Public bug reported:
We ran into a problem with a customer when some external integration
tries to remove all ports using the neutron API, including router prots.
It seems only the router ports with the router_ha_interface device
owner are allowed to delete, all other router ports cannot be deleted
directly through the API.
Here is a simple example that demonstrates the doubling of ARP responses
if such a port is deleted:
[root@dev0 ~]# openstack router create r1 --ha --external-gateway public -c id
+-------+--------------------------------------+
| Field | Value |
+-------+--------------------------------------+
| id | 5d9d6fee-6652-4843-9f7c-54c11899d721 |
+-------+--------------------------------------+
[root@dev0 ~]# neutron l3-agent-list-hosting-router r1
neutron CLI is deprecated and will be removed in the Z cycle. Use openstack CLI
instead.
+--------------------------------------+------+----------------+-------+----------+
| id | host | admin_state_up | alive |
ha_state |
+--------------------------------------+------+----------------+-------+----------+
| 9dd0920a-cb0c-47f1-a976-3e208e3e2e6c | dev0 | True | :-) | active
|
| 6fa92056-ca25-42e0-aee4-c4e744008239 | dev2 | True | :-) |
standby |
| 8fbda128-dc9c-4b3b-be1b-bb3f11ad1447 | dev1 | True | :-) |
standby |
+--------------------------------------+------+----------------+-------+----------+
[root@dev0 ~]# openstack port list --device-id
5d9d6fee-6652-4843-9f7c-54c11899d721 -c id -c device_owner -c fixed_ips --long
+--------------------------------------+-----------------------------+--------------------------------------------------------------------------------+
| ID | Device Owner | Fixed IP
Addresses |
+--------------------------------------+-----------------------------+--------------------------------------------------------------------------------+
| 555a9272-c9df-4a05-9f08-752c91c5a4c9 | network:router_ha_interface |
ip_address='169.254.192.147', subnet_id='20c159f7-13f8-4093-9a4a-8380bdcfea60' |
| 6a196ff7-f3d4-4bee-aed0-b5d7ba727741 | network:router_ha_interface |
ip_address='169.254.193.243', subnet_id='20c159f7-13f8-4093-9a4a-8380bdcfea60' |
| 7a849dcc-eac4-4d5b-a547-7ce3986ffb95 | network:router_ha_interface |
ip_address='169.254.192.155', subnet_id='20c159f7-13f8-4093-9a4a-8380bdcfea60' |
| d77e624d-87a2-4135-9118-3d8e78539cee | network:router_gateway |
ip_address='10.136.17.172', subnet_id='ee15c548-e497-449e-b46d-50e9ccc0f70c' |
+--------------------------------------+-----------------------------+--------------------------------------------------------------------------------+
[root@dev0 ~]#
[root@dev0 ~]# ip netns exec snat-5d9d6fee-6652-4843-9f7c-54c11899d721 ip a
...
25: ha-555a9272-c9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether fa:16:3e:7d:cf:a0 brd ff:ff:ff:ff:ff:ff
inet 169.254.192.147/18 brd 169.254.255.255 scope global ha-555a9272-c9
valid_lft forever preferred_lft forever
inet 169.254.0.189/24 scope global ha-555a9272-c9
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe7d:cfa0/64 scope link
valid_lft forever preferred_lft forever
28: qg-d77e624d-87: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether fa:16:3e:a8:54:29 brd ff:ff:ff:ff:ff:ff
inet 10.136.17.172/20 scope global qg-d77e624d-87
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fea8:5429/64 scope link nodad
valid_lft forever preferred_lft forever
[root@dev0 ~]#
[root@dev0 ~]# openstack port delete 555a9272-c9df-4a05-9f08-752c91c5a4c9
[root@dev0 ~]# neutron l3-agent-list-hosting-router r1
neutron CLI is deprecated and will be removed in the Z cycle. Use openstack CLI
instead.
+--------------------------------------+------+----------------+-------+----------+
| id | host | admin_state_up | alive |
ha_state |
+--------------------------------------+------+----------------+-------+----------+
| 6fa92056-ca25-42e0-aee4-c4e744008239 | dev2 | True | :-) | active
|
| 8fbda128-dc9c-4b3b-be1b-bb3f11ad1447 | dev1 | True | :-) |
standby |
+--------------------------------------+------+----------------+-------+----------+
[root@dev0 ~]#
[root@dev0 ~]# ip netns exec snat-5d9d6fee-6652-4843-9f7c-54c11899d721 ip a s
qg-d77e624d-87
28: qg-d77e624d-87: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether fa:16:3e:a8:54:29 brd ff:ff:ff:ff:ff:ff
inet 10.136.17.172/20 scope global qg-d77e624d-87
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fea8:5429/64 scope link nodad
valid_lft forever preferred_lft forever
[root@dev0 ~]# ssh dev2 ip netns exec snat-5d9d6fee-6652-4843-9f7c-54c11899d721
ip a s qg-d77e624d-87
28: qg-d77e624d-87: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether fa:16:3e:a8:54:29 brd ff:ff:ff:ff:ff:ff
inet 10.136.17.172/20 scope global qg-d77e624d-87
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fea8:5429/64 scope link nodad
valid_lft forever preferred_lft forever
[root@dev0 ~]#
[root@dev0 ~]# arping -c 1 -I eth0 10.136.17.172
ARPING 10.136.17.172 from 10.136.20.188 eth0
Unicast reply from 10.136.17.172 [FA:16:3E:A8:54:29] 1.537ms
Unicast reply from 10.136.17.172 [FA:16:3E:A8:54:29] 2.383ms
Sent 1 probes (1 broadcast(s))
Received 2 response(s)
[root@dev0 ~]#
As you can see, after deleting the HA port, we got a doubling of the ARP
responses, which can lead to further problems in the roiting.
** Affects: neutron
Importance: Undecided
Status: In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2008270
Title:
Neutron allows you to delete router_ha_interface ports, which can lead
to issues
Status in neutron:
In Progress
Bug description:
We ran into a problem with a customer when some external integration
tries to remove all ports using the neutron API, including router
prots.
It seems only the router ports with the router_ha_interface device
owner are allowed to delete, all other router ports cannot be deleted
directly through the API.
Here is a simple example that demonstrates the doubling of ARP
responses if such a port is deleted:
[root@dev0 ~]# openstack router create r1 --ha --external-gateway public -c id
+-------+--------------------------------------+
| Field | Value |
+-------+--------------------------------------+
| id | 5d9d6fee-6652-4843-9f7c-54c11899d721 |
+-------+--------------------------------------+
[root@dev0 ~]# neutron l3-agent-list-hosting-router r1
neutron CLI is deprecated and will be removed in the Z cycle. Use openstack
CLI instead.
+--------------------------------------+------+----------------+-------+----------+
| id | host | admin_state_up | alive |
ha_state |
+--------------------------------------+------+----------------+-------+----------+
| 9dd0920a-cb0c-47f1-a976-3e208e3e2e6c | dev0 | True | :-) |
active |
| 6fa92056-ca25-42e0-aee4-c4e744008239 | dev2 | True | :-) |
standby |
| 8fbda128-dc9c-4b3b-be1b-bb3f11ad1447 | dev1 | True | :-) |
standby |
+--------------------------------------+------+----------------+-------+----------+
[root@dev0 ~]# openstack port list --device-id
5d9d6fee-6652-4843-9f7c-54c11899d721 -c id -c device_owner -c fixed_ips --long
+--------------------------------------+-----------------------------+--------------------------------------------------------------------------------+
| ID | Device Owner | Fixed
IP Addresses |
+--------------------------------------+-----------------------------+--------------------------------------------------------------------------------+
| 555a9272-c9df-4a05-9f08-752c91c5a4c9 | network:router_ha_interface |
ip_address='169.254.192.147', subnet_id='20c159f7-13f8-4093-9a4a-8380bdcfea60' |
| 6a196ff7-f3d4-4bee-aed0-b5d7ba727741 | network:router_ha_interface |
ip_address='169.254.193.243', subnet_id='20c159f7-13f8-4093-9a4a-8380bdcfea60' |
| 7a849dcc-eac4-4d5b-a547-7ce3986ffb95 | network:router_ha_interface |
ip_address='169.254.192.155', subnet_id='20c159f7-13f8-4093-9a4a-8380bdcfea60' |
| d77e624d-87a2-4135-9118-3d8e78539cee | network:router_gateway |
ip_address='10.136.17.172', subnet_id='ee15c548-e497-449e-b46d-50e9ccc0f70c' |
+--------------------------------------+-----------------------------+--------------------------------------------------------------------------------+
[root@dev0 ~]#
[root@dev0 ~]# ip netns exec snat-5d9d6fee-6652-4843-9f7c-54c11899d721 ip a
...
25: ha-555a9272-c9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether fa:16:3e:7d:cf:a0 brd ff:ff:ff:ff:ff:ff
inet 169.254.192.147/18 brd 169.254.255.255 scope global ha-555a9272-c9
valid_lft forever preferred_lft forever
inet 169.254.0.189/24 scope global ha-555a9272-c9
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe7d:cfa0/64 scope link
valid_lft forever preferred_lft forever
28: qg-d77e624d-87: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether fa:16:3e:a8:54:29 brd ff:ff:ff:ff:ff:ff
inet 10.136.17.172/20 scope global qg-d77e624d-87
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fea8:5429/64 scope link nodad
valid_lft forever preferred_lft forever
[root@dev0 ~]#
[root@dev0 ~]# openstack port delete 555a9272-c9df-4a05-9f08-752c91c5a4c9
[root@dev0 ~]# neutron l3-agent-list-hosting-router r1
neutron CLI is deprecated and will be removed in the Z cycle. Use openstack
CLI instead.
+--------------------------------------+------+----------------+-------+----------+
| id | host | admin_state_up | alive |
ha_state |
+--------------------------------------+------+----------------+-------+----------+
| 6fa92056-ca25-42e0-aee4-c4e744008239 | dev2 | True | :-) |
active |
| 8fbda128-dc9c-4b3b-be1b-bb3f11ad1447 | dev1 | True | :-) |
standby |
+--------------------------------------+------+----------------+-------+----------+
[root@dev0 ~]#
[root@dev0 ~]# ip netns exec snat-5d9d6fee-6652-4843-9f7c-54c11899d721 ip a s
qg-d77e624d-87
28: qg-d77e624d-87: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether fa:16:3e:a8:54:29 brd ff:ff:ff:ff:ff:ff
inet 10.136.17.172/20 scope global qg-d77e624d-87
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fea8:5429/64 scope link nodad
valid_lft forever preferred_lft forever
[root@dev0 ~]# ssh dev2 ip netns exec
snat-5d9d6fee-6652-4843-9f7c-54c11899d721 ip a s qg-d77e624d-87
28: qg-d77e624d-87: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default qlen 1000
link/ether fa:16:3e:a8:54:29 brd ff:ff:ff:ff:ff:ff
inet 10.136.17.172/20 scope global qg-d77e624d-87
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fea8:5429/64 scope link nodad
valid_lft forever preferred_lft forever
[root@dev0 ~]#
[root@dev0 ~]# arping -c 1 -I eth0 10.136.17.172
ARPING 10.136.17.172 from 10.136.20.188 eth0
Unicast reply from 10.136.17.172 [FA:16:3E:A8:54:29] 1.537ms
Unicast reply from 10.136.17.172 [FA:16:3E:A8:54:29] 2.383ms
Sent 1 probes (1 broadcast(s))
Received 2 response(s)
[root@dev0 ~]#
As you can see, after deleting the HA port, we got a doubling of the ARP
responses, which can lead to further problems in the roiting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2008270/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
