yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #43723
[Bug 1528137] Re: creating meter label rule doesn't work properly
remote_ip_prefix of metering label rule is unclear and should be
updated.
According to the discussion in the review in neutron,
for egress direction, remote_ip_prefix is a destination IP address or ranges
and for ingress direction, it means a source IP (range).
** Also affects: openstack-api-site
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1528137
Title:
creating meter label rule doesn't work properly
Status in neutron:
In Progress
Status in openstack-api-site:
New
Bug description:
Created rule by the following API counts packets between a router
which connects to external network and the connection destination
device.
API: POST /v2.0/metering/metering-label-rules
When outbound traffic of external router, destination should be
remote_ip, and when inbound traffic, sender should be remote_ip. But
it has become actually reversed.
Because option for creating the iptables rule is reversed.
code:
https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176
I'll show you an example that created the meter label rule the
remote_ip is set to 192.168.0.0/16.
[Actual results]
$ neutron meter-label-create test-label --tenant-id 2a023bd32f014e44b60b591cbd151514
Created a new metering_label:
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | |
| id | d35d0464-f872-43c7-8dd8-850657da59ef |
| name | test-label |
| shared | False |
| tenant_id | 2a023bd32f014e44b60b591cbd151514 |
+-------------+--------------------------------------+
$ neutron meter-label-create test-label2 --tenant-id 2a023bd32f014e44b60b591cbd151514
Created a new metering_label:
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | |
| id | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f |
| name | test-label2 |
| shared | False |
| tenant_id | 2a023bd32f014e44b60b591cbd151514 |
+-------------+--------------------------------------+
$ neutron meter-label-rule-create --tenant-id 2a023bd32f014e44b60b591cbd151514 --direction egress d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16
$ neutron meter-label-rule-create --tenant-id
2a023bd32f014e44b60b591cbd151514 --direction ingress
61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16
$ neutron meter-label-rule-list
+--------------------------------------+----------+-----------+------------------+
| id | excluded | direction | remote_ip_prefix |
+--------------------------------------+----------+-----------+------------------+
| 3e426537-61f4-44ac-a67a-e66ce26dc11b | False | egress | 192.168.0.0/16 |
| 4d669406-173c-4eea-af21-00430719cbfa | False | ingress | 192.168.0.0/16 |
+--------------------------------------+----------+-----------+------------------+
$ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables-save
...
-A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
-A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87
...
[The expected iptables rules]
-A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
-A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87
[Examples of required packet is not counted]
ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms
--- 192.168.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms
$ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t filter -L neutron-meter-l-d35d0464-f87 -n -v -x
Chain neutron-meter-l-d35d0464-f87 (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1528137/+subscriptions
References