[Expired for neutron because there has been no activity for 60 days.] ** Changed in: neutron Status: Incomplete => Expired
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1171493 Title: Running l3_agent with use_namespaces = False breaks metadata redirect Status in OpenStack Neutron (virtual network service): Expired Bug description: When running l3_agent with use_namespaces = False metadata packet is being caught by REDIRECT chain when packet is leaving VM and entering integration bridge: [ 135.836085] IN=brqf5bc3660-f7 OUT= PHYSIN=tap8522d105-2c MAC=fa:16:3e:03:61:81:fa:16:3e:ef:05:8c:08:00 SRC=10.10.134.19 DST=169.254.169.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54771 DF PROTO=TCP SPT=39601 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 REDIRECT target will not work as it's unable to get local address (ifa_local). This is wrong because REDIRECT should happen when packet is entering veth interface to be able to grab local interface address. Below you can see iptables log with use_namespaces = True: [ 410.802534] IN=qr-3e74d5f4-cc OUT= MAC=fa:16:3e:03:61:81:fa:16:3e:ef:05:8c:08:00 SRC=10.10.134.19 DST=169.254.169.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46239 DF PROTO=TCP SPT=45881 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 I believe we should switch back to old solution with DNAT. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1171493/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp