)]}'
{"neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/ovs_bridge.py":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8d270e73081438e75b7b8cc30255e3d084583321","unresolved":false,"context_lines":[{"line_number":95,"context_line":"        self.set_controllers_inactivity_probe(conf.OVS.of_inactivity_probe)"},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"    def drop_port(self, in_port):"},{"line_number":98,"context_line":"        self.install_drop(priority\u003d2, in_port\u003din_port)"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_03ee2287","line":98,"range":{"start_line":98,"start_character":26,"end_line":98,"end_character":36},"updated":"2020-06-19 17:41:09.000000000","message":"How about decrease the priority here?","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"}],"neutron/plugins/ml2/drivers/openvswitch/agent/ovs_dvr_neutron_agent.py":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8d270e73081438e75b7b8cc30255e3d084583321","unresolved":false,"context_lines":[{"line_number":245,"context_line":"        for physical_network in self.bridge_mappings:"},{"line_number":246,"context_line":"            self.phys_brs[physical_network].install_goto("},{"line_number":247,"context_line":"                in_port\u003dself.phys_ofports[physical_network],"},{"line_number":248,"context_line":"                priority\u003d2,"},{"line_number":249,"context_line":"                dest_table_id\u003dconstants.DVR_PROCESS_VLAN)"},{"line_number":250,"context_line":"            self.phys_brs[physical_network].install_goto("},{"line_number":251,"context_line":"                priority\u003d1,"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_e395eee5","line":248,"range":{"start_line":248,"start_character":16,"end_line":248,"end_character":27},"updated":"2020-06-19 17:41:09.000000000","message":"How about increase the priority here?","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"7ab47dabd9978d1bd95d78dcc1465e718724702f","unresolved":false,"context_lines":[{"line_number":245,"context_line":"        for physical_network in self.bridge_mappings:"},{"line_number":246,"context_line":"            self.phys_brs[physical_network].install_goto("},{"line_number":247,"context_line":"                in_port\u003dself.phys_ofports[physical_network],"},{"line_number":248,"context_line":"                priority\u003d2,"},{"line_number":249,"context_line":"                dest_table_id\u003dconstants.DVR_PROCESS_VLAN)"},{"line_number":250,"context_line":"            self.phys_brs[physical_network].install_goto("},{"line_number":251,"context_line":"                priority\u003d1,"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_87dab048","line":248,"range":{"start_line":248,"start_character":16,"end_line":248,"end_character":27},"in_reply_to":"bf51134e_e395eee5","updated":"2020-07-17 08:04:34.000000000","message":"Hi Liu, please review https://review.opendev.org/#/c/741444/.\n\nI think you are right, increasing this priority you can solve DVR and non-DVR, leaving the drop flows untouched.","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"}],"neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"a44f27b0d0cccb1884a6ddfde87c7aa3877f0798","unresolved":false,"context_lines":[{"line_number":1563,"context_line":"            # bridge map settings, these tenant network traffic can also be"},{"line_number":1564,"context_line":"            # blocked by the following drop flows."},{"line_number":1565,"context_line":"            # block all untranslated traffic between bridges"},{"line_number":1566,"context_line":"            self.int_br.drop_port(in_port\u003dint_ofport)"},{"line_number":1567,"context_line":"            br.drop_port(in_port\u003dphys_ofport)"},{"line_number":1568,"context_line":""},{"line_number":1569,"context_line":"            if self.use_veth_interconnection:"},{"line_number":1570,"context_line":"                # enable veth to pass traffic"}],"source_content_type":"text/x-python","patch_set":3,"id":"bf51134e_20cc2769","side":"PARENT","line":1567,"range":{"start_line":1566,"start_character":0,"end_line":1567,"end_character":45},"updated":"2020-06-18 01:46:49.000000000","message":"I checked the code history, this could trace back to the multiple provider-networks, yes a very long time ago, about 8 years. It should be related to these bps:\nhttps://blueprints.launchpad.net/neutron/+spec/provider-networks\nhttps://specs.openstack.org/openstack/neutron-specs/specs/juno/provider-network-partial-specs.html\nhttps://bugs.launchpad.net/openstack-manuals/+bug/1226279\n\nThis is the original commit:\nhttps://review.opendev.org/#/c/11388/11/quantum/plugins/openvswitch/agent/ovs_quantum_agent.py@453\n\nFor my understanding of these drops, it is useful for those packets whose destination is not in this host or just broadcast. Neutron does not accept them and will not allow the to flood (NORMAL) to any ports on this ovs bridge. The following is a running cloud output, you may see there are tons of packets dropped by these flows:\n# ovs-ofctl dump-flows br-int|grep drop\n cookie\u003d0xfdc9b65a3c57ece4, duration\u003d76264.990s, table\u003d0, n_packets\u003d243569, n_bytes\u003d16509630, idle_age\u003d65534, hard_age\u003d65534, priority\u003d2,in_port\u003d5793 actions\u003ddrop\n cookie\u003d0xfdc9b65a3c57ece4, duration\u003d76264.989s, table\u003d0, n_packets\u003d7846375815, n_bytes\u003d710820826710, idle_age\u003d0, hard_age\u003d65534, priority\u003d2,in_port\u003d5794 actions\u003ddrop\n\n# ovs-ofctl show br-int|grep addr|grep 5793\n 5793(int-br-ex): addr:4e:32:1b:84:c5:af\n# ovs-ofctl show br-int|grep addr|grep 5794\n 5794(int-br-vlan): addr:b6:91:c2:fe:2f:9e\n\nSo, IMO, we should keep these drops. But instead of driectly removing these code, I suggest that you can add a new config option (need to be approved by the team). If your local cloud wants to disable it, do it by setting this. The default behavior should not be changed.","commit_id":"2ac52607c266e593700be0784ebadc77789070ff"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"b9c7db45053e62c2adf24dcc80fadbf3ea6e2543","unresolved":false,"context_lines":[{"line_number":1564,"context_line":"            # blocked by the following drop flows."},{"line_number":1565,"context_line":"            # block all untranslated traffic between bridges"},{"line_number":1566,"context_line":"            self.int_br.drop_port(in_port\u003dint_ofport)"},{"line_number":1567,"context_line":"            br.drop_port(in_port\u003dphys_ofport)"},{"line_number":1568,"context_line":""},{"line_number":1569,"context_line":"            if self.use_veth_interconnection:"},{"line_number":1570,"context_line":"                # enable veth to pass traffic"}],"source_content_type":"text/x-python","patch_set":3,"id":"bf51134e_acf4fbd0","side":"PARENT","line":1567,"updated":"2020-06-14 08:36:43.000000000","message":"I\u0027m not sure if we should completely drop those rules. It\u0027s there for a specific reason.\nMaybe we don\u0027t need them to be installed in case of dvr, as it will be overwritten quickly but in non-dvr case those rules are still needed IMO.","commit_id":"2ac52607c266e593700be0784ebadc77789070ff"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cf4f297b240c7af4cd17e497a27bd0650d0fe3a5","unresolved":false,"context_lines":[{"line_number":988,"context_line":"                           \u0027net_uuid\u0027: net_uuid})"},{"line_number":989,"context_line":"        elif network_type \u003d\u003d n_const.TYPE_FLAT:"},{"line_number":990,"context_line":"            if physical_network in self.phys_brs:"},{"line_number":991,"context_line":"                self._local_vlan_for_flat(lvid, physical_network)"},{"line_number":992,"context_line":"            else:"},{"line_number":993,"context_line":"                LOG.error(\"Cannot provision flat network for \""},{"line_number":994,"context_line":"                          \"net-id\u003d%(net_uuid)s - no bridge for \""}],"source_content_type":"text/x-python","patch_set":4,"id":"bf51134e_01f11ece","line":991,"updated":"2020-06-18 11:48:40.000000000","message":"pep8: E303 too many blank lines (2)","commit_id":"fb45112d37a9fe3ad404ca8242aba7b975537d48"},{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cf4f297b240c7af4cd17e497a27bd0650d0fe3a5","unresolved":false,"context_lines":[{"line_number":988,"context_line":"                           \u0027net_uuid\u0027: net_uuid})"},{"line_number":989,"context_line":"        elif network_type \u003d\u003d n_const.TYPE_FLAT:"},{"line_number":990,"context_line":"            if physical_network in self.phys_brs:"},{"line_number":991,"context_line":"                self._local_vlan_for_flat(lvid, physical_network)"},{"line_number":992,"context_line":"            else:"},{"line_number":993,"context_line":"                LOG.error(\"Cannot provision flat network for \""},{"line_number":994,"context_line":"                          \"net-id\u003d%(net_uuid)s - no bridge for \""}],"source_content_type":"text/x-python","patch_set":4,"id":"bf51134e_e1eb4ad9","line":991,"updated":"2020-06-18 11:48:40.000000000","message":"pep8: E501 line too long (80 \u003e 79 characters)","commit_id":"fb45112d37a9fe3ad404ca8242aba7b975537d48"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"ea279adaad46fbbfcb1c94afa3b3c33f83a9109e","unresolved":false,"context_lines":[{"line_number":1554,"context_line":""},{"line_number":1555,"context_line":"            # following drop operations are duplicate for"},{"line_number":1556,"context_line":"            # dvr agent setup_dvr_flows. So skip it if dvr enabled"},{"line_number":1557,"context_line":"            if not self.enable_distributed_routing:"},{"line_number":1558,"context_line":"                # These two drop flows are the root cause for the bug #1803919."},{"line_number":1559,"context_line":"                # And now we add a rpc check during agent start procedure. If"},{"line_number":1560,"context_line":"                # ovs agent can not reach any neutron server, or all neutron"}],"source_content_type":"text/x-python","patch_set":4,"id":"bf51134e_d8971b90","line":1557,"updated":"2020-06-18 10:00:39.000000000","message":"Hi Norman. If those two rules are a duplicate of the rules installed in the DVR setup, that should not affect.\n\nI think the problem you are experiencing is not due to those rules but to the physical bridge cleanup done in L1498. Do you have \"drop_flows_on_start\" set to False?\n\nThen, during the first polling loop, the agent will call \"cleanup_stale_flows\" (only once as long as no phy bridge is recreated).\n\nAlso remember that during a OVS restart, the local vlan mapping changes.","commit_id":"fb45112d37a9fe3ad404ca8242aba7b975537d48"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"ed08732f50ed36b9e2f033e5505181632b013c69","unresolved":false,"context_lines":[{"line_number":1557,"context_line":"            # for br_physical drop_port is dangerous because when dvr"},{"line_number":1558,"context_line":"            # enabled the highest flow on table\u003d0 is 2 which means"},{"line_number":1559,"context_line":"            # basically everything will be dropped until setup_dvr_flows"},{"line_number":1560,"context_line":"            # got executed."},{"line_number":1561,"context_line":"            if not self.enable_distributed_routing:"},{"line_number":1562,"context_line":"                # These two drop flows are the root cause for the bug #1803919."},{"line_number":1563,"context_line":"                # And now we add a rpc check during agent start procedure. If"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_5193c8a3","line":1560,"updated":"2020-06-19 13:16:02.000000000","message":"yes, in case of dvr this shouldn\u0027t be installed here becuase dvr_agent\u0027s class will similar drop rules in:\n\n cookie\u003d0x3b1089e77cdd13ca, duration\u003d390.892s, table\u003d2, n_packets\u003d326, n_bytes\u003d18372, idle_age\u003d1, priority\u003d2,in_port\u003d1 actions\u003ddrop\n\nAnd installing that rule here is causing short breakage of the vlan networks in setup with dvr.","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"76e1f4a1f39613dd5ec99ef090eee1a58694ba49","unresolved":false,"context_lines":[{"line_number":1557,"context_line":"            # for br_physical drop_port is dangerous because when dvr"},{"line_number":1558,"context_line":"            # enabled the highest flow on table\u003d0 is 2 which means"},{"line_number":1559,"context_line":"            # basically everything will be dropped until setup_dvr_flows"},{"line_number":1560,"context_line":"            # got executed."},{"line_number":1561,"context_line":"            if not self.enable_distributed_routing:"},{"line_number":1562,"context_line":"                # These two drop flows are the root cause for the bug #1803919."},{"line_number":1563,"context_line":"                # And now we add a rpc check during agent start procedure. If"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_f7f0faff","line":1560,"in_reply_to":"bf51134e_023f40d6","updated":"2020-06-21 10:41:43.000000000","message":"yes, this rule is in physical bridge (br-ex in my case)","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8d270e73081438e75b7b8cc30255e3d084583321","unresolved":false,"context_lines":[{"line_number":1557,"context_line":"            # for br_physical drop_port is dangerous because when dvr"},{"line_number":1558,"context_line":"            # enabled the highest flow on table\u003d0 is 2 which means"},{"line_number":1559,"context_line":"            # basically everything will be dropped until setup_dvr_flows"},{"line_number":1560,"context_line":"            # got executed."},{"line_number":1561,"context_line":"            if not self.enable_distributed_routing:"},{"line_number":1562,"context_line":"                # These two drop flows are the root cause for the bug #1803919."},{"line_number":1563,"context_line":"                # And now we add a rpc check during agent start procedure. If"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_023f40d6","line":1560,"in_reply_to":"bf51134e_5193c8a3","updated":"2020-06-19 17:41:09.000000000","message":"Your pasted flow here is on physical bridges?","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"357f9211850790bfb6109712d988dfcf62de13da","unresolved":false,"context_lines":[{"line_number":1560,"context_line":"            # got executed."},{"line_number":1561,"context_line":"            if not self.enable_distributed_routing:"},{"line_number":1562,"context_line":"                # These two drop flows are the root cause for the bug #1803919."},{"line_number":1563,"context_line":"                # And now we add a rpc check during agent start procedure. If"},{"line_number":1564,"context_line":"                # ovs agent can not reach any neutron server, or all neutron"},{"line_number":1565,"context_line":"                # servers are down, these flows will not be installed anymore."},{"line_number":1566,"context_line":"                # Bug #1803919 was fixed in that way."},{"line_number":1567,"context_line":"                # And as a reminder, we can not do much work on this. Because"},{"line_number":1568,"context_line":"                # the bridge mappings can be varied. Provider (external)"},{"line_number":1569,"context_line":"                # network can be implicitly set on any physical bridge"},{"line_number":1570,"context_line":"                # due to the basic NORMAL flow."},{"line_number":1571,"context_line":"                # Different vlan range networks can also have many"},{"line_number":1572,"context_line":"                # bridge map settings, these tenant network traffic can also be"},{"line_number":1573,"context_line":"                # blocked by the following drop flows."}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_1118307f","line":1570,"range":{"start_line":1563,"start_character":16,"end_line":1570,"end_character":47},"updated":"2020-06-19 13:41:51.000000000","message":"(not related to this patch directly). This comment is not valid anymore IMO. See https://bugs.launchpad.net/neutron/+bug/1884254","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8d270e73081438e75b7b8cc30255e3d084583321","unresolved":false,"context_lines":[{"line_number":1572,"context_line":"                # bridge map settings, these tenant network traffic can also be"},{"line_number":1573,"context_line":"                # blocked by the following drop flows."},{"line_number":1574,"context_line":"                # block all untranslated traffic between bridges"},{"line_number":1575,"context_line":"                self.int_br.drop_port(in_port\u003dint_ofport)"},{"line_number":1576,"context_line":"                br.drop_port(in_port\u003dphys_ofport)"},{"line_number":1577,"context_line":""},{"line_number":1578,"context_line":"            if self.use_veth_interconnection:"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_2315264b","line":1575,"range":{"start_line":1575,"start_character":16,"end_line":1575,"end_character":57},"updated":"2020-06-19 17:41:09.000000000","message":"Once more, please make sure this removal does not introduce some ingress flooding on br-int.","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8d270e73081438e75b7b8cc30255e3d084583321","unresolved":false,"context_lines":[{"line_number":1573,"context_line":"                # blocked by the following drop flows."},{"line_number":1574,"context_line":"                # block all untranslated traffic between bridges"},{"line_number":1575,"context_line":"                self.int_br.drop_port(in_port\u003dint_ofport)"},{"line_number":1576,"context_line":"                br.drop_port(in_port\u003dphys_ofport)"},{"line_number":1577,"context_line":""},{"line_number":1578,"context_line":"            if self.use_veth_interconnection:"},{"line_number":1579,"context_line":"                # enable veth to pass traffic"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_c3342afe","line":1576,"range":{"start_line":1576,"start_character":16,"end_line":1576,"end_character":49},"updated":"2020-06-19 17:41:09.000000000","message":"This should be the main reason of the drop after my testing of Line 1592.","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"76e1f4a1f39613dd5ec99ef090eee1a58694ba49","unresolved":false,"context_lines":[{"line_number":1573,"context_line":"                # blocked by the following drop flows."},{"line_number":1574,"context_line":"                # block all untranslated traffic between bridges"},{"line_number":1575,"context_line":"                self.int_br.drop_port(in_port\u003dint_ofport)"},{"line_number":1576,"context_line":"                br.drop_port(in_port\u003dphys_ofport)"},{"line_number":1577,"context_line":""},{"line_number":1578,"context_line":"            if self.use_veth_interconnection:"},{"line_number":1579,"context_line":"                # enable veth to pass traffic"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_77e4ea3c","line":1576,"range":{"start_line":1576,"start_character":16,"end_line":1576,"end_character":49},"in_reply_to":"bf51134e_c3342afe","updated":"2020-06-21 10:41:43.000000000","message":"yes, that is correct.","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8d270e73081438e75b7b8cc30255e3d084583321","unresolved":false,"context_lines":[{"line_number":1589,"context_line":"                                             \u0027options\u0027, {\u0027peer\u0027: phys_if_name})"},{"line_number":1590,"context_line":"                br.set_db_attribute(\u0027Interface\u0027, phys_if_name,"},{"line_number":1591,"context_line":"                                    \u0027options\u0027, {\u0027peer\u0027: int_if_name})"},{"line_number":1592,"context_line":""},{"line_number":1593,"context_line":"    def update_stale_ofport_rules(self):"},{"line_number":1594,"context_line":"        # ARP spoofing rules and drop-flow upon port-delete"},{"line_number":1595,"context_line":"        # use ofport-based rules"}],"source_content_type":"text/x-python","patch_set":5,"id":"bf51134e_837cf2b5","line":1592,"updated":"2020-06-19 17:41:09.000000000","message":"Add a sleep(600) here I see the problem, due to the same priority and match rule, the flow on physical bridge was changed from:\n\n\u0027\u0027\u0027table\u003d0, n_packets\u003d35024, n_bytes\u003d4019144, priority\u003d2,in_port\u003d\"phy-br-vlan\" actions\u003dgoto_table:1\u0027\u0027\u0027\n\nto:\n\u0027\u0027\u0027table\u003d0, n_packets\u003d35031, n_bytes\u003d4019970, priority\u003d2,in_port\u003d\"phy-br-vlan\" actions\u003ddrop\u0027\u0027\u0027\n\nSo how about change the priority of the dvr goto flow with a higher value?","commit_id":"90212b12cdf62e92d811997ebba699cab431d696"}]}