yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #44132
[Bug 1528137] Re: creating meter label rule doesn't work properly
Reviewed: https://review.openstack.org/260323
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6659a935589bf0e4ab57616c256b94f77d2ef107
Submitter: Jenkins
Branch: master
commit 6659a935589bf0e4ab57616c256b94f77d2ef107
Author: Yu Fukuyama <fukuyama-yu@xxxxxxxxx>
Date: Tue Dec 22 05:17:30 2015 +0000
Fix meter label rule creation
In the case of outbound traffic, set remote_ip to dst.
In the case of inbound traffic, set remote_ip to src.
Change-Id: I7f27b93efa67baf3efccaa94f6a1337d6886e230
Closes-Bug: #1528137
DocImpact: Clarify remote_ip_prefix description of metering label rule in API site
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1528137
Title:
creating meter label rule doesn't work properly
Status in neutron:
Fix Released
Bug description:
Created rule by the following API counts packets between a router
which connects to external network and the connection destination
device.
API: POST /v2.0/metering/metering-label-rules
When outbound traffic of external router, destination should be
remote_ip, and when inbound traffic, sender should be remote_ip. But
it has become actually reversed.
Because option for creating the iptables rule is reversed.
code:
https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/iptables/iptables_driver.py#L176
I'll show you an example that created the meter label rule the
remote_ip is set to 192.168.0.0/16.
[Actual results]
$ neutron meter-label-create test-label --tenant-id 2a023bd32f014e44b60b591cbd151514
Created a new metering_label:
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | |
| id | d35d0464-f872-43c7-8dd8-850657da59ef |
| name | test-label |
| shared | False |
| tenant_id | 2a023bd32f014e44b60b591cbd151514 |
+-------------+--------------------------------------+
$ neutron meter-label-create test-label2 --tenant-id 2a023bd32f014e44b60b591cbd151514
Created a new metering_label:
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | |
| id | 61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f |
| name | test-label2 |
| shared | False |
| tenant_id | 2a023bd32f014e44b60b591cbd151514 |
+-------------+--------------------------------------+
$ neutron meter-label-rule-create --tenant-id 2a023bd32f014e44b60b591cbd151514 --direction egress d35d0464-f872-43c7-8dd8-850657da59ef 192.168.0.0/16
$ neutron meter-label-rule-create --tenant-id
2a023bd32f014e44b60b591cbd151514 --direction ingress
61c344ce-0438-4cd3-bbd8-a4d5e0dbce6f 192.168.0.0/16
$ neutron meter-label-rule-list
+--------------------------------------+----------+-----------+------------------+
| id | excluded | direction | remote_ip_prefix |
+--------------------------------------+----------+-----------+------------------+
| 3e426537-61f4-44ac-a67a-e66ce26dc11b | False | egress | 192.168.0.0/16 |
| 4d669406-173c-4eea-af21-00430719cbfa | False | ingress | 192.168.0.0/16 |
+--------------------------------------+----------+-----------+------------------+
$ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables-save
...
-A neutron-meter-r-61c344ce-043 -d 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
-A neutron-meter-r-d35d0464-f87 -s 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87
...
[The expected iptables rules]
-A neutron-meter-r-61c344ce-043 -s 192.168.0.0/16 -i qg-708e8abf-bc -j neutron-meter-l-61c344ce-043
-A neutron-meter-r-d35d0464-f87 -d 192.168.0.0/16 -o qg-708e8abf-bc -j neutron-meter-l-d35d0464-f87
[Examples of required packet is not counted]
ubuntu@test-vm(10.0.0.3):~$ ping 192.168.0.3 -c 3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms
--- 192.168.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.618/0.801/1.133/0.235 ms
$ sudo ip netns exec qrouter-b72b789e-8ca9-465e-a2d1-98f725a7042f iptables -t filter -L neutron-meter-l-d35d0464-f87 -n -v -x
Chain neutron-meter-l-d35d0464-f87 (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1528137/+subscriptions
References