Floating IP association to LBaaS VIP supported by Octavia does not work

Long option is discussed here: https://etherpad.openstack.org/p/DF-AAP

The immediate proposed solution is:

Add a configuration option to dnat app. The option tells dnat to NAT according to IP and not port. This means that the dnat flows translate the IP address (as done today), possibly sets the OVS metadata register, clears reg6 and reg7, and then passes the packet to the router.

The drawback is that the internal network must now be connected to the router. This requirement shouldn't exist for public network. (May require modification for l3 network).

After discussion, the proposed solution was not accepted.

Instead, we will start by implementing the port-behind-port solution, with the following notes:

1. Allowed Address Pair functionality is not removed. However, it's (OpenFlow) priority is reduced so that other methods will take precedence.

2. Detecting port-behind-port will be done heuristically, on the Neutron Server side.

3. port-behind-port will only be detected if the port already exists when allowed address pairs is updated.

4. The Trunk application will be extended to support port-behind-port. The algorithm:

4.1 . The 'Front' port is the port connected to the virtual switch. The 'Back' port is the port behind it (e.g. the MACVLAN port).

4.2. (Classification) For packets from the 'Front' port, if they match the IP/MAC of the back port, then the source port and network will be updated for the 'Back' port. The packet will continue its pipeline from there as usual.

4.3. (Dispatch) For packets to the 'Back' port, if they match the IP/MAC (and network) of the back port, then the packets will be dispatched to the 'Front' port. The metadata (e.g. reg7) will be updated, but the packet data will not be changed.

4.4. Nested Allowed Address Pairs and (nested) port-behind-port is not supported. All 'Back' ports should be directly behind the 'Front' port. Dragonflow doesn't care about the internal topology behind the 'Front' port anyway.

Related fix proposed to branch: master
Review: https://review.openstack.org/526057

Reviewed: https://review.openstack.org/526057
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=8e68534427fe8578104ad2064838fb5e109b9f60
Submitter: Zuul
Branch: master

commit 8e68534427fe8578104ad2064838fb5e109b9f60
Author: Omer Anson <email address hidden>
Date: Wed Dec 6 14:51:21 2017 +0200

    Prepare (refactor) trunk for MACVLAN/IPVLAN support

    Change-Id: I4350e618bf047e95538207071c649ba7f49f33aa
    Related-Bug: #1720734

Reviewed: https://review.openstack.org/526058
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=8fe3e29cb31c9d0ff83447473abb8bd2ef8588e2
Submitter: Zuul
Branch: master

commit 8fe3e29cb31c9d0ff83447473abb8bd2ef8588e2
Author: Omer Anson <email address hidden>
Date: Wed Dec 6 14:54:17 2017 +0200

    Add support for MACVLAN/IPVLAN

    Adds support for MACVLAN and IPVLAN in Dragonflow db model and
    Dragonflow controller trunk application.

    This adds support for e.g., MACVLAN containers, and amphora VMs.

    Change-Id: I3e7a557a642d8150f48f971e33e6bcc966e76030
    Partial-Bug: #1720734

Reviewed: https://review.openstack.org/516101
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=a654a55d9cecbbb0fb46e03da024df3901f9d247
Submitter: Zuul
Branch: master

commit a654a55d9cecbbb0fb46e03da024df3901f9d247
Author: Omer Anson <email address hidden>
Date: Wed Dec 6 14:58:21 2017 +0200

    Infer MACVLAN/IPVLAN ports

    Add support to infer MACVLAN ports (and IPVLAN ports) from Neutron port
    and allowed address pair specification.

    Partial bug, since tests are still missing.

    Partial-Bug: #1720734
    Change-Id: I4e07f074b3db999d72bfa60bae1622ce9547c3e5

Fix proposed to branch: master
Review: https://review.openstack.org/529692

Reviewed: https://review.openstack.org/527007
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=49f836128ae1be44f723115356fa6833b2360b4e
Submitter: Zuul
Branch: master

commit 49f836128ae1be44f723115356fa6833b2360b4e
Author: Omer Anson <email address hidden>
Date: Sun Dec 10 17:12:16 2017 +0200

    Auto-enable loadbalancer VIP ports

    By default, when loadbalancer VIP ports are created (either via Octavia
    or via neutron-lbaas (v2)), then the port is created with
    admin_state_up=False (i.e. the port is disabled). Dragonflow respects
    this attribute, and does not 'wire' the port in this case.

    Rather than change the default in Octavia and neutron-LBaaS, this patch
    detects this case, and enables the VIP ports.

    Change-Id: Ibbe927b2672f327349bdd9cff46349d4d01c990a
    Partial-Bug: #1720734

Reviewed: https://review.openstack.org/529692
Committed: https://git.openstack.org/cgit/openstack/dragonflow/commit/?id=a2bbb886e8d8812dbc63ade3afe4cd9fec76f2b4
Submitter: Zuul
Branch: master

commit a2bbb886e8d8812dbc63ade3afe4cd9fec76f2b4
Author: Omer Anson <email address hidden>
Date: Thu Dec 21 20:54:46 2017 +0200

    Rewrite Trunk App

    The current implementation of the Trunk application assumed that each
    segmentation type adds exactly one flow. This is not the case for
    MACVLAN and IPVLAN, which add flows for both IPv4/IPv6, and ARP in case
    of IPv4.

    This change enables the Trunk app to be extended such that each
    segmentation_type can have as many flows as it needs.

    Change-Id: I17ae0f49fe9fcb2e8be160a4299f58cfc634e510
    Closes-Bug: #1720734

Change abandoned by Sean McGinnis (<email address hidden>) on branch: master
Review: https://review.opendev.org/527008