When there is no openflow firewall, aka the ovs agent security group
is disabled or Noop/HybridIptable, this patch will introduce a different
ingress pipeline for bridge ports which will avoid ingress flood:
(1) table=0, in_port=patch_bridge,dl_vlan=physical_vlan action=mod_vlan:local_vlan,goto:60 (original)
(2) table=60, in_port=patch_bridge action=goto:61 (new)
(3) table=61, dl_dst=local_port_mac,dl_vlan=local_vlan, action=strip_vlan,output:<ofport> (changes)
And changes the local ports pipeline:
(1) table=0, in_port=local_ofport action=goto:25 (original)
(2) table=25, in_port=local_ofport,dl_src=local_port_mac action=goto:60 (original)
(3) table=60, in_port=local_ofport,dl_src=local_port_mac action=local_vlan->reg6,goto:61 (changes)
(4) table=61, dl_dst=local_port_mac,reg6=local_vlan, action=output:<ofport> (changes)
Reviewed: https:/ /review. opendev. org/759367 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=7ce65c94786 d2d144a49cb9915 75534d0771bb20
Committed: https:/
Submitter: Zuul
Branch: stable/rocky
commit 7ce65c94786d2d1 44a49cb99157553 4d0771bb20
Author: LIU Yulong <email address hidden>
Date: Fri Jul 10 17:25:15 2020 +0800
Local mac direct flow for non-openflow firewall
When there is no openflow firewall, aka the ovs agent security group patch_bridge, dl_vlan= physical_ vlan action= mod_vlan: local_vlan, goto:60 (original) patch_bridge action=goto:61 (new) local_port_ mac,dl_ vlan=local_ vlan, action= strip_vlan, output: <ofport> (changes)
is disabled or Noop/HybridIptable, this patch will introduce a different
ingress pipeline for bridge ports which will avoid ingress flood:
(1) table=0, in_port=
(2) table=60, in_port=
(3) table=61, dl_dst=
And changes the local ports pipeline: local_ofport action=goto:25 (original) local_ofport, dl_src= local_port_ mac action=goto:60 (original) local_ofport, dl_src= local_port_ mac action= local_vlan- >reg6,goto: 61 (changes) local_port_ mac,reg6= local_vlan, action= output: <ofport> (changes)
(1) table=0, in_port=
(2) table=25, in_port=
(3) table=60, in_port=
(4) table=61, dl_dst=
Closes-Bug: #1884708
Closes-Bug: #1881070
Related-Bug: #1732067
Related-Bug: #1866445
Related-Bug: #1883321
Conflicts:
neutron/ plugins/ ml2/drivers/ openvswitch/ agent/ovs_ neutron_ agent.py
neutron/ tests/unit/ plugins/ ml2/drivers/ openvswitch/ agent/openflow/ native/ test_br_ int.py
Change-Id: Iecf9cffaf02616 342f1727ad7db85 545d8adbec2 b1a45c9a7b0b05a e163e650fc)
(cherry picked from commit 959d8b6d73e2a6a