1370 Commits

Author SHA1 Message Date
Zuul
c17e817c78 Merge "Add Loki testing for Neutron" 2020-11-15 04:46:17 +00:00
Zuul
3089e6b915 Merge "Update networking-midonet maintainers list" 2020-11-13 02:17:32 +00:00
Zuul
77ce7cf4c1 Merge "[Docs] Add info about how multicast is treated by fw drivers" 2020-11-09 10:31:54 +00:00
Zuul
e789b18e72 Merge "Revert "Process ingress multicast traffic for 224.0.0.X separately"" 2020-11-05 15:54:12 +00:00
Zuul
6775bac5a5 Merge "Allow VXLAN network type for OVN driver" 2020-11-04 08:36:25 +00:00
Slawek Kaplonski
d842d0dbf0 [Docs] Add info about how multicast is treated by fw drivers
This patch adds info about how multicast traffic is treated by
openvswitch and iptables based firewall drivers.
Patch [1] was trying to fix behaviour of OVS based driver to make
it similar to how iptables drivers works but it introduced bug [2]
which we wasn't able to fix without basically disabling what [1] did
for some ports on the compute nodes.
So based on that we decided to revert [1] - it is done in [3] and to
document different behaviour between those 2 firewall drivers which is
done by this patch.

[1] https://review.opendev.org/#/c/748719/
[2] https://bugs.launchpad.net/neutron/+bug/1899967
[3] https://review.opendev.org/#/c/759555/

Change-Id: If8a56579c62f58befdc57f5916a5763e9fb99531
Related-Bug: #1899967
Related-Bug: #1889631
2020-10-29 10:59:46 +00:00
Slawek Kaplonski
14a1ad7009 Revert "Process ingress multicast traffic for 224.0.0.X separately"
This reverts commit b8be1a05facff2ba8b484902494ce1663e0aae7c.

As was reported in bug [1] this patch broke multicast traffic send
from ports with disabled port security. And that broke L3HA routers
as keepalived processes couldn't talk to each other.
During attempt to fix that issue with keepalived we found out another
corner cases which we may break and in fact to fix them, we would
effectively revert this change and allow multicast traffic for all
ports in e.g. networks with ports which have port security and ports
which don't have port security and are on same node.
As we also don't really know what other corner cases we may hit going
further with that, lets revert this patch.
As a follow up patch I will propose new patch which will document
differences in handling multicast traffic between iptables and
openvswitch based firewall drivers.

[1] https://bugs.launchpad.net/neutron/+bug/1899967

Change-Id: I37a8b33cf8e16d5bb5dc1966fc2dca6bb619026c
Closes-Bug: #1899967
2020-10-24 08:27:38 +00:00
Zuul
d29e412e9e Merge "Update ovn-octavia-provider contacts" 2020-10-14 10:48:57 +00:00
Zuul
c186816982 Merge "[OVN][Doc] DevStack guide: Add command to get the port's UUID" 2020-10-14 10:48:53 +00:00
Zuul
0b4d6fe4ab Merge "Process ingress multicast traffic for 224.0.0.X separately" 2020-10-11 20:23:38 +00:00
Zuul
ce251a804f Merge "Convert neutron-grenade-ovn job to be zuulv3" 2020-10-11 16:50:14 +00:00
Ihar Hrachyshka
a81f544347 Allow VXLAN network type for OVN driver
Since 20.09, OVN supports VXLAN type for inter-chassis communication.

Change-Id: I81c016ba9c91282d1bebb40a282077e14ce4bd6b
2020-10-08 12:54:31 -04:00
Brian Haley
ac6f94fcbf Update ovn-octavia-provider contacts
Maciej no longer works on Openstack, so remove him, and add
Flavio Fernandes as a replacement.  Also added contact into
to the neutron-teams page.

Change-Id: I2f43a389644afcfa5a42571b6c5c093fd21560f1
2020-10-08 11:42:26 -04:00
Lucas Alvares Gomes
878fe8de92 [OVN][Doc] DevStack guide: Add command to get the port's UUID
It just makes it simpler for the user to copy & paste a command to
obtain the port's UUID.

Change-Id: Ib839c8ed1e78f14d49690367a68f007a68c5cebe
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2020-10-06 16:29:15 +01:00
Rodolfo Alonso Hernandez
b8be1a05fa Process ingress multicast traffic for 224.0.0.X separately
By default, if any multicast traffic sent to 224.0.0.X is allowed
in the OVS firewall (that means there is a specific egress rule),
this traffic is sent, in table 73 (ACCEPT_OR_INGRESS_TABLE), to
a rule with action NORMAL.

As commented in the related bug, https://tools.ietf.org/html/rfc4541,
chapter 2.1.2, section (2):
  "Packets with a destination IP (DIP) address in the 224.0.0.X range
   which are not IGMP must be forwarded on all ports."

That means those packets will be forwarded to all ports regardless of
any ingress rule. This patch process this traffic separately, sending
those packets to table 102 (MCAST_RULES_INGRESS_TABLE). In this table
the ingress rules that have a defined protocol, will have an Open Flow
rule to output the traffic directly to those ports associated to this
rule.

For example, in the problem reported in the related bug, the VRRP
protocol (112), will be sent only to those ports that have this
ingress rule.

Change-Id: Ie271de144f78e364d938731ec9f5297e1a9d73f9
Closes-Bug: #1889631
2020-10-06 14:21:38 +00:00
Slawek Kaplonski
3503022ce7 Convert neutron-grenade-ovn job to be zuulv3
This patch converts neutron-grenade-ovn job to be Zuulv3 native
and adds it as non-voting job to the check queue.

Depends-On: https://review.opendev.org/752412

Change-Id: Ie27f7c9313ff4b18eba739e40fdb136036652313
2020-10-06 10:58:27 +02:00
Slawek Kaplonski
f57b59a179 [Doc] Add section about diffs between ovs and iptables fw drivers
And add note about different handling of packets marked as INVALID
by both those drivers.

Change-Id: I3d436289073e95312e5f5077acabd136266b9e8a
Closes-Bug: #1896587
2020-10-05 22:43:56 +02:00
elajkat
87e5131432 Allow replacing the QoS policy of bound port
Change-Id: Iebdfd2b303f47ff9f049cf583ea754b35ca26f78
Related-Bug: #1882804
Depends-On: https://review.opendev.org/748279
2020-09-24 06:18:38 +00:00
Jakub Libosvar
0817c42799 ovn: Document gap about IPv6 PD in OVN
ML2/OVN currently doesn't support IPv6 prefix delegation. This patch
adds it to the list of gaps.

Change-Id: Icf23cb9113d48322a4ba0db13a55c370e2bb14a4
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2020-09-17 14:47:43 +02:00
Slawek Kaplonski
3c2eaed7a9 Update networking-midonet maintainers list
Ryu Ishimoto was removed from the list of networking-midonet maintainers
as he is not active in the community anymore - thank You Ryu for all
Your work in the Neutron community.

Sam Morrison was added to the list as he recently stepped in to maintain
networking-midonet in the Neutron stadium. Welcome Sam and thanks for
Your help with this project.

Change-Id: I639fa5f69f56c96bc69873e6bcac555fff441ce2
2020-09-10 09:36:39 +02:00
Zuul
bdd6c6cdb5 Merge "Granular metering data in neutron-metering-agent" 2020-09-08 16:52:23 +00:00
Rafael Weingärtner
bd1467b47c Granular metering data in neutron-metering-agent
Extend neutron metering agent to generate Granular metering data.
The rationale here is to have data (bytes and packets) not just in
a label basis, but also in tenant, router, and router-label, and tenant-label
basis. This allows operators to develop more complex network monitoring
solutions.

Moreover, I added documentation to explain what is the neutron metering agent,
its configs, and different message formats.

Change-Id: I7b6172f88efd4df89d7bed9a0af52f80c61acbe0
Implements: https://blueprints.launchpad.net/neutron/+spec/granular-metering-data
Closes-Bug: #1886949
2020-09-04 09:20:54 -03:00
Flavio Fernandes
0c6ea20ba5 [ovn]: port forwarding -- move documentation to better place
Move port_forwarding.rst to doc/source/contributor/internals/ovn
Also, keep lines from the document no longer than 80 chars.

Change-Id: I2887eb022b268763193f93a68a32a4a0deaad42b
2020-09-03 19:07:31 -04:00
Lucas Alvares Gomes
40918cdb9b [OVN] Gap: Add QoS minimum bandwidth allocation in Placement API
Add QoS minimum bandwidth allocation in Placement API to the feature
partity gap list.

Change-Id: I06a8d6af367c806681bd7bfa2d1930e390371dd7
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2020-09-01 11:21:05 +01:00
Zuul
d189d83bd7 Merge "Update IPv6 Prefix Delegation docs" 2020-08-28 21:08:39 +00:00
Zuul
e115fb5564 Merge "Promote -uwsgi jobs to be gating" 2020-08-28 21:05:46 +00:00
Slawek Kaplonski
513c3652b4 Update IPv6 Prefix Delegation docs
This patch removes part about neutron-pd-agent from the PD docs.
This agent was retired many cycles ago with [1] so we shouldn't mention
about that in our docs.

[1] https://review.opendev.org/#/c/388919/

Change-Id: I546d04373b475deef3a3c7fb2694da5a4fecaa26
2020-08-26 16:05:30 +02:00
Brian Haley
055036ba2b Improve terminology in the Neutron tree
There is no real reason we should be using some of the
terms we do, they're outdated, and we're behind other
open-source projects in this respect. Let's switch to
using more inclusive terms in all possible places.

Change-Id: I99913107e803384b34cbd5ca588451b1cf64d594
2020-08-19 16:47:53 -04:00
Slawek Kaplonski
3000f3c541 Promote -uwsgi jobs to be gating
Uwsgi based jobs (functional, fullstack and tempest) are voting since
some time and are as stable as "non-uwsgi" onces.
Recently on the CI meeting we decided to move "non-uwsgi" functional and
fullstack jobs to be run only in periodic queue and promote "uwsgi" jobs
to be gating also.

Change-Id: Id24316f04e1ff619c8ce2fe475f873961cbb92e4
2020-08-12 12:17:39 +02:00
zhanghao
cc54a1c38e Fix port can not be created with the sg of other project
This patch adds the verification of whether admin context when
verifying the valid security groups of port.

Change-Id: I2674bdc448d9a091b9fe8c68f0866fd19141c6be
Closes-Bug: #1890539
2020-08-10 10:58:30 -04:00
Nate Johnston
5b48b7ceff Add Loki testing for Neutron
This commit adds a non-voting job, based on tempest, which enables the
transient DB failure injection module 'loki' [1].  This will test
neutron resilience to database errors.

[1] https://docs.openstack.org/neutron/latest//contributor/testing/db_transient_failure_injection.html

Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>

Change-Id: Ie6293923a4a4744888bf3ee36007267ef0fddfd9
2020-08-05 20:38:52 +00:00
Zuul
17324fe1cf Merge "[ovn]: port forwarding -- documentation" 2020-07-30 18:09:02 +00:00
Flavio Fernandes
e2060a2f0b [ovn]: port forwarding -- documentation
This is a subset of the changes for implementing the floating IP
port forwarding feature in neutron, using OVN as the backend.

This changeset covers the documentation updates for the feature,
as well as a high-level description of how OVN implements it.

Partially-implements: ovn/port_forwarding
Partially-implements: blueprint portforwarding-description
Partial-Bug: #1877447

Change-Id: I2059a011f650dd7070a74dc6107aab2b15ca7104
2020-07-28 13:57:13 -04:00
Rodolfo Alonso Hernandez
6da9936814 Remove "vf_management" and "vf_extended_management" checks
Since [1], the SR-IOV commands are executed using Pyroute2. The
support to execute those commands is guaranteed by the requested
minimum version of this library.

[1]https://review.opendev.org/#/c/727811/

Change-Id: I53372524c9cdc75c4b24e1f3c973f8f87a73a8f9
Closes-Bug: #1888920
2020-07-27 10:47:16 +00:00
Jakub Libosvar
afd63d0b36 ovn migration: Support stack name
The heat stack name is variable. This patch adds a new environment
variable to support migrating stacks that are different name than
overcloud.

Change-Id: I6fd72bf83def28ae633d720b8495888cea3ac0a3
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2020-07-22 16:33:32 +00:00
Maciej Józefczyk
8d1512afb0 [OVN] Allow IP allocation with different segments for OVN service ports
OVN creates localport [1] for each network that has metadata
and allocate IP address from subnet within this network that has
DHCP enabled. The traffic from this port will never go outside
the chassis.

While using multiple segments with subnet linked to each segment
OVN needs to create an allocation of IP address for each of those
subnets [2] in order to generate data for OVN NBDB IPv4 DHCP Options.

The change [3] started to validate that condition, while multiple
IP addresses from different segments are tried to be allocated on
one port. We can skip this for OVN Metadata port, because there
is no reason to prevent those kind of allocation for OVN.

[1] http://www.openvswitch.org/support/dist-docs/ovn-architecture.7.html
[2] 5f42488a9a/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py (L2279)
[3] https://review.opendev.org/#/c/709444/

Change-Id: Ib51cde89ed873f48db4daebc27a0980da9cc0f19
Closes-Bug: 1871608
2020-07-22 07:38:49 +00:00
Zuul
d28654a0c7 Merge "Remove tempest-integrated-networking job from neutron queue" 2020-07-14 15:27:03 +00:00
Zuul
4c9c4f7753 Merge "Update cirros image to cirros-0.5.1-x86_64 globally" 2020-07-09 13:30:07 +00:00
Zuul
6a9c46699b Merge "Better document router requirements for IPv6" 2020-07-09 09:11:22 +00:00
Slawek Kaplonski
34b6833caa Remove tempest-integrated-networking job from neutron queue
As we agreed during virtual PTG we want to change
tempest-multinode-full-py3 that it will run only integrated-networking
tests. And then promote it to be voting and gating job.

This new multinode job can replace singlenode tempest-integrated-networking
job so this patch removes this one from the queues too.

Change-Id: Ic61b636625824bbd6b7624a057db308a484ee463
2020-07-08 16:03:43 +02:00
Brian Haley
a3ecaf6a10 Better document router requirements for IPv6
In order for IPv6 to function correctly for instances, a router
must be created and added to a subnet. Update the documentation
to better highlight this as it wasn't clear a router was
required on an isolated subnet such that Router Advertisements
messages would be sent.

Change-Id: I4aca67c98ae77bbc4c130764af5a92515b95443a
Closes-bug: #1886116
2020-07-08 08:56:11 -04:00
Maciej Józefczyk
db6ebd22e1 Update cirros image to cirros-0.5.1-x86_64 globally
New cirros with recent fixes for metadata service
has been released. Lets update the image version on gate.

Also stop using different images for OVN. Lets use default
settings from devstack.

First we need to merge [2].

[1] e40bcd2964
[2] https://review.opendev.org/#/c/711492/

Change-Id: Idc614f9f25188bd1a1e1d5424274acf04ba99328
2020-07-07 22:06:39 +00:00
Maciej Józefczyk
193df8279d [OVN] Stop using neutron_tempest_plugin in OVN singlenode job
In patch [1] we moved neutron_tempest_plugin test executions to
neutron-tempest-plugin repository.
That moves us forward with unifying the way of executing tests
after OVN merge.

[1] https://review.opendev.org/#/c/734832/

Change-Id: Iecca2649fc5e066fabe7f4b4746094506b595f0b
2020-07-07 22:06:20 +00:00
Zuul
d9d273e538 Merge "[OVN] Add router availability zones documentation" 2020-06-26 11:01:06 +00:00
Zuul
b66e4438fd Merge "Deprecate use_veth_interconnection config option" 2020-06-26 05:36:36 +00:00
Slawek Kaplonski
72f39226e0 Update neutron-dynamic-routing lieutenants
Change-Id: I077c0a25ae7a9580d2f391fdbaf7c36c52bc1d30
2020-06-24 20:07:40 +00:00
Lucas Alvares Gomes
f14a1b332d [OVN] Add router availability zones documentation
This patch is adding documentation about the router availability zones
feature in the OVN driver.

Change-Id: I6c8267100e1ee82c8b563528467b50b91f7700f6
Related-Bug: #1881095
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2020-06-24 15:06:12 +00:00
Slawek Kaplonski
fb44416c05 Deprecate use_veth_interconnection config option
This was proposed to be deprecated long time ago already.
We have patch ports in Openvswitch to connect bridges together.

Change-Id: Ie343f83a886bb8c366873fd5e076bb7096e1a6ed
Related-bug: #1587296
2020-06-24 13:09:32 +00:00
Zuul
f200f62ac2 Merge "Fix a typo in the OVN manual install guide" 2020-06-24 03:01:47 +00:00
Slawek Kaplonski
c646978f1b Add singlenode tempest job with neutron-lib from master branch
As we discussed during last PTG, this patch adds singlenode tempest
job which uses neutron-lib from master branch always.

Change-Id: I883ba5d68b716d601898621079a835c706f52f85
2020-06-21 21:36:34 +00:00