← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1190613] Re: when a port have multiple IP addresses the port cannot communicate

 

** Changed in: neutron/grizzly
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1190613

Title:
  when a port have multiple IP addresses the port cannot communicate

Status in OpenStack Neutron (virtual network service):
  Fix Released
Status in neutron grizzly series:
  Fix Released

Bug description:
  When a port have multiple IP addresses, iptables security group
  implementation drops all the packets from the port. As a result the
  port cannot communicate.

  The following rules is the cause. All IP packets match one of them and
  are dropped.

      0     0 DROP       all  --  *      *      !10.0.0.10            0.0.0.0/0
      0     0 DROP       all  --  *      *      !10.0.0.3             0.0.0.0/0

  We need to change the rule to accept packet with one of the addresses.
  However, iptables rule does not support AND condition with ! (not) operator,
  so we seem to need another chain to check multiple IP addresses. Hmm....

  ubuntu@ostack02:~/devstack (master)$ nova list
  +--------------------------------------+------+--------+------------+-------------+--------------------------+
  | ID                                   | Name | Status | Task State | Power State | Networks                 |
  +--------------------------------------+------+--------+------------+-------------+--------------------------+
  | bfd3cbc9-8bf7-4334-9fff-65e3d81dc28c | vm3  | ACTIVE | None       | Running     | net1=10.0.0.10, 10.0.0.3 |
  +--------------------------------------+------+--------+------------+-------------+--------------------------+

  ubuntu@ostack02:~/devstack (master)$ quantum port-show 3d6b255d-126b-4569-8cf0-c12d263dcd60
  +-----------------+----------------------------------------------------------------------------------+
  | Field           | Value                                                                            |
  +-----------------+----------------------------------------------------------------------------------+
  | admin_state_up  | True                                                                             |
  | device_id       | bfd3cbc9-8bf7-4334-9fff-65e3d81dc28c                                             |
  | device_owner    | compute:None                                                                     |
  | fixed_ips       | {"subnet_id": "df0395d8-1540-45aa-87c3-ad793949910b", "ip_address": "10.0.0.10"} |
  |                 | {"subnet_id": "df0395d8-1540-45aa-87c3-ad793949910b", "ip_address": "10.0.0.3"}  |
  | id              | 3d6b255d-126b-4569-8cf0-c12d263dcd60                                             |
  | mac_address     | fa:16:3e:6c:a3:8c                                                                |
  | name            |                                                                                  |
  | network_id      | 370c8404-7dd0-41f2-969e-2507b3006b18                                             |
  | security_groups | 69de8500-0c16-48c0-abb7-d6dcedfb05ab                                             |
  | status          | ACTIVE                                                                           |
  | tenant_id       | 86d9d4a34eb545358ca620d8193b2081                                                 |
  +-----------------+----------------------------------------------------------------------------------+

  Chain quantum-openvswi-o3d6b255d-1 (2 references)
   pkts bytes target     prot opt in     out     source               destination
      0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MAC ! FA:16:3E:6C:A3:8C
      0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:68 dpt:67
      0     0 DROP       all  --  *      *      !10.0.0.10            0.0.0.0/0
      0     0 DROP       all  --  *      *      !10.0.0.3             0.0.0.0/0
      0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
      0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
      0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
      0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
      0     0 quantum-openvswi-sg-fallback  all  --  *      *       0.0.0.0/0            0.0.0.0/0

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1190613/+subscriptions