[dvr][fast-exit] a route to a tenant network does not get created in fip namespace if an external network is attached after a tenant network have been attached (race condition)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Fix Released
|
Medium
|
Unassigned | ||
Pike |
Fix Released
|
Medium
|
Unassigned | ||
Queens |
Fix Released
|
Medium
|
Unassigned | ||
neutron |
Fix Released
|
Undecided
|
Dmitrii Shcherbakov | ||
neutron (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Artful |
Invalid
|
Medium
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Overall, similar scenario to https:/
Relevant agent config options:
http://
OpenStack Queens from UCA (xenial, GA kernel, deployed via OpenStack charms), 2 external subnets (one routed provider network), 1 tenant subnet, all subnets in the same address scope to trigger "fast exit" logic.
Tenant subnet cidr: 192.168.100.0/24
openstack address scope create dev
openstack subnet pool create --address-scope dev --pool-prefix 10.232.40.0/21 --pool-prefix 10.232.16.0/21 dev
openstack subnet pool create --address-scope dev --pool-prefix 192.168.100.0/24 tenant
openstack network create --external --provider-
openstack network segment set --name segment1 d8391bfb-
openstack network segment create --physical-network physnet2 --network-type flat --network pubnet segment2
openstack subnet create --no-dhcp --subnet-pool dev --subnet-range 10.232.16.0/21 --allocation-pool start=10.
openstack subnet create --gateway 10.232.40.100 --no-dhcp --subnet-pool dev --subnet-range 10.232.40.0/21 --allocation-pool start=10.
openstack network create --internal --provider-
openstack subnet create --dhcp --ip-version 4 --subnet-range 192.168.100.0/24 --subnet-pool tenant --dns-nameserver 10.232.36.101 --network tenantnet tenantsubnet
# -------
# Works in this order when an external network is attached first
openstack router create --disable --no-ha --distributed pubrouter
openstack router set --disable-snat --external-gateway pubnet --enable pubrouter
openstack router add subnet pubrouter tenantsubnet
2018-03-29 23:30:48.933 2050638 DEBUG neutron.
tns', 'exec', 'fip-d0f008fc-
424-7'] create_process /usr/lib/
# ------
# Doesn't work the other way around - as a fip namespace does not get created before a tenant network is attached
openstack router create --disable --no-ha --distributed pubrouter
openstack router add subnet pubrouter tenantsubnet
openstack router set --disable-snat --external-gateway pubnet --enable pubrouter
# to "fix" this we need to re-trigger the right code path
openstack router remove subnet pubrouter tenantsubnet
openstack router add subnet pubrouter tenantsubnet
description: | updated |
tags: | added: l3-dvr-backlog |
description: | updated |
description: | updated |
Changed in neutron (Ubuntu Artful): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in neutron (Ubuntu Bionic): | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: neutron-proactive-backport-potential |
Tracing neutron-l3-agent via rbdb clears the issue out a bit.
For the case where a tenant network is added before an external network ext_port_ addr_scopes is an empty set:
https:/ /paste. ubuntu. com/p/Byjp6fNpd d/
--Call-- python2. 7/dist- packages/ neutron/ agent/l3/ dvr_local_ router. py(590) _check_ if_address_ scopes_ match() if_address_ scopes_ match(self, int_port, ex_gw_port): python2. 7/dist- packages/ neutron/ agent/l3/ dvr_local_ router. py(592) _check_ if_address_ scopes_ match() addr_scopes = int_port. get('address_ scopes' , {}) python2. 7/dist- packages/ neutron/ agent/l3/ dvr_local_ router. py(593) _check_ if_address_ scopes_ match() addr_scopes = ex_gw_port. get('address_ scopes' , {}) python2. 7/dist- packages/ neutron/ agent/l3/ dvr_local_ router. py(595) _check_ if_address_ scopes_ match() IP_VERSION_ 6 if self._port_ has_ipv6_ subnet( int_port) addr_scopes b1a1-4d11- 8b98-a969770732 1e', u'6': None} addr_scopes
> /usr/lib/
-> def _check_
...
(Pdb) n
> /usr/lib/
-> int_port_
(Pdb) n
> /usr/lib/
-> ext_port_
(Pdb) n
> /usr/lib/
-> lib_constants.
(Pdb) int_port_
{u'4': u'd5d483bd-
(Pdb) ext_port_
{}
For the case where an external network is added first, then a tenant network both int_port_ addr_scopes and ext_port_ addr_scopes have the same content:
(Pdb) n python2. 7/dist- packages/ neutron/ agent/l3/ dvr_local_ router. py(593) _check_ if_address_ scopes_ match() addr_scopes = ex_gw_port. get('address_ scopes' , {}) python2. 7/dist- packages/ neutron/ agent/l3/ dvr_local_ router. py(595) _check_ if_address_ scopes_ match() IP_VERSION_ 6 if self._port_ has_ipv6_ subnet( int_port)
> /usr/lib/
-> ext_port_
(Pdb) n
> /usr/lib/
-> lib_constants.
-> lib_constants. IP_VERSION_ 6 if self._port_ has_ipv6_ subnet( int_port) addr_scopes b1a1-4d11- 8b98-a969770732 1e', u'6': None} addr_scopes b1a1-4d11- 8b98-a969770732 1e', u'6': None}
(Pdb) int_port_
{u'4': u'd5d483bd-
(Pdb) ext_port_
{u'4': u'd5d483bd-