[OVN] Ensure traffic for provider vlan networks is not tunneled

This patch adds an extra checking to ensure the
"reside-on-redirect-chassis" is set to true for the logical
router port associated to vlan provider network despite having
the "ovn_distributed_floating_ip" enabled or not. This is needed
as there is an OVN bug [1] making it not work as expected.

Note setting this to true has implications as the traffic will be
centrallized (but not tunneled) through the node with the gateway
port.

The expected behavior of this flag, once [1] is fixed is:
- reside-on-redirect-chassis flag to False: means traffic goes
  tunneled to the controller with the gateway port. Means it requires
  extra MTU reduction to work.
- reside-on-redirect-chassis flag to True: means traffic is not
  tunneled to the controller with the gateway port, but the traffic is
  centralized through the controller with the gateway port. Thus it
  does not require extra MTU reduction.
- reside-on-redirect-chassis to False, but with ovn-chassis-mac-mappings
  configured: means the traffic is fully distributed and it is not being
  tunneled, nor sent, through the controller with the gateway port. This
  is the preferred option as it does not require MTU reduction and it
  avoids the extra hop. However it is not working as expected, therefore
  the fallback to set reside-on-redirect-chassis to True.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2162756

Closes-Bug: #2003455
Change-Id: I662cb30c842e54bb9f7dabac5519283aa7c7f8d0
(cherry picked from commit acb809e)

Author: luis5tb

neutron/common/ovn/utils.py

@@ -21,6 +21,7 @@
 from neutron_lib.api.definitions import l3
 from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api.definitions import portbindings
+from neutron_lib.api.definitions import provider_net
 from neutron_lib.api import validators
 from neutron_lib import constants as const
 from neutron_lib import context as n_context
@@ -610,6 +611,10 @@ def is_gateway_chassis_invalid(chassis_name, gw_chassis,
 
 
 def is_provider_network(network):
+    return network.get(provider_net.PHYSICAL_NETWORK, False)
+
+
+def is_external_network(network):
     return network.get(external_net.EXTERNAL, False)
 
 

neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/maintenance.py

@@ -831,7 +831,10 @@ def check_vlan_distributed_ports(self):
         # Get router ports belonging to VLAN networks
         vlan_nets = self._ovn_client._plugin.get_networks(
             context, {pnet.NETWORK_TYPE: [n_const.TYPE_VLAN]})
-        vlan_net_ids = [vn['id'] for vn in vlan_nets]
+        # FIXME(ltomasbo): Once Bugzilla 2162756 is fixed the
+        # is_provider_network check should be removed
+        vlan_net_ids = [vn['id'] for vn in vlan_nets
+                        if not utils.is_provider_network(vn)]
         router_ports = self._ovn_client._plugin.get_ports(
             context, {'network_id': vlan_net_ids,
                       'device_owner': n_const.ROUTER_PORT_OWNERS})

neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py

@@ -1247,7 +1247,7 @@ def _get_nets_and_ipv6_ra_confs_for_router_port(self, context, port):
                 # leak the RAs generated for the tenant networks via the
                 # provider network
                 ipv6_ra_configs['send_periodic'] = 'true'
-                if is_gw_port and utils.is_provider_network(net):
+                if is_gw_port and utils.is_external_network(net):
                     ipv6_ra_configs['send_periodic'] = 'false'
                 ipv6_ra_configs['mtu'] = str(net['mtu'])
 
@@ -1559,9 +1559,12 @@ def _gen_router_port_options(self, port, network=None):
         # logical router port is centralized in the chassis hosting the
         # distributed gateway port.
         # https://github.com/openvswitch/ovs/commit/85706c34d53d4810f54bec1de662392a3c06a996
+        # FIXME(ltomasbo): Once Bugzilla 2162756 is fixed the
+        # is_provider_network check should be removed
         if network.get(pnet.NETWORK_TYPE) == const.TYPE_VLAN:
             options[ovn_const.LRP_OPTIONS_RESIDE_REDIR_CH] = (
-                'false' if ovn_conf.is_ovn_distributed_floating_ip()
+                'false' if (ovn_conf.is_ovn_distributed_floating_ip() and
+                            not utils.is_provider_network(network))
                 else 'true')
 
         is_gw_port = const.DEVICE_OWNER_ROUTER_GW == port.get(
@@ -1976,8 +1979,9 @@ def update_network(self, context, network, original_network=None):
                 for subnet in subnets:
                     self.update_subnet(context, subnet, network, txn)
 
-                if utils.is_provider_network(network):
-                    # make sure to use admin context as this is a providernet
+                if utils.is_external_network(network):
+                    # make sure to use admin context as this is a external
+                    # network
                     self.set_gateway_mtu(n_context.get_admin_context(),
                                          network, txn)
 

releasenotes/notes/bug-2003455-b502cc637427560e.yaml

@@ -0,0 +1,19 @@
+---
+fixes:
+  - |
+    [`bug 2003455 <https://bugs.launchpad.net/neutron/+bug/2003455>`_]
+    It is added an extra checking to ensure the "reside-on-redirect-chassis"
+    is set to true for the logical router port associated to vlan provider
+    network despite having the "ovn_distributed_floating_ip" enabled or not.
+    This is needed as there is an OVN bug
+    (https://bugzilla.redhat.com/show_bug.cgi?id=2162756) making it not work
+    as expected. Until that is fixed, we need these workaround
+    that makes the traffic centrallized, but not tunneled, through the node
+    with the gateway port, thus avoiding MTU issues.
+issues:
+  - |
+    Until the OVN bug (https://bugzilla.redhat.com/show_bug.cgi?id=2162756)
+    is fixed, setting the "reside-on-redirect-chassis" to true for the logical
+    router port associated to vlan provider network is needed. This workaround
+    makes the traffic centrallized, but not tunneled, through the node
+    with the gateway port, thus avoiding MTU issues.