get_subnet_for_dvr() returns wrong gateway mac

Bug #1530179 reported by Oleg Bondarev on 2015-12-30
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Medium
Oleg Bondarev

Bug Description

get_subnet_for_dvr should return proper gateway mac address in order for ovs agent to add proper flows for dvr interface on br-int.
commit e82b0e108332964c90e9d2cfaf3d334a92127155 added 'fixed_ips' parameter to the handler to filter gateway port of the subnet. However actual filtering was applied improperly which leads to wrong gateway mac being returned:

            if fixed_ips:
                filter = fixed_ips[0]
            else:
                filter = {'fixed_ips': {'subnet_id': [subnet],
                                        'ip_address':
                                        [subnet_info['gateway_ip']]}}

            internal_gateway_ports = self.plugin.get_ports(
                context, filters=filter)

            internal_port = internal_gateway_ports[0]
            subnet_info['gateway_mac'] = internal_port['mac_address']

get_ports() here actually returns _all_ ports so mac address of a random port is returned as 'gateway_mac'. In most cases it doesn't lead to any noticeable side effects but in some cases it may cause very weird behavior.

The case that we faced was:
 root@node-9:~# ovs-ofctl dump-flows br-int
 ...
 cookie=0x971c69a135b8ce1f, duration=23023.412s, table=2, n_packets=1339, n_bytes=131234, idle_age=19050, priority=4,dl_vlan=3556,dl_dst=fa:16:3e:da:53:f1 actions=strip_vlan,mod_dl_src:fa:16:3e:2c:24:86,output:6
 cookie=0x971c69a135b8ce1f, duration=31946.414s, table=2, n_packets=25320, n_bytes=2481408, idle_age=1, priority=4,dl_vlan=3556,dl_dst=fa:16:3e:2c:24:86 actions=strip_vlan,mod_dl_src:fa:16:3e:2c:24:86,output:5
 ...

fa:16:3e:2c:24:86 is mac address of a vm port and it was returned as gateway mac due to the bug. This vm was unreachable from other subnets connected to the same dvr router. However another vm on the same host and the same subnet was ok. It took a while to find out what was wrong :)

Fix proposed to branch: master
Review: https://review.openstack.org/262574

Changed in neutron:
status: New → In Progress
tags: added: liberty-backport-potential

Reviewed: https://review.openstack.org/262574
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0a00205c2a209f20a9d900ddb30f25628a32ebd9
Submitter: Jenkins
Branch: master

commit 0a00205c2a209f20a9d900ddb30f25628a32ebd9
Author: Oleg Bondarev <email address hidden>
Date: Wed Dec 30 20:24:55 2015 +0300

    Fix get_subnet_for_dvr() to return correct gateway mac

    Fix filters to get the right gateway port for a subnet.
    Wrong filters led to random port's mac being returned which may cause
    side effects. See bug for details.

    Closes-Bug: #1530179
    Change-Id: I8368255f00ab3e9586c8ff28dfe6739541000810

Changed in neutron:
status: In Progress → Fix Released

This issue was fixed in the openstack/neutron 8.0.0.0b2 development milestone.

Reviewed: https://review.openstack.org/270293
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1ab1e5873c4254d63c150dd5a61f9b34cfcb90d4
Submitter: Jenkins
Branch: stable/liberty

commit 1ab1e5873c4254d63c150dd5a61f9b34cfcb90d4
Author: Oleg Bondarev <email address hidden>
Date: Wed Dec 30 20:24:55 2015 +0300

    Fix get_subnet_for_dvr() to return correct gateway mac

    Fix filters to get the right gateway port for a subnet.
    Wrong filters led to random port's mac being returned which may cause
    side effects. See bug for details.

    Closes-Bug: #1530179
    Change-Id: I8368255f00ab3e9586c8ff28dfe6739541000810
    (cherry picked from commit 0a00205c2a209f20a9d900ddb30f25628a32ebd9)

tags: added: in-stable-liberty

This issue was fixed in the openstack/neutron 7.0.3 release.

tags: removed: liberty-backport-potential
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers