diff options
author | Oleg Bondarev <oleg.bondarev@huawei.com> | 2022-03-03 17:11:25 +0300 |
---|---|---|
committer | Oleg Bondarev <oleg.bondarev@huawei.com> | 2022-03-03 18:28:42 +0300 |
commit | c02916de4ef63c338a13b1626bc3917bcfa34bf6 (patch) | |
tree | 6593743a242a31c35771f6a809083bcf1b2e262c | |
parent | b072cbf05f079519e379b2bfebe27846ae612275 (diff) | |
download | neutron-c02916de4ef63c338a13b1626bc3917bcfa34bf6.tar.gz |
Local IP: use LOCAL_IP_TABLE for back flows if no OVS fw
When using static NAT for Local IP translation
ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE should be used for back
(learned) flows only in case openvswitch security groups are used.
Otherwise need to use LOCAL_IP_TABLE.
Partial-Bug: #1930200
Change-Id: Ie08a26fab3b23507085e00b02c7e11e037a44f62
-rw-r--r-- | neutron/agent/l2/extensions/local_ip.py | 14 | ||||
-rw-r--r-- | neutron/tests/unit/agent/l2/extensions/test_local_ip.py | 2 |
2 files changed, 11 insertions, 5 deletions
diff --git a/neutron/agent/l2/extensions/local_ip.py b/neutron/agent/l2/extensions/local_ip.py index e5e342c4d8..bca56f7d10 100644 --- a/neutron/agent/l2/extensions/local_ip.py +++ b/neutron/agent/l2/extensions/local_ip.py @@ -47,9 +47,7 @@ class LocalIPAgentExtension(l2_extension.L2AgentExtension): 'currently uses %(driver_type)s', {'driver_type': driver_type}) sys.exit(1) - if (cfg.CONF.SECURITYGROUP.enable_security_group and - cfg.CONF.SECURITYGROUP.firewall_driver == 'openvswitch' and - not cfg.CONF.LOCAL_IP.static_nat): + if self._is_ovs_firewall() and not cfg.CONF.LOCAL_IP.static_nat: LOG.error('In order to use Local IP extension together with ' 'openvswitch firewall please set static_nat config to ' 'True') @@ -293,7 +291,10 @@ class LocalIPAgentExtension(l2_extension.L2AgentExtension): self._tcp_flow_match_specs(ofpp), self._udp_flow_match_specs(ofpp)]: flow_specs = common_specs + specs - learn_table = ovs_constants.ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE + learn_table = ovs_constants.LOCAL_IP_TABLE + if self._is_ovs_firewall(): + learn_table = ovs_constants.\ + ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE actions = [ ofpp.OFPActionSetField(eth_dst=mac), ofpp.NXActionLearn( @@ -354,3 +355,8 @@ class LocalIPAgentExtension(l2_extension.L2AgentExtension): n_bits=16)] match_kwargs = {'ip_proto': ip_proto.IPPROTO_UDP} return specs, match_kwargs + + @staticmethod + def _is_ovs_firewall(): + return (cfg.CONF.SECURITYGROUP.enable_security_group and + cfg.CONF.SECURITYGROUP.firewall_driver == 'openvswitch') diff --git a/neutron/tests/unit/agent/l2/extensions/test_local_ip.py b/neutron/tests/unit/agent/l2/extensions/test_local_ip.py index 3cd8434624..994ba7c754 100644 --- a/neutron/tests/unit/agent/l2/extensions/test_local_ip.py +++ b/neutron/tests/unit/agent/l2/extensions/test_local_ip.py @@ -321,7 +321,7 @@ class LocalIPAgentExtensionTestCase(base.BaseTestCase): self.assertEqual(3, ofpp_mock.NXActionLearn.call_count) ofpp_mock.NXActionLearn.assert_called_with( - table_id=ovs_constants.ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE, + table_id=ovs_constants.LOCAL_IP_TABLE, cookie=mock.ANY, priority=20, idle_timeout=30, hard_timeout=300, specs=mock.ANY) |