Ubuntu Cloud Archive

  1. Series mitaka
  2. Bug #1667756
  3. Comment #16

Comment 16 for bug 1667756

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/ocata)

Reviewed: https://review.openstack.org/460918
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=4529630e2746e2ed8d3c7cf96f589b8b5236463e
Submitter: Jenkins
Branch: stable/ocata

commit 4529630e2746e2ed8d3c7cf96f589b8b5236463e
Author: Daniel Alvarez <email address hidden>
Date: Sun Jan 22 13:33:07 2017 +0000

    Disable RA and IPv6 forwarding on backup HA routers

    Neutron does not disable ipv6 forwarding for HA routers and it's
    enabled by default in all router namespaces. For ipv6, this means
    that it will automatically join the following groups:

    * link-local all-routers multicast group (ff02::2)
    * interface-local all routers multicast group (ff01::2)
    * site-local all routers multicast group (ff05::2))

    As a side effect it will answer to multicast listener queries, thus
    causing external switch to learn its MAC address and disrupting traffic
    to the master instance.

    This patch will enable ipv6 forwarding on the gateway interface only
    for master instances and disable it otherwise to fix the issue.

    Also, the accept_ra procfs entry was enabled under certain
    circumstances but it wasn't disabled otherwise. This patch, will
    disable RA on the gateway interface for non master instances.

    Closes-Bug: #1667756

    Change-Id: I9bc890b43f750cad68fc67f4c79f1426c3506863
    (cherry picked from commit 676a3ebe2f5b62f0ce7a3f7f434526931d5504a5)