yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1171493] Re: Running l3_agent with use_namespaces = False breaks metadata redirect

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1171493@xxxxxxxxxxxxxxxxxx>
Date: Wed, 22 Jan 2014 04:17:40 -0000
Reply-to: Bug 1171493 <1171493@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1171493

Title:
  Running l3_agent with use_namespaces = False breaks metadata redirect

Status in OpenStack Neutron (virtual network service):
  Expired

Bug description:
  When running l3_agent  with use_namespaces = False metadata packet is
  being caught by REDIRECT chain when packet is leaving VM and entering
  integration bridge:

  [  135.836085] IN=brqf5bc3660-f7 OUT= PHYSIN=tap8522d105-2c
  MAC=fa:16:3e:03:61:81:fa:16:3e:ef:05:8c:08:00 SRC=10.10.134.19
  DST=169.254.169.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54771 DF
  PROTO=TCP SPT=39601 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0

  REDIRECT target will not work as it's unable to get local address
  (ifa_local).

  This is wrong because REDIRECT should happen when packet is entering
  veth interface to be able to grab local interface address.  Below you
  can see iptables log with use_namespaces = True:

  [  410.802534] IN=qr-3e74d5f4-cc OUT=
  MAC=fa:16:3e:03:61:81:fa:16:3e:ef:05:8c:08:00 SRC=10.10.134.19
  DST=169.254.169.254 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=46239 DF
  PROTO=TCP SPT=45881 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0

  I believe we should switch back to old solution with DNAT.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1171493/+subscriptions