Re: [openstack-dev] [neutron] Enable arp_responder without l2pop
On Wed, Feb 22, 2017 at 6:19 PM, Thomas Morinwrote: > Hi Anil, > > Tue Feb 21 2017 22:47:46 GMT-0500 (EST), Anil Venkata: > >> Currently arp_resonder can enabled only if l2pop is enabled. >> >> Can we have arp_responder feature enabled without l2pop(i.e Remove the >> dependency between arp_responder and l2_pop)? >> >> > I agree that it would be useful. > networking-bgpvpn ovs/bagpipe driver is relying on arp_responder, and > hence currently draws this dependency on l2pop (not an issue I find, but > still an artefact rather than a design decision). > > Also setup arp_responder on OVS integration bridge(and not on br-tun)? >> >> > While relevant, I think this is not possible until br-int allows to match > the network a packet belongs to (the ovsdb port tags don't let you do that > until the packet leaves br-int with a NORMAL action). > Ajo has told me yesterday that the OVS firewall driver uses registers > precisely to do that. Making this generic (and not specific to the OVS > firewall driver) would be a prerequisite before you can add ARP responder > rules in br-int. > > Thanks Thomas. Spoke to Ajo on this. He said we can follow above suggestion i.e do the same what firewall driver is doing in br-int, or wait till OVS flow extension is implemented(but this will take time as lack of resources) > I think this question (of where to put the ARP responder rules) also > relates to https://review.openstack.org/#/c/320439/ . > > -Thomas > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [neutron] Enable arp_responder without l2pop
Hi Anil, Tue Feb 21 2017 22:47:46 GMT-0500 (EST), Anil Venkata: Currently arp_resonder can enabled only if l2pop is enabled. Can we have arp_responder feature enabled without l2pop(i.e Remove the dependency between arp_responder and l2_pop)? I agree that it would be useful. networking-bgpvpn ovs/bagpipe driver is relying on arp_responder, and hence currently draws this dependency on l2pop (not an issue I find, but still an artefact rather than a design decision). Also setup arp_responder on OVS integration bridge(and not on br-tun)? While relevant, I think this is not possible until br-int allows to match the network a packet belongs to (the ovsdb port tags don't let you do that until the packet leaves br-int with a NORMAL action). Ajo has told me yesterday that the OVS firewall driver uses registers precisely to do that. Making this generic (and not specific to the OVS firewall driver) would be a prerequisite before you can add ARP responder rules in br-int. I think this question (of where to put the ARP responder rules) also relates to https://review.openstack.org/#/c/320439/ . -Thomas __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [neutron] Enable arp_responder without l2pop
Hi All Currently arp_resonder can enabled only if l2pop is enabled. Can we have arp_responder feature enabled without l2pop(i.e Remove the dependency between arp_responder and l2_pop)? Also setup arp_responder on OVS integration bridge(and not on br-tun)?. To enable arp_responder, we only need port's MAC and IP Address and no tunnel ip(So no need for l2pop). Currently agents use l2pop notifications to create ARP entries. With the new approach, agents can use port events(create, update and delete) to create ARP entry and without l2pop notifications. The advantages with this approach for both linuxbridge and OVS agent - 1) Users can enable arp_responder without l2pop 2) Support ARP for distributed router ports(DVR and HA). Currently, ARP is not added for these ports. This is a fix for https://bugs.launchpad.net/neutron/+bug/1661717 As we are not dependent on l2pop, we can create ARP entries on OVS integration bridge. Advantages for OVS agent, if ARP entries are setup on integration bridge(br-int) rather than on tunneling bridge(br-tun) 1) It enables arp_responder for all network types(vlans, vxlan, etc) arp_responder based on l2pop is supported for only overlay networks. 2) ARP can be resolved within br-int. 3) ARP packets for local ports(ports connected to same br-int) will be resolved in br-int without broadcasting to actual ports connected to br-int. Any suggestions? Also submitted bug [1] for this. [1] https://bugs.launchpad.net/neutron/+bug/1518392 Thanks Anil __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev