yahoo-eng-team team mailing list archive

[George Shuklin <1672433@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Normally dhcp agents should not provide routable services. There is one
exception: monitoring. Checking dhcp agents availability by sending PING
requests is very easy and sits well with existing monitoring frameworks.
Outside of checking of availability of DHCP agent itself that check
allows to test network connectivity between DHCP-agent and network
equipment.

There is a specific scenario for DHCP agent when that check gives false
reports.

Scenario:
1. Boot instance with a give IP, assure that instance is UP (replies to pings).
2. Delete instance.
3. Add dhcp agent to net network where IP (from step1) is allocated in such a way that it would take that IP (from step1).

Expected behavior: DHCP agent should answer pings.
Actual behavior: DHCP agent does not reply to pings for up to 4 hours, that spontaneously replies.

Reason: Instance (from step1) updated ARP table on the router. When
instance was removed and DHCP agent start listen on that IP, it didn't
send gracious (probe) ARP. Normal workflow for DHCP does not require it
to send any traffic through router, therefore there is no reason for
router to update entry in ARP table. As long as router keep old
(invalid) entry pointing to old instance (from step1), DHCP couldn't
reply to the pings because every incoming request is coming with wrong
MAC destination address.

Proposal: dhcp agent should either:

1. Send some kind of network packet to network gateway (f.e. ping request).
2. Set arp_notify for network interface is uses (f.e. 
net.ipv4.conf.tap22dad33f-d7.arp_notify=1), and configure network address _BEFORE_ bringing interface up. If address is configured after interface was brought up, it wouldn't send gracious ARP.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1672433

Title:
  dhcp-agent should send a grace ARP after assigning IP address in dhcp
  namespace

Status in neutron:
  New

Bug description:
  Normally dhcp agents should not provide routable services. There is
  one exception: monitoring. Checking dhcp agents availability by
  sending PING requests is very easy and sits well with existing
  monitoring frameworks. Outside of checking of availability of DHCP
  agent itself that check allows to test network connectivity between
  DHCP-agent and network equipment.

  There is a specific scenario for DHCP agent when that check gives
  false reports.

  Scenario:
  1. Boot instance with a give IP, assure that instance is UP (replies to pings).
  2. Delete instance.
  3. Add dhcp agent to net network where IP (from step1) is allocated in such a way that it would take that IP (from step1).

  Expected behavior: DHCP agent should answer pings.
  Actual behavior: DHCP agent does not reply to pings for up to 4 hours, that spontaneously replies.

  Reason: Instance (from step1) updated ARP table on the router. When
  instance was removed and DHCP agent start listen on that IP, it didn't
  send gracious (probe) ARP. Normal workflow for DHCP does not require
  it to send any traffic through router, therefore there is no reason
  for router to update entry in ARP table. As long as router keep old
  (invalid) entry pointing to old instance (from step1), DHCP couldn't
  reply to the pings because every incoming request is coming with wrong
  MAC destination address.

  Proposal: dhcp agent should either:

  1. Send some kind of network packet to network gateway (f.e. ping request).
  2. Set arp_notify for network interface is uses (f.e. 
  net.ipv4.conf.tap22dad33f-d7.arp_notify=1), and configure network address _BEFORE_ bringing interface up. If address is configured after interface was brought up, it wouldn't send gracious ARP.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1672433/+subscriptions