commit 4529630e2746e2ed8d3c7cf96f589b8b5236463e
Author: Daniel Alvarez <email address hidden>
Date: Sun Jan 22 13:33:07 2017 +0000
Disable RA and IPv6 forwarding on backup HA routers
Neutron does not disable ipv6 forwarding for HA routers and it's
enabled by default in all router namespaces. For ipv6, this means
that it will automatically join the following groups:
* link-local all-routers multicast group (ff02::2)
* interface-local all routers multicast group (ff01::2)
* site-local all routers multicast group (ff05::2))
As a side effect it will answer to multicast listener queries, thus
causing external switch to learn its MAC address and disrupting traffic
to the master instance.
This patch will enable ipv6 forwarding on the gateway interface only
for master instances and disable it otherwise to fix the issue.
Also, the accept_ra procfs entry was enabled under certain
circumstances but it wasn't disabled otherwise. This patch, will
disable RA on the gateway interface for non master instances.
Closes-Bug: #1667756
Change-Id: I9bc890b43f750cad68fc67f4c79f1426c3506863
(cherry picked from commit 676a3ebe2f5b62f0ce7a3f7f434526931d5504a5)
Reviewed: https:/ /review. openstack. org/460918 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=4529630e274 6e2ed8d3c7cf96f 589b8b5236463e
Committed: https:/
Submitter: Jenkins
Branch: stable/ocata
commit 4529630e2746e2e d8d3c7cf96f589b 8b5236463e
Author: Daniel Alvarez <email address hidden>
Date: Sun Jan 22 13:33:07 2017 +0000
Disable RA and IPv6 forwarding on backup HA routers
Neutron does not disable ipv6 forwarding for HA routers and it's
enabled by default in all router namespaces. For ipv6, this means
that it will automatically join the following groups:
* link-local all-routers multicast group (ff02::2)
* interface-local all routers multicast group (ff01::2)
* site-local all routers multicast group (ff05::2))
As a side effect it will answer to multicast listener queries, thus
causing external switch to learn its MAC address and disrupting traffic
to the master instance.
This patch will enable ipv6 forwarding on the gateway interface only
for master instances and disable it otherwise to fix the issue.
Also, the accept_ra procfs entry was enabled under certain
circumstances but it wasn't disabled otherwise. This patch, will
disable RA on the gateway interface for non master instances.
Closes-Bug: #1667756
Change-Id: I9bc890b43f750c ad68fc67f4c79f1 426c3506863 0ce7a3f7f434526 931d5504a5)
(cherry picked from commit 676a3ebe2f5b62f