FWaaS V2: Upgrade Pike->Queen causes error
Bug #1753507 reported by
German Eichberger
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Critical
|
chandan dutta chowdhury |
Bug Description
From our chat:
<jdavis> Jon Davis Hello - I just upgraded to Queens and fwaas_v2 is throwing error: http://
6:46 PM J<jdavis> Jon Davis Everything was working fine in Pike
6:46 PM for attr, position in ATTR_POSITIONS[
6:47 PM Ideas on where to look?
Hello Jon,
After going through the traceback and looking at the code, it seems there might be a conntrack entry in the router namespace for which the kernel could not detect the associated protocol.
Currently the protocols that the FWaaS driver handles are TCP/UDP/ICMP/ICMP6.
The error does not seem to be directly related to the upgrade case, but has been triggered by the firewall update call which tries to cleanup existing contract sessions for a virtual router.
It will be helpful to get a dump of the contract session on your virtual router 9167c6f2- d32a-453d- be52-8628a447fc 14 to confirm this
You can run following command to get the dump
sudo ip netns exec <q-router-ns> conntrack -L
I suspect a conntrack entry starting with the unknown protocol in the namespace
e.g.
unknown 2 551 src=0.0.0.0 dst=224.0.0.1 [UNREPLIED] src=224.0.0.1 dst=0.0.0.0 mark=0 use=1
Thanks
Chandan