yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #00307
[Bug 1092762] Re: Rapidly removing a floating ip can leave behind nat rules
** Changed in: nova/folsom
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1092762
Title:
Rapidly removing a floating ip can leave behind nat rules
Status in OpenStack Compute (Nova):
Fix Released
Status in OpenStack Compute (nova) folsom series:
Fix Released
Bug description:
Associating and disassociating a floating ip very rapidly can lead to
iptables rules being left behind. This is because due to lag in the
api host or network host that passes along the request, the removal of
iptables rules can hit before the addition of rules.
example:
$ nova list
+--------------------------------------+------+--------+------------------+
| ID | Name | Status | Networks |
+--------------------------------------+------+--------+------------------+
| e2212fd7-227d-447f-aea1-71e4c682765a | foo1 | ACTIVE | private=10.0.0.3 |
+--------------------------------------+------+--------+------------------+
$ (nova add-floating-ip foo1 10.0.0.201 &); sleep 1.0; (nova remove-
floating-ip foo1 10.0.0.201 &);
$ nova list
+--------------------------------------+------+--------+------------------+
| ID | Name | Status | Networks |
+--------------------------------------+------+--------+------------------+
| e2212fd7-227d-447f-aea1-71e4c682765a | foo1 | ACTIVE | private=10.0.0.3 |
+--------------------------------------+------+--------+------------------+
<on host with foo1>
$ sudo iptables -t nat -L -n -v | grep 10.0.0.3
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.201 to:10.0.0.3
0 0 DNAT all -- * * 0.0.0.0/0 10.0.0.201 to:10.0.0.3
0 0 SNAT all -- * ext0 10.0.0.3 0.0.0.0/0 to:10.0.0.201
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1092762/+subscriptions
