On Wed, Jul 14, 2021 at 4:02 PM Rodolfo Alonso Hernandez <ralon...@redhat.com> wrote: > > Hello all: > > First of all, a bit of context. This question/request is related to [1]. The > problem we have in OpenStack is that we are trying to create a VIP but not > with a /32 IP address but with a CIDR. > > Since [2][3], is it possible to define VIPs in Neutron using OVN by creating > an unassigned port. This port will provide the VIP. When this VIP is set to a > bound port as "allowed_address_pairs", we set the LSP port type to "virtual". > > In Neutron we can assign a CIDR to a port as an "allowed_address_pairs". For > example: > $ openstack port show port10 | grep allowed_address_pairs > allowed_address_pairs | ip_address='1.2.3.0/24', > mac_address='fa:16:3e:7d:ca:e4' > > The problem is that OVN, to set the virtual LSP chassis and thus create the > OpenFlow rules in the selected OVS, is expecting an ARP from the exact IP > address that matches with the VIP IP address. Any other IP address in the > CIDR '1.2.3.0/24' (following the example provided), won't trigger the rule > creation. > > Is there any mechanism to provide support for a virtual CIDR instead of a > VIP? If not, are there any plans for this?
Hi Rodolfo, As you know we have the logical port of type - virtual to support the use case where VIP is an IP. Suppose if a logical port 'P' is created with address - '50:54:00:00:00:03 10.0.0.3', ovn-northd adds the below logical flow in the "lr_in_arp_resolve" logical router pipeline (if the logical switch of port 'P' is connected to the logical router), - table=14(lr_in_arp_resolve ), priority=100 , match=(outport == "lr0-sw0" && reg0 == 10.0.0.3), action=(eth.dst = 50:54:00:00:00:03; next;) If the logical port 'P' is of type virtual, then ovn-northd modifies the above logical flow to set the eth.dst to that of the virtual parent. In the issue you mentioned above, since neutron doesn't set the logical port 'P' as virtual, the eth.dst of the logical port 'P' is used and the packet gets dropped because the port 'P' is down. I'm not sure if we can provide support for a virtual CIDR. I think the problem would be solved if ovn-northd adds the above arp_resolve flow only if the logical port is "UP". Since the logical port 'P' would not be set as virtual and since it is not bound to any VM, this could work. But this would cause some latency as ovn-northd need to add this logical flow after the logical port is UP. Probably we can make use of the existing "lsp_is_up" config option for this. Thanks Numan > Thank you in advance. > Rodolfo Alonso (ralon...@redhat.com). > > [1]https://bugzilla.redhat.com/show_bug.cgi?id=1970907 > [2]https://github.com/ovn-org/ovn/commit/054f4c85c413e20d893e10ba053ec52ac15db49c > [3]https://review.opendev.org/c/openstack/networking-ovn/+/676223 > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
