creating meter label rule doesn't work properly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Yu Fukuyama |
Bug Description
Created rule by the following API counts packets between a router which connects to external network and the connection destination device.
API: POST /v2.0/metering/
When outbound traffic of external router, destination should be remote_ip, and when inbound traffic, sender should be remote_ip. But it has become actually reversed.
Because option for creating the iptables rule is reversed.
I'll show you an example that created the meter label rule the remote_ip is set to 192.168.0.0/16.
[Actual results]
$ neutron meter-label-create test-label --tenant-id 2a023bd32f014e4
Created a new metering_label:
+------
| Field | Value |
+------
| description | |
| id | d35d0464-
| name | test-label |
| shared | False |
| tenant_id | 2a023bd32f014e4
+------
$ neutron meter-label-create test-label2 --tenant-id 2a023bd32f014e4
Created a new metering_label:
+------
| Field | Value |
+------
| description | |
| id | 61c344ce-
| name | test-label2 |
| shared | False |
| tenant_id | 2a023bd32f014e4
+------
$ neutron meter-label-
$ neutron meter-label-
$ neutron meter-label-
+------
| id | excluded | direction | remote_ip_prefix |
+------
| 3e426537-
| 4d669406-
+------
$ sudo ip netns exec qrouter-
...
-A neutron-
-A neutron-
...
[The expected iptables rules]
-A neutron-
-A neutron-
[Examples of required packet is not counted]
ubuntu@
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=62 time=1.13 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=62 time=0.618 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=62 time=0.652 ms
--- 192.168.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.618/0.
$ sudo ip netns exec qrouter-
Chain neutron-
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0
Changed in neutron: | |
assignee: | nobody → Yu Fukuyama (piano-cajon) |
tags: | added: metering |
Changed in openstack-api-site: | |
assignee: | nobody → Akihiro Motoki (amotoki) |
Changed in neutron: | |
assignee: | Yu Fukuyama (piano-cajon) → Akihiro Motoki (amotoki) |
Changed in neutron: | |
assignee: | Akihiro Motoki (amotoki) → Yu Fukuyama (piano-cajon) |
tags: | added: liberty-backport-potential |
tags: | removed: liberty-backport-potential |
According to the Networking API reference [1], there is no detail description about "remote_ip_prefix", but considering the security group rule API definition, it is reasonable to regard "remote_ip_prefix" as destination address/cidr for egress traffic and vice versa.
[1] http:// developer. openstack. org/api- ref-networking- v2-ext. html#createMete ringLabelRule