neutron

Floating IPs disassociation does not remove conntrack state with HA routers

Bug #1505700 reported by Assaf Muller
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Assaf Muller

Bug Description

Reproduction:
1) Create HA router, connect to internal/external networks
2) Create VM, assign floating IP
3) Ping floating IP
4) Disassociate floating IP

Actual result:
Ping continues

Expected result:
Ping halts

Root cause:
Legacy routers floating IP disassociation delete conntrackd state, HA routers don't because they're sentient beings with a sense of self that choose to not follow common convention or reason.

Assaf Muller (amuller)
tags: added: kilo-backport-potential
tags: added: liberty-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/234247

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/234378

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/234380

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/234247
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=e0eeadc97ee094d6dfa5f4139c1c4aa871b514d5
Submitter: Jenkins
Branch: master

commit e0eeadc97ee094d6dfa5f4139c1c4aa871b514d5
Author: Assaf Muller <email address hidden>
Date: Tue Oct 13 10:19:36 2015 -0400

    Kill conntrackd state on HA routers FIP disassociation

    Legacy routers kill conntrackd states on FIP disassociation,
    so that traffic to FIPs that have been disassociated is properly
    dropped. This is not the case with HA routers, and this patch
    changes that.

    Change-Id: Ic962c518ce33a4936d0f1655d60d308c5e776a9b
    Closes-Bug: #1505700

Changed in neutron:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/liberty)

Reviewed: https://review.openstack.org/234378
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b09a9702e1ca322e66ea7c63c639a06b7a3bf176
Submitter: Jenkins
Branch: stable/liberty

commit b09a9702e1ca322e66ea7c63c639a06b7a3bf176
Author: Assaf Muller <email address hidden>
Date: Tue Oct 13 10:19:36 2015 -0400

    Kill conntrackd state on HA routers FIP disassociation

    Legacy routers kill conntrackd states on FIP disassociation,
    so that traffic to FIPs that have been disassociated is properly
    dropped. This is not the case with HA routers, and this patch
    changes that.

    Change-Id: Ic962c518ce33a4936d0f1655d60d308c5e776a9b
    Closes-Bug: #1505700
    (cherry picked from commit e0eeadc97ee094d6dfa5f4139c1c4aa871b514d5)

tags: added: in-stable-liberty
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/kilo)

Reviewed: https://review.openstack.org/234380
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=30274d4d24f2d03b400e9d6eaf132a6930bb5079
Submitter: Jenkins
Branch: stable/kilo

commit 30274d4d24f2d03b400e9d6eaf132a6930bb5079
Author: Assaf Muller <email address hidden>
Date: Tue Oct 13 10:19:36 2015 -0400

    Kill conntrackd state on HA routers FIP disassociation

    Legacy routers kill conntrackd states on FIP disassociation,
    so that traffic to FIPs that have been disassociated is properly
    dropped. This is not the case with HA routers, and this patch
    changes that.

    Change-Id: Ic962c518ce33a4936d0f1655d60d308c5e776a9b
    Closes-Bug: #1505700
    (cherry picked from commit e0eeadc97ee094d6dfa5f4139c1c4aa871b514d5)

tags: added: in-stable-kilo
Ihar Hrachyshka (ihar-hrachyshka)
tags: removed: kilo-backport-potential
tags: removed: liberty-backport-potential
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/neutron 8.0.0.0b1

This issue was fixed in the openstack/neutron 8.0.0.0b1 development milestone.

Doug Hellmann (doug-hellmann)
Changed in neutron:
status: Fix Committed → Fix Released
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/neutron 7.0.1

This issue was fixed in the openstack/neutron 7.0.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.