yahoo-eng-team team mailing list archive

[Sean Dague <sean@xxxxxxxxx>]

*** This bug is a duplicate of bug 1318104 ***
    https://bugs.launchpad.net/bugs/1318104

** This bug has been marked a duplicate of bug 1318104
   dhcp isolation via iptables does not work

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1415592

Title:
  Instance DHCP Request are Sometimes Answered by Remote Dnsmasq

Status in OpenStack Compute (nova):
  Confirmed

Bug description:
  When an instance sends out a DHCPDISCOVER or DHCPREQUEST, it sometimes
  leaves the compute node and gets answered by Dnsmasq running on
  another compute node. The remote Dnsmasq will always respond with
  "DHCPNAK no address available" (to DHCPDISCOVER) or "DHCPNAK address
  not available" (to DHCPREQUEST), because it doesn't have an entry for
  that instance in its config file.

  Syslog:
  Jan 28 15:31:04 xxxxx dnsmasq-dhcp[10454]: DHCPREQUEST(brxxx) 192.168.0.x 12:34:56:78:90:ab
  Jan 28 15:31:04 xxxxx dnsmasq-dhcp[10454]: DHCPNAK(brxxx) 192.168.0.x 12:34:56:78:90:ab address not available

  Expected Behaviour:
  According to blueprint (https://review.openstack.org/#/c/16578/), when share_dhcp_address is set to true, the dhcp messages should be firewalled using iptables and ebtables

  Environment:
  - Icehouse 2014.1.3
  - Ubuntu 14.04
  - Multihost mode
  - Multiple compute nodes
  - nova-network Vlan-Manager
  - dnsmasq version 2.68
  - nova-compute and nova-network run on the same node (other services run on other nodes)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1415592/+subscriptions