yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #28838
[Bug 1425887] Re: Setting 'enable_snat' be false does not work in DVR
Presence of the SNAT namespace is not a bug because the port that
provides connectivity to the external network resides in the SNAT
namespace. If you check, even for a legacy router with "enable_snat":
false a qg interface is created on the external network. Similarly for
the DVR such a port is to be created in the SNAT namespace. So presence
of the SNAT namespace is not a defect.
I will mark it as invalid if permitted.
** Changed in: neutron
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1425887
Title:
Setting 'enable_snat' be false does not work in DVR
Status in OpenStack Neutron (virtual network service):
Invalid
Bug description:
I create a DVR with 'enable_snat' false, but the snat namespace also
is create on 'dvr_snat' node:
root@shz-vpn02:/var/log/neutron# neutron router-list
+--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id | name | external_gateway_info | distributed | ha |
+--------------------------------------+------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 2a3b6825-0bff-46d9-aea9-535176e78387 | dvr | {"network_id": "dbed9af5-528b-4aec-b22f-d0ad8c346e02", "enable_snat": false, "external_fixed_ips": [{"subnet_id": "63705be9-d3db-4159-9e49-fd7e35b9c893", "ip_address": "172.24.4.99"}]} | True | False |
in 'dvr_snat' node, the snat-xxx is created, but the snat rule does
not add, so I think the snat namespace does not be created:
root@shz-vpn01:/var/log/neutron# ip netns list
snat-2a3b6825-0bff-46d9-aea9-535176e78387
qrouter-2a3b6825-0bff-46d9-aea9-535176e78387
root@shz-vpn01:/var/log/neutron# ip netns exec qrouter-2a3b6825-0bff-46d9-aea9-535176e78387 iptables-save -t nat
# Generated by iptables-save v1.4.21 on Thu Feb 26 10:30:32 2015
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:neutron-l3-agent-OUTPUT - [0:0]
:neutron-l3-agent-POSTROUTING - [0:0]
:neutron-l3-agent-PREROUTING - [0:0]
:neutron-l3-agent-float-snat - [0:0]
:neutron-l3-agent-snat - [0:0]
:neutron-postrouting-bottom - [0:0]
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
COMMIT
# Completed on Thu Feb 26 10:30:32 2015
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1425887/+subscriptions
References