neutron

[Havana] SNAT rules in Router are not updated on router_add_interface/router_delete_interface

Bug #1192610 reported by Nachi Ueno
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Salvatore Orlando
neutron 2013.2 "havana"

Bug Description

SNAT rules in Router are not applied for all subnets

ubuntu@nimx:~/devstack$ quantum router-list
+--------------------------------------+---------+-----------------------------------------------------------------------------+
| id | name | external_gateway_info |
+--------------------------------------+---------+-----------------------------------------------------------------------------+
| a91ee7b8-a376-407b-9d6e-a70a5d308e88 | router1 | {"network_id": "6cdf384f-2b10-418e-aa77-54ceec0bebc8", "enable_snat": true} |
+--------------------------------------+---------+-----------------------------------------------------------------------------+

ubuntu@nimx:~/devstack$ quantum router-port-list router1
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 31fa5771-4838-4263-80b6-5288680e682c | | fa:16:3e:f7:0f:0a | {"subnet_id": "94ce0c3b-530c-4c46-b7e6-a7b2bdee9384", "ip_address": "10.0.0.1"} |
| 66c0f9f9-da7c-4cf6-96ef-24d2913e7775 | | fa:16:3e:f2:5a:3a | {"subnet_id": "eb71f264-ceb5-4462-b1b0-fe8627efde17", "ip_address": "20.0.0.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+

iptables rule in router namespace
http://paste.openstack.org/show/38952/

-A quantum-l3-agent-snat -j quantum-l3-agent-float-snat
-A quantum-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 172.24.4.226

After Restert l3-agent

-A quantum-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 172.24.4.226
-A quantum-l3-agent-snat -s 20.0.0.0/24 -j SNAT --to-source 172.24.4.226
http://paste.openstack.org/show/38953/

I'll keep investiation

Tags: l3-ipam-dhcp
Revision history for this message
Mark McClain (markmcclain) wrote :

Grizzly or Havana or both?

tags: added: l3-ipam-dhcp
Changed in quantum:
status: New → Incomplete
Revision history for this message
Nachi Ueno (nati-ueno) wrote : Re: [Havana] SNAT rules in Router are not applied for all subnets

I have tested on Havana trunk. I haven't yet tried it in Grizzly

summary: - SNAT rules in Router are not applied for all subnets
+ [Havana] SNAT rules in Router are not applied for all subnets
Revision history for this message
Nachi Ueno (nati-ueno) wrote :

Even if after router interface, snat rule is not deleted

-A PREROUTING -j quantum-l3-agent-PREROUTING
-A OUTPUT -j quantum-l3-agent-OUTPUT
-A POSTROUTING -j quantum-l3-agent-POSTROUTING
-A POSTROUTING -j quantum-postrouting-bottom
-A quantum-l3-agent-POSTROUTING ! -i qg-4b2dd0d9-df ! -o qg-4b2dd0d9-df -m conntrack ! --ctstate DNAT -j ACCEPT
-A quantum-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A quantum-l3-agent-snat -j quantum-l3-agent-float-snat
-A quantum-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 172.24.4.226
-A quantum-l3-agent-snat -s 20.0.0.0/24 -j SNAT --to-source 172.24.4.226
-A quantum-postrouting-bottom -j quantum-l3-agent-snat

summary: - [Havana] SNAT rules in Router are not applied for all subnets
+ [Havana] SNAT rules in Router are not updated on
+ router_add_interface/router_delete_interface
Revision history for this message
Nachi Ueno (nati-ueno) wrote :

Code is updating snat only if router added or deleted.

https://github.com/openstack/quantum/blob/master/quantum/agent/l3_agent.py#L115
https://github.com/openstack/quantum/blob/master/quantum/agent/l3_agent.py#L136

Revision history for this message
Nachi Ueno (nati-ueno) wrote :

I haven't tested yet, but the code looks OK for grizzly ( also If I remember it correctly, this was working.)

Changed in quantum:
status: Incomplete → Confirmed
Nachi Ueno (nati-ueno)
Changed in quantum:
importance: Undecided → High
Revision history for this message
Salvatore Orlando (salvatore-orlando) wrote :

Might be something related to the changes from the external gateway modes blueprint.

Changed in quantum:
assignee: nobody → Salvatore Orlando (salvatore-orlando)
Salvatore Orlando (salvatore-orlando)
Changed in quantum:
milestone: none → havana-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/34345

Changed in quantum:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/34345
Committed: http://github.com/openstack/quantum/commit/8e10c8a5a8e6f64b5a21755eb0553a12ab59c44a
Submitter: Jenkins
Branch: master

commit 8e10c8a5a8e6f64b5a21755eb0553a12ab59c44a
Author: Salvatore Orlando <email address hidden>
Date: Tue Jun 25 03:59:26 2013 +0200

    Fix logic for handling SNAT rules

    Bug 1192610

    Fixes and simplifies the logic for managing SNAT rules, based
    on the assumption that a chain contains SNAT rules for a single
    router.
    It also fixes another small glitch with SNAT rules not being
    removed when a gateway port is destroyed (the glitch did not
    affect operations)

    Change-Id: Ia95e375459a1f32e93bbe912a268a8ed13859c69

Changed in neutron:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in neutron:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: havana-2 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.