yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #67539
[Bug 1716913] [NEW] bandwidth metering - Creating meter label rule doesn't match the metering concept.
Public bug reported:
In the following bug report, "remote_ip_prefix" is considered to be "source address/cidr" for ingress traffic, but this is not suitable for metering concepts.
https://bugs.launchpad.net/neutron/+bug/1528137
┌────┐ ┌────┐ ┌────┐
│external│──────────│router02│───────│ VMs │
└────┘ 100.100.20.0/24 └────┘ 10.0.1.0/24 └────┘
│
│ ┌────┐
└─────────│ VMs │
20.0.1.0/24 └────┘
In case of ingress traffic(inbound), source should be 0.0.0.0/0 and destination should be address/cidr of VMs .
That way, it is possible to meter bandwidth per address/cidr of VMs.
This is my test case.
1. Create Label
# neutron meter-label-create --tenant-id $TEANAT_ID --description "leegy" meter_ingress
Created a new metering_label:
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | leegy |
| id | b1c41f6f-3504-441d-aaa6-d655ca76bc08 |
| name | meter_ingress |
| project_id | e8c282b3d5e94776a655314e7ab86985 |
| shared | False |
| tenant_id | e8c282b3d5e94776a655314e7ab86985 |
+-------------+--------------------------------------+
2. Create rule
ingress rule(traffic from qg- interface to gr- interface), remote_ip_prefix is network cidr of VMs.
# neutron meter-label-rule-create --tenant-id $TENANT_ID --direction ingress $LABEL_ID 10.0.1.0/24
Created a new metering_label_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| excluded | False |
| id | f9829983-fe3b-4848-8983-e3667dfe64df |
| metering_label_id | b1c41f6f-3504-441d-aaa6-d655ca76bc08 |
| remote_ip_prefix | 10.0.1.0/24 |
+-------------------+--------------------------------------+
3. Check iptables rules
I want to meter bandwidth from external to VMs.
[expected rules]
Chain neutron-meter-r-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
0 0 neutron-meter-l-b1c41f6f-350 all -- qg-3f62cc89-83 * 0.0.0.0/0 10.0.1.0/24
[but result is...]
Chain neutron-meter-r-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
0 0 neutron-meter-l-b1c41f6f-350 all -- qg-3f62cc89-83 * 10.0.1.0/24 0.0.0.0/0
4. Modify neutron source
neutron/services/metering/drivers/iptables/iptables_driver.py
def _prepare_rule(self, ext_dev, rule, label_chain):
remote_ip = rule['remote_ip_prefix']
if rule['direction'] == 'egress':
#dir_opt = '-d %s -o %s' % (remote_ip, ext_dev)
dir_opt = '-s %s -o %s' % (remote_ip, ext_dev)
else:
#dir_opt = '-s %s -i %s' % (remote_ip, ext_dev)
dir_opt = '-d %s -i %s' % (remote_ip, ext_dev)
if rule['excluded']:
ipt_rule = '%s -j RETURN' % dir_opt
else:
ipt_rule = '%s -j %s' % (dir_opt, label_chain)
return ipt_rule
5. Check iptables rules
possble to meter the bandwidth from external to VMs.
Chain neutron-meter-r-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
0 0 neutron-meter-l-b1c41f6f-350 all -- qg-3f62cc89-83 * 0.0.0.0/0 10.0.1.0/24
6. ping test
ping from qdhcp-namespace of VM network to another router gateway ip
# neutron net-list
+--------------------------------------+-----------+----------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+----------------------------------------+
| 19bd6565-07a1-4df3-9999-420cb5d01e0a | network02 | c00c950e-e4ac-4d79-915c-535114a4e401 |
| | | 10.0.1.0/24 |
| dca679c6-e294-49ef-addd-30fd6d6d0c53 | public2 | 47458829-cc7b-498d-8dd6-2a97c797cc61 |
| | | 100.100.20.0/24 |
+--------------------------------------+-----------+----------------------------------------+
# neutron router-list
+----------------------------+------------+----------------------------+-------------+-------+
| id | name | external_gateway_info | distributed | ha |
+----------------------------+------------+----------------------------+-------------+-------+
| 03c2fe17-175b-46b1-92fd- | meter_test | {"network_id": | False | False |
| 02260c703b64 | | "dca679c6-e294-49ef-addd- | | |
| | | 30fd6d6d0c53", | | |
| | | "enable_snat": false, | | |
| | | "external_fixed_ips": | | |
| | | [{"subnet_id": "47458829 | | |
| | | -cc7b-498d- | | |
| | | 8dd6-2a97c797cc61", | | |
| | | "ip_address": | | |
| | | "100.100.20.14"}]} | | |
| 1a30bf59-2281-457e-842c- | router02 | {"network_id": | False | False |
| 248cf026978d | | "dca679c6-e294-49ef-addd- | | |
| | | 30fd6d6d0c53", | | |
| | | "enable_snat": true, | | |
| | | "external_fixed_ips": | | |
| | | [{"subnet_id": "47458829 | | |
| | | -cc7b-498d- | | |
| | | 8dd6-2a97c797cc61", | | |
| | | "ip_address": | | |
| | | "100.100.20.11"}]} | | |
+----------------------------+------------+----------------------------+-------------+-------+
# ip netns exec qdhcp-19bd6565-07a1-4df3-9999-420cb5d01e0a ping 100.100.20.14
PING 100.100.20.14 (100.100.20.14) 56(84) bytes of data.
64 bytes from 100.100.20.14: icmp_seq=1 ttl=63 time=1.22 ms
64 bytes from 100.100.20.14: icmp_seq=2 ttl=63 time=0.086 ms
64 bytes from 100.100.20.14: icmp_seq=3 ttl=63 time=0.097 ms
64 bytes from 100.100.20.14: icmp_seq=4 ttl=63 time=0.101 ms
64 bytes from 100.100.20.14: icmp_seq=5 ttl=63 time=0.097 ms
^C
--- 100.100.20.14 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.086/0.321/1.224/0.451 ms
7. Check iptables rules
ping response is captured (5 pkts)
# ip netns exec qrouter-1a30bf59-2281-457e-842c-248cf026978d iptables -L
-n -v
Chain neutron-meter-l-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
5 420 all -- * * 0.0.0.0/0 0.0.0.0/0
Chain neutron-meter-r-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
5 420 neutron-meter-l-b1c41f6f-350 all -- qg-3f62cc89-83 * 0.0.0.0/0 10.0.1.0/24
+
OpenStack version : newton
platform : ubuntu + openstack, it is occured on redhat osp and packstack.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1716913
Title:
bandwidth metering - Creating meter label rule doesn't match the
metering concept.
Status in neutron:
New
Bug description:
In the following bug report, "remote_ip_prefix" is considered to be "source address/cidr" for ingress traffic, but this is not suitable for metering concepts.
https://bugs.launchpad.net/neutron/+bug/1528137
┌────┐ ┌────┐ ┌────┐
│external│──────────│router02│───────│ VMs │
└────┘ 100.100.20.0/24 └────┘ 10.0.1.0/24 └────┘
│
│ ┌────┐
└─────────│ VMs │
20.0.1.0/24 └────┘
In case of ingress traffic(inbound), source should be 0.0.0.0/0 and destination should be address/cidr of VMs .
That way, it is possible to meter bandwidth per address/cidr of VMs.
This is my test case.
1. Create Label
# neutron meter-label-create --tenant-id $TEANAT_ID --description "leegy" meter_ingress
Created a new metering_label:
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | leegy |
| id | b1c41f6f-3504-441d-aaa6-d655ca76bc08 |
| name | meter_ingress |
| project_id | e8c282b3d5e94776a655314e7ab86985 |
| shared | False |
| tenant_id | e8c282b3d5e94776a655314e7ab86985 |
+-------------+--------------------------------------+
2. Create rule
ingress rule(traffic from qg- interface to gr- interface), remote_ip_prefix is network cidr of VMs.
# neutron meter-label-rule-create --tenant-id $TENANT_ID --direction ingress $LABEL_ID 10.0.1.0/24
Created a new metering_label_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| excluded | False |
| id | f9829983-fe3b-4848-8983-e3667dfe64df |
| metering_label_id | b1c41f6f-3504-441d-aaa6-d655ca76bc08 |
| remote_ip_prefix | 10.0.1.0/24 |
+-------------------+--------------------------------------+
3. Check iptables rules
I want to meter bandwidth from external to VMs.
[expected rules]
Chain neutron-meter-r-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
0 0 neutron-meter-l-b1c41f6f-350 all -- qg-3f62cc89-83 * 0.0.0.0/0 10.0.1.0/24
[but result is...]
Chain neutron-meter-r-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
0 0 neutron-meter-l-b1c41f6f-350 all -- qg-3f62cc89-83 * 10.0.1.0/24 0.0.0.0/0
4. Modify neutron source
neutron/services/metering/drivers/iptables/iptables_driver.py
def _prepare_rule(self, ext_dev, rule, label_chain):
remote_ip = rule['remote_ip_prefix']
if rule['direction'] == 'egress':
#dir_opt = '-d %s -o %s' % (remote_ip, ext_dev)
dir_opt = '-s %s -o %s' % (remote_ip, ext_dev)
else:
#dir_opt = '-s %s -i %s' % (remote_ip, ext_dev)
dir_opt = '-d %s -i %s' % (remote_ip, ext_dev)
if rule['excluded']:
ipt_rule = '%s -j RETURN' % dir_opt
else:
ipt_rule = '%s -j %s' % (dir_opt, label_chain)
return ipt_rule
5. Check iptables rules
possble to meter the bandwidth from external to VMs.
Chain neutron-meter-r-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
0 0 neutron-meter-l-b1c41f6f-350 all -- qg-3f62cc89-83 * 0.0.0.0/0 10.0.1.0/24
6. ping test
ping from qdhcp-namespace of VM network to another router gateway ip
# neutron net-list
+--------------------------------------+-----------+----------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+----------------------------------------+
| 19bd6565-07a1-4df3-9999-420cb5d01e0a | network02 | c00c950e-e4ac-4d79-915c-535114a4e401 |
| | | 10.0.1.0/24 |
| dca679c6-e294-49ef-addd-30fd6d6d0c53 | public2 | 47458829-cc7b-498d-8dd6-2a97c797cc61 |
| | | 100.100.20.0/24 |
+--------------------------------------+-----------+----------------------------------------+
# neutron router-list
+----------------------------+------------+----------------------------+-------------+-------+
| id | name | external_gateway_info | distributed | ha |
+----------------------------+------------+----------------------------+-------------+-------+
| 03c2fe17-175b-46b1-92fd- | meter_test | {"network_id": | False | False |
| 02260c703b64 | | "dca679c6-e294-49ef-addd- | | |
| | | 30fd6d6d0c53", | | |
| | | "enable_snat": false, | | |
| | | "external_fixed_ips": | | |
| | | [{"subnet_id": "47458829 | | |
| | | -cc7b-498d- | | |
| | | 8dd6-2a97c797cc61", | | |
| | | "ip_address": | | |
| | | "100.100.20.14"}]} | | |
| 1a30bf59-2281-457e-842c- | router02 | {"network_id": | False | False |
| 248cf026978d | | "dca679c6-e294-49ef-addd- | | |
| | | 30fd6d6d0c53", | | |
| | | "enable_snat": true, | | |
| | | "external_fixed_ips": | | |
| | | [{"subnet_id": "47458829 | | |
| | | -cc7b-498d- | | |
| | | 8dd6-2a97c797cc61", | | |
| | | "ip_address": | | |
| | | "100.100.20.11"}]} | | |
+----------------------------+------------+----------------------------+-------------+-------+
# ip netns exec qdhcp-19bd6565-07a1-4df3-9999-420cb5d01e0a ping 100.100.20.14
PING 100.100.20.14 (100.100.20.14) 56(84) bytes of data.
64 bytes from 100.100.20.14: icmp_seq=1 ttl=63 time=1.22 ms
64 bytes from 100.100.20.14: icmp_seq=2 ttl=63 time=0.086 ms
64 bytes from 100.100.20.14: icmp_seq=3 ttl=63 time=0.097 ms
64 bytes from 100.100.20.14: icmp_seq=4 ttl=63 time=0.101 ms
64 bytes from 100.100.20.14: icmp_seq=5 ttl=63 time=0.097 ms
^C
--- 100.100.20.14 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.086/0.321/1.224/0.451 ms
7. Check iptables rules
ping response is captured (5 pkts)
# ip netns exec qrouter-1a30bf59-2281-457e-842c-248cf026978d iptables
-L -n -v
Chain neutron-meter-l-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
5 420 all -- * * 0.0.0.0/0 0.0.0.0/0
Chain neutron-meter-r-b1c41f6f-350 (1 references)
pkts bytes target prot opt in out source destination
5 420 neutron-meter-l-b1c41f6f-350 all -- qg-3f62cc89-83 * 0.0.0.0/0 10.0.1.0/24
+
OpenStack version : newton
platform : ubuntu + openstack, it is occured on redhat osp and packstack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1716913/+subscriptions
Follow ups
