yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1871815] [NEW] neutron port forwarding doesn't work

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Liansen Zhai <1871815@xxxxxxxxxxxxxxxxxx>
Date: Thu, 09 Apr 2020 09:58:18 -0000
Reply-to: Bug 1871815 <1871815@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I found a bug about neutron port forwarding and Detailed operations are as follows:
first,create a VPC,
 1)openstack address scope create my_project_id
 2)openstack network create my_network
 3)openstack subnet pool create <network id> --address-scope <project id> --pool-prefix "10.0.114.0/24"
 4)openstack subnet create --network <network id> --subnet-pool <subnet pool id> --subnet-range 10.0.114.0/25 <subnet name>
 5)openstack router create my_router
 6)openstack router set jidd-router1 --external-gateway <exxternal network id> --enable-snat
 7)openstack router add subnet <router id> <subnet id>
second,create a vm by the network above
And,config floating ip port forwarding.

for example, external ip and port: 10.142.254.158, 8870; internal port: 10.0.99.29,8870
It can not reach form a external ip to 10.142.254.158 using telnet.

Found that, packet is dropped in snat namespace, becase of packet is
marked different labels between qg-xxx interface and sg-xxx interface.

hit rules:
0     0 DROP       all  --  *      sg-4ddcbea1-c6  0.0.0.0/0            0.0.0.0/0            mark match ! 0x4000000/0xffff0000

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1871815

Title:
  neutron port forwarding doesn't work

Status in neutron:
  New

Bug description:
  I found a bug about neutron port forwarding and Detailed operations are as follows:
  first,create a VPC,
   1)openstack address scope create my_project_id
   2)openstack network create my_network
   3)openstack subnet pool create <network id> --address-scope <project id> --pool-prefix "10.0.114.0/24"
   4)openstack subnet create --network <network id> --subnet-pool <subnet pool id> --subnet-range 10.0.114.0/25 <subnet name>
   5)openstack router create my_router
   6)openstack router set jidd-router1 --external-gateway <exxternal network id> --enable-snat
   7)openstack router add subnet <router id> <subnet id>
  second,create a vm by the network above
  And,config floating ip port forwarding.

  for example, external ip and port: 10.142.254.158, 8870; internal port: 10.0.99.29,8870
  It can not reach form a external ip to 10.142.254.158 using telnet.

  Found that, packet is dropped in snat namespace, becase of packet is
  marked different labels between qg-xxx interface and sg-xxx interface.

  hit rules:
  0     0 DROP       all  --  *      sg-4ddcbea1-c6  0.0.0.0/0            0.0.0.0/0            mark match ! 0x4000000/0xffff0000

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1871815/+subscriptions

Follow ups

[Bug 1871815] Re: neutron port forwarding doesn't work
From: Liansen Zhai, 2020-05-06