review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Miguel Angel Ajo <mangelajo@redhat.com>
	Thu, 12 Feb 2015 14:32:58 +0000 (14:32 +0000)
committer	Miguel Angel Ajo <mangelajo@redhat.com>
	Mon, 16 Feb 2015 14:37:17 +0000 (14:37 +0000)
commit	740ddc5043e39f3babb57896652d11c223f1f385
tree	305a631cc07a486a1a04b52f7ffc6e8e2b6a3475	tree \| snapshot
parent	86dbb886be84b5c0f6941bdf9f10c5965d0bd025	commit \| diff

Setup br-tun in secure fail mode to avoid broadcast storms

When not creating br-tun in secure fail mode, there are chances to
get a broadcast storm from br-tun.

For example, this occurs when at least three nodes have the br-tun
OpenFlow rules reset in and a broadcast/multicast packet enters br-tun.

This can happen if:
* openvswitch is restarted, until the agent reloads the Openflow rules.
* during neutron-openvswitch-agent restart, br-tun is reset, and there
is a few seconds timeframe where tunnel endpoints are plugged and OF
rules are reset.

Secure fail mode doesn't forward traffic by default if no rule is hit.

Change-Id: Iba5ded14179156decb16dcd4b898c026660f9653
Closes-bug: #1421232

neutron/agent/linux/ovs_lib.py		diff \| blob \| history
neutron/plugins/openvswitch/agent/ovs_neutron_agent.py		diff \| blob \| history
neutron/tests/functional/agent/test_ovs_lib.py		diff \| blob \| history
neutron/tests/unit/openvswitch/test_ovs_tunnel.py		diff \| blob \| history