yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1607699] Re: floating ip mangle iptables rules incorrect format

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1607699@xxxxxxxxxxxxxxxxxx>
Date: Wed, 03 Aug 2016 02:53:29 -0000
Reply-to: Bug 1607699 <1607699@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/348805
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=244ef910d5dc03a8d53d969ad0b62bb973c10f3b
Submitter: Jenkins
Branch:    master

commit 244ef910d5dc03a8d53d969ad0b62bb973c10f3b
Author: Kevin Benton <kevin@xxxxxxxxxx>
Date:   Wed Jul 27 17:39:57 2016 -0700

    Set prefix on floating_ip_mangle rules
    
    Set the /32 prefix that iptables will automatically do internally
    so our format matches the iptables-save format and we don't
    unnecessarily re-apply rules.
    
    Testing for this is provided by enabling the IPTables convergence
    check in I6bee1d51155488e91857ee8bc45470d6a224fa37
    
    Closes-Bug: #1607699
    Change-Id: I0088636d2f8409f0f6f17b3ed2288f6edfac1e68


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1607699

Title:
  floating ip mangle iptables rules incorrect format

Status in neutron:
  Fix Released

Bug description:
  the floating IP iptables mangle rules are generated without a prefix
  on the source address. IPtables converts this into a /32 so every time
  the _apply function is called the iptables_manager thinks it has to
  delete a rule (the one with the prefix) and add a rule (the one
  without the prefix). This is unnecessary performance overhead in the
  L3 agent.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1607699/+subscriptions

References

[Bug 1607699] [NEW] floating ip mangle iptables rules incorrect format
From: Kevin Benton, 2016-07-29