yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1807157] [NEW] Metering doesn't work for DVR routers on compute nodes

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alexandru Sorodoc <1807157@xxxxxxxxxxxxxxxxxx>
Date: Thu, 06 Dec 2018 14:14:17 -0000
Reply-to: Bug 1807157 <1807157@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

The metering agent running on compute nodes fails to report metering
data for DVR routers.

How to reproduce:
1. Have a multi-node OpenStack Pike deployment with a network node and a compute node (alongside other nodes needed).
2. Create a distributed public router and attach it to a private network.
3. Create some metering rules. In my case I have a metering label with the ingress rule 0.0.0.0/0 and another metering label with the egress rule 0.0.0.0/0.
3. Create an instance attached to the private network. You can optionally associate a floating ip with it.
4. Do something on the instance that would generate external traffic. For example, download a file.
5. Check the metering samples for the metering rules in gnocchi. The traffic generated by the instance is not recorded. You can also ssh into the compute and network nodes and check the iptables rules with the argument -v on the qrouter- and snat- namespaces for the public router. You can see the traffic on the snat- namespace on the network node when not using a floating ip and on the qrouter- namespace on the compute node when using a floating ip. However, the metering labels are missing.

Checking the code in
`neutron/services/metering/drivers/iptables/iptables_driver.py` I
noticed the following:

1. The metering agent adds the metering iptables rules on the qrouter- namespace for the qg- interface. This is for centralized routers and works well.
2. The metering agent adds the metering iptables rules on the snat- namespace for the rpf- interface. This is wrong. The snat- namespace (which exists only on network nodes for DVR routers) houses a qg- interface for doing NAT. The rfp- interface exists only on compute nodes in the qrouter- namespace and it is used to route floating ip traffic.
3. The metering agent adds the metering rules only once for the qrouter- namespace. It uses the RouterWithMetering.metering_labels dictionary to avoid adding the same metering label twice in iptables. But it uses the dictionary for both the qrouter- and the snat- namespaces. When a label is added to the qrouter- namespace it will not be added to the snat- namespace too because it will already be present in the dictionary.

Also, in `neutron/db/metering/metering_rpc.py` the
`get_sync_data_metering` function doesn't include DVR routers for
compute node hosts. The l3_plugin.get_l3_agents function in Pike seems
to only return the scheduled routers on the host (which doesn't include
DVR routers).

The metering agent code has not changed significantly since stable/pike,
so I assume that the problem still persists.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: metering

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1807157

Title:
  Metering doesn't work for DVR routers on compute nodes

Status in neutron:
  New

Bug description:
  The metering agent running on compute nodes fails to report metering
  data for DVR routers.

  How to reproduce:
  1. Have a multi-node OpenStack Pike deployment with a network node and a compute node (alongside other nodes needed).
  2. Create a distributed public router and attach it to a private network.
  3. Create some metering rules. In my case I have a metering label with the ingress rule 0.0.0.0/0 and another metering label with the egress rule 0.0.0.0/0.
  3. Create an instance attached to the private network. You can optionally associate a floating ip with it.
  4. Do something on the instance that would generate external traffic. For example, download a file.
  5. Check the metering samples for the metering rules in gnocchi. The traffic generated by the instance is not recorded. You can also ssh into the compute and network nodes and check the iptables rules with the argument -v on the qrouter- and snat- namespaces for the public router. You can see the traffic on the snat- namespace on the network node when not using a floating ip and on the qrouter- namespace on the compute node when using a floating ip. However, the metering labels are missing.

  Checking the code in
  `neutron/services/metering/drivers/iptables/iptables_driver.py` I
  noticed the following:

  1. The metering agent adds the metering iptables rules on the qrouter- namespace for the qg- interface. This is for centralized routers and works well.
  2. The metering agent adds the metering iptables rules on the snat- namespace for the rpf- interface. This is wrong. The snat- namespace (which exists only on network nodes for DVR routers) houses a qg- interface for doing NAT. The rfp- interface exists only on compute nodes in the qrouter- namespace and it is used to route floating ip traffic.
  3. The metering agent adds the metering rules only once for the qrouter- namespace. It uses the RouterWithMetering.metering_labels dictionary to avoid adding the same metering label twice in iptables. But it uses the dictionary for both the qrouter- and the snat- namespaces. When a label is added to the qrouter- namespace it will not be added to the snat- namespace too because it will already be present in the dictionary.

  Also, in `neutron/db/metering/metering_rpc.py` the
  `get_sync_data_metering` function doesn't include DVR routers for
  compute node hosts. The l3_plugin.get_l3_agents function in Pike seems
  to only return the scheduled routers on the host (which doesn't
  include DVR routers).

  The metering agent code has not changed significantly since
  stable/pike, so I assume that the problem still persists.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1807157/+subscriptions