yahoo-eng-team team mailing list archive

[OpenStack Infra <1751396@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/547696
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d019790fe436b72cb05b8d0ff1f3a62ebd9e9bee
Submitter: Zuul
Branch:    master

commit d019790fe436b72cb05b8d0ff1f3a62ebd9e9bee
Author: Swaminathan Vasudevan <SVasudevan@xxxxxxxx>
Date:   Fri Feb 23 16:22:33 2018 -0800

    DVR: Inter Tenant Traffic between networks not possible with shared net
    
    Inter Tenant Traffic between two different networks that belong
    to two different Tenants is not possible when connected through
    a shared network that are internally connected through DVR
    routers.
    
    This issue can be seen in multinode environment where there
    is network isolation.
    
    The issue is, we have two different IP for the ports that are
    connecting the two routers and DVR does not expose the router
    interfaces outside a compute and is blocked by ovs tunnel bridge
    rules.
    
    This patch fixes the issue by not applying the DVR specific
    rules in the tunnel-bridge to the shared network ports that
    are connecting the routers.
    
    Closes-Bug: #1751396
    Change-Id: I0717f29209f1354605d2f4128949ddbaefd99629


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1751396

Title:
  DVR: Inter Tenant Traffic between two networks and connected through a
  shared network not reachable with DVR routers

Status in neutron:
  Fix Released

Bug description:
  Inter Tenant Traffic between Two Tenants on two different private
  networks connected through a common shared network (created by Admin)
  is not route able through DVR routers

  Steps to reproduce it:

  (NOTE: No external, just shared network)
  This is only reproducable in Multinode scenario. ( 1 Controller - 2 compute ).
  Make sure that the two VMs are isolated in two different computes.

  openstack network create --share shared_net

  openstack subnet create shared_net_sn --network shared_net --subnet-
  range 172.168.10.0/24

  
  openstack network create net_A
  openstack subnet create net_A_sn --network net_A --subnet-range 10.1.0.0/24

  
  openstack network create net_B
  openstack subnet create net_B_sn --network net_B --subnet-range 10.2.0.0/24

  
  openstack router create router_A

  openstack port create --network=shared_net --fixed-ip subnet=shared_net_sn,ip-address=172.168.10.20 port_router_A_shared_net
  openstack router add port router_A port_router_A_shared_net
  openstack router add subnet router_A net_A_sn

  openstack router create router_B
  openstack port create --network=shared_net --fixed-ip subnet=shared_net_sn,ip-address=172.168.10.30 port_router_B_shared_net
  openstack router add port router_B port_router_B_shared_net
  openstack router add subnet router_B net_B_sn

  openstack server create server_A --flavor m1.tiny --image cirros --nic net-id=net_A
  openstack server create server_B --flavor m1.tiny --image cirros --nic net-id=net_B
    
  Add static routes to the router.
  openstack router set router_A --route destination=10.1.0.0/24,gateway=172.168.10.20
  openstack router set router_B --route destination=10.2.0.0/24,gateway=172.168.10.30
  ```

  Ping from one instance to the other times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1751396/+subscriptions