RA is not disabled on backup HA routers

Bug #1669765 reported by Daniel Alvarez on 2017-03-03
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Daniel Alvarez

Bug Description

When an HA router is created, RA is enabled on the gateway interface for the 'master' router [0].
However, it is not disabled in the 'else' clause and therefore:

1. If the router was set to 'master' before, it will still have RA enabled on its gateway interface
2. If default value for accept_ra in '/proc/sys/net/ipv6/conf/default/accept_ra' is > 0, then it will still have RA enabled on its gateway interface.

Having RA enabled on a backup router leads to the following unwanted situation:

- It may respond to RA packets coming from an external switch and, because it has the same MAC address as the master instance, the switch will learn its MAC address and may send the traffic to it until the master sends some packets. Therefore, any existing connections will be interrupted.

The fix would consist in disabling RA on the gateway interface if conditions are not met to enable it.

[0] https://github.com/openstack/neutron/blob/master/neutron/agent/l3/ha.py#L136

Changed in neutron:
status: New → Triaged
tags: added: l3-ha
Changed in neutron:
importance: Undecided → High
Changed in neutron:
assignee: nobody → Daniel Alvarez (dalvarezs)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers