neutron

BGP: DVR fip host routes query including legacy/HA fip routes

Bug #1608406 reported by LIU Yulong on 2016-08-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Undecided	LIU Yulong

Bug Description

ENV:
neutron-8.1.2-1 (stable/mitaka)

When query a bgpspeaker's routes, the DVR fip host routes query will get the routes including the central fip routes.
This will let the central fip has more than one next_hop routes.

For instance:
+-----------------+--------------+
| destination | next_hop |
+-----------------+--------------+
| 172.16.10.69/32 | 172.16.10.57 | (ha)
| 172.16.10.69/32 | 172.16.10.65 | (ha)
| 172.16.10.70/32 | 172.16.10.58 | (legacy)
| 172.16.10.70/32 | 172.16.10.66 | (legacy)
| 172.16.10.68/32 | 172.16.10.66 | (dvr)
| 172.16.10.67/32 | 172.16.10.65 | (ha-and-dvr)
+-----------------+--------------+

public (external) network ports:
172.16.10.69 network:floatingip
172.16.10.70 network:floatingip
172.16.10.68 network:floatingip
172.16.10.67 network:floatingip
172.16.10.66 network:floatingip_agent_gateway
172.16.10.65 network:floatingip_agent_gateway
172.16.10.59 network:router_gateway
172.16.10.57 network:router_gateway
172.16.10.58 network:router_gateway
172.16.10.60 network:router_gateway

This issue was tested in stable/mitaka, bug the upstream may also have the same issue.
Because this line did not filter the legacy/HA fips' routes:
https://github.com/openstack/neutron-dynamic-routing/blob/master/neutron_dynamic_routing/db/bgp_db.py#L732

bgp routes, Routers, floating IPs, ports, networks:
http://paste.openstack.org/show/547689/

See original description

Tags:

LIU Yulong (dragon889) on 2016-08-01

tags:

added: l3-bgp

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-01: Fix proposed to neutron-dynamic-routing (master)

Fix proposed to branch: master
Review: https://review.openstack.org/349401

Changed in neutron:
assignee:	nobody → LIU Yulong (dragon889)
status:	New → In Progress

LIU Yulong (dragon889) on 2016-08-01

summary:

- BGP: DVR fip host routes query including legacy/HA fip routs
+ BGP: DVR fip host routes query including legacy/HA fip routes

Revision history for this message

Ryan Tidwell (ryan-tidwell) wrote on 2016-08-02:

Good catch, it does appear that you're findings are correct.

LIU Yulong (dragon889) on 2016-08-03

description:	updated
description:	updated

Brian Haley (brian-haley) on 2016-08-04

tags:

added: mitaka-backport-potential

Revision history for this message

Ryan Tidwell (ryan-tidwell) wrote on 2016-08-04:

I was able to reproduce this. My setup included 2 routers attached to the same external network, one distributed one legacy. I associated a FIP that is hosted on the legacy router. I see 2 next-hops for that FIP: the correct next-hop on the legacy router, and an incorrect next-hop pointing to the FIP gateway on my compute node. It looks like we are picking up extraneous routes that point to an incorrect next-hop.

Revision history for this message

Ryan Tidwell (ryan-tidwell) wrote on 2016-08-04:

Upon further examination, this will occur when 2 VM's are booted on the same host where one is connected to a distributed router and the other is connected via a legacy router. The DVR FIP query is assuming that if there is a FIP gateway on the host, all VM's on that host are connected via distributed routers and will scoop them up to announce their FIP next-hop as the FIP gateway. I think https://review.openstack.org/349401 is right approach, it checks the router association of the FIP in the DVR query to filter out any FIP's not associated through a distributed router.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-08: Fix merged to neutron-dynamic-routing (master)

Reviewed: https://review.openstack.org/349401
Committed: https://git.openstack.org/cgit/openstack/neutron-dynamic-routing/commit/?id=11965147fea9a52156ac2be265a5662973a4e5ad
Submitter: Jenkins
Branch: master

commit 11965147fea9a52156ac2be265a5662973a4e5ad
Author: LIU Yulong <email address hidden>
Date: Mon Aug 1 16:10:28 2016 +0800

BGP: exclude legacy fip in DVR fip host routes query

    When query a bgpspeaker's routes, the DVR fip host routes query
    will get the routes including the central fip routes. This will
    let the central fip has more than one next_hop routes.

This patch adds a RouterExtraAttributes check for the distributed
routers during the DVR fip host routes query.

Change-Id: Idb237d4563236c24c19abd8234cfdec4f2373eee
Closes-Bug: #1608406

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-08: Fix proposed to neutron (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/352633

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-09: Fix merged to neutron (stable/mitaka)

Reviewed: https://review.openstack.org/352633
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b1f3da7c005e16884975d78dbbb64813db6e5dcb
Submitter: Jenkins
Branch: stable/mitaka

commit b1f3da7c005e16884975d78dbbb64813db6e5dcb
Author: Ryan Tidwell <email address hidden>
Date: Mon Aug 8 16:04:50 2016 -0700

BGP: exclude legacy fip in DVR fip host routes query

    When query a bgpspeaker's routes, the DVR fip host routes query
    will get the routes including the central fip routes. This will
    let the central fip has more than one next_hop routes.

This patch adds a RouterExtraAttributes check for the distributed
routers during the DVR fip host routes query.

    Closes-Bug: #1608406
    (cherry picked from neutron-dynamic-routing commit
    11965147fea9a52156ac2be265a5662973a4e5ad)

Change-Id: Ie174a7616eba36c690bda84d225538c03391f968

tags:

added: in-stable-mitaka

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-01: Fix included in openstack/neutron-dynamic-routing 9.0.0.0b3

This issue was fixed in the openstack/neutron-dynamic-routing 9.0.0.0b3 development milestone.

Ihar Hrachyshka (ihar-hrachyshka) on 2016-10-07

tags:

removed: mitaka-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-11: Fix included in openstack/neutron 8.3.0

This issue was fixed in the openstack/neutron 8.3.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.