← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1528137] Re: creating meter label rule doesn't work properly

 

remote_ip_prefix of metering label rule is unclear and should be
updated.

According to the discussion in the review in neutron,
for egress direction, remote_ip_prefix is a destination IP address or ranges
and for ingress direction, it means a source IP (range).

** Also affects: openstack-api-site
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1528137

Title:
  creating meter label rule doesn't work properly

Status in neutron:
  In Progress
Status in openstack-api-site:
  New

Bug description:
  Created rule by the following API counts packets between a router
  which connects to external network and the connection destination
  device.

    API: POST /v2.0/metering/metering-label-rules

  When outbound traffic of external router, destination should be
  remote_ip, and when inbound traffic, sender should be remote_ip. But
  it has become actually reversed.

  Because option for creating the iptables rule is reversed.

    code:
  https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176

  I'll show you an example that created the meter label rule the
  remote_ip is set to 192.168.0.0/16.

  
  [Actual results]

  $ neutron meter-label-create test-label --tenant-id 2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-------------+--------------------------------------+
  | Field       | Value                                |
  +-------------+--------------------------------------+
  | description |                                      |
  | id          | d35d0464-f872-43c7-8dd8-850657da59ef |
  | name        | test-label                           |
  | shared      | False                                |
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514     |
  +-------------+--------------------------------------+
  $ neutron meter-label-create test-label2 --tenant-id 2a023bd32f014e44b60b591cbd151514
  Created a new metering_label:
  +-------------+--------------------------------------+
  | Field       | Value                                |
  +-------------+--------------------------------------+
  | description |                                      |
  | id          | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f |
  | name        | test-label2                          |
  | shared      | False                                |
  | tenant_id   | 2a023bd32f014e44b60b591cbd151514     |
  +-------------+--------------------------------------+
  $ neutron meter-label-rule-create --tenant-id 2a023bd32f014e44b60b591cbd151514 --direction egress d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16

  $ neutron meter-label-rule-create --tenant-id
  2a023bd32f014e44b60b591cbd151514 --direction ingress
  61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16

  $ neutron meter-label-rule-list
  +--------------------------------------+----------+-----------+------------------+
  | id                                   | excluded | direction | remote_ip_prefix |
  +--------------------------------------+----------+-----------+------------------+
  | 3e426537-61f4-44ac-a67a-e66ce26dc11b | False    | egress    | 192.168.0.0/16   |
  | 4d669406-173c-4eea-af21-00430719cbfa | False    | ingress   | 192.168.0.0/16   |
  +--------------------------------------+----------+-----------+------------------+

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables-save
  ...
  -A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87
  ...

  
   [The expected iptables rules]

  -A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
  -A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87

  
  [Examples of required packet is not counted]

  ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3
  PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
  64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
  64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
  64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms

  --- 192.168.0.3 ping statistics ---
  3 packets transmitted, 3 received, 0% packet loss, time 2000ms
  rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms

  $ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t filter -L neutron-meter-l-d35d0464-f87 -n -v -x
  Chain neutron-meter-l-d35d0464-f87 (2 references)
      pkts      bytes target     prot opt in     out     source               destination
         0        0            all  --  *      *       0.0.0.0/0            0.0.0.0/0

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1528137/+subscriptions


References