where I set ` openstack port set --allowed-address ip-address=192.128.111.2 67568813-72bf-48d9-8af1-d34b4bc4b3f5 ` -------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | ip_address='192.128.111.2', mac_address='fa:16:3e:e9:7e:5a' | | binding_host_id | compute-0.redhat.local | | binding_profile | | | binding_vif_details | port_filter='True' | | binding_vif_type | ovs | | binding_vnic_type | normal | | created_at | 2023-05-10T17:31:23Z | | data_plane_status | None | | description | | | device_id | d7b5c9ab-61e7-45d8-b114-cd8ff0da3b75 | | device_owner | compute:nova | | dns_assignment | fqdn='host-192-168-30-246.openstacklocal.', hostname='host-192-168-30-246', ip_address='192.168.30.246' | | dns_domain | None | | dns_name | | | extra_dhcp_opts | | | fixed_ips | ip_address='192.168.30.246', subnet_id='952e7787-5474-4d7a-b47d-748f47d2539d' | | id | 67568813-72bf-48d9-8af1-d34b4bc4b3f5 | | location | cloud='', project.domain_id=, project.domain_name='Default', project.id='cfd8e9499faf4a1fb2eff8daa715d72b', project.name='admin', region_name='regionOne', zone= | | mac_address | fa:16:3e:e9:7e:5a | | name | | | network_id | e616fa4a-3684-4958-937a-951096e858f4 | | port_security_enabled | True | | project_id | cfd8e9499faf4a1fb2eff8daa715d72b | | propagate_uplink_status | None | | qos_policy_id | None | | resource_request | None | | revision_number | 6 | | security_group_ids | 009a57f3-d40a-430c-9d20-f9d5d1e97b5a, 92585414-b92a-4a73-8727-216eaf451587 | | status | ACTIVE | | tags | | | trunk_details | None | | updated_at | 2023-05-10T18:33:33Z | +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ VM `ip a` output: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc fq_codel state UP group default qlen 1000 link/ether fa:16:3e:9f:fa:d7 brd ff:ff:ff:ff:ff:ff altname enp0s3 altname ens3 inet 192.168.30.199/24 brd 192.168.30.255 scope global dynamic noprefixroute eth0 valid_lft 37318sec preferred_lft 37318sec inet6 fe80::f816:3eff:fe9f:fad7/64 scope link valid_lft forever preferred_lft forever 3: vlan50@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1438 qdisc noqueue state UP group default qlen 1000 link/ether fa:16:3e:9f:fa:d7 brd ff:ff:ff:ff:ff:ff inet 192.128.111.1/24 scope global vlan50 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe9f:fad7/64 scope link valid_lft forever preferred_lft forever I was under impression that the allowed-address-pair IP is set to the same ip as the VM port. In this case that would be 192.168.30.199 . So strikethrough my comment#4 item 1 and 2. We add just need to add one step to the existing documentation. @Greg In this document[1] procedure add step 5 that can can be something like this: 5. Set the IP address set on the VLAN interface set in step 4 as allowed-address-pair IP on the VM port openstack port set --allowed-address ip-address=<VM VLAN Interface IP>[,<VM VLAN Interface MAC>] <vm_port_uuid> Example: openstack port set --allowed-address ip-address=192.128.111.2 <vm_port_uuid> [1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.0/html-single/networking_guide/index#enable-vlan-transparentpor_vlan-aware-instances
Hi, The RHOSP 16.1, 16.2, and 17.0 Networking Guides have been updated. Customers can see these changes here: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/networking_guide/vlan-aware-instances_rhosp-network#enable-vlan-transparentpor_vlan-aware-instances https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/networking_guide/vlan-aware-instances_rhosp-network#enable-vlan-transparentpor_vlan-aware-instances https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.0/html/networking_guide/vlan-aware-instances_rhosp-network#enable-vlan-transparentpor_vlan-aware-instances When RHOSP 17.1 ships, customers will see this fix there, too: --Greg