yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1180463] Re: Grizzly l3-agent : Quantum router do not pick external network as it's default gateway

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Mark McClain <1180463@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 May 2013 20:36:52 -0000
Reply-to: Bug 1180463 <1180463@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: quantum
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to quantum.
https://bugs.launchpad.net/bugs/1180463

Title:
   Grizzly l3-agent : Quantum router do not pick external network as
  it's default gateway

Status in OpenStack Quantum (virtual network service):
  Invalid

Bug description:
  Quantum router do not have a "default gateway" even if its external network was created with "--gateway a.b.c.d" parameter. So, this will cause VMs to not have access to internet.
  How to reproduce the bug:
   - Two physical hosts each with two NICs running on CentOS 6.4: 
             * one as a controller running all openstack deamons except quantum-dhcp-agent
             * the other one is a compute node + quantum-dhcp-agent
    - One network card is used for VMs traffic. The other one is used as management network and public network at the same time.
   - run the following command :
      * quantum net-create private
      * quantum subnet-create private 10.0.0.0/8
      * quantum net-create public --router:external=True --provider:network-type flat  --provider:physical_network physnet2
      * quantum subnet-create public --gateway 192.168.224.254 --allocation-pool start=192.168.224.224,end=192.168.224.230 --disable-dhcp 192.168.224.0/24

  Expected behaviour : Quantum router pick  192.168.224.254 as its
  default gateway, so every packet heading networks not attached to the
  router have to pass through its external interface (in this case the
  one with IP address 192.168.224.224). Which will force these packets
  to pass through SNAT rules.

  Found behaviour : when packets are headed to networks  which are not attached to quantum router, the rule in quantum-l3-agent-POSTROUTING, will accept and forward them without SNAT.
  Here is a part of my nat table:

  Chain quantum-l3-agent-POSTROUTING (1 references)
  target     prot opt in     out     source               destination         
  ACCEPT     all  --  !qg-65cb8652-6c !qg-65cb8652-6c  0.0.0.0/0            0.0.0.0/0           ! ctstate DNAT 

  Chain quantum-l3-agent-PREROUTING (1 references)
  target     prot opt in     out     source               destination         
  REDIRECT   tcp  --  *      *       0.0.0.0/0            169.254.169.254     tcp dpt:80 redir ports 9697 

  Chain quantum-l3-agent-float-snat (1 references)
  target     prot opt in     out     source               destination         

  Chain quantum-l3-agent-snat (1 references)
  target     prot opt in     out     source               destination         
  quantum-l3-agent-float-snat  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  SNAT       all  --  *      *       10.0.0.0/8         0.0.0.0/0           to:192.168.224.224

To manage notifications about this bug go to:
https://bugs.launchpad.net/quantum/+bug/1180463/+subscriptions