neutron

Bug #1593354
Comment #0

Comment 0 for bug 1593354

Revision history for this message

Hao Chen (chenh1987) wrote on 2016-06-16:

I have a mitaka openstack deployment with neutron DVR enabled. When I try to test the snat HA failover I found that even though the snat namespace was created on the other backup node, it doesn't has any nat rule in snat namespace iptable. And run "ip a" in the sant namespace you will find the sg port is missing.

Here is what I found on the second neutron network node

sandy-pistachio:/opt/openstack # ip netns
qrouter-e25b81f9-8810-4654-9be0-ebac09c700fb
qdhcp-abe36e89-f7a5-4cbd-a7e4-852d80ed92d6
snat-e25b81f9-8810-4654-9be0-ebac09c700fb

sandy-pistachio:/opt/openstack # ip netns exec snat-e25b81f9-8810-4654-9be0-ebac09c700fb ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
70: qg-cc3b2f8c-b7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:cb:27:cd brd ff:ff:ff:ff:ff:ff
    inet 10.240.117.98/28 brd 10.240.117.111 scope global qg-cc3b2f8c-b7
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fecb:27cd/64 scope link
       valid_lft forever preferred_lft forever

sandy-pistachio:/opt/openstack # ip netns exec snat-e25b81f9-8810-4654-9be0-ebac09c700fb iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
sandy-pistachio:/opt/openstack #

Here is what I found on the second neutron network node

sandy-pistachio:/opt/openstack # ip netns
qrouter-e25b81f9-8810-4654-9be0-ebac09c700fb
qdhcp-abe36e89-f7a5-4cbd-a7e4-852d80ed92d6
snat-e25b81f9-8810-4654-9be0-ebac09c700fb

sandy-pistachio:/opt/openstack # ip netns exec snat-e25b81f9-8810-4654-9be0-ebac09c700fb ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
70: qg-cc3b2f8c-b7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:cb:27:cd brd ff:ff:ff:ff:ff:ff
    inet 10.240.117.98/28 brd 10.240.117.111 scope global qg-cc3b2f8c-b7
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fecb:27cd/64 scope link 
       valid_lft forever preferred_lft forever

sandy-pistachio:/opt/openstack # ip netns exec snat-e25b81f9-8810-4654-9be0-ebac09c700fb iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
sandy-pistachio:/opt/openstack #