remote_ip_prefix of metering label rule is unclear and should be updated. According to the discussion in the review in neutron, for egress direction, remote_ip_prefix is a destination IP address or ranges and for ingress direction, it means a source IP (range).
** Also affects: openstack-api-site Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1528137 Title: creating meter label rule doesn't work properly Status in neutron: In Progress Status in openstack-api-site: New Bug description: Created rule by the following API counts packets between a router which connects to external network and the connection destination device. API: POST /v2.0/metering/metering-label-rules When outbound traffic of external router, destination should be remote_ip, and when inbound traffic, sender should be remote_ip. But it has become actually reversed. Because option for creating the iptables rule is reversed. code: https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176 I'll show you an example that created the meter label rule the remote_ip is set to 192.168.0.0/16. [Actual results] $ neutron meter-label-create test-label --tenant-id 2a023bd32f014e44b60b591cbd151514 Created a new metering_label: +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | description | | | id | d35d0464-f872-43c7-8dd8-850657da59ef | | name | test-label | | shared | False | | tenant_id | 2a023bd32f014e44b60b591cbd151514 | +-------------+--------------------------------------+ $ neutron meter-label-create test-label2 --tenant-id 2a023bd32f014e44b60b591cbd151514 Created a new metering_label: +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | description | | | id | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f | | name | test-label2 | | shared | False | | tenant_id | 2a023bd32f014e44b60b591cbd151514 | +-------------+--------------------------------------+ $ neutron meter-label-rule-create --tenant-id 2a023bd32f014e44b60b591cbd151514 --direction egress d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16 $ neutron meter-label-rule-create --tenant-id 2a023bd32f014e44b60b591cbd151514 --direction ingress 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16 $ neutron meter-label-rule-list +--------------------------------------+----------+-----------+------------------+ | id | excluded | direction | remote_ip_prefix | +--------------------------------------+----------+-----------+------------------+ | 3e426537-61f4-44ac-a67a-e66ce26dc11b | False | egress | 192.168.0.0/16 | | 4d669406-173c-4eea-af21-00430719cbfa | False | ingress | 192.168.0.0/16 | +--------------------------------------+----------+-----------+------------------+ $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables-save ... -A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043 -A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87 ... [The expected iptables rules] -A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043 -A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87 [Examples of required packet is not counted] ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3 PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data. 64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms 64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms 64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms --- 192.168.0.3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t filter -L neutron-meter-l-d35d0464-f87 -n -v -x Chain neutron-meter-l-d35d0464-f87 (2 references) pkts bytes target prot opt in out source destination 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1528137/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp