neutron

FIP and router iptables are not updated when associated port ip address is changed

Bug #1645317 reported by Alex Stafeyev
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Expired
Undecided
Unassigned

Bug Description

Newton,
[root@controller-0 ~]# rpm -qa | grep neutron
python-neutron-lib-0.4.0-1.el7ost.noarch
puppet-neutron-9.4.2-1.el7ost.noarch
python-neutron-9.1.0-6.el7ost.noarch
openstack-neutron-ml2-9.1.0-6.el7ost.noarch
openstack-neutron-bigswitch-agent-9.40.0-1.1.el7ost.noarch
openstack-neutron-openvswitch-9.1.0-6.el7ost.noarch
openstack-neutron-common-9.1.0-6.el7ost.noarch
openstack-neutron-9.1.0-6.el7ost.noarch

We have a VM with FIP associated to it.

[stack@undercloud-0 ~]$ nova list
+--------------------------------------+------+--------+------------+-------------+---------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------+--------+------------+-------------+---------------------------------+
| 1fe84939-5739-4723-8466-5b0e20e29650 | VM-1 | ACTIVE | - | Running | int_net=192.168.0.7, 10.0.0.211 |
+--------------------------------------+------+--------+------------+-------------+---------------------------------+

[stack@undercloud-0 ~]$ neutron floatingip-show a009ff12-279e-4be3-bb40-0a1cf8b6c2ea
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2016-11-28T12:02:27Z |
| description | |
| fixed_ip_address | 192.168.0.7 | <<<------------------------
| floating_ip_address | 10.0.0.211 |
| floating_network_id | 7e09c182-b829-4174-ba0b-5e90efc20f54 |
| id | a009ff12-279e-4be3-bb40-0a1cf8b6c2ea |
| port_id | 7d749eb0-633d-4114-b322-414d19f86046 |
| project_id | af788c6da1fb4388b09040aa99c997bc |
| revision_number | 4 |
| router_id | 9696bdb2-a5bd-4f92-a112-3f1f171e823c |
| status | ACTIVE |
| tenant_id | af788c6da1fb4388b09040aa99c997bc |
| updated_at | 2016-11-28T12:22:45Z |
+---------------------+--------------------------------------+

After updating the VMport:
openstack port set parent_port --fixed-ip subnet=0a0f0ac2-2bc6-423c-9197-7c3313438c2d,ip-address=192.168.0.55

openstack port unset parent_port --fixed-ip subnet=0a0f0ac2-2bc6-423c-9197-7c3313438c2d,ip-address=192.168.0.7

The FIP remained the same and the IP was not changed from 192.168.0.7 to 192.168.0.55.
The connectivity to the VM was lost due to unchanged iptable rules on the router

[root@controller-0 ~]# ip net e qrouter-9696bdb2-a5bd-4f92-a112-3f1f171e823c iptables -t nat -L | grep 211
SNAT all -- 192.168.0.7 anywhere to:10.0.0.211 <<<-------------

We should have the iptables rule and FIP updated automatically. Connectivity should not be lost.

Tags: l3-ipam-dhcp
Revision history for this message
Brian Haley (brian-haley) wrote :

Can you paste the output from a port-show for that port?

Did the neutron-server log any errors?

Did the l3-agent log any errors?

Revision history for this message
Alex Stafeyev (astafeye) wrote :

Hi brian,
No errors were seen.

Revision history for this message
Ihar Hrachyshka (ihar-hrachyshka) wrote :

Alex, please provide server and l3 agent debug logs.

summary: - FIP and router iptables are not apdated when associated port ip address
+ FIP and router iptables are not updated when associated port ip address
is changed
tags: added: l3-ipam-dhcp
Changed in neutron:
status: New → Incomplete
Revision history for this message
Alex Stafeyev (astafeye) wrote :

l3 agent logs:
http://pastebin.com/Simpf35W

Server log attached as file.

[stack@undercloud-0 ~]$ . overcloudrc ; neutron router-list
+---------------------------+------+---------------------------+-------------+------+
| id | name | external_gateway_info | distributed | ha |
 +---------------------------+------+---------------------------+-------------+------+
| 4394f7a3-2129-4b06-8851-f | 4bug | {"network_id": "0359632c- | False | True |
| 9fa90eedef2 | | a171-4db9-9239-d7d9938e9c | | |
| | | 58", "enable_snat": true, | | |
| | | "external_fixed_ips": | | |
| | | [{"subnet_id": "de246641 | | |
| | | -43ef- | | |
| | | 47ce-8181-9c5ca3655a30", | | |
| | | "ip_address": | | |
| | | "10.0.0.214"}]} | | |
 +---------------------------+------+---------------------------+-------------+------+

port id -
[stack@undercloud-0 ~]$ neutron port-list | grep 4bug
| 1eb7427d-fce1-49f8-8485-579d331366d3 | 4bug | fa:16:3e:a2:7e:2e | {"subnet_id": "24aca6cd-2e70-4ae0-a96f-d9b7957d172c", "ip_address": "192.168.2.55"} |

[stack@undercloud-0 ~]$ neutron floatingip-list
+--------------------------------------+------------------+---------------------+--------------------------------------+
| id | fixed_ip_address | floating_ip_address | port_id |
 +--------------------------------------+------------------+---------------------+--------------------------------------+
| 2b25cc2e-319b-4a32-ab9a-5f8c00be0a21 | 192.168.2.12 | 10.0.0.218 | 1eb7427d-fce1-49f8-8485-579d331366d3 |
| 44e3c553-1331-4ea1-aaa7-edd20efefcec | | 10.0.0.220 | |

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.