​Hello, With the patches proposed to make ovn-controller not updating the Port_Binding.chassis column [1], the value of Logical_Switch_Port.up in the NB DB will not be the true value.
Below is a proposal which solves this problem - ovn-northd and ovn-controller will make use of locking mechanism supported by ovsdb-server. - For each Port_Binding row whose chassis column is set (ovn-northd will be setting the chassis column) ovn-northd will create an ovsdb lock (with the port name as the lock name) and try to acquire the lock. - ovn-controller will create an ovsdb lock for each logical port it is hosting and steal the lock. - If ovn-northd has acquired the lock for a logical port, it means the logical port is not up and it will set the Logical_Switch_Port.up to false. - If ovn-northd has contented the lock but it doesn't have the lock, it means the logical port is up and it will set the Logical_Switch_Port.up to true. - As soon as ovn-controller detects that it is no longer hosting the logical port (either because the interface for the logical port in the br-int is deleted or if the chassis column is cleared) it will release the lock. ovn-northd will update the Logical_Switch_Port.up to false when it gets the lock. I am a bit apprehensive of the approach as - We are using the ovsdb lock feature which mainly is used for transaction locking, but we are using it for different purpose. - To support this proposal, ovsdb-server should now allow creating locks from the clients connected to it via read-only channel. - not sure about the performance. Will it be an overkill to have locks for each logical port ? - Foremost, does it have any security concerns ? If a chassis is compromised, it can do nasty things like steal followed by release of locks, which could make ovn-northd and the other ovn-controller's to go haywire. I wanted to get your opinion on this. [1] - https://patchwork.ozlabs.org/patch/693750/ https://patchwork.ozlabs.org/patch/693751/ Thanks Numan _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
