commit 1495453768c3d37057575167d1be634cdee206d8
Author: Daniel Alvarez <email address hidden>
Date: Sun Jan 22 13:33:07 2017 +0000
Disable RA and IPv6 forwarding on backup HA routers
Neutron does not disable ipv6 forwarding for HA routers and it's
enabled by default in all router namespaces. For ipv6, this means
that it will automatically join the following groups:
* link-local all-routers multicast group (ff02::2)
* interface-local all routers multicast group (ff01::2)
* site-local all routers multicast group (ff05::2))
As a side effect it will answer to multicast listener queries, thus
causing external switch to learn its MAC address and disrupting traffic
to the master instance.
This patch will enable ipv6 forwarding on the gateway interface only
for master instances and disable it otherwise to fix the issue.
Also, the accept_ra procfs entry was enabled under certain
circumstances but it wasn't disabled otherwise. This patch, will
disable RA on the gateway interface for non master instances.
Reviewed: https:/ /review. openstack. org/460924 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=1495453768c 3d37057575167d1 be634cdee206d8
Committed: https:/
Submitter: Jenkins
Branch: stable/newton
commit 1495453768c3d37 057575167d1be63 4cdee206d8
Author: Daniel Alvarez <email address hidden>
Date: Sun Jan 22 13:33:07 2017 +0000
Disable RA and IPv6 forwarding on backup HA routers
Neutron does not disable ipv6 forwarding for HA routers and it's
enabled by default in all router namespaces. For ipv6, this means
that it will automatically join the following groups:
* link-local all-routers multicast group (ff02::2)
* interface-local all routers multicast group (ff01::2)
* site-local all routers multicast group (ff05::2))
As a side effect it will answer to multicast listener queries, thus
causing external switch to learn its MAC address and disrupting traffic
to the master instance.
This patch will enable ipv6 forwarding on the gateway interface only
for master instances and disable it otherwise to fix the issue.
Also, the accept_ra procfs entry was enabled under certain
circumstances but it wasn't disabled otherwise. This patch, will
disable RA on the gateway interface for non master instances.
Conflicts: tests/functiona l/agent/ l3/test_ ha_router. py
neutron/
Closes-Bug: #1667756
Change-Id: I9bc890b43f750c ad68fc67f4c79f1 426c3506863 0ce7a3f7f434526 931d5504a5) a58a255d7f1c9ae 2a6b95451f)
(cherry picked from commit 676a3ebe2f5b62f
(cherry picked from commit 9360fb90ba73dcd