Neutron BGP agent advertisement and l3/openvswitch-agent problems (zed)

Brian Haley haleyb.dev at gmail.com
Mon Jun 26 19:05:07 UTC 2023 


On 6/24/23 11:58 PM, Bryan Huang wrote:
> Dear folks,
> 
> Recently, we met some neutron networking problems in our envrionment, 
> openstack version is zed, and kolla-ansible as the deployment tool.
> 
>  1. Neutron BGP agent doesn't advertise the floating IPs to the BGP
>     peer, in case of the floating IPs were served for port forwarding,
>     but the floating IPs attached to VM/Container were advertised
>     correctly. so the question is *this scenario supported by BGP
>     agent*, if not when will it be supported, is it in the plan?

Someone more familiar with that agent will have to help you here.

>  2. iptable rules restoring error in l3-agent and openvswitch-agent (A
>     bug was reported in launchpad:
>     https://bugs.launchpad.net/neutron/+bug/2024976
>     <https://bugs.launchpad.net/neutron/+bug/2024976>)
>     Bug #2024976 “iptable rules restoring error in l3-agent and open...”
>     : Bugs : neutron <https://bugs.launchpad.net/neutron/+bug/2024976>
>     Openstack version: zed/stable OS version: Ubuntu 22.04.2 LTS Kernel
>     version: 5.15.0-75-generic #82-Ubuntu Deployment: kolla-ansible
>     iptable rules restoring error in l3-agent and openvswitch-agent:    
>        openvswitch-agnet log: 2023-06-23 15:54:58.616 7 ERROR
>     neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent
>     [None req-4440bce1-8c07-4243-ac1b-2566b406a30a - - - - - -] Error
>     while processing VIF ports:
>     neutron_lib.exceptions.ProcessExecutionError: Exit code: 2; Cmd: [...
>     bugs.launchpad.net
> 
> 
> *      openvswitch-agnet log:*
> 
>         2023-06-23 15:54:58.616 7 ERROR
>         neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent
>         [None req-4440bce1-8c07-4243-ac1b-2566b406a30a - - - - - -]
>         Error while processing VIF ports:
>         neutron_lib.exceptions.ProcessExecutionError: Exit code: 2; Cmd:
>         ['iptables-restore', '-n']; Stdin: # Generated by iptables_manager
<snip>

This is most likely due to a system update, as iptables is being 
replaced by nftables I've seen this happen.

You should be able to fix this with update-alternatives, this is my 
working system:

$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing 
/usr/sbin/iptables).

   Selection    Path                       Priority   Status
------------------------------------------------------------
* 0            /usr/sbin/iptables-nft      20        auto mode
   1            /usr/sbin/iptables-legacy   10        manual mode
   2            /usr/sbin/iptables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number:

-Brian

More information about the openstack-discuss mailing list