yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #78801
[Bug 1832021] [NEW] Checksum drop of metadata traffic on isolated provider networks
Public bug reported:
When an isolated network using provider networks for tenants (meaning
without virtual routers: DVR or network node), metadata access occurs in
the qdhcp ip netns rather than the qrouter netns.
The following options are set in the dhcp_agent.ini file:
force_metadata = True
enable_isolated_metadata = True
VMs on the provider tenant network are unable to access metadata as
packets are dropped due to checksum.
When we added the following in the qdhcp netns, VMs regained access to
metadata:
iptables -t mangle -A OUTPUT -o ns-+ -p tcp --sport 80 -j CHECKSUM
--checksum-fill
It seems this setting was recently removed from the qrouter netns [0]
but it never existed in the qdhcp to begin with.
[0] https://review.opendev.org/#/c/654645/
Related LP Bug #1831935
See https://bugs.launchpad.net/charm-neutron-openvswitch/+bug/1831935/comments/10
** Affects: neutron
Importance: Undecided
Status: New
** Tags: cpe-onsite
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1832021
Title:
Checksum drop of metadata traffic on isolated provider networks
Status in neutron:
New
Bug description:
When an isolated network using provider networks for tenants (meaning
without virtual routers: DVR or network node), metadata access occurs
in the qdhcp ip netns rather than the qrouter netns.
The following options are set in the dhcp_agent.ini file:
force_metadata = True
enable_isolated_metadata = True
VMs on the provider tenant network are unable to access metadata as
packets are dropped due to checksum.
When we added the following in the qdhcp netns, VMs regained access to
metadata:
iptables -t mangle -A OUTPUT -o ns-+ -p tcp --sport 80 -j CHECKSUM
--checksum-fill
It seems this setting was recently removed from the qrouter netns [0]
but it never existed in the qdhcp to begin with.
[0] https://review.opendev.org/#/c/654645/
Related LP Bug #1831935
See https://bugs.launchpad.net/charm-neutron-openvswitch/+bug/1831935/comments/10
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1832021/+subscriptions
Follow ups
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: Corey Bryant, 2021-07-08
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: Corey Bryant, 2021-06-17
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: Launchpad Bug Tracker, 2021-06-16
-
[Bug 1832021] Please test proposed package
From: Corey Bryant, 2021-06-03
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: Mathew Hodson, 2021-05-02
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: Mathew Hodson, 2021-05-02
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: Mathew Hodson, 2021-05-02
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: Edward Hope-Morley, 2021-03-11
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: Erlon R. Cruz, 2021-03-01
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: OpenStack Infra, 2020-06-20
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated networks with DPDK
From: David Ames, 2019-08-12
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated provider networks
From: James Page, 2019-06-13
-
[Bug 1832021] Re: Checksum drop of metadata traffic on isolated provider networks
From: David Ames, 2019-06-10