dvr_edge_ha_router disassociates floatingip incompletely

Bug #1644415 reported by Zhixin Li on 2016-11-24
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
High
Zhixin Li

Bug Description

I have a mitaka enviroment with one controller host, one network host and two computer hosts. All the l3 agents of my computer hosts and network host are configed as dvr_snat mode. I created a dvr+ha router and boot a vm with one of subnet associated with this router. This vm accesses the internet normally before or after associating a floating ip with it. But when I disassociated the floating ip, the vm can not access the internet any more.

Pre-conditions:
  run L3 agent with dvr_snat mode on network nodes and compute nodes

How to reprocude:
  create a dvr+ha router
  create a subnet and associate this subnet with the router
  create a vm with the subnet
  associate a floating ip with the vm and then disassociate it
  the vm can not access internet

Analysis:
  I found that the ip rule "36709: from 10.10.30.4 lookup 16"(this ip is the vm's fixed ip) is still in the router's qrouter namespace on the compute host, although I diassociated the floating ip. Then I debug the code and found dvr_edge_ha_router can not execute code into remove_floating_ip function.

Zhixin Li (lizhixin) on 2016-11-24
Changed in neutron:
assignee: nobody → Zhixin Li (lizhixin)
description: updated
Kevin Benton (kevinbenton) wrote :

Marking as triaged until we can see the fix or a link to the broken part of the code.

Changed in neutron:
importance: Undecided → High
status: New → Triaged
lizhixin (lizhixin3016) on 2016-12-01
Changed in neutron:
status: Triaged → In Progress
tags: added: mitaka-backport-potential newton-backport-potential

Reviewed: https://review.openstack.org/404571
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=91b2efcbd5f21d7e726b51ca0196a68cf46c3fde
Submitter: Jenkins
Branch: master

commit 91b2efcbd5f21d7e726b51ca0196a68cf46c3fde
Author: Lizhixin <email address hidden>
Date: Sat Nov 26 13:16:59 2016 +0800

    Remove get_router_cidrs method of dvr_edge_ha router

    Since commit a388f78c8cb4b1c860bfc11029b5210955f1932d, we fetch
    routers' existing floating ip address from the fip namespace's
    route table instead of qrouter namespace's qg device for the
    dvr_local and dvr_edge router. But for dvr_edge_ha router, it
    still fetch the existing floating ip like legacy router, causing
    it can’t know which existent floating ip rules need to be removed.

    After removing the get_router_cidrs method, the dvr_edge_ha router
    inherit the get_router_cidrs method from dvr_local router and it
    will remove the existent floating ip rules successfully if we
    disassociate the floating ip.

    Co-Authored-By: Swaminathan Vasudevan <email address hidden>
    Change-Id: Ic471189773298b353db7629c827c8787703c0069
    Related-Bug: #1644415

Change abandoned by Swaminathan Vasudevan (<email address hidden>) on branch: /stable/newton
Review: https://review.openstack.org/423395

Reviewed: https://review.openstack.org/423495
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=9851426331f072db134c6cec755cefb150bd35ca
Submitter: Jenkins
Branch: stable/newton

commit 9851426331f072db134c6cec755cefb150bd35ca
Author: Lizhixin <email address hidden>
Date: Sat Nov 26 13:16:59 2016 +0800

    Remove get_router_cidrs method of dvr_edge_ha router

    Since commit a388f78c8cb4b1c860bfc11029b5210955f1932d, we fetch
    routers existing floating ip address from the fip namespace's
    route table instead of qrouter namespace's qg device for the
    dvr_local and dvr_edge router. But for dvr_edge_ha router, it
    still fetch the existing floating ip like legacy router, causing
    it can’t know which existent floating ip rules need to be removed.

    After removing the get_router_cidrs method, the dvr_edge_ha router
    inherit the get_router_cidrs method from dvr_local router and it
    will remove the existent floating ip rules successfully if we
    disassociate the floating ip.

    Co-Authored-By: Swaminathan Vasudevan <email address hidden>
    Change-Id: Ic471189773298b353db7629c827c8787703c0069
    Related-Bug: #1644415
    (cherry picked from commit 91b2efcbd5f21d7e726b51ca0196a68cf46c3fde)

tags: added: in-stable-newton
Changed in neutron:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/424276
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b68d510fd05f62a616523f9b30fd086ddc242397
Submitter: Jenkins
Branch: stable/mitaka

commit b68d510fd05f62a616523f9b30fd086ddc242397
Author: Lizhixin <email address hidden>
Date: Sat Nov 26 13:16:59 2016 +0800

    Remove get_router_cidrs method of dvr_edge_ha router

    Since commit a388f78c8cb4b1c860bfc11029b5210955f1932d, we fetch
    routers existing floating ip address from the fip namespace's
    route table instead of qrouter namespace's qg device for the
    dvr_local and dvr_edge router. But for dvr_edge_ha router, it
    still fetch the existing floating ip like legacy router, causing
    it can’t know which existent floating ip rules need to be removed.

    After removing the get_router_cidrs method, the dvr_edge_ha router
    inherit the get_router_cidrs method from dvr_local router and it
    will remove the existent floating ip rules successfully if we
    disassociate the floating ip.

    Co-Authored-By: Swaminathan Vasudevan <email address hidden>
    Related-Bug: #1644415
    (cherry picked from commit 91b2efcbd5f21d7e726b51ca0196a68cf46c3fde)
    (cherry picked from commit 9851426331f072db134c6cec755cefb150bd35ca)

    Conflicts:
     neutron/agent/l3/dvr_edge_ha_router.py

    Change-Id: Ic471189773298b353db7629c827c8787703c0069

tags: added: in-stable-mitaka
tags: added: neutron-proactive-backport-potential
tags: removed: neutron-proactive-backport-potential
Changed in neutron:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers