RA is not disabled on backup HA routers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
High
|
Daniel Alvarez |
Bug Description
When an HA router is created, RA is enabled on the gateway interface for the 'master' router [0].
However, it is not disabled in the 'else' clause and therefore:
1. If the router was set to 'master' before, it will still have RA enabled on its gateway interface
2. If default value for accept_ra in '/proc/
Having RA enabled on a backup router leads to the following unwanted situation:
- It may respond to RA packets coming from an external switch and, because it has the same MAC address as the master instance, the switch will learn its MAC address and may send the traffic to it until the master sends some packets. Therefore, any existing connections will be interrupted.
The fix would consist in disabling RA on the gateway interface if conditions are not met to enable it.
[0] https:/
Changed in neutron: | |
status: | New → Triaged |
tags: | added: l3-ha |
Changed in neutron: | |
importance: | Undecided → High |
Changed in neutron: | |
assignee: | nobody → Daniel Alvarez (dalvarezs) |
I think we've addressed all of the issues with the sysctl knobs in HA routers over the past few cycles as part of other bugs, so I'll close this bug.