subject:"\[Openstack\] the ip_forward is enable when using vlan \+ multi

Re: [Openstack] the ip_forward is enable when using vlan + multi_host on computer node

2013-03-12 Thread Lei Zhang

There may be some mistake exist. Just know, the vlan works as expected.


On Tue, Mar 12, 2013 at 12:02 PM, Lei Zhang zhang.lei@gmail.com wrote:

 Hi all,

 I am testing the nova-network + vlan + multi_host. But I found that the
 ip_forward is enable automatically when launch new instances. You can check
 the code
 https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L770

 I found there is some issue seriously when the ip_forward=1 on compute
 node. Here my testing process

 Controller:

 [root@openstack-controller conf.d]# ip a
 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
 2: p3p1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP qlen 
 1000
 link/ether 90:b1:1c:0d:87:79 brd ff:ff:ff:ff:ff:ff
 inet 192.168.3.10/24 brd 192.168.3.255 scope global p3p1
 inet6 fe80::92b1:1cff:fe0d:8779/64 scope link
valid_lft forever preferred_lft forever
 3: em1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP qlen 1000
 link/ether 90:b1:1c:0d:87:7a brd ff:ff:ff:ff:ff:ff
 inet 172.16.0.10/24 brd 172.16.0.255 scope global em1
 inet6 fe80::92b1:1cff:fe0d:877a/64 scope link
valid_lft forever preferred_lft forever

 Computer Node:

 [root@openstack-node2 vlan]# ip a
 2: em1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP qlen 1000

 link/ether 90:b1:1c:0d:73:ea brd ff:ff:ff:ff:ff:ff
 inet 172.16.0.12/24 brd 172.16.0.255 scope global em1
 inet6 fe80::92b1:1cff:fe0d:73ea/64 scope link
valid_lft forever preferred_lft forever
 4: p3p1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP qlen 
 1000
 link/ether 00:10:18:f7:4a:34 brd ff:ff:ff:ff:ff:ff
 inet 192.168.3.12/24 brd 192.168.3.255 scope global p3p1
 inet 192.168.3.33/32 scope global p3p1
 inet6 fe80::210:18ff:fef7:4a34/64 scope link
valid_lft forever preferred_lft forever
 9: vlan102@em1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue 
 state UP
 link/ether fa:16:3e:54:ea:11 brd ff:ff:ff:ff:ff:ff
 inet6 fe80::f816:3eff:fe54:ea11/64 scope link
valid_lft forever preferred_lft forever
 10: br102: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state 
 UNKNOWN
 link/ether fa:16:3e:54:ea:11 brd ff:ff:ff:ff:ff:ff
 inet 10.0.102.4/24 brd 10.0.102.255 scope global br102
 inet6 fe80::2816:24ff:feb5:5770/64 scope link
valid_lft forever preferred_lft forever
 11: vlan103@em1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue 
 state UP
 link/ether fa:16:3e:3a:a0:20 brd ff:ff:ff:ff:ff:ff
 inet6 fe80::f816:3eff:fe3a:a020/64 scope link
valid_lft forever preferred_lft forever
 12: br103: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state 
 UNKNOWN
 link/ether fa:16:3e:3a:a0:20 brd ff:ff:ff:ff:ff:ff
 inet 10.0.103.4/24 brd 10.0.103.255 scope global br103
 inet6 fe80::480c:f2ff:fe9b:a600/64 scope link
valid_lft forever preferred_lft forever
 13: vnet0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state 
 UNKNOWN qlen 500
 link/ether fe:16:3e:0c:65:73 brd ff:ff:ff:ff:ff:ff
 inet6 fe80::fc16:3eff:fe0c:6573/64 scope link
valid_lft forever preferred_lft forever
 15: vnet1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state 
 UNKNOWN qlen 500
 link/ether fe:16:3e:7f:a2:d5 brd ff:ff:ff:ff:ff:ff
 inet6 fe80::fc16:3eff:fe7f:a2d5/64 scope link
valid_lft forever preferred_lft forever
 16: vnet2: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state 
 UNKNOWN qlen 500
 link/ether fe:16:3e:31:8f:7c brd ff:ff:ff:ff:ff:ff
 inet6 fe80::fc16:3eff:fe31:8f7c/64 scope link
valid_lft forever preferred_lft forever
 17: vnet3: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state 
 UNKNOWN qlen 500
 link/ether fe:16:3e:63:8c:e2 brd ff:ff:ff:ff:ff:ff
 inet6 fe80::fc16:3eff:fe63:8ce2/64 scope link
valid_lft forever preferred_lft forever
 [root@openstack-node2 vlan]# brctl show
 bridge namebridge idSTP enabledinterfaces
 br1028000.fa163e54ea11novlan102
 vnet0
 vnet1
 vnet2
 br1038000.fa163e3aa020novlan103
 vnet3
 virbr08000.525400aaa1b5yesvirbr0-nic

 if the ip_forward=1, then vm1(vnet1) can ping vm2(vnet4) and controller
 can ping vm1(vnet1) and vm2(vnet4). this should be wrong.

 Any body meet this error? and how to fix this except for changing the
 code.
 --
 Lei Zhang

 Blog: http://jeffrey4l.github.com
 twitter/weibo: @jeffrey4l




-- 
Lei Zhang

Blog: http://jeffrey4l.github.com
twitter/weibo: @jeffrey4l
___
Mailing list:

[Openstack] the ip_forward is enable when using vlan + multi_host on computer node

2013-03-11 Thread Lei Zhang

Hi all,

I am testing the nova-network + vlan + multi_host. But I found that the
ip_forward is enable automatically when launch new instances. You can check
the code
https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L770

I found there is some issue seriously when the ip_forward=1 on compute
node. Here my testing process

Controller:

[root@openstack-controller conf.d]# ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: p3p1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP qlen 1000
link/ether 90:b1:1c:0d:87:79 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.10/24 brd 192.168.3.255 scope global p3p1
inet6 fe80::92b1:1cff:fe0d:8779/64 scope link
   valid_lft forever preferred_lft forever
3: em1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP qlen 1000
link/ether 90:b1:1c:0d:87:7a brd ff:ff:ff:ff:ff:ff
inet 172.16.0.10/24 brd 172.16.0.255 scope global em1
inet6 fe80::92b1:1cff:fe0d:877a/64 scope link
   valid_lft forever preferred_lft forever

Computer Node:

[root@openstack-node2 vlan]# ip a
2: em1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP qlen 1000

link/ether 90:b1:1c:0d:73:ea brd ff:ff:ff:ff:ff:ff
inet 172.16.0.12/24 brd 172.16.0.255 scope global em1
inet6 fe80::92b1:1cff:fe0d:73ea/64 scope link
   valid_lft forever preferred_lft forever
4: p3p1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:10:18:f7:4a:34 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.12/24 brd 192.168.3.255 scope global p3p1
inet 192.168.3.33/32 scope global p3p1
inet6 fe80::210:18ff:fef7:4a34/64 scope link
   valid_lft forever preferred_lft forever
9: vlan102@em1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc
noqueue state UP
link/ether fa:16:3e:54:ea:11 brd ff:ff:ff:ff:ff:ff
inet6 fe80::f816:3eff:fe54:ea11/64 scope link
   valid_lft forever preferred_lft forever
10: br102: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue
state UNKNOWN
link/ether fa:16:3e:54:ea:11 brd ff:ff:ff:ff:ff:ff
inet 10.0.102.4/24 brd 10.0.102.255 scope global br102
inet6 fe80::2816:24ff:feb5:5770/64 scope link
   valid_lft forever preferred_lft forever
11: vlan103@em1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc
noqueue state UP
link/ether fa:16:3e:3a:a0:20 brd ff:ff:ff:ff:ff:ff
inet6 fe80::f816:3eff:fe3a:a020/64 scope link
   valid_lft forever preferred_lft forever
12: br103: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue
state UNKNOWN
link/ether fa:16:3e:3a:a0:20 brd ff:ff:ff:ff:ff:ff
inet 10.0.103.4/24 brd 10.0.103.255 scope global br103
inet6 fe80::480c:f2ff:fe9b:a600/64 scope link
   valid_lft forever preferred_lft forever
13: vnet0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 500
link/ether fe:16:3e:0c:65:73 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:fe0c:6573/64 scope link
   valid_lft forever preferred_lft forever
15: vnet1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 500
link/ether fe:16:3e:7f:a2:d5 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:fe7f:a2d5/64 scope link
   valid_lft forever preferred_lft forever
16: vnet2: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 500
link/ether fe:16:3e:31:8f:7c brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:fe31:8f7c/64 scope link
   valid_lft forever preferred_lft forever
17: vnet3: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 500
link/ether fe:16:3e:63:8c:e2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:fe63:8ce2/64 scope link
   valid_lft forever preferred_lft forever
[root@openstack-node2 vlan]# brctl show
bridge namebridge idSTP enabledinterfaces
br1028000.fa163e54ea11novlan102
vnet0
vnet1
vnet2
br1038000.fa163e3aa020novlan103
vnet3
virbr08000.525400aaa1b5yesvirbr0-nic

if the ip_forward=1, then vm1(vnet1) can ping vm2(vnet4) and controller can
ping vm1(vnet1) and vm2(vnet4). this should be wrong.

Any body meet this error? and how to fix this except for changing the code.
-- 
Lei Zhang

Blog: http://jeffrey4l.github.com
twitter/weibo: @jeffrey4l
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] the ip_forward is enable when using vlan + multi_host on computer node

[Openstack] the ip_forward is enable when using vlan + multi_host on computer node

2 matches

Site Navigation

Mail list logo

Footer information