I've a deployment with IPv6 and this is very annoying because periodically the rules are refreshed (it seems like is this) and the manually inserted rules are removed.
I'm using a crontab script to check each qrouter and apply the rule manually.
---
#!/bin/bash
for qrouter in `ip netns | grep ^qrouter`; do interface_qg=`ip netns exec $qrouter ifconfig | grep ^qg | awk '{print $1}'`
qtd_mark=`ip netns exec $qrouter ip6tables -n -L -v -t mangle | grep "MARK xset" | wc -l`
if [ $qtd_mark -lt 2 ]; then echo "APLICAR ==> /bin/ip netns exec $qrouter ip6tables -t mangle -A neutron-l3-agent-scope -i $interface_qg -j MARK --set-xmark 0x4000000/0xffff0000" /bin/ip netns exec $qrouter ip6tables -t mangle -A neutron-l3-agent-scope -i $interface_qg -j MARK --set-xmark 0x4000000/0xffff0000
else echo -e "[OK] Regra ip6tables"
fi
done
---
I've a deployment with IPv6 and this is very annoying because periodically the rules are refreshed (it seems like is this) and the manually inserted rules are removed.
I'm using a crontab script to check each qrouter and apply the rule manually.
---
#!/bin/bash
for qrouter in `ip netns | grep ^qrouter`; do
interface_ qg=`ip netns exec $qrouter ifconfig | grep ^qg | awk '{print $1}'`
if [ $qtd_mark -lt 2 ]; then
else
fi
done
---