yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #69854
[Bug 1733852] Re: Incorrect ARP entries in new DVR routers for Octavia VRRP addresses
Reviewed: https://review.openstack.org/524037
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=af73882a9db994b06d8df18d4d5abc05c7aecd32
Submitter: Zuul
Branch: master
commit af73882a9db994b06d8df18d4d5abc05c7aecd32
Author: Daniel Russell <danielr@xxxxxxxxxxxxxxxx>
Date: Wed Nov 29 15:27:06 2017 +1100
Prevent LBaaS VRRP ports from populating DVR router ARP table
Prevents the MAC address of the VIP address of an LBaaS or
LBaaSv2 instance from populating in the DVR router ARP table
Change-Id: If49aaa48a5e95ccd0a236db984d3984a6e44c87c
Closes-Bug: 1733852
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1733852
Title:
Incorrect ARP entries in new DVR routers for Octavia VRRP addresses
Status in neutron:
Fix Released
Bug description:
Hi,
I am running Ocata Neutron with OVS DVR, l2_population is on, and
Ocata Octavia is also installed. Under a certain circumstance, I am
getting incorrect ARP entries in the routers for the VRRP address of
the loadbalancers created.
Here is the ARP table for a router that preexisted a Load Balancer creation :
[root@<shnip> ~]# ip netns exec qrouter-6b5fe9df-eab2-4147-b95f-419d0c620344 ip neigh
10.2.2.11 dev qr-458b6819-4f lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.1 dev qr-458b6819-4f lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.2 dev qr-458b6819-4f lladdr fa:16:3e:70:0e:8c PERMANENT
[root@<shnip> ~]#
After creating a loadbalancer, ports are created for the load balancer instance in the project network and the vrrp address (but as far as I understand, the vrrp port is just there to reserve the IP):
[root@<shnip> /]# openstack port show 9bb862a7-fdb5-487e-94f5-4fac8b55d5d2
+-----------------------+-------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | ip_address='10.2.2.8', mac_address='fa:16:3e:78:82:cb' |
| binding_host_id | <shnip> |
| binding_profile | |
| binding_vif_details | ovs_hybrid_plug='True', port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2017-11-22T10:35:11Z |
| description | |
| device_id | 3355a8e7-95fe-4f15-8233-3ffcbb935d5c |
| device_owner | compute:None |
| dns_assignment | fqdn='amphora-8cc77a78-359e-4829-968b-2d026869d845.cloud.<shnip>.', hostname |
| | ='amphora-8cc77a78-359e-4829-968b-2d026869d845', ip_address='10.2.2.5' |
| dns_name | amphora-8cc77a78-359e-4829-968b-2d026869d845 |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.2.2.5', subnet_id='0c8633c6-96a1-4c0e-a73f-212eddfd6172' |
| id | 9bb862a7-fdb5-487e-94f5-4fac8b55d5d2 |
| ip_address | None |
| mac_address | fa:16:3e:78:82:cb |
| name | octavia-lb-vrrp-8cc77a78-359e-4829-968b-2d026869d845 |
| network_id | 8d365ce2-d909-410d-991c-7f503a65d67b |
| option_name | None |
| option_value | None |
| port_security_enabled | False |
| project_id | 905d2c54fe08456abee3c44feb1d8e05 |
| qos_policy_id | None |
| revision_number | 18 |
| security_groups | 355790da-7eec-4685-b92e-7a6e2cd1ba1e |
| status | ACTIVE |
| subnet_id | None |
| updated_at | 2017-11-22T12:04:36Z |
+-----------------------+-------------------------------------------------------------------------------------------+
[root@<shnip> /]# openstack port show 85848204-7127-4080-bdde-dccef083f330
+-----------------------+-------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------------+
| admin_state_up | DOWN |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2017-11-22T10:35:04Z |
| description | None |
| device_id | 0f0f57b3-d0a7-45d3-bddb-e5353c9d9134 |
| device_owner | neutron:LOADBALANCERV2 |
| dns_assignment | fqdn='host-10-2-2-8.cloud.<shnip>.', hostname='host-10-2-2-8', |
| | ip_address='10.2.2.8' |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.2.2.8', subnet_id='0c8633c6-96a1-4c0e-a73f-212eddfd6172' |
| id | 85848204-7127-4080-bdde-dccef083f330 |
| ip_address | None |
| mac_address | fa:16:3e:d0:3c:aa |
| name | loadbalancer-0f0f57b3-d0a7-45d3-bddb-e5353c9d9134 |
| network_id | 8d365ce2-d909-410d-991c-7f503a65d67b |
| option_name | None |
| option_value | None |
| port_security_enabled | False |
| project_id | c053ae2460e741008fa0ea908ae7da8c |
| qos_policy_id | None |
| revision_number | 6 |
| security_groups | 355790da-7eec-4685-b92e-7a6e2cd1ba1e |
| status | DOWN |
| subnet_id | None |
| updated_at | 2017-11-22T10:35:10Z |
+-----------------------+-------------------------------------------------------------------------------------------+
[root@<shnip> /]#
The router ARP table is updated as I would expect :
[root@<shnip> ~]# ip netns exec qrouter-6b5fe9df-eab2-4147-b95f-419d0c620344 ip neigh
10.2.2.11 dev qr-458b6819-4f lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.1 dev qr-458b6819-4f lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.2 dev qr-458b6819-4f lladdr fa:16:3e:70:0e:8c PERMANENT
10.2.2.8 dev qr-458b6819-4f lladdr fa:16:3e:78:82:cb PERMANENT
10.2.2.5 dev qr-458b6819-4f lladdr fa:16:3e:78:82:cb PERMANENT
[root@<shnip> ~]#
However, if I create a new router and attach an interface to the project subnet, the ARP table is populated with the MAC address of the vrrp port that was created. This prevents traffic from flowing as the MAC should either be absent (so it can ARP itself) or the MAC for the active port.
[root@<shnip> ~]# ip netns exec qrouter-a5158caa-893c-4e6e-babf-141125f1e476 ip neigh
10.2.2.2 dev qr-f8e750c0-31 lladdr fa:16:3e:70:0e:8c PERMANENT
10.2.2.1 dev qr-f8e750c0-31 lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.11 dev qr-f8e750c0-31 lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.5 dev qr-f8e750c0-31 lladdr fa:16:3e:78:82:cb PERMANENT
10.2.2.8 dev qr-f8e750c0-31 lladdr fa:16:3e:d0:3c:aa PERMANENT
[root@<shnip> ~]#
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1733852/+subscriptions
References
