Use the IP from allow address pair to launch VM will cause issue if the ip in the same subnet
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
zhaobo |
Bug Description
repro
------------
1. net with a subnet '10.0.0.0/26'
2. specify a IP address(10.0.0.10) in 'allowed_
3. specify the same IP address(10.0.0.10) in 'fixed_ip' fields to create another port with the net. called Port2
4. launch VMs with both of the ports. Port1 -- VM1 Port2 -- VM2.
Now VM1 and VM2 will use the same IP address(10.0.0.10) to access the external enviroment, VM2 is OK, but VM1 is not.
Just an example, if we set interface in a router, the default gateway of this subnet is 10.0.0.1. We can find the '10.0.0.10' ARP entry of the router namespace is VM2's port. So VM2 ping gateway is OK, but VM1 not. And the packets on gateway port'qr-XXXXX' we can see. All the Ping request packets which use 10.0.0.10 as Src ip from VM1 are accepted, but the qrouter namespace will send the Ping resp to VM2. I don't think this is a valid case.
The reproduce step is in comment #5. And the test env is DVR
Changed in neutron: | |
assignee: | nobody → zhaobo (zhaobo6) |
description: | updated |
Can you update your step by step instructions to have more detail? I can recreate the bug from the description but I'm not sure if it is the same approach as you. See my attempt below:
openstack port create port1 --allowed-address ip-address= 10.0.0. 10 --network private
# use subnet id for '10.0.0.0/26' subnet in the following command
$ openstack port create port2 --fixed-ip subnet= 2e3b3133- 7e67-4a3b- 9b1d-6d25238788 d2,ip-address= 10.0.0. 10 --network private
$ ip netns 0cd4817d- d5f6-44b8- 96a8-752e23c20b 99 9de1-4a58- 9494-349dc58b74 75
qrouter-
qdhcp-025b4428-
$ sudo ip netns exec qrouter- 0cd4817d- d5f6-44b8- 96a8-752e23c20b 99 arp
Address HWtype HWaddress Flags Mask Iface
172.24.4.1 ether fe:61:c0:e7:f6:45 C qg-ce281ff3-54
10.0.0.10 # port 2 ether fa:16:3e:5b:ca:25 C qr-9930c08b-8e
10.0.0.9 # port 1 ether fa:16:3e:57:28:bf C qr-9930c08b-8e
10.0.0.2 ether fa:16:3e:67:74:47 C qr-9930c08b-8e
$ openstack security group rule create a1ff40db- 0bee-4b2a- ad26-829dc58a28 d3 --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
$ openstack security group rule create a1ff40db- 0bee-4b2a- ad26-829dc58a28 d3 --protocol icmp --dst-port 22:22 --remote-ip 0.0.0.0/0
$ sudo ip netns exec qrouter- 0cd4817d- d5f6-44b8- 96a8-752e23c20b 99 ssh cirros@10.0.0.9
cirros@10.0.0.9's password:
$ ping -4 -c 1 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=64 time=0.398 ms
--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.398/0.398/0.398 ms
$ exit
$ sudo ip netns exec qrouter- 0cd4817d- d5f6-44b8- 96a8-752e23c20b 99 ssh cirros@10.0.0.10
cirros@10.0.0.10's password:
$ ping -4 -c 1 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=64 time=1.656 ms
--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 1.656/1.656/1.656 ms
$ exit
# I tried using the -I option for ping but was not successful.
$ ping 10.0.0.1 -I 10.0.0.10
PING 10.0.0.1 (10.0.0.1) from 10.0.0.10: 56 data bytes
ping: can't set multicast source interface