yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #54458
[Bug 1608400] [NEW] Neutron should not add ARP entry for allowed-address-pair-fixed-ip in DVR router
Public bug reported:
When we set a fixed IP as allowed-address-pair IP, Neutron will notify
l3-agent to add permanent ARP entry for this IP in DVR router namespace.
But if we set the same IP to multiple ports as allowed-address-pair IP,
ARP entry with same IP but different MAC will be added multiple times.In
the end, the ARP entry will always lead us to last port that set the
fixed IP as allowed-address-pair.This makes VRRP application goes wrong.
This was noticed when deploying Octavia on Active/Standby mode.
How to reproduce:
1.Launch 2 VMs,vm-1 and vm-2, which connected to a DVR router.
2.Create an allowed-address-pair port
Neutron port-create --name demo-port demo-net
3.Set allowed-address-pair for vm-1 and vm-2, use fixed IP of demo-port
neutron port-update --allowed-address-pair ip_address=10.0.0.29 3c8fac1c-4b1b-4258-8b18-8d74eebb48e4
neutron port-update --allowed-address-pair ip_address=10.0.0.29 a8b36d75-89ff-41d6-b891-fb65b7be88b4
4.Check ARP table of the DVR router.The ARP entry will always lead to 10.0.0.21(vm-1).
[root@R1Network1 ~]# ip netns exec qrouter-4832ea04-cfa1-4c43-9ca9-e916b5fd1c28 arp -n
Address HWtype HWaddress Flags Mask Iface
10.0.0.2 ether fa:16:3e:78:91:99 CM qr-2451ce9e-fa
10.0.0.21 ether fa:16:3e:a7:7d:7a CM qr-2451ce9e-fa *
10.0.0.29 ether fa:16:3e:a7:7d:7a CM qr-2451ce9e-fa *
10.0.0.20 ether fa:16:3e:16:da:45 CM qr-2451ce9e-fa *
10.0.0.3 ether fa:16:3e:bc:92:e9 CM qr-2451ce9e-fa
** Affects: neutron
Importance: Undecided
Assignee: Heqing (tsinghe-7)
Status: New
** Tags: allowed-address-pair dvr
** Changed in: neutron
Assignee: (unassigned) => Heqing (tsinghe-7)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1608400
Title:
Neutron should not add ARP entry for allowed-address-pair-fixed-ip in
DVR router
Status in neutron:
New
Bug description:
When we set a fixed IP as allowed-address-pair IP, Neutron will notify
l3-agent to add permanent ARP entry for this IP in DVR router
namespace. But if we set the same IP to multiple ports as allowed-
address-pair IP, ARP entry with same IP but different MAC will be
added multiple times.In the end, the ARP entry will always lead us to
last port that set the fixed IP as allowed-address-pair.This makes
VRRP application goes wrong.
This was noticed when deploying Octavia on Active/Standby mode.
How to reproduce:
1.Launch 2 VMs,vm-1 and vm-2, which connected to a DVR router.
2.Create an allowed-address-pair port
Neutron port-create --name demo-port demo-net
3.Set allowed-address-pair for vm-1 and vm-2, use fixed IP of demo-port
neutron port-update --allowed-address-pair ip_address=10.0.0.29 3c8fac1c-4b1b-4258-8b18-8d74eebb48e4
neutron port-update --allowed-address-pair ip_address=10.0.0.29 a8b36d75-89ff-41d6-b891-fb65b7be88b4
4.Check ARP table of the DVR router.The ARP entry will always lead to 10.0.0.21(vm-1).
[root@R1Network1 ~]# ip netns exec qrouter-4832ea04-cfa1-4c43-9ca9-e916b5fd1c28 arp -n
Address HWtype HWaddress Flags Mask Iface
10.0.0.2 ether fa:16:3e:78:91:99 CM qr-2451ce9e-fa
10.0.0.21 ether fa:16:3e:a7:7d:7a CM qr-2451ce9e-fa *
10.0.0.29 ether fa:16:3e:a7:7d:7a CM qr-2451ce9e-fa *
10.0.0.20 ether fa:16:3e:16:da:45 CM qr-2451ce9e-fa *
10.0.0.3 ether fa:16:3e:bc:92:e9 CM qr-2451ce9e-fa
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1608400/+subscriptions
Follow ups
