Group Based Policy

Concurrent subnet allocations from pool can overlap

Bug #1503135 reported by Robert Kukura
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Group Based Policy
Fix Released
High
Robert Kukura
Group Based Policy liberty-1 "l1"

Bug Description

When subnets are concurrently allocated from an L3 Policy's IP pool, such as when creating a Policy Target Group with the resource_mapping driver or creating an L2 Policy with the apic driver, the same subnet is sometimes allocated more than once. With the resouce_mapping driver, this results in an InternalServerError being returned to the client and a traceback in the server log similar to:

2015-09-25 14:01:41.515 ERROR gbpservice.neutron.services.grouppolicy.drivers.resource_mapping [req-e6540a08-9ec0-4982-9f44-aa75a22e590c None None] Adding subnet to router failed
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping Traceback (most recent call last):
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping File "/opt/stack/new/group-based-policy/gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py", line 1718, in _plug_router_to_subnet
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping interface_info)
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping File "/opt/stack/new/group-based-policy/gbpservice/network/neutronv2/local_api.py", line 254, in _add_router_interface
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping router_id, interface_info)
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping File "/opt/stack/new/neutron/neutron/db/l3_dvr_db.py", line 289, in add_router_interface
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping context, router, interface_info['subnet_id'], device_owner)
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping File "/opt/stack/new/neutron/neutron/db/l3_db.py", line 576, in _add_interface_by_subnet
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping subnet['cidr'])
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping File "/opt/stack/new/neutron/neutron/db/l3_db.py", line 485, in _check_for_dup_router_subnet
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping raise n_exc.BadRequest(resource='router', msg=msg)
2015-09-25 14:01:41.515 26468 TRACE gbpservice.neutron.services.grouppolicy.drivers.resource_mapping BadRequest: Bad router request: Cidr 10.0.0.0/24 of subnet 5a2be156-8b67-45b7-bb14-fea2e653e39d overlaps with cidr 10.0.0.0/24 of subnet a861fd9e-7788-4dd3-89a8-30548420e471

The subnet allocation algorithm needs to add the newly created subnet to the router within its loop and, if BadRequest is raised, delete that subnet and try the next available CIDR, until a non-overlapping subnet CIDR is found.

Robert Kukura (rkukura)
Changed in group-based-policy:
assignee: nobody → Robert Kukura (rkukura)
importance: Undecided → High
Sumit Naiksatam (snaiksat)
Changed in group-based-policy:
milestone: none → liberty-1
status: New → Confirmed
AJAY KALAMBUR (akalambu)
tags: added: ccs-seen
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/232274

Changed in group-based-policy:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (master)

Reviewed: https://review.openstack.org/232274
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=280d00dbddffb894201b18c251b60c7002524e69
Submitter: Jenkins
Branch: master

commit 280d00dbddffb894201b18c251b60c7002524e69
Author: Robert Kukura <email address hidden>
Date: Wed Oct 7 19:29:51 2015 -0400

    Handle concurrent subnet allocation

    Verify that the subnet's CIDR is not already allocated within the
    containing L3P when the resource_mapping driver adds an implicit
    subnet to a non-L2-proxy PTG. If it is already allocated, retry with
    the next potentially available CIDR.

    Closes-bug: 1503135

    Change-Id: I66167b9f103d5ea816e1ef799ff753b0d4d7f01c

Changed in group-based-policy:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/235970

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (master)

Reviewed: https://review.openstack.org/235015
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=f181f55381a12080c1727d5de0e27ccb6d56232f
Submitter: Jenkins
Branch: master

commit f181f55381a12080c1727d5de0e27ccb6d56232f
Author: Ivar Lazzaro <email address hidden>
Date: Wed Oct 14 16:13:23 2015 -0700

    [apic-mapping] handle subnet concurrent allocation

    Change-Id: Iedaf1d24b277a7bdad63a02fbfdf0a01b19285a1
    Closes-bug: 1503135

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/235998

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/kilo)

Reviewed: https://review.openstack.org/235970
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=80f0ba26f618841fd582cbb0216343a96449029c
Submitter: Jenkins
Branch: stable/kilo

commit 80f0ba26f618841fd582cbb0216343a96449029c
Author: Robert Kukura <email address hidden>
Date: Wed Oct 7 19:29:51 2015 -0400

    Handle concurrent subnet allocation

    Verify that the subnet's CIDR is not already allocated within the
    containing L3P when the resource_mapping driver adds an implicit
    subnet to a non-L2-proxy PTG. If it is already allocated, retry with
    the next potentially available CIDR.

    Closes-bug: 1503135

    Change-Id: I66167b9f103d5ea816e1ef799ff753b0d4d7f01c
    (cherry picked from commit 280d00dbddffb894201b18c251b60c7002524e69)

tags: added: in-stable-kilo
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/juno)

Reviewed: https://review.openstack.org/235998
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=52319de54c371a49ce0ddecafc44b82bb438a282
Submitter: Jenkins
Branch: stable/juno

commit 52319de54c371a49ce0ddecafc44b82bb438a282
Author: Robert Kukura <email address hidden>
Date: Wed Oct 7 19:29:51 2015 -0400

    Handle concurrent subnet allocation

    Verify that the subnet's CIDR is not already allocated within the
    containing L3P when the resource_mapping driver adds an implicit
    subnet to a non-L2-proxy PTG. If it is already allocated, retry with
    the next potentially available CIDR.

    Closes-bug: 1503135

    Change-Id: I66167b9f103d5ea816e1ef799ff753b0d4d7f01c
    (cherry picked from commit 280d00dbddffb894201b18c251b60c7002524e69)
    (cherry picked from commit 80f0ba26f618841fd582cbb0216343a96449029c)

tags: added: in-stable-juno
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/236086

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to group-based-policy (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/236107

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/kilo)

Reviewed: https://review.openstack.org/236086
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=c98dffe272fc90f627cf59fef59439a40b9fe55d
Submitter: Jenkins
Branch: stable/kilo

commit c98dffe272fc90f627cf59fef59439a40b9fe55d
Author: Ivar Lazzaro <email address hidden>
Date: Wed Oct 14 16:13:23 2015 -0700

    [apic-mapping] handle subnet concurrent allocation

    Closes-bug: 1503135
    (cherry picked from commit f181f55381a12080c1727d5de0e27ccb6d56232f)

    Change-Id: I636fcec5288525c15bbfea19c1e9779453fb81f8

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to group-based-policy (stable/juno)

Reviewed: https://review.openstack.org/236107
Committed: https://git.openstack.org/cgit/stackforge/group-based-policy/commit/?id=6978ca7aa1798f888166555aadbf26dfde3d4b43
Submitter: Jenkins
Branch: stable/juno

commit 6978ca7aa1798f888166555aadbf26dfde3d4b43
Author: Ivar Lazzaro <email address hidden>
Date: Wed Oct 14 16:13:23 2015 -0700

    [apic-mapping] handle subnet concurrent allocation

    Closes-bug: 1503135
    (cherry picked from commit f181f55381a12080c1727d5de0e27ccb6d56232f)
    (cherry picked from commit c98dffe272fc90f627cf59fef59439a40b9fe55d)

    Change-Id: If5575be522194f6072d79a4e0740f517b850412d

Sumit Naiksatam (snaiksat)
Changed in group-based-policy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.