Public bug reported: I create a DVR with 'enable_snat' false, but the snat namespace also is create on 'dvr_snat' node:
root@shz-vpn02:/var/log/neutron# neutron router-list +--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | 2a3b6825-0bff-46d9-aea9-535176e78387 | dvr | {"network_id": "dbed9af5-528b-4aec-b22f-d0ad8c346e02", "enable_snat": false, "external_fixed_ips": [{"subnet_id": "63705be9-d3db-4159-9e49-fd7e35b9c893", "ip_address": "172.24.4.99"}]} | True | False | in 'dvr_snat' node, the snat-xxx is created, but the snat rule does not add, so I think the snat namespace does not be created: root@shz-vpn01:/var/log/neutron# ip netns list snat-2a3b6825-0bff-46d9-aea9-535176e78387 qrouter-2a3b6825-0bff-46d9-aea9-535176e78387 root@shz-vpn01:/var/log/neutron# ip netns exec qrouter-2a3b6825-0bff-46d9-aea9-535176e78387 iptables-save -t nat # Generated by iptables-save v1.4.21 on Thu Feb 26 10:30:32 2015 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :neutron-l3-agent-OUTPUT - [0:0] :neutron-l3-agent-POSTROUTING - [0:0] :neutron-l3-agent-PREROUTING - [0:0] :neutron-l3-agent-float-snat - [0:0] :neutron-l3-agent-snat - [0:0] :neutron-postrouting-bottom - [0:0] -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat COMMIT # Completed on Thu Feb 26 10:30:32 2015 ** Affects: neutron Importance: Undecided Assignee: shihanzhang (shihanzhang) Status: New ** Changed in: neutron Assignee: (unassigned) => shihanzhang (shihanzhang) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1425887 Title: Setting 'enable_snat' be false does not work in DVR Status in OpenStack Neutron (virtual network service): New Bug description: I create a DVR with 'enable_snat' false, but the snat namespace also is create on 'dvr_snat' node: root@shz-vpn02:/var/log/neutron# neutron router-list +--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | 2a3b6825-0bff-46d9-aea9-535176e78387 | dvr | {"network_id": "dbed9af5-528b-4aec-b22f-d0ad8c346e02", "enable_snat": false, "external_fixed_ips": [{"subnet_id": "63705be9-d3db-4159-9e49-fd7e35b9c893", "ip_address": "172.24.4.99"}]} | True | False | in 'dvr_snat' node, the snat-xxx is created, but the snat rule does not add, so I think the snat namespace does not be created: root@shz-vpn01:/var/log/neutron# ip netns list snat-2a3b6825-0bff-46d9-aea9-535176e78387 qrouter-2a3b6825-0bff-46d9-aea9-535176e78387 root@shz-vpn01:/var/log/neutron# ip netns exec qrouter-2a3b6825-0bff-46d9-aea9-535176e78387 iptables-save -t nat # Generated by iptables-save v1.4.21 on Thu Feb 26 10:30:32 2015 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :neutron-l3-agent-OUTPUT - [0:0] :neutron-l3-agent-POSTROUTING - [0:0] :neutron-l3-agent-PREROUTING - [0:0] :neutron-l3-agent-float-snat - [0:0] :neutron-l3-agent-snat - [0:0] :neutron-postrouting-bottom - [0:0] -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat COMMIT # Completed on Thu Feb 26 10:30:32 2015 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1425887/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp