neutron

Routes for neighbour subnets missing after dhcp agents restart

Bug #1652654 reported by Quan Tian
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Brian Haley

Bug Description

According to [1], when network contains more that one IPv4 subnets, report these subnets in 'classless-static-routes' DHCP option.
However, the 'classless-static-routes' of dhcp disabled subnets will be deleted after dhcp agents restart because the DhcpRpcCallback.get_active_networks_info method used for synchronize networks filter subnets with "enable_dhcp=True". Then VMs can't access the other VMs in the dhcp disabled subnets in the same network.

[1] https://review.openstack.org/#/c/125043/

How to reproduce:

1. create a network with two subnets in it, disable one subnet's dhcp.
+--------------------------------------+----------------------+----------------+-------------+
| id | name | cidr | enable_dhcp |
+--------------------------------------+----------------------+----------------+-------------+
| 1b14508b-a381-4d73-9128-c05661497c49 | subnet_dhcp_enabled | 192.168.1.0/24 | True |
| 3572a614-79f0-4b4d-8850-60e74225745a | subnet_dhcp_disabled | 192.168.2.0/24 | False |
+--------------------------------------+----------------------+----------------+-------------+

At this time, dhcp opts should like this:

$ cat neutron/dhcp/004a4f00-f8cf-4c11-a9e7-52bc9961c297/opts
tag:tag0,option:classless-static-route,192.168.2.0/24,0.0.0.0,0.0.0.0/0,192.168.1.1
tag:tag0,249,192.168.2.0/24,0.0.0.0,0.0.0.0/0,192.168.1.1
tag:tag0,option:router,192.168.1.1

2. restart the dhcp agent, the "classless-static-routes" disappear

$ cat neutron/dhcp/004a4f00-f8cf-4c11-a9e7-52bc9961c297/opts
tag:tag0,option:router,192.168.1.1

OpenStack Infra (hudson-openstack)
Changed in neutron:
assignee: nobody → Quan Tian (tianquan23)
status: New → In Progress
Armando Migliaccio (armando-migliaccio)
tags: added: l3-bgp
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (master)

Change abandoned by Quan Tian (<email address hidden>) on branch: master
Review: https://review.openstack.org/352530

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/566405

Changed in neutron:
assignee: Quan Tian (tianquan23) → Brian Haley (brian-haley)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/566405
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=2e34279ec3f4e93a7eca1e89b307fdbeb15b211e
Submitter: Zuul
Branch: master

commit 2e34279ec3f4e93a7eca1e89b307fdbeb15b211e
Author: Brian Haley <email address hidden>
Date: Fri May 4 16:43:45 2018 -0400

    Fix lack of routes for neighbour IPv4 subnets

    According to [1], when a network contains more that one IPv4
    subnet, they are returned in the 'classless-static-routes'
    DHCP option, regardless of whether DHCP is enabled for them
    or not.

    However, the get_active_networks_info() method used for
    synchronizing networks after the dhcp agent restarts filters
    subnets with "enable_dhcp=True", which differs from the
    get_network_info() method. This will block VM access to
    other VMs in the dhcp disabled subnets, even though they are
    in the same network. This is visible by looking at the "opts"
    file before and after a restart.

    Change the dhcp agent to ask for all subnets in its
    get_active_networks_info() RPC call by adding an
    enable_dhcp_filter argument to toggle the behavior, with the
    default being True to not break backwards compatibility.

    Based on https://review.openstack.org/#/c/352530/ by Quan Tian.

    [1] https://review.openstack.org/#/c/125043/

    Change-Id: I11ca1d1a603d02587f3b8d4a5a52a96b0587d61f
    Closes-Bug: #1652654

Changed in neutron:
status: In Progress → Fix Released
Bernard Cafarelli (bcafarel)
tags: added: neutron-proactive-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/571808

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/571812

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/571814

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/571808
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0f3ca4c135313375f96d3037a315fac7d47aac83
Submitter: Zuul
Branch: stable/queens

commit 0f3ca4c135313375f96d3037a315fac7d47aac83
Author: Brian Haley <email address hidden>
Date: Fri May 4 16:43:45 2018 -0400

    Fix lack of routes for neighbour IPv4 subnets

    According to [1], when a network contains more that one IPv4
    subnet, they are returned in the 'classless-static-routes'
    DHCP option, regardless of whether DHCP is enabled for them
    or not.

    However, the get_active_networks_info() method used for
    synchronizing networks after the dhcp agent restarts filters
    subnets with "enable_dhcp=True", which differs from the
    get_network_info() method. This will block VM access to
    other VMs in the dhcp disabled subnets, even though they are
    in the same network. This is visible by looking at the "opts"
    file before and after a restart.

    Change the dhcp agent to ask for all subnets in its
    get_active_networks_info() RPC call by adding an
    enable_dhcp_filter argument to toggle the behavior, with the
    default being True to not break backwards compatibility.

    Based on https://review.openstack.org/#/c/352530/ by Quan Tian.

    [1] https://review.openstack.org/#/c/125043/

    Change-Id: I11ca1d1a603d02587f3b8d4a5a52a96b0587d61f
    Closes-Bug: #1652654
    (cherry picked from commit 2e34279ec3f4e93a7eca1e89b307fdbeb15b211e)

tags: added: in-stable-queens
tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/571812
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=e905bd8ed9295d7ab48344ba119dfa79830c22c4
Submitter: Zuul
Branch: stable/pike

commit e905bd8ed9295d7ab48344ba119dfa79830c22c4
Author: Brian Haley <email address hidden>
Date: Fri May 4 16:43:45 2018 -0400

    Fix lack of routes for neighbour IPv4 subnets

    According to [1], when a network contains more that one IPv4
    subnet, they are returned in the 'classless-static-routes'
    DHCP option, regardless of whether DHCP is enabled for them
    or not.

    However, the get_active_networks_info() method used for
    synchronizing networks after the dhcp agent restarts filters
    subnets with "enable_dhcp=True", which differs from the
    get_network_info() method. This will block VM access to
    other VMs in the dhcp disabled subnets, even though they are
    in the same network. This is visible by looking at the "opts"
    file before and after a restart.

    Change the dhcp agent to ask for all subnets in its
    get_active_networks_info() RPC call by adding an
    enable_dhcp_filter argument to toggle the behavior, with the
    default being True to not break backwards compatibility.

    Based on https://review.openstack.org/#/c/352530/ by Quan Tian.

    [1] https://review.openstack.org/#/c/125043/

    Change-Id: I11ca1d1a603d02587f3b8d4a5a52a96b0587d61f
    Closes-Bug: #1652654
    (cherry picked from commit 2e34279ec3f4e93a7eca1e89b307fdbeb15b211e)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.0.0b2

This issue was fixed in the openstack/neutron 13.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.3

This issue was fixed in the openstack/neutron 12.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.5

This issue was fixed in the openstack/neutron 11.0.5 release.

Brian Haley (brian-haley)
Changed in neutron:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/ocata)

Reviewed: https://review.openstack.org/571814
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=af1e51bffca111736565c2386e6b236db8daf321
Submitter: Zuul
Branch: stable/ocata

commit af1e51bffca111736565c2386e6b236db8daf321
Author: Brian Haley <email address hidden>
Date: Fri May 4 16:43:45 2018 -0400

    Fix lack of routes for neighbour IPv4 subnets

    According to [1], when a network contains more that one IPv4
    subnet, they are returned in the 'classless-static-routes'
    DHCP option, regardless of whether DHCP is enabled for them
    or not.

    However, the get_active_networks_info() method used for
    synchronizing networks after the dhcp agent restarts filters
    subnets with "enable_dhcp=True", which differs from the
    get_network_info() method. This will block VM access to
    other VMs in the dhcp disabled subnets, even though they are
    in the same network. This is visible by looking at the "opts"
    file before and after a restart.

    Change the dhcp agent to ask for all subnets in its
    get_active_networks_info() RPC call by adding an
    enable_dhcp_filter argument to toggle the behavior, with the
    default being True to not break backwards compatibility.

    Based on https://review.openstack.org/#/c/352530/ by Quan Tian.

    [1] https://review.openstack.org/#/c/125043/

    Change-Id: I11ca1d1a603d02587f3b8d4a5a52a96b0587d61f
    Closes-Bug: #1652654

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron ocata-eol

This issue was fixed in the openstack/neutron ocata-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.