yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1759971] Re: [dvr][fast-exit] a route to a tenant network does not get created in fip namespace if an external network is attached after a tenant network have been attached (race condition)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1759971@xxxxxxxxxxxxxxxxxx>
Date: Fri, 06 Apr 2018 22:35:07 -0000
Reply-to: Bug 1759971 <1759971@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/558137
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ff5e8d7d6cdc6ce3cd93aededec512e1855f6c28
Submitter: Zuul
Branch:    master

commit ff5e8d7d6cdc6ce3cd93aededec512e1855f6c28
Author: Dmitrii Shcherbakov <dmitrii.shcherbakov@xxxxxxxxxxxxx>
Date:   Sun Apr 1 21:02:10 2018 -0400

    Refresh router objects after port binding
    
    Post-binding information about router ports is missing in results of RPC
    calls made by l3 agents. sync_routers code ensures that bindings are
    present, however, it does not refresh router objects before returning
    them - for RPC clients ports remain unbound before the next sync and
    there is no necessary address scope information present to create routes
    from fip namespaces to qrouter namespaces.
    
    Change-Id: Ia135f0ed7ca99887d5208fa78fe4df1ff6412c26
    Closes-Bug: #1759971


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1759971

Title:
  [dvr][fast-exit] a route to a tenant network does not get created in
  fip namespace if an external network is attached after a tenant
  network have been attached (race condition)

Status in neutron:
  Fix Released

Bug description:
  Overall, similar scenario to
  https://bugs.launchpad.net/neutron/+bug/1759956 but a different
  problem.

  Relevant agent config options:
  http://paste.openstack.org/show/718418/

  OpenStack Queens from UCA (xenial, GA kernel, deployed via OpenStack
  charms), 2 external subnets (one routed provider network), 1 tenant
  subnet, all subnets in the same address scope to trigger "fast exit"
  logic.

  Tenant subnet cidr: 192.168.100.0/24

  openstack address scope create dev
  openstack subnet pool create --address-scope dev --pool-prefix 10.232.40.0/21 --pool-prefix 10.232.16.0/21 dev
  openstack subnet pool create --address-scope dev --pool-prefix 192.168.100.0/24 tenant
  openstack network create --external --provider-physical-network physnet1 --provider-network-type flat pubnet
  openstack network segment set --name segment1 d8391bfb-4466-4a45-972c-45ffcec9f6bc
  openstack network segment create --physical-network physnet2 --network-type flat --network pubnet segment2
  openstack subnet create --no-dhcp --subnet-pool dev --subnet-range 10.232.16.0/21 --allocation-pool start=10.232.17.0,end=10.232.17.255 --dns-nameserver 10.232.36.101 --ip-version 4 --network pubnet --network-segment segment1 pubsubnetl1
  openstack subnet create --gateway 10.232.40.100 --no-dhcp --subnet-pool dev --subnet-range 10.232.40.0/21 --allocation-pool start=10.232.41.0,end=10.232.41.255 --dns-nameserver 10.232.36.101 --ip-version 4 --network pubnet --network-segment segment2 pubsubnetl2
  openstack network create --internal --provider-network-type vxlan tenantnet
   openstack subnet create --dhcp --ip-version 4 --subnet-range 192.168.100.0/24 --subnet-pool tenant --dns-nameserver 10.232.36.101 --network tenantnet tenantsubnet

  # -------
  # Works in this order when an external network is attached first

  openstack router create --disable --no-ha --distributed pubrouter
  openstack router set --disable-snat --external-gateway pubnet --enable pubrouter

  openstack router add subnet pubrouter tenantsubnet

  2018-03-29 23:30:48.933 2050638 DEBUG neutron.agent.linux.utils [-] Running command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'ne
  tns', 'exec', 'fip-d0f008fc-dc45-4237-9ce0-a9e1977735eb', 'ip', '-4', 'route', 'replace', '192.168.100.0/24', 'via', '169.254.106.114', 'dev', 'fpr-09fd1
  424-7'] create_process /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:92

  # ------
  # Doesn't work the other way around - as a fip namespace does not get created before a tenant network is attached
  openstack router create --disable --no-ha --distributed pubrouter

  openstack router add subnet pubrouter tenantsubnet
  openstack router set --disable-snat --external-gateway pubnet --enable pubrouter

  # to "fix" this we need to re-trigger the right code path

  openstack router remove subnet pubrouter tenantsubnet
  openstack router add subnet pubrouter tenantsubnet

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1759971/+subscriptions

References

[Bug 1759971] [NEW] [dvr][fast-exit] a route to a tenant network does not get created in fip namespace if an external network is attached after a tenant network have been attached
From: Dmitrii Shcherbakov, 2018-03-30