← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #85716

[Bug 1922653] [NEW] [L3][Port forwarding] multiple floating_ip:port to same internal fixed_ip:port (N-to-1 rule support)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Floating ip port forwradings table has constraints:

TABLE_NAME = 'portforwardings'

    op.create_unique_constraint(
        constraint_name=('uniq_port_forwardings0floatingip_id0'
                         'external_port0protocol'),
        table_name=TABLE_NAME,
        columns=['floatingip_id', 'external_port', 'protocol']
    )
    op.create_unique_constraint(
        constraint_name=('uniq_port_forwardings0internal_neutron_port_id0'
                         'socket0protocol'),
        table_name=TABLE_NAME,
        columns=['internal_neutron_port_id', 'socket', 'protocol']
    )

This allows create port forwardings like:

172.24.4.64:22 -> tcp -> 192.168.111.45:22

It does not support (failed on constraint
uniq_port_forwardings0internal_neutron_port_id0socket0protocol):

172.24.4.64:22 -> tcp -> 192.168.111.45:22 
172.24.4.64:122 -> tcp -> 192.168.111.45:22
172.24.4.168:22 -> tcp -> 192.168.111.45:22

With some local tests, IMO, all these rules works fine in L3 agent side:

# ip netns exec snat-b247f145-569a-4d5a-bdd8-31a5213641ea conntrack -L |grep "192.168.111.45"
conntrack v1.4.4 (conntrack-tools): 9 flow entries have been shown.
tcp      6 431835 ESTABLISHED src=172.24.4.1 dst=172.24.4.64 sport=53774 dport=122 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53774 [ASSURED] mark=0 use=1
tcp      6 430336 ESTABLISHED src=172.24.4.1 dst=172.24.4.168 sport=53443 dport=22 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53443 [ASSURED] mark=0 use=1
tcp      6 431995 ESTABLISHED src=172.24.4.1 dst=172.24.4.64 sport=53781 dport=22 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53781 [ASSURED] mark=0 use=1

All rules can be used to login (ssh) the VM.

So here, I'd like to remove the constraint
uniq_port_forwardings0internal_neutron_port_id0socket0protocol to
support these.

** Affects: neutron
     Importance: Undecided
         Status: New

** Summary changed:

- [L3][Port forwarding] multiple floating_ips to same internal fixed_ip:port
+ [L3][Port forwarding] multiple floating_ip:port to same internal fixed_ip:port (N-to-1 rule support)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1922653

Title:
  [L3][Port forwarding] multiple floating_ip:port to same internal
  fixed_ip:port (N-to-1 rule support)

Status in neutron:
  New

Bug description:
  Floating ip port forwradings table has constraints:

  TABLE_NAME = 'portforwardings'

      op.create_unique_constraint(
          constraint_name=('uniq_port_forwardings0floatingip_id0'
                           'external_port0protocol'),
          table_name=TABLE_NAME,
          columns=['floatingip_id', 'external_port', 'protocol']
      )
      op.create_unique_constraint(
          constraint_name=('uniq_port_forwardings0internal_neutron_port_id0'
                           'socket0protocol'),
          table_name=TABLE_NAME,
          columns=['internal_neutron_port_id', 'socket', 'protocol']
      )

  This allows create port forwardings like:

  172.24.4.64:22 -> tcp -> 192.168.111.45:22

  It does not support (failed on constraint
  uniq_port_forwardings0internal_neutron_port_id0socket0protocol):

  172.24.4.64:22 -> tcp -> 192.168.111.45:22 
  172.24.4.64:122 -> tcp -> 192.168.111.45:22
  172.24.4.168:22 -> tcp -> 192.168.111.45:22

  With some local tests, IMO, all these rules works fine in L3 agent
  side:

  # ip netns exec snat-b247f145-569a-4d5a-bdd8-31a5213641ea conntrack -L |grep "192.168.111.45"
  conntrack v1.4.4 (conntrack-tools): 9 flow entries have been shown.
  tcp      6 431835 ESTABLISHED src=172.24.4.1 dst=172.24.4.64 sport=53774 dport=122 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53774 [ASSURED] mark=0 use=1
  tcp      6 430336 ESTABLISHED src=172.24.4.1 dst=172.24.4.168 sport=53443 dport=22 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53443 [ASSURED] mark=0 use=1
  tcp      6 431995 ESTABLISHED src=172.24.4.1 dst=172.24.4.64 sport=53781 dport=22 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53781 [ASSURED] mark=0 use=1

  All rules can be used to login (ssh) the VM.

  So here, I'd like to remove the constraint
  uniq_port_forwardings0internal_neutron_port_id0socket0protocol to
  support these.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1922653/+subscriptions
  Thread PreviousDate PreviousThread Next