Re: [openstack-dev] [neutron] Enable arp_responder without l2pop

2017-02-22 Thread Anil Venkata 
On Wed, Feb 22, 2017 at 6:19 PM, Thomas Morin 
wrote:

> Hi Anil,
>
> Tue Feb 21 2017 22:47:46 GMT-0500 (EST), Anil Venkata:
>
>> Currently arp_resonder can enabled only if l2pop is enabled.
>>
>> Can we have arp_responder feature enabled without l2pop(i.e Remove the
>> dependency between arp_responder and l2_pop)?
>>
>>
> I agree that it would be useful.
> networking-bgpvpn ovs/bagpipe driver is relying on arp_responder, and
> hence currently draws this dependency on l2pop (not an issue I find, but
> still an artefact rather than a design decision).
>
> Also setup arp_responder on OVS integration bridge(and not on br-tun)?
>>
>>
> While relevant, I think this is not possible until br-int allows to match
> the network a packet belongs to (the ovsdb port tags don't let you do that
> until the packet leaves br-int with a NORMAL action).
> Ajo has told me yesterday that the OVS firewall driver uses registers
> precisely to do that. Making this generic (and not specific to the OVS
> firewall driver) would be a prerequisite before you can add ARP responder
> rules in br-int.
>
>
Thanks Thomas. Spoke to Ajo on this. He said we can follow above suggestion
i.e do the same what firewall driver is doing  in br-int, or wait till OVS
flow extension is implemented(but this will take time as lack of resources)


> I think this question (of where to put the ARP responder rules) also
> relates to https://review.openstack.org/#/c/320439/ .
>
> -Thomas
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [neutron] Enable arp_responder without l2pop

2017-02-22 Thread Thomas Morin 

Hi Anil,

Tue Feb 21 2017 22:47:46 GMT-0500 (EST), Anil Venkata:

Currently arp_resonder can enabled only if l2pop is enabled.

Can we have arp_responder feature enabled without l2pop(i.e Remove the 
dependency between arp_responder and l2_pop)?




I agree that it would be useful.
networking-bgpvpn ovs/bagpipe driver is relying on arp_responder, and 
hence currently draws this dependency on l2pop (not an issue I find, but 
still an artefact rather than a design decision).



Also setup arp_responder on OVS integration bridge(and not on br-tun)?



While relevant, I think this is not possible until br-int allows to 
match the network a packet belongs to (the ovsdb port tags don't let you 
do that until the packet leaves br-int with a NORMAL action).
Ajo has told me yesterday that the OVS firewall driver uses registers 
precisely to do that. Making this generic (and not specific to the OVS 
firewall driver) would be a prerequisite before you can add ARP 
responder rules in br-int.


I think this question (of where to put the ARP responder rules) also 
relates to https://review.openstack.org/#/c/320439/ .


-Thomas

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [neutron] Enable arp_responder without l2pop

2017-02-21 Thread Anil Venkata 
Hi All

Currently arp_resonder can enabled only if l2pop is enabled.

Can we have arp_responder feature enabled without l2pop(i.e Remove the
dependency between arp_responder and l2_pop)?
Also setup arp_responder on OVS integration bridge(and not on br-tun)?.

To enable arp_responder, we only need port's MAC and IP Address and no
tunnel ip(So no need for l2pop).
Currently agents use l2pop notifications to create ARP entries. With the
new approach, agents can use
port events(create, update and delete) to create ARP entry and without
l2pop notifications.

The advantages with this approach for both linuxbridge and OVS agent -
1) Users can enable arp_responder without l2pop
2) Support ARP for distributed router ports(DVR and HA).
Currently, ARP is not added for these ports.
This is a fix for https://bugs.launchpad.net/neutron/+bug/1661717

As we are not dependent on l2pop, we can  create ARP entries on OVS
integration bridge.

Advantages for OVS agent, if ARP entries are setup on integration
bridge(br-int) rather than on tunneling bridge(br-tun)
1) It enables arp_responder for all network types(vlans, vxlan, etc)
arp_responder based on l2pop is supported for only overlay networks.
2) ARP can be resolved within br-int.
3) ARP packets for local ports(ports connected to same br-int) will be
resolved
   in br-int without broadcasting to actual ports connected to br-int.


Any suggestions?

Also submitted bug [1] for this.

[1] https://bugs.launchpad.net/neutron/+bug/1518392

Thanks
Anil
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev