mattgreene
commented
7 years ago @abattye To support HPB operation (integration with Cisco ACI), we must create a neutron-port on behalf of a pool member when it is a physical server. The Cisco ML2 driver only creates a dynamic network segment in response to port creation. When the pool member is a VM within OpenStack, nova will create the neutron-port. This triggers creation of the network segment. When the pool member is a physical server, nothing triggers creation of the network segment and creating a pool member for the loadbalancer will result in traffic not reaching the server.
Hi,
We are seeing issues with the concept of creating Neutron ports for external members i.e. this code block https://github.com/F5Networks/f5-openstack-lbaasv2-driver/blob/v9.3.0/f5lbaasdriver/v2/bigip/service_builder.py#L178-L195
I can't reproduce the entire issue, but we have seen issue when ports belong to nova compute members have been changed to device owner = network:f5lbaasv2. It appears to an edge case when VMs are deleted without having the corresponding member deleted and/or the use of ports to define define the nova fixed ip. This caused problems because after this change when the member was deleted the (previously nova managed) port. This broke connectivity to the VM.
We are not sure why it required to create these shadow ports for external member. If a user creates an external member and subsequently this is modelled as a neutron port by user choice, the driver's action of creating an LBAAS managed port blocks this possibility.
Furthermore, the are consequences in more complex network scenarios e.g. a multiple level HBP network where the ML2 binding process needs to be completed for the port to have any connectivity.
Would it be possible to provide some rationale as to why these ports are created ?
We are working with the 9.3.0 codeline
Thanks
Andrew