yahoo-eng-team team mailing list archive

[OpenStack Infra <1544508@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/279433
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=5d2d1120fcdcd5977d3c760ac1520a841048d456
Submitter: Jenkins
Branch:    master

commit 5d2d1120fcdcd5977d3c760ac1520a841048d456
Author: Dmitry Sutyagin <dsutyagin@xxxxxxxxxxxx>
Date:   Fri Feb 12 12:18:14 2016 +0300

    Switches metering agent to stateless iptables
    
    If state_less parameter is not specified then
    neutron-postrouting-bottom rule goes up in POSTROUTING
    chain, which causes premature NATing of traffic,
    for ex. traffic between internal networks becomes NATed.
    
    Closes-Bug: 1544508
    Co-Authored-By: Sergey Belous <sbelous@xxxxxxxxxxxx>
    Change-Id: I2e0011237d50a59d417cfee01dcd5f9d0da2e7f5


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1544508

Title:
  neutron-meter-agent - makes traffic between internal networks NATed

Status in neutron:
  Fix Released

Bug description:
  If neutron-meter-agent is installed and enabled, and a meter-label is
  created, all traffic between internal networks becomes NATed, which is
  unexpected and potentially causes firewall/routing issues. This
  happens because meter-agent does not define stateless flag during
  iptables initialization which later during _modify_rules in
  agent/linux/iptables_manager.py results in moving the following rules:

  before:
  -A POSTROUTING -j neutron-l3-agent-POSTROUTING
  -A POSTROUTING -j neutron-postrouting-bottom

  after:
  -A POSTROUTING -j neutron-postrouting-bottom
  -A POSTROUTING -j neutron-l3-agent-POSTROUTING

  The attached patch fixes the issue by setting "state_less=True" for
  metering agent's iptables_manager.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1544508/+subscriptions