Skip to content

OCPBUGS-60805: configure-ovs: work around a Cisco switch issue #5274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 1, 2025
Merged

OCPBUGS-60805: configure-ovs: work around a Cisco switch issue #5274

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions templates/common/_base/files/configure-ovs-network.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -574,6 +574,16 @@ contents:
for conn in "${connections[@]}"; do
local slave_type=$($NMCLI_GET_VALUE connection.slave-type connection show "$conn")
if [ "$slave_type" = "team" ] || [ "$slave_type" = "bond" ]; then
# Work around a Cisco switch issue: if a slave is detached from a bond
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious, this can't be fixed in network manager?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be possible to implement something similar in NetworkManager. When NM detaches the interface from a 802.3ad bond, it could wait until the LACP negotiation is finished, up to a certain time.

However, if we decide to add this workaround to NM, it's more complicated because because it requires to implement new netlink parsing and to make the port detach asynchronous.

Also, it's not clear if this workaround is something that we want to enforce in all situations where NM is running. Perhaps there are scenarios where the user doesn't care if the port gets disabled? In the configure-ovs script the workaround is applied when we are reactivating the ports, and so it's a more controlled environment.

I think it's better for now to do the change in the MCO, and create a task for NM to investigate whether this workaround should be implemented there.

# (e.g. during NM reactivation) before LACP negotiation completes, the
# switch may mishandle LACP packets with agg=0. To avoid this, wait for
# LACP to finish (only applies to LACP bonds in state UP).
slave=$(nmcli -g connection.interface-name connection show "$conn")
if ip -d link show "$slave" | tr '\n' ' ' | grep -q 'state UP.*ad_aggregator_id'; then
if ! timeout 5 bash -c "while [ \$(ip -d link show \"$slave\" | grep -o \"collecting,distributing\" | wc -l) -lt 2 ]; do sleep 1; done"; then
echo "WARNING: LACP negotiation is not yet done on slave $conn."
fi
fi
mod_nm_conn "$conn" connection.autoconnect yes
fi
done
Expand Down