neutron creates wrong vlan_tci filter in flow for gateway on flat external network and drops all frames with PCP/COS set in Red Hat OpenStack Platform 13
Issue
Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.
neutron creates wrong vlan_tci filter in flow for gateway on flat external network and drops all frames with PCP/COS set in Red Hat OpenStack Platform 13
How reproducible
Before:
[root@overcloud-controller-0 ~]# ovs-ofctl dump-flows br-int
cookie=0xe8434ff964f0cbac, duration=6774.388s, table=0, n_packets=1, n_bytes=78, priority=3,in_port="int-br-ex",dl_vlan=905 actions=mod_vlan_vid:1,resubmit(,60)
cookie=0xe8434ff964f0cbac, duration=8311.490s, table=0, n_packets=613, n_bytes=47932, priority=2,in_port="int-br-ex" actions=drop
cookie=0xe8434ff964f0cbac, duration=8311.755s, table=0, n_packets=1566, n_bytes=148447, priority=0 actions=resubmit(,60)
cookie=0xe8434ff964f0cbac, duration=8311.757s, table=23, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0xe8434ff964f0cbac, duration=8311.752s, table=24, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0xe8434ff964f0cbac, duration=8311.754s, table=60, n_packets=1567, n_bytes=148525, priority=3 actions=NORMAL
Create router on flat network:
openstack network create provider2 --provider-network-type flat --provider-physical-network datacentre --share --external
openstack subnet create --network provider2 --subnet-range 10.1.0.0/24 provider2-subnet
openstack router create router2
openstack router set --external-gateway provider2 router2
After:
[root@overcloud-controller-0 ~]# ovs-ofctl dump-flows br-int
cookie=0xe8434ff964f0cbac, duration=7228.959s, table=0, n_packets=2, n_bytes=156, priority=3,in_port="int-br-ex",dl_vlan=905 actions=mod_vlan_vid:1,resubmit(,60)
cookie=0xe8434ff964f0cbac, duration=45.778s, table=0, n_packets=0, n_bytes=0, priority=3,in_port="int-br-ex",vlan_tci=0x0000/0x1fff actions=mod_vlan_vid:3,resubmit(,60) # <-------------------------------- issue in this rule
cookie=0xe8434ff964f0cbac, duration=8766.061s, table=0, n_packets=645, n_bytes=50428, priority=2,in_port="int-br-ex" actions=drop
cookie=0xe8434ff964f0cbac, duration=8766.326s, table=0, n_packets=1588, n_bytes=150603, priority=0 actions=resubmit(,60)
cookie=0xe8434ff964f0cbac, duration=8766.328s, table=23, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0xe8434ff964f0cbac, duration=8766.323s, table=24, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0xe8434ff964f0cbac, duration=8766.325s, table=60, n_packets=1590, n_bytes=150759, priority=3 actions=NORMAL
[root@overcloud-controller-0 ~]#
The problematic rule is:
cookie=0xe8434ff964f0cbac, duration=45.778s, table=0, n_packets=0, n_bytes=0, priority=3,in_port="int-br-ex",vlan_tci=0x0000/0x1fff actions=mod_vlan_vid:3,resubmit(,60) # <-------------------------------- issue in this rule
This filter here:
vlan_tci=0x0000/0x1fff
Needs to be:
vlan_tci=0x0000/0x0fff
The existing filter works fine for frames without a dot1q tag. The filter does not work for dot1q tagged frames on VLAN 0. E.g., it COS is modified, frames with VLAN 0 and a COS value will be dropped.
man ovs-ofctl
(...)
The value that vlan_tci matches against is 0 for a packet that has no 802.1Q header. Otherwise, it is the TCI value from the 802.1Q header with the CFI bit (with value 0x1000) forced to 1.
Environment
Red Hat OpenStack Platform 13
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.