neutron

Advanced service router becomes destination of a floating ip for a short period of time

Bug #1229548 reported by Kaiwei Fan on 2013-09-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Kaiwei Fan	neutron 2013.2 "havana"

Bug Description

If we initiate a connection to a floating ip right after creating/associating it with a VM's port, the connection goes to advanced service router for a short period if time, instead to the VM the floating ip is supposed to be associated with.

The root cause is when creating/associating a floating ip using advanced service router, in addition to create a DNAT rule, we also need to configure the floating ip on advanced service router's vNic so the advanced service router can reply ARP request for that IP. We configure the IP on the vnic before the DNAT rule is configured, therefore, there is a small window, after IP is configured but before DNAT is configured, that the traffic to floating IP will reach advanced service router.

The fix is to configure the DNAT rule before applying the IP on advanced service router's vNic.

Tags:

Kaiwei Fan (kaiwei-fan) on 2013-09-24

Changed in neutron:
assignee:	nobody → Kaiwei Fan (kaiwei-fan)

Aaron Rosen (arosen) on 2013-09-24

Changed in neutron:
importance:	Undecided → Medium
milestone:	none → havana-rc1
tags:	added: nicira

Mark McClain (markmcclain) on 2013-09-26

tags:

added: havana-rc-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-09-27: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/48595

Changed in neutron:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-09-30: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/48595
Committed: http://github.com/openstack/neutron/commit/5dcbddf516750e21359c859f8da0ab829f67d3f9
Submitter: Jenkins
Branch: master

commit 5dcbddf516750e21359c859f8da0ab829f67d3f9
Author: Kaiwei Fan <email address hidden>
Date: Thu Sep 26 23:49:15 2013 -0700

Reverse the order of interface update and DNAT rule config

    Configure DNAT rule first before adding floating ip address to interface
    so advanced service router will not receive packets by accident before
    DNAT rule configured.

Verified that traffic goes to the VM the created floating ip associated
with right after config.

Change-Id: I415d1138511f41c209f1f2a9c2f12c2cfd3d16f0
Closes-Bug: #1229548

Changed in neutron:
status:	In Progress → Fix Committed

Mark McClain (markmcclain) on 2013-09-30

tags:

removed: havana-rc-potential

Thierry Carrez (ttx) on 2013-10-03

Changed in neutron:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in neutron:
milestone:	havana-rc1 → 2013.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.