Public bug reported: Greetings,
while deploying the ovn vpnaas implementation of neutron and testing its functionality we found that the ovn-vpn-agent fails to remove a vpn service. We found that the reason for this is that the destroy_process function of the ovn_ipsec implementation calls the parent destroy_process function [1]. The parent implementation of the destroy_process function calls remove_nat_rules [2] which throws an exception in ovn environments. Calling remove_nat_rules in the ovn implementation does not make sense as all nat flows are managed by ovn and not iptables. [1] https://github.com/openstack/neutron-vpnaas/blob/stable/2025.1/neutron_vpnaas/services/vpn/device_drivers/ovn_ipsec.py#L287 [2] https://github.com/openstack/neutron-vpnaas/blob/stable/2025.1/neutron_vpnaas/services/vpn/device_drivers/ipsec.py#L1019 Exception that is thrown: Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server [None req-7a030937-580b-440f-9509-b41cbfde6c5a d6664669b3ec454088014399dd707bbd 0f93b28d753f44e18053f124519c5004 - - ca8664bbcbd0457cae12> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server Traceback (most recent call last): Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_messaging/rpc/server.py", line 174, in _process_incoming Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_messaging/rpc/dispatcher.py", line 309, in dispatch Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_messaging/rpc/dispatcher.py", line 229, in _do_dispatch Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_log/helpers.py", line 67, in wrapper Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return method(*args, **kwargs) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 966, in vpnservice_u> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server self.sync(context, [router] if router else []) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_log/helpers.py", line 67, in wrapper Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return method(*args, **kwargs) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_concurrency/lockutils.py", line 415, in inner Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return f(*args, **kwargs) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1156, in sync Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server self._delete_vpn_processes(sync_router_ids, router_ids) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1186, in _delete_vpn> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server self.destroy_process(process_id) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ovn_ipsec.py", line 287, in destroy_> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server super().destroy_process(process_id) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1019, in destroy_pro> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server self.remove_nat_rules(process_id) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_log/helpers.py", line 67, in wrapper Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return method(*args, **kwargs) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 953, in remove_nat_r> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server iptables_manager = self.get_router_based_iptables_manager(router) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server TypeError: 'NoneType' object is not callable ** Affects: neutron Importance: Undecided Status: New ** Tags: vpnaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2127157 Title: ovn-vpn-agent fails to delete vpn service Status in neutron: New Bug description: Greetings, while deploying the ovn vpnaas implementation of neutron and testing its functionality we found that the ovn-vpn-agent fails to remove a vpn service. We found that the reason for this is that the destroy_process function of the ovn_ipsec implementation calls the parent destroy_process function [1]. The parent implementation of the destroy_process function calls remove_nat_rules [2] which throws an exception in ovn environments. Calling remove_nat_rules in the ovn implementation does not make sense as all nat flows are managed by ovn and not iptables. [1] https://github.com/openstack/neutron-vpnaas/blob/stable/2025.1/neutron_vpnaas/services/vpn/device_drivers/ovn_ipsec.py#L287 [2] https://github.com/openstack/neutron-vpnaas/blob/stable/2025.1/neutron_vpnaas/services/vpn/device_drivers/ipsec.py#L1019 Exception that is thrown: Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server [None req-7a030937-580b-440f-9509-b41cbfde6c5a d6664669b3ec454088014399dd707bbd 0f93b28d753f44e18053f124519c5004 - - ca8664bbcbd0457cae12> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server Traceback (most recent call last): Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_messaging/rpc/server.py", line 174, in _process_incoming Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_messaging/rpc/dispatcher.py", line 309, in dispatch Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_messaging/rpc/dispatcher.py", line 229, in _do_dispatch Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_log/helpers.py", line 67, in wrapper Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return method(*args, **kwargs) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 966, in vpnservice_u> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server self.sync(context, [router] if router else []) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_log/helpers.py", line 67, in wrapper Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return method(*args, **kwargs) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_concurrency/lockutils.py", line 415, in inner Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return f(*args, **kwargs) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1156, in sync Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server self._delete_vpn_processes(sync_router_ids, router_ids) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1186, in _delete_vpn> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server self.destroy_process(process_id) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ovn_ipsec.py", line 287, in destroy_> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server super().destroy_process(process_id) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1019, in destroy_pro> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server self.remove_nat_rules(process_id) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/oslo_log/helpers.py", line 67, in wrapper Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server return method(*args, **kwargs) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/lib64/python3.9/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 953, in remove_nat_r> Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server iptables_manager = self.get_router_based_iptables_manager(router) Oct 08 09:54:20 az2-snat-1 neutron_ovn_vpn_agent[808241]: 2025-10-08 09:54:20.033 2 ERROR oslo_messaging.rpc.server TypeError: 'NoneType' object is not callable To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2127157/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
