[ovs-discuss] [OVN] Routed provider networks

Dumitru Ceara dceara at redhat.com
Wed Apr 1 13:54:48 UTC 2020 

On 3/30/20 4:53 PM, Maciej Jozefczyk wrote:
> Hello!
> 
> I started to work on Routed Provider Networks feature for Openstack
> Neutron, that is described [1].
> Neutron community chosen second variant of this RFE, that would be
> easier to implement for now.
> 
> To achieve this we would need to have multiple provider network segments
> configured within the same Logical Switch.
> I prepared an example environment [2] and tested it.

Hi Maciej,

Thanks for trying this out!

> 
> The worker hosts where VMs are placed are directly connected to provider
> vlan network with segments:
> external-segment-1: 172.24.4.0/24 <http://172.24.4.0/24> vlan 4
> external-segment-2: 172.24.6.0/24 <http://172.24.6.0/24> vlan 6
> 
> Worker host have following-bridge mappings configured:
> worker-1: ovn-bridge-mappings="external-segment-1:br-ex"
> worker-2: ovn-bridge-mappings="external-segment-2:br-ex"
> and fabric physical interfaces connected to br-ex.
> 
> In OVN both segments are connected to the same Logical_Switch 'public':
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------
> ovn-nbctl list logical_switch_port
> _uuid               : e80bbfef-e966-4973-bec2-2dad6c18b09c
> addresses           : [unknown]
> dhcpv4_options      : []
> dhcpv6_options      : []
> dynamic_addresses   : []
> enabled             : []
> external_ids        : {}
> ha_chassis_group    : []
> name                : public-segment-1-localnet
> options             : {network_name=external-segment-1}
> parent_name         : []
> port_security       : []
> tag                 : []
> tag_request         : []
> type                : localnet
> up                  : false
> 
> _uuid               : efdcbbed-dd97-4b09-9b96-0dd25a4d6f03
> addresses           : [unknown]
> dhcpv4_options      : []
> dhcpv6_options      : []
> dynamic_addresses   : []
> enabled             : []                      
> external_ids        : {}                              
> ha_chassis_group    : []
> name                : public-segment-2-localnet
> options             : {network_name=external-segment-2}
> parent_name         : []
> port_security       : []      
> tag                 : []  
> tag_request         : []                                      
> type                : localnet
> up                  : false
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------
> I also spawned 2 VMS: vm1 - in external-segment-1 and vm2 - in
> external-segment-2.
> 
> *Conclusion*:
> I *can* ping VMs from hosts connected to fabric [2], from host-1 I can
> ping vm1 and from host-2 I can ping vm2.
> I *do not see* any traffic from external-segment-1 on external-segment-2
> and vice-versa.
> 
> *However I spotted some issues*:
> Unfortunately the ovn-controller on worker-1 and worker-2 are
> continuously logging:
> From worker-1:
> patch|ERR|bridge not found for localnet port 'public-segment-2-localnet'
> with network name 'external-segment-2'
> From worker-2:
> patch|ERR|bridge not found for localnet port 'public-segment-1-localnet'
> with network name 'external-segment-1'
> 
> *Questions*:
> Can we try to log this kind of error only once in this situation?
> So when there is a Logical_Switch, in which there are more than one
> localnet ports added and chassis is placed in only one segment, can we
> print this log only once and skip patch port plug-in until there would
> be update of ovn-bridge-mappings for that chassis?
> Do you find this architecture (multiple localnet ports in one
> Logical_Switch) could lead us to some issues?
> 


While this might seem to work out of the box, I'm afraid it's not a
supported configuration. The implementation in ovn-northd expects at
most one localnet port per logical switch:

https://github.com/ovn-org/ovn/blob/v20.03.0/northd/ovn-northd.c#L542

If there would be multiple localnet ports per logical switch, only the
last one would be saved:

https://github.com/ovn-org/ovn/blob/v20.03.0/northd/ovn-northd.c#L2051

ovn-northd creates logical flows that use the localnet port json_key so
having multiple localnet ports per LS would lead to having these flows
properly installed *only* for the "last" localnet port in the logical
switch.

Some examples of flows that would need to explicitly consider multiple
localnet ports:
- Logical flows for DHCP responders for external ports:
https://github.com/ovn-org/ovn/blob/v20.03.0/northd/ovn-northd.c#L6313

- Logical flows that drop ARP requests for non-chassis-local ports
received from localnet ports :
https://github.com/ovn-org/ovn/blob/v20.03.0/northd/ovn-northd.c#L6503

- Logical flows that flood of ARP requests on localnet ports:
https://github.com/ovn-org/ovn/blob/master/northd/ovn-northd.c#L5922

All scenarios above can be enhanced to take into account multiple
localnet ports.

However, there's also the case of East-West routing of traffic between
localnet VLAN tagged logical switches for which ovn-chassis-mac-mappings
should be configured in order to avoid running the routing pipeline
multiple times:

https://github.com/ovn-org/ovn/blob/v20.03.0/ovn-architecture.7.xml#L1451

https://github.com/ovn-org/ovn/commit/522911269f1422e1274cbfbe53035a3bb8f573eb

As far as I remember this assumes too that there's only one localnet
port per logical switch. CC-ing Ankur to confirm.

Regards,
Dumitru

> 
> Thanks,
> Maciej
> 
> 
> [1] https://bugs.launchpad.net/neutron/+bug/1865889
> [2] https://imgur.com/a/hEI8Nin
> 
> -- 
> Best regards,
> Maciej Józefczyk
> 
> _______________________________________________

More information about the discuss mailing list