BGP: DVR fip host routes query including legacy/HA fip routes

Bug #1608406 reported by LIU Yulong on 2016-08-01
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Undecided
LIU Yulong

Bug Description

ENV:
neutron-8.1.2-1 (stable/mitaka)

When query a bgpspeaker's routes, the DVR fip host routes query will get the routes including the central fip routes.
This will let the central fip has more than one next_hop routes.

For instance:
+-----------------+--------------+
| destination | next_hop |
+-----------------+--------------+
| 172.16.10.69/32 | 172.16.10.57 | (ha)
| 172.16.10.69/32 | 172.16.10.65 | (ha)
| 172.16.10.70/32 | 172.16.10.58 | (legacy)
| 172.16.10.70/32 | 172.16.10.66 | (legacy)
| 172.16.10.68/32 | 172.16.10.66 | (dvr)
| 172.16.10.67/32 | 172.16.10.65 | (ha-and-dvr)
+-----------------+--------------+

public (external) network ports:
172.16.10.69 network:floatingip
172.16.10.70 network:floatingip
172.16.10.68 network:floatingip
172.16.10.67 network:floatingip
172.16.10.66 network:floatingip_agent_gateway
172.16.10.65 network:floatingip_agent_gateway
172.16.10.59 network:router_gateway
172.16.10.57 network:router_gateway
172.16.10.58 network:router_gateway
172.16.10.60 network:router_gateway

This issue was tested in stable/mitaka, bug the upstream may also have the same issue.
Because this line did not filter the legacy/HA fips' routes:
https://github.com/openstack/neutron-dynamic-routing/blob/master/neutron_dynamic_routing/db/bgp_db.py#L732

bgp routes, Routers, floating IPs, ports, networks:
http://paste.openstack.org/show/547689/

LIU Yulong (dragon889) on 2016-08-01
tags: added: l3-bgp

Fix proposed to branch: master
Review: https://review.openstack.org/349401

Changed in neutron:
assignee: nobody → LIU Yulong (dragon889)
status: New → In Progress
LIU Yulong (dragon889) on 2016-08-01
summary: - BGP: DVR fip host routes query including legacy/HA fip routs
+ BGP: DVR fip host routes query including legacy/HA fip routes
Ryan Tidwell (ryan-tidwell) wrote :

Good catch, it does appear that you're findings are correct.

LIU Yulong (dragon889) on 2016-08-03
description: updated
description: updated
tags: added: mitaka-backport-potential
Ryan Tidwell (ryan-tidwell) wrote :

I was able to reproduce this. My setup included 2 routers attached to the same external network, one distributed one legacy. I associated a FIP that is hosted on the legacy router. I see 2 next-hops for that FIP: the correct next-hop on the legacy router, and an incorrect next-hop pointing to the FIP gateway on my compute node. It looks like we are picking up extraneous routes that point to an incorrect next-hop.

Ryan Tidwell (ryan-tidwell) wrote :

Upon further examination, this will occur when 2 VM's are booted on the same host where one is connected to a distributed router and the other is connected via a legacy router. The DVR FIP query is assuming that if there is a FIP gateway on the host, all VM's on that host are connected via distributed routers and will scoop them up to announce their FIP next-hop as the FIP gateway. I think https://review.openstack.org/349401 is right approach, it checks the router association of the FIP in the DVR query to filter out any FIP's not associated through a distributed router.

Reviewed: https://review.openstack.org/349401
Committed: https://git.openstack.org/cgit/openstack/neutron-dynamic-routing/commit/?id=11965147fea9a52156ac2be265a5662973a4e5ad
Submitter: Jenkins
Branch: master

commit 11965147fea9a52156ac2be265a5662973a4e5ad
Author: LIU Yulong <email address hidden>
Date: Mon Aug 1 16:10:28 2016 +0800

    BGP: exclude legacy fip in DVR fip host routes query

    When query a bgpspeaker's routes, the DVR fip host routes query
    will get the routes including the central fip routes. This will
    let the central fip has more than one next_hop routes.

    This patch adds a RouterExtraAttributes check for the distributed
    routers during the DVR fip host routes query.

    Change-Id: Idb237d4563236c24c19abd8234cfdec4f2373eee
    Closes-Bug: #1608406

Changed in neutron:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/352633
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b1f3da7c005e16884975d78dbbb64813db6e5dcb
Submitter: Jenkins
Branch: stable/mitaka

commit b1f3da7c005e16884975d78dbbb64813db6e5dcb
Author: Ryan Tidwell <email address hidden>
Date: Mon Aug 8 16:04:50 2016 -0700

    BGP: exclude legacy fip in DVR fip host routes query

    When query a bgpspeaker's routes, the DVR fip host routes query
    will get the routes including the central fip routes. This will
    let the central fip has more than one next_hop routes.

    This patch adds a RouterExtraAttributes check for the distributed
    routers during the DVR fip host routes query.

    Closes-Bug: #1608406
    (cherry picked from neutron-dynamic-routing commit
    11965147fea9a52156ac2be265a5662973a4e5ad)

    Change-Id: Ie174a7616eba36c690bda84d225538c03391f968

tags: added: in-stable-mitaka

This issue was fixed in the openstack/neutron-dynamic-routing 9.0.0.0b3 development milestone.

tags: removed: mitaka-backport-potential

This issue was fixed in the openstack/neutron 8.3.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers