feat(neutron): skip OVN uplink creation for flavored routers#2103
Merged
Conversation
Flavored routers (svi, vrf, etc.) implement their own routing path and do not need the physical uplink infrastructure (dynamic segment, shared port, trunk subport, OVN localnet port) that unflavored routers require.
ccaae24 to
b54ef97
Compare
…s on flavored routers Companion cleanup tool for b54ef97. Before the guard was added, a flavored router that was the first to connect to a network would incorrectly create a trunk subport (uplink-{segment_id}) and an OVN localnet LSP with the same name. This script finds those orphaned ports and optionally removes them. Algorithm: - builds a subport→trunk reverse map once up front - finds all flavored routers (flavor_id set) and their network:router_interface port networks (gateway ports are excluded) - safety check: skips any network where a non-flavored router is also present (its uplink is legitimate) - reports/removes: trunk subport removal → Neutron port deletion → OVN LSP deletion via kubectl Dry-run by default; pass --execute to apply. --context selects a Kubernetes context for the kubectl exec step. Example dry-run: $ ./scripts/cleanup_flavored_router_uplinks.py INFO Building subport → trunk reverse map … INFO Listing routers … INFO Found 3 flavored router(s) INFO Flavored routers present on 4 network(s) [DRY-RUN] Found 2 orphaned uplink port(s): [DRY-RUN] Router(s) : 71a9cd30-0c95-44ae-b88b-967ca3d1666a [DRY-RUN] Network : 228fee0c-3d98-46f3-9d34-b52c5ca60c50 [DRY-RUN] Port : b377e468-cda7-4a44-8b71-c14173a43849 (uplink-52b55954-4f87-47a2-9112-e438577d9bf5) [DRY-RUN] 1. Remove subport b377e468-cda7-4a44-8b71-c14173a43849 from trunk 2e558202-0bd0-4971-a9f8-61d1adea0427 [DRY-RUN] 2. Delete Neutron port b377e468-cda7-4a44-8b71-c14173a43849 [DRY-RUN] 3. Delete OVN LSP uplink-52b55954-4f87-47a2-9112-e438577d9bf5 [DRY-RUN] Router(s) : d2efb479-3b96-4fa2-8c45-adf1d1b71791 [DRY-RUN] Network : 57810aba-78c9-45dc-a2a3-0c4af9f16f2a [DRY-RUN] Port : c3f83d0d-c9b3-43a2-9394-ebbfffc3be24 (uplink-5f8e6b75-70b7-49e4-b8f6-cff90664d1b4) [DRY-RUN] 1. Remove subport c3f83d0d-c9b3-43a2-9394-ebbfffc3be24 from trunk 2e558202-0bd0-4971-a9f8-61d1adea0427 [DRY-RUN] 2. Delete Neutron port c3f83d0d-c9b3-43a2-9394-ebbfffc3be24 [DRY-RUN] 3. Delete OVN LSP uplink-5f8e6b75-70b7-49e4-b8f6-cff90664d1b4 Run with --execute to apply the changes above.
…or acting Run 'ovn-nbctl show <network_id>' for the first orphaned network before printing the dry-run report or executing any cleanup. If OVN NB returns no switch for that network the script exits with an error explaining that --context and --os-cloud likely point at different clusters.
OVN switches are named neutron-<uuid>, not <uuid> directly. Passing the bare network ID to 'ovn-nbctl show' returns nothing even when the switch exists, causing a false context-mismatch error.
…LSPs uplink-* logical switch ports can be left in the OVN NB without a matching Neutron port due to testing or earlier bugs. This script finds them by: 1. Listing all uplink-* LSPs from OVN NB via ovn-nbctl --format=json 2. Building a port-uuid → network-id map from the logical_switch table 3. Cross-checking each LSP against Neutron (ports?name=uplink-...) 4. Reporting (or deleting) any that have no Neutron counterpart A cluster-mismatch sanity check verifies that Neutron knows at least one network found in OVN before reporting or acting, catching mismatched --os-cloud / --context pairs early. Same CLI interface as cleanup_flavored_router_uplinks.py: --os-cloud, --context, --execute, -v Example dry-run output: $ python scripts/cleanup_orphaned_ovn_uplinks.py --os-cloud uc_iad_dev INFO Fetching OVN uplink LSPs … INFO Found 5 uplink LSP(s) in OVN INFO Building LSP → network map … INFO Cross-checking 5 LSP(s) against Neutron … [DRY-RUN] Found 5 orphaned OVN uplink LSP(s): [DRY-RUN] LSP : uplink-844c54a6-08c2-4e57-b0c0-af42d1f24ce1 [DRY-RUN] UUID : b90fa77b-c7e7-4c61-abab-89bc8373008c [DRY-RUN] Net : 0e7dfd98-e254-46fb-9a11-72aeea6ea41b [DRY-RUN] Action : ovn-nbctl lsp-del uplink-844c54a6-08c2-4e57-b0c0-af42d1f24ce1 Run with --execute to apply the changes above.
cardoe
approved these changes
Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Flavored routers (svi, vrf, etc.) implement their own routing path and do not need the physical uplink infrastructure (dynamic segment, shared port, trunk subport, OVN localnet port) that unflavored routers require.
Testing - SVI flavor
Neutron router subnet attach logs
Details
commands
Testing - unflavored
neutron logs
Details
commands