Monday, 2024-03-04

« Sunday, 2024-03-03 Index Tuesday, 2024-03-05 »
opendevreviewJake Yip proposed openstack/neutron unmaintained/yoga: 'DNM: check upper-constraints redirect'  https://review.opendev.org/c/openstack/neutron/+/91086600:10
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Make mandatory the router name in the LRP.external_ids  https://review.opendev.org/c/openstack/neutron/+/91022208:10
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Create an OVN DB transaction context decorator  https://review.opendev.org/c/openstack/neutron/+/91053808:12
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] "Logical_Router" pinned to chassis, OVN L3 scheduler  https://review.opendev.org/c/openstack/neutron/+/90919408:14
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Provide HA functionality to "Logical_Router" chassis pinning  https://review.opendev.org/c/openstack/neutron/+/90943708:14
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Implement OVN agent metadata extension  https://review.opendev.org/c/openstack/neutron/+/89823808:25
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] "Logical_Router" pinned to chassis, OVN L3 scheduler  https://review.opendev.org/c/openstack/neutron/+/90919408:26
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Provide HA functionality to "Logical_Router" chassis pinning  https://review.opendev.org/c/openstack/neutron/+/90943708:27
ralonsohslaweq, hello! good morning. I rebased https://review.opendev.org/c/openstack/neutron/+/910222 to allow gerrit to merge this patch. I didn't make any change09:01
ralonsohif you have 10 secs, thanks!09:01
slaweqralonsoh done09:03
ralonsohthanks!09:05
noonedeadpunkhey folks! I need help with OVN BGP agent. Basically in the part of how traffic from br-ex.vlan should get to the physical interface? As I got - physical interface should be removed from OVS br-ex bridge, as then ovn-bgp-agent does create/manage this interface in kernel space10:37
noonedeadpunkbut I don't see anything which would connect physical interface with routing tables for br-ext.vlan10:38
noonedeadpunkcan somebody help me out a bit to figure out how this type of connectivity intend to work?10:39
opendevreviewMerged openstack/neutron stable/2023.2: [stable-only][OVN] Set VETH interface MAC address before up  https://review.opendev.org/c/openstack/neutron/+/91071410:39
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Enable "ha" API flag for OVN routers  https://review.opendev.org/c/openstack/neutron/+/91088910:41
opendevreviewMerged openstack/neutron stable/2023.1: [stable-only][OVN] Set VETH interface MAC address before up  https://review.opendev.org/c/openstack/neutron/+/91071510:42
opendevreviewMerged openstack/neutron stable/zed: [stable-only][OVN] Set VETH interface MAC address before up  https://review.opendev.org/c/openstack/neutron/+/91071610:42
ralonsohnoonedeadpunk, did you open a LP bug? Please talk to ltomasbo (if available)10:42
opendevreviewMerged openstack/neutron master: Fix iptables mapping of 'ipip' protocol  https://review.opendev.org/c/openstack/neutron/+/90994310:44
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Enable "ha" API flag for OVN routers  https://review.opendev.org/c/openstack/neutron/+/91088910:45
noonedeadpunkno, as I'm not sure it's a bug...10:45
noonedeadpunkExcept maybe documentation bug, but I'm not sure yet10:46
noonedeadpunkSo intention was to validate that and update docs if applicable10:46
noonedeadpunkAnd I'm unsure for creating a bug until I'm really sure it's a bug and not intended behaviour that I just don't get...10:50
ltomasbohello noonedeadpunk10:51
noonedeadpunk\o/10:51
ltomasbonoonedeadpunk, what driver are you using? bgp one?10:51
noonedeadpunknb_ovn_bgp_driver and underlay exposure method10:52
ltomasbonoonedeadpunk, kernel networking is used to connect between the physical nic and the br-ex10:52
noonedeadpunkI do see a routing table being created and ovs flows to redirect traffic10:52
ltomasbonoonedeadpunk, great! so, in that case, you should have a rule for the IP (ip rule show) that would redirect the traffic to an specific routing table10:52
noonedeadpunkYup, and I have them, sec10:53
ltomasbonoonedeadpunk, by default it will be named br-ex, so then you can do "ip route show table br-ex", and you should find there the routes redirecting the traffic through the vlan device br-ex.vlan to br-ex10:53
opendevreviewRodolfo Alonso proposed openstack/neutron stable/2023.2: [OVN] Set MTU of the VETH interfaces between OVS and metadata  https://review.opendev.org/c/openstack/neutron/+/91071710:53
ltomasbonoonedeadpunk, it can be a bit old and some things may have changed slightly, but the main blocks are explained here: https://luis5tb.github.io/bgp/2021/02/04/ovn-bgp-agent-in-depth-traffic-flow-inspection.html10:54
noonedeadpunkltomasbo: br-provider is our name for br-ex: https://paste.openstack.org/show/begAKyX8WSGhquMbRtU9/10:54
opendevreviewRodolfo Alonso proposed openstack/neutron stable/2023.1: [OVN] Set MTU of the VETH interfaces between OVS and metadata  https://review.opendev.org/c/openstack/neutron/+/91071810:54
noonedeadpunkbut then what should connect say - br-provide.3102 with bond0.3102?10:55
noonedeadpunkOr it should be using default route or...10:55
noonedeadpunk203.0.113.54 is a router IP10:56
noonedeadpunkAnd I get SRC-NAT traffic from VM on br-provide.310210:56
ltomasbonoonedeadpunk, ahh, I see. The idea is that you should use ECMP instead of bonding, as you can rely on BGP now10:57
noonedeadpunkAnd also I do see DST traffic to the router on bond0 (as FRR config is injected properly)10:57
ltomasbonoonedeadpunk, as it relies on kernel routing, it indeed need either a default route or some specific route in the main routing table to send the traffic out10:57
noonedeadpunkltomasbo: Ok, so basically FRR should be configured to accept incoming routes as well?10:57
noonedeadpunkas example...10:58
noonedeadpunkok, yes, or a static route in a default table10:58
ltomasbonoonedeadpunk, well... that depends on how you want to deploy. You can enable learning if you want, but for scaling purposes what we assume is that compute nodes will be connected to leaf, and that should be their default routes, so no need for learning routes, but just have a default route to the leaf(s)10:58
ltomasbonoonedeadpunk, we usually use something like this to only learn the default route: https://opendev.org/openstack/ovn-bgp-agent/src/branch/master/etc/frr/frr.conf#L3511:00
noonedeadpunkoh, actually compute nodes were second question if you may. there's contraversary in docs about compute nodes. Given that VMs having only geneve (east/west), is there still a need for bgp-agent on computes? Or it's ok to have it only on net nodes for FIP/routers?11:00
noonedeadpunkltomasbo: yeah, I took that example :)11:01
noonedeadpunks/net nodes/gateway nodes/11:01
ltomasbonoonedeadpunk, it depends... if you deploy without DVR, there is no need to have ovn-bgp-agent in the computes, as everything would be advertized from the gateway nodes11:02
noonedeadpunkthinking about the scenario where gateway is not on computes and enable_distributed_floating_ip=False11:02
ltomasbonoonedeadpunk, but if you have DVR enabled, then FIPs or IPs on the provider will be directly exposed from the compute nodes11:02
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Implement OVN agent metadata extension  https://review.opendev.org/c/openstack/neutron/+/89823811:02
ltomasboahh, ok, if that is the case, no, you don't need them on the computes, only in the networkers/gateways11:02
noonedeadpunkltomasbo: ok, thanks a lot for answers, I guess I have a more clear picture now! I will contribute back to docs then with some small nit I've found11:03
noonedeadpunkps: there's also another fix to interface trimming I've faced: https://review.opendev.org/c/openstack/ovn-bgp-agent/+/910654 as `br-provider` I'm having is not fitting 15 chars when VLAN is assigned :(11:04
ltomasbonoonedeadpunk, you're welcome! and please do! And keep questions coming! as well as concerns about missing functionality, other needs, etc. It is great to have extra perspectives on this!11:04
ltomasbonoonedeadpunk, ohh, I missed that one! Will review it asap11:04
noonedeadpunknot 100% sure I catched all cases though....11:05
noonedeadpunkBut locally it seems working11:05
noonedeadpunkand yeah, I guess I get to this situation with bonds/bridges as converting working "default" OVN to ovn-bgp-agent setup and trying to find on how make such thing in a least painful manner11:07
noonedeadpunkltomasbo: sorry, I was thinking about your ECMP advise, but how east-west will be handled then? throught the single interface or separate nic?11:51
ltomasbonoonedeadpunk, umm, that is actually a really good question11:57
ltomasbonoonedeadpunk, it should use the IP from the loopback for the compute, so it can use the same nics11:59
noonedeadpunkand then also be routed, yeah, ok makes sense12:01
opendevreviewMerged openstack/ovn-bgp-agent master: Fix OVN LB Delete events for NB driver  https://review.opendev.org/c/openstack/ovn-bgp-agent/+/90578312:11
opendevreviewLuis Tomas Bolivar proposed openstack/ovn-bgp-agent stable/2023.2: Fix OVN LB Delete events for NB driver  https://review.opendev.org/c/openstack/ovn-bgp-agent/+/91062012:17
noonedeadpunkoh, actually I think I've faced that ^ but haven't checked what was the reason12:18
jlibosvaralonsoh: hi, doing my bug deputy duty and I see https://bugs.launchpad.net/neutron/+bug/2055561 already has all patches merged. Can I close the LP as done or is there anything else required?13:35
ralonsohjlibosva, let me check13:53
jlibosvathanks13:53
ralonsohjlibosva, ah yes, the problem is that launchpad won't change a stable-only status 13:54
ralonsohyes, that should be closed now13:54
jlibosvaI thought so but wanted to check first. I'm gonna close it as released13:54
jlibosvathanks ralonsoh !13:54
ralonsohsure13:54
opendevreviewMerged openstack/ovn-bgp-agent stable/2023.2: Fix OVN LB Delete events for NB driver  https://review.opendev.org/c/openstack/ovn-bgp-agent/+/91062013:58
opendevreviewMerged openstack/neutron master: [OVN] Make mandatory the router name in the LRP.external_ids  https://review.opendev.org/c/openstack/neutron/+/91022214:23
opendevreviewRodolfo Alonso proposed openstack/neutron master: [FT] Check "Port_Binding" register exists before checking type  https://review.opendev.org/c/openstack/neutron/+/91094114:26
noonedeadpunkltomasbo_: sorry it's me again:) looking at routing tables/interfaces, started wondering if there is/was a reason not to spawn frr/agent inside a namespace? then it could be potentially slightly easier not to mess up with routing on hosts and have some kind of isolation...15:55
ltomasbo_the routes are added on different routing tables15:58
ltomasbo_it will be a mess to have to plug interfaces across that namespace in and out, no?15:59
noonedeadpunkok, so I'm thinking of the usecase of the "air-gapped" environemnt, where components of host os ideally should not have access to public networks15:59
ltomasbo_we are also adding support VRF so that it is isolated in its own vxlan/vni15:59
noonedeadpunkwith "native" ovn you give an interface and it's all done in ovs15:59
noonedeadpunkbut it's for incoming traffic rather then outgoing?15:59
noonedeadpunkbut yeah, I see how limited sense this might have...16:00
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Create an OVN DB transaction context decorator  https://review.opendev.org/c/openstack/neutron/+/91053816:00
noonedeadpunkI was more trying to prevent host OS reaching the internet through the default gateway16:01
noonedeadpunkas in current setup "default" gateway is pretty much just mgmt network with access to local mirrors16:02
noonedeadpunkbut I guess I do see how against the concept it is16:05
ltomasbo_noonedeadpunk, yep, for that, probably this is what you need: https://review.opendev.org/c/openstack/ovn-bgp-agent/+/90650516:09
ltomasbo_noonedeadpunk, that way, it is not exposing routes in the underlay, but in a given VRF16:09
ltomasbo_and you can have different gateways for the different VRFs16:09
noonedeadpunkfrankly speaking, I guess what I'd need would be ovn expose method, if it was only supporting ipv616:10
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] "Logical_Router" pinned to chassis, OVN L3 scheduler  https://review.opendev.org/c/openstack/neutron/+/90919416:10
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Provide HA functionality to "Logical_Router" chassis pinning  https://review.opendev.org/c/openstack/neutron/+/90943716:10
ltomasbo_noonedeadpunk, this is more similar to the work I described here: https://luis5tb.github.io/bgp/2021/06/25/openstack-networking-with-evpn.html16:10
ltomasbo_noonedeadpunk, ohh, it is in the roadmap16:11
ltomasbo_noonedeadpunk, it should be simple to add actually, I can probably work on that next week and try to complete that part (though it was missing proper BFD support due to an issue with core OVN not enforcing BFD on policies)16:12
noonedeadpunkas that setup really sounds like providing decent isolation and has quite some benefits...16:12
ltomasbo_noonedeadpunk, indeed, yes! that one is not using kernel networking and allows datapath acceleration16:12
noonedeadpunkhuh, well. I'd better test that out instead of checking on namespaces for sure xD16:13
noonedeadpunkOk, I will try to complete current underlay setup anyway before moving on to ovn jsut to ensure I have at least one option fully working16:15
noonedeadpunkthanks a lot for answering!16:15
ltomasbo_great! and if later you want to discuss about your use case let me know, it would be nice what could be improved to better support it16:16
noonedeadpunkyeah, sure, I'm though not 100% sure of what specifically we want. I'm not a networking guy per say, but have to combine all pieces together, while having mixed requirements from both sides16:17
opendevreviewBrian Haley proposed openstack/neutron stable/2023.2: Fix iptables mapping of 'ipip' protocol  https://review.opendev.org/c/openstack/neutron/+/91091116:18
opendevreviewBrian Haley proposed openstack/neutron stable/2023.1: Fix iptables mapping of 'ipip' protocol  https://review.opendev.org/c/openstack/neutron/+/91091216:18
noonedeadpunkbut for sure will come back with some explanations/experiences16:19
opendevreviewBrian Haley proposed openstack/neutron stable/zed: Fix iptables mapping of 'ipip' protocol  https://review.opendev.org/c/openstack/neutron/+/91091316:19
opendevreviewRodolfo Alonso proposed openstack/neutron master: Exclude files from coverage check, improve overall result  https://review.opendev.org/c/openstack/neutron/+/91096816:44
opendevreviewRoberto Acosta proposed openstack/neutron master: [ML2/OVN] Add external_ids key for Static Routes  https://review.opendev.org/c/openstack/neutron/+/90748918:05
opendevreviewRoberto Acosta proposed openstack/neutron master: [ML2/OVN] Add external_ids key for SNAT rules  https://review.opendev.org/c/openstack/neutron/+/90791521:49
« Sunday, 2024-03-03 Index Tuesday, 2024-03-05 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!