Reviewed: https://review.opendev.org/746336
Committed:
https://git.openstack.org/cgit/openstack/neutron/commit/?id=5eca44bfa850e6e75c9974ae7711b87764628253
Submitter: Zuul
Branch: master
commit 5eca44bfa850e6e75c9974ae7711b87764628253
Author: Edward Hope-Morley <edward.hope-mor...@canonical.com>
Date: Fri Aug 14 17:44:54 2020 +0100
Ensure fip ip rules deleted when fip removed
The information needed to delete ip rules associated
with fips is held in memory between add and remove so
a restart of the l3-agent results in any fips that
existed before the restart having their ip rules
persist after the fips are removed. This patch
enures that an agent restart reloads this information
so that ip rules associated with a fip are correctly
removed when the fip is removed.
Change-Id: If656a703c996ccc7719b1b09d793c5bbdfd6f3c1
Closes-Bug: #1891673
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1891673
Title:
qrouter ns ip rules not deleted when fip removed from vm
Status in Ubuntu Cloud Archive:
New
Status in Ubuntu Cloud Archive queens series:
New
Status in Ubuntu Cloud Archive rocky series:
New
Status in Ubuntu Cloud Archive stein series:
New
Status in Ubuntu Cloud Archive train series:
New
Status in Ubuntu Cloud Archive ussuri series:
New
Status in Ubuntu Cloud Archive victoria series:
New
Status in neutron:
Fix Released
Bug description:
With Bionic Stein using dvr_snat if I add a floating ip to a vm then
remove the floating ip, the corresponding ip rules in the associated
qrouter ns local to the instance are not deleted which results in no
longer being able to reach the external network because packets are
still sent to the fip namespace (via rfp-/fpr-) e.g. in my compute
host running a vm whose address is 192.168.21.28 for which i have
removed the fip I still see:
# ip netns exec qrouter-5e45608f-33d4-41bf-b3ba-915adf612e65 ip rule list
0: from all lookup local
32765: from 192.168.21.28 lookup 16
32766: from all lookup main
32767: from all lookup default
3232240897: from 192.168.21.1/24 lookup 3232240897
3232241231: from 192.168.22.79/24 lookup 3232241231
And table 16 leads to:
# ip netns exec qrouter-5e45608f-33d4-41bf-b3ba-915adf612e65 ip route show
table 16
default via 169.254.109.249 dev rfp-5e45608f-3
Which results in the instance no longer being able to reach the
external network (packets are never sent to the snat- ns in my case).
The workaround is to delete that ip rule but neutron should be taking
care of this. Looks like the culprit is in
neutron/agent/l3/dvr_local_router.py:floating_ip_removed_dist
Note that the NAT rules were successfully removed from iptables so
looks like it is just this bit that is left behind.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1891673/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
