subject:"\[Yahoo\-eng\-team\] \[Bug 1528137\] Re\: creating meter label rule doesn't work properly"

[Yahoo-eng-team] [Bug 1528137] Re: creating meter label rule doesn't work properly

2016-01-06 Thread OpenStack Infra

Reviewed:  https://review.openstack.org/260323
Committed: 
https://git.openstack.org/cgit/openstack/neutron/commit/?id=6659a935589bf0e4ab57616c256b94f77d2ef107
Submitter: Jenkins
Branch:master

commit 6659a935589bf0e4ab57616c256b94f77d2ef107
Author: Yu Fukuyama 
Date:   Tue Dec 22 05:17:30 2015 +

Fix meter label rule creation

In the case of outbound traffic, set remote_ip to dst.
In the case of inbound traffic, set remote_ip to src.

Change-Id: I7f27b93efa67baf3efccaa94f6a1337d6886e230
Closes-Bug: #1528137
DocImpact: Clarify remote_ip_prefix description of metering label rule in 
API site


** Changed in: neutron
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1528137

Title:
  creating meter label rule doesn't work properly

Status in neutron:
  Fix Released

Bug description:
  Created rule by the following API counts packets between a router
  which connects to external network and the connection destination
  device.

API: POST /v2.0/metering/metering-label-rules

  When outbound traffic of external router, destination should be
  remote_ip, and when inbound traffic, sender should be remote_ip. But
  it has become actually reversed.

  Because option for creating the iptables rule is reversed.

code:
  
https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176

  I'll show you an example that created the meter label rule the
  remote_ip is set to 192.168.0.0/16.

  
  [Actual results]

  $ neutron meter-label-create test-label --tenant-id 
2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-+--+
  | Field   | Value|
  +-+--+
  | description |  |
  | id  | d35d0464-f872-43c7-8dd8-850657da59ef |
  | name| test-label   |
  | shared  | False|
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514 |
  +-+--+
  $ neutron meter-label-create test-label2 --tenant-id 
2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-+--+
  | Field   | Value|
  +-+--+
  | description |  |
  | id  | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f |
  | name| test-label2  |
  | shared  | False|
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514 |
  +-+--+
  $ neutron meter-label-rule-create --tenant-id 
2a023bd32f014e44b60b591cbd151514 --direction egress 
d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16

  $ neutron meter-label-rule-create --tenant-id
  2a023bd32f014e44b60b591cbd151514 --direction ingress
  61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16

  $ neutron meter-label-rule-list
  
+--+--+---+--+
  | id   | excluded | direction | 
remote_ip_prefix |
  
+--+--+---+--+
  | 3e426537-61f4-44ac-a67a-e66ce26dc11b | False| egress| 
192.168.0.0/16   |
  | 4d669406-173c-4eea-af21-00430719cbfa | False| ingress   | 
192.168.0.0/16   |
  
+--+--+---+--+

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f 
iptables-save
  ...
  -A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j 
neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j 
neutron-meter-l-d35d0464-f87
  ...

  
   [The expected iptables rules]

  -A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j 
neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j 
neutron-meter-l-d35d0464-f87

  
  [Examples of required packet is not counted]

  ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3
  PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
  64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
  64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
  64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms

  --- 192.168.0.3 ping statistics ---
  3 packets transmitted, 3 received, 0% packet loss, time 2000ms
  rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t 
filter -L neutron-meter-l-d35d0464-f87 -n -v -x

[Yahoo-eng-team] [Bug 1528137] Re: creating meter label rule doesn't work properly

2015-12-25 Thread Akihiro Motoki

@Atsushi,

The description itself is ambiguous. It is not directly related to the bug 
filed to neutron.
I filed bug 1529262 against api-site and will remove api-site from the affected 
project of this bug.

** No longer affects: openstack-api-site

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1528137

Title:
  creating meter label rule doesn't work properly

Status in neutron:
  In Progress

Bug description:
  Created rule by the following API counts packets between a router
  which connects to external network and the connection destination
  device.

API: POST /v2.0/metering/metering-label-rules

  When outbound traffic of external router, destination should be
  remote_ip, and when inbound traffic, sender should be remote_ip. But
  it has become actually reversed.

  Because option for creating the iptables rule is reversed.

code:
  
https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176

  I'll show you an example that created the meter label rule the
  remote_ip is set to 192.168.0.0/16.

  
  [Actual results]

  $ neutron meter-label-create test-label --tenant-id 
2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-+--+
  | Field   | Value|
  +-+--+
  | description |  |
  | id  | d35d0464-f872-43c7-8dd8-850657da59ef |
  | name| test-label   |
  | shared  | False|
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514 |
  +-+--+
  $ neutron meter-label-create test-label2 --tenant-id 
2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-+--+
  | Field   | Value|
  +-+--+
  | description |  |
  | id  | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f |
  | name| test-label2  |
  | shared  | False|
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514 |
  +-+--+
  $ neutron meter-label-rule-create --tenant-id 
2a023bd32f014e44b60b591cbd151514 --direction egress 
d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16

  $ neutron meter-label-rule-create --tenant-id
  2a023bd32f014e44b60b591cbd151514 --direction ingress
  61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16

  $ neutron meter-label-rule-list
  
+--+--+---+--+
  | id   | excluded | direction | 
remote_ip_prefix |
  
+--+--+---+--+
  | 3e426537-61f4-44ac-a67a-e66ce26dc11b | False| egress| 
192.168.0.0/16   |
  | 4d669406-173c-4eea-af21-00430719cbfa | False| ingress   | 
192.168.0.0/16   |
  
+--+--+---+--+

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f 
iptables-save
  ...
  -A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j 
neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j 
neutron-meter-l-d35d0464-f87
  ...

  
   [The expected iptables rules]

  -A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j 
neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j 
neutron-meter-l-d35d0464-f87

  
  [Examples of required packet is not counted]

  ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3
  PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
  64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
  64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
  64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms

  --- 192.168.0.3 ping statistics ---
  3 packets transmitted, 3 received, 0% packet loss, time 2000ms
  rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t 
filter -L neutron-meter-l-d35d0464-f87 -n -v -x
  Chain neutron-meter-l-d35d0464-f87 (2 references)
  pkts  bytes target prot opt in out source   
destination
 00all  --  *  *   0.0.0.0/0
0.0.0.0/0

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1528137/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe :

[Yahoo-eng-team] [Bug 1528137] Re: creating meter label rule doesn't work properly

2015-12-23 Thread Akihiro Motoki

remote_ip_prefix of metering label rule is unclear and should be
updated.

According to the discussion in the review in neutron,
for egress direction, remote_ip_prefix is a destination IP address or ranges
and for ingress direction, it means a source IP (range).

** Also affects: openstack-api-site
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1528137

Title:
  creating meter label rule doesn't work properly

Status in neutron:
  In Progress
Status in openstack-api-site:
  New

Bug description:
  Created rule by the following API counts packets between a router
  which connects to external network and the connection destination
  device.

API: POST /v2.0/metering/metering-label-rules

  When outbound traffic of external router, destination should be
  remote_ip, and when inbound traffic, sender should be remote_ip. But
  it has become actually reversed.

  Because option for creating the iptables rule is reversed.

code:
  
https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176

  I'll show you an example that created the meter label rule the
  remote_ip is set to 192.168.0.0/16.

  
  [Actual results]

  $ neutron meter-label-create test-label --tenant-id 
2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-+--+
  | Field   | Value|
  +-+--+
  | description |  |
  | id  | d35d0464-f872-43c7-8dd8-850657da59ef |
  | name| test-label   |
  | shared  | False|
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514 |
  +-+--+
  $ neutron meter-label-create test-label2 --tenant-id 
2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-+--+
  | Field   | Value|
  +-+--+
  | description |  |
  | id  | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f |
  | name| test-label2  |
  | shared  | False|
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514 |
  +-+--+
  $ neutron meter-label-rule-create --tenant-id 
2a023bd32f014e44b60b591cbd151514 --direction egress 
d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16

  $ neutron meter-label-rule-create --tenant-id
  2a023bd32f014e44b60b591cbd151514 --direction ingress
  61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16

  $ neutron meter-label-rule-list
  
+--+--+---+--+
  | id   | excluded | direction | 
remote_ip_prefix |
  
+--+--+---+--+
  | 3e426537-61f4-44ac-a67a-e66ce26dc11b | False| egress| 
192.168.0.0/16   |
  | 4d669406-173c-4eea-af21-00430719cbfa | False| ingress   | 
192.168.0.0/16   |
  
+--+--+---+--+

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f 
iptables-save
  ...
  -A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j 
neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j 
neutron-meter-l-d35d0464-f87
  ...

  
   [The expected iptables rules]

  -A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j 
neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j 
neutron-meter-l-d35d0464-f87

  
  [Examples of required packet is not counted]

  ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3
  PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
  64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
  64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
  64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms

  --- 192.168.0.3 ping statistics ---
  3 packets transmitted, 3 received, 0% packet loss, time 2000ms
  rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t 
filter -L neutron-meter-l-d35d0464-f87 -n -v -x
  Chain neutron-meter-l-d35d0464-f87 (2 references)
  pkts  bytes target prot opt in out source   
destination
 00all  --  *  *   0.0.0.0/0
0.0.0.0/0

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1528137/+subscriptions

--

[Yahoo-eng-team] [Bug 1528137] Re: creating meter label rule doesn't work properly

[Yahoo-eng-team] [Bug 1528137] Re: creating meter label rule doesn't work properly

[Yahoo-eng-team] [Bug 1528137] Re: creating meter label rule doesn't work properly

3 matches

Site Navigation

Mail list logo

Footer information