CRE-2025-0040

Neutron Open Virtual Network (OVN) fails to bind logical switch due to race condition during load balancer creationLow

Impact: 6/10

Mitigation: 4/10

CRE-2025-0040View on GitHub

NeutronOvnOpenstackLoad BalancerLogical SwitchOvsdbKnown IssuePublic

Description

During load balancer creation or other operations involving logical router and logical switch associations, Neutron OVN may raise a `RowNotFound` exception when attempting to reference a logical switch that has just been deleted. This leads to a port binding failure and a rollback of the affected operation.

Cause

When the logical topology changes rapidly, such as a subnet being deleted concurrently with a load balancer setup, Neutron's ML2/OVN driver may try to bind to a logical switch that no longer exists in OVN NBDB. This results in `ovsdbapp.backend.ovs_idl.idlutils.RowNotFound` being raised, followed by a `MechanismDriverError`, and the port creation is rolled back.

Mitigation

• Apply upstream Neutron fix (see Launchpad bug 1963921).
• Patch Neutron to include retry logic for logical switch to load balancer associations.
• Reduce concurrent subnet operations during load balancer provisioning.
• Use Neutron commits with split transactions to allow partial recovery in failure cases.

References

• https://bugs.launchpad.net/neutron/+bug/1963921
• https://opendev.org/openstack/neutron/commit/45fd94db9a343c4dbdbcc6e989d77d674ed040a9