yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1696684] [NEW] When the router of admin_state_up becomes false, the IPSec process is not terminated

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Li Xiao <1696684@xxxxxxxxxxxxxxxxxx>
Date: Thu, 08 Jun 2017 08:46:45 -0000
Reply-to: Bug 1696684 <1696684@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

Router1---router2 establishes the IPSec connection, and after the IPSec
connection is established, you can see two IPSec processes

ps -ef |grep ipsec
root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets --virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

Operate on router1:
Neutron router-update router1 --admin-state-up False
The admin-state-up of router has changed to False, but the corresponding IPSec process has not been terminated
Then, operate on the router1
Neutron router-update router1 --admin-state-up True
The admin-state-up of router changes to True and starts the new IPSec process

ps -ef |grep ipsec
root     13796     1  0 16:43 ?        00:00:00 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets --virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

** Affects: neutron
     Importance: Undecided
     Assignee: Li Xiao (leeshow)
         Status: In Progress

** Changed in: neutron
     Assignee: (unassigned) => Li Xiao (leeshow)

** Changed in: neutron
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1696684

Title:
  When the router of admin_state_up becomes false, the IPSec process is
  not terminated

Status in neutron:
  In Progress

Bug description:
  Router1---router2 establishes the IPSec connection, and after the
  IPSec connection is established, you can see two IPSec processes

  ps -ef |grep ipsec
  root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets --virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

  Operate on router1:
  Neutron router-update router1 --admin-state-up False
  The admin-state-up of router has changed to False, but the corresponding IPSec process has not been terminated
  Then, operate on the router1
  Neutron router-update router1 --admin-state-up True
  The admin-state-up of router changes to True and starts the new IPSec process

  ps -ef |grep ipsec
  root     13796     1  0 16:43 ?        00:00:00 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets --virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1696684/+subscriptions
Follow ups

[Bug 1696684] Re: When the router of admin_state_up becomes false, the IPSec process is not terminated
From: OpenStack Infra, 2017-06-26