Merge "ovs firewall: fix mac learning on the ingress rule table when ovs offload enabled"
This commit is contained in:
commit
6397a03ed8
neutron/agent/linux/openvswitch_firewall
releasenotes/notes
@ -1368,6 +1368,18 @@ class OVSFirewallDriver(firewall.FirewallDriver):
|
||||
actions='resubmit(,%d)' % ovs_consts.DROPPED_TRAFFIC_TABLE
|
||||
)
|
||||
|
||||
# NOTE: The OUTPUT action is used instead of NORMAL action to reduce
|
||||
# cpu utilization, but it causes the datapath rule to be flood rule.
|
||||
# This is due to mac learning not happened on ingress traffic.
|
||||
# While this is ok for no offload case, in ovs offload flood rule
|
||||
# is not offloaded. Therefore, we change the action to be NORMAL in
|
||||
# offload case. In case the explicitly_egress_direct is used the
|
||||
# pipeline don't contain action NORMAL so we don't have flood rule
|
||||
# issue.
|
||||
actions = 'output:{:d}'.format(port.ofport)
|
||||
if (self.int_br.br.is_hw_offload_enabled and
|
||||
not cfg.CONF.AGENT.explicitly_egress_direct):
|
||||
actions = 'mod_vlan_vid:{:d},normal'.format(port.vlan_tag)
|
||||
# Allow established and related connections
|
||||
for state in (ovsfw_consts.OF_STATE_ESTABLISHED_REPLY,
|
||||
ovsfw_consts.OF_STATE_RELATED):
|
||||
@ -1378,7 +1390,7 @@ class OVSFirewallDriver(firewall.FirewallDriver):
|
||||
ct_state=state,
|
||||
ct_mark=ovsfw_consts.CT_MARK_NORMAL,
|
||||
ct_zone=port.vlan_tag,
|
||||
actions='output:{:d}'.format(port.ofport)
|
||||
actions=actions
|
||||
)
|
||||
self._add_flow(
|
||||
table=ovs_consts.RULES_INGRESS_TABLE,
|
||||
|
@ -0,0 +1,10 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixed MAC learning issue when ovs offload enabled. OVS firewall reduce
|
||||
the usage of normal actions to reduce cpu utilization. This causing flood
|
||||
rule because there is no MAC learning on ingress traffic. While this ok
|
||||
for none offload case, when using ovs offload flood rule is not
|
||||
offloaded. This fix the MAC learning in the offload, so we avoid flood
|
||||
rule.
|
||||
`#1897637 <https://bugs.launchpad.net/neutron/+bug/1897637>`_.
|
Loading…
x
Reference in New Issue
Block a user