← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1528137] [NEW] creating meter label rule doesn't work properly

 

Public bug reported:

Created rule by the following API counts packets between a router which
connects to external network and the connection destination device.

  API: POST /v2.0/metering/metering-label-rules

When outbound traffic of external router, destination should be
remote_ip, and when inbound traffic, sender should be remote_ip. But it
has become actually reversed.

Because option for creating the iptables rule is reversed.

  code:
https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176

I'll show you an example that created the meter label rule the remote_ip
is set to 192.168.0.0/16.


[Actual results]

$ neutron meter-label-create test-label --tenant-id 2a023bd32f014e44b60b591cbd151514
Created a new metering_label:
+-------------+--------------------------------------+
| Field       | Value                                |
+-------------+--------------------------------------+
| description |                                      |
| id          | d35d0464-f872-43c7-8dd8-850657da59ef |
| name        | test-label                           |
| shared      | False                                |
| tenant_id   | 2a023bd32f014e44b60b591cbd151514     |
+-------------+--------------------------------------+
$ neutron meter-label-create test-label2 --tenant-id 2a023bd32f014e44b60b591cbd151514
Created a new metering_label:
+-------------+--------------------------------------+
| Field       | Value                                |
+-------------+--------------------------------------+
| description |                                      |
| id          | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f |
| name        | test-label2                          |
| shared      | False                                |
| tenant_id   | 2a023bd32f014e44b60b591cbd151514     |
+-------------+--------------------------------------+
$ neutron meter-label-rule-create --tenant-id 2a023bd32f014e44b60b591cbd151514 --direction egress d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16

$ neutron meter-label-rule-create --tenant-id
2a023bd32f014e44b60b591cbd151514 --direction ingress
61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16

$ neutron meter-label-rule-list
+--------------------------------------+----------+-----------+------------------+
| id                                   | excluded | direction | remote_ip_prefix |
+--------------------------------------+----------+-----------+------------------+
| 3e426537-61f4-44ac-a67a-e66ce26dc11b | False    | egress    | 192.168.0.0/16   |
| 4d669406-173c-4eea-af21-00430719cbfa | False    | ingress   | 192.168.0.0/16   |
+--------------------------------------+----------+-----------+------------------+

$ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables-save
...
-A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
-A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87
...


 [The expected iptables rules]

-A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
-A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87


[Examples of required packet is not counted]

ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms

--- 192.168.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms

$ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t filter -L neutron-meter-l-d35d0464-f87 -n -v -x
Chain neutron-meter-l-d35d0464-f87 (2 references)
    pkts      bytes target     prot opt in     out     source               destination
       0        0            all  --  *      *       0.0.0.0/0            0.0.0.0/0

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1528137

Title:
  creating meter label rule doesn't work properly

Status in neutron:
  New

Bug description:
  Created rule by the following API counts packets between a router
  which connects to external network and the connection destination
  device.

    API: POST /v2.0/metering/metering-label-rules

  When outbound traffic of external router, destination should be
  remote_ip, and when inbound traffic, sender should be remote_ip. But
  it has become actually reversed.

  Because option for creating the iptables rule is reversed.

    code:
  https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176

  I'll show you an example that created the meter label rule the
  remote_ip is set to 192.168.0.0/16.

  
  [Actual results]

  $ neutron meter-label-create test-label --tenant-id 2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-------------+--------------------------------------+
  | Field       | Value                                |
  +-------------+--------------------------------------+
  | description |                                      |
  | id          | d35d0464-f872-43c7-8dd8-850657da59ef |
  | name        | test-label                           |
  | shared      | False                                |
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514     |
  +-------------+--------------------------------------+
  $ neutron meter-label-create test-label2 --tenant-id 2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-------------+--------------------------------------+
  | Field       | Value                                |
  +-------------+--------------------------------------+
  | description |                                      |
  | id          | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f |
  | name        | test-label2                          |
  | shared      | False                                |
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514     |
  +-------------+--------------------------------------+
  $ neutron meter-label-rule-create --tenant-id 2a023bd32f014e44b60b591cbd151514 --direction egress d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16

  $ neutron meter-label-rule-create --tenant-id
  2a023bd32f014e44b60b591cbd151514 --direction ingress
  61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16

  $ neutron meter-label-rule-list
  +--------------------------------------+----------+-----------+------------------+
  | id                                   | excluded | direction | remote_ip_prefix |
  +--------------------------------------+----------+-----------+------------------+
  | 3e426537-61f4-44ac-a67a-e66ce26dc11b | False    | egress    | 192.168.0.0/16   |
  | 4d669406-173c-4eea-af21-00430719cbfa | False    | ingress   | 192.168.0.0/16   |
  +--------------------------------------+----------+-----------+------------------+

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables-save
  ...
  -A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87
  ...

  
   [The expected iptables rules]

  -A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87

  
  [Examples of required packet is not counted]

  ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3
  PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
  64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
  64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
  64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms

  --- 192.168.0.3 ping statistics ---
  3 packets transmitted, 3 received, 0% packet loss, time 2000ms
  rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t filter -L neutron-meter-l-d35d0464-f87 -n -v -x
  Chain neutron-meter-l-d35d0464-f87 (2 references)
      pkts      bytes target     prot opt in     out     source               destination
         0        0            all  --  *      *       0.0.0.0/0            0.0.0.0/0

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1528137/+subscriptions


Follow ups