** Description changed: [Impact] See original bug desription but in short commit b3a42cddc5 removed all the arp management code in favour of using the arp_reponder but missed the fact that DVR floating ips don't use the arp_responder. As a result it was possible to end up with permanent arp entries in qrouter namespaces such that if you created a new port with the same IP as that of a previous port for which there is an arp entry, associating a fip with that port would never be accessible until that arp entry was manually deleted. This patch adds the reverted code back in. [Test Plan] - * deploy Openstack Ussuri - * create port P1 with address A1 and create vm on node C1 with this port - * associate floating ip with P1 and ping it - * observe REACHABLE or PERMANENT arp entry for A1 in qrouter arp cache - * delete vm and port - * ensure arp entry for A1 in qrouter arp cache is deleted - * create port P2 with address A1 and create vm on node C1 with this port - * associate floating ip with P2 and ping it + * deploy Openstack Train/Ussuri/Victoria + * create port P1 with address A1 and create vm on node C1 with this port + * associate floating ip with P1 and ping it + * observe REACHABLE or PERMANENT arp entry for A1 in qrouter arp cache + * delete vm and port + * ensure arp entry for A1 in qrouter arp cache is deleted + * create port P2 with address A1 and create vm on node C1 with this port + * associate floating ip with P2 and ping it [Where problems could occur] No problems anticipated from re-introducing this code. Of course this code uses RPC notifications and as a result will incur some extra amqp load but is not anticipated to be a problem and it was not considered a problem when the code existed prior to removal. -------------------------------------------------------------------------- With Openstack Ussuri using dvr-snat I do the following: - * create port P1 with address A1 and create vm on node C1 with this port - * associate floating ip with P1 and ping it - * observe REACHABLE arp entry for A1 in qrouter arp cache - * so far so good - * restart the neutron-l3-agent - * observe REACHABLE arp entry for A1 is now PERMANENT - * delete vm and port - * create port P2 with address A1 and create vm on node C1 with this port - * vm is unreachable since arp cache contains PERMANENT entry for old port P1 mac/ip combo + * create port P1 with address A1 and create vm on node C1 with this port + * associate floating ip with P1 and ping it + * observe REACHABLE arp entry for A1 in qrouter arp cache + * so far so good + * restart the neutron-l3-agent + * observe REACHABLE arp entry for A1 is now PERMANENT + * delete vm and port + * create port P2 with address A1 and create vm on node C1 with this port + * vm is unreachable since arp cache contains PERMANENT entry for old port P1 mac/ip combo If I don't restart the l3-agent, once I have deleted the port it's arp entry does REACHABLE -> STALE and will either be replaced or timeout as expected but once it is set to PERMANENT it will never disappear which means any future use of that ip address (by a port with a different mac) will not work until that entry is manually deleted.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1916761 Title: [dvr] bound port permanent arp entries never deleted To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1916761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
