← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1832021] Re: Checksum drop of metadata traffic on isolated provider networks

 

*** This bug is a duplicate of bug 1722584 ***
    https://bugs.launchpad.net/bugs/1722584

Brian,

Thanks for getting back to me. It seems this is a duplicate of LP Bug
#1722584 [0]. And the explanation for my running into it is that we have
not yet pushed your reversion into our Ubuntu packaging.

Marking this bug a duplicate of LP Bug #1722584

[0] https://bugs.launchpad.net/cloud-archive/+bug/1722584

** This bug has been marked a duplicate of bug 1722584
   [SRU] Return traffic from metadata service may get dropped by hypervisor due to wrong checksum

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1832021

Title:
  Checksum drop of metadata traffic on isolated provider networks

Status in neutron:
  New

Bug description:
  When an isolated network using provider networks for tenants (meaning
  without virtual routers: DVR or network node), metadata access occurs
  in the qdhcp ip netns rather than the qrouter netns.

  The following options are set in the dhcp_agent.ini file:
  force_metadata = True
  enable_isolated_metadata = True

  VMs on the provider tenant network are unable to access metadata as
  packets are dropped due to checksum.

  When we added the following in the qdhcp netns, VMs regained access to
  metadata:

   iptables -t mangle -A OUTPUT -o ns-+ -p tcp --sport 80 -j CHECKSUM
  --checksum-fill

  It seems this setting was recently removed from the qrouter netns [0]
  but it never existed in the qdhcp to begin with.

  [0] https://review.opendev.org/#/c/654645/

  Related LP Bug #1831935
  See https://bugs.launchpad.net/charm-neutron-openvswitch/+bug/1831935/comments/10

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1832021/+subscriptions


References