bandwidth metering - Creating meter label rule doesn't match the metering concept.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
Gary Kotton |
Bug Description
In the following bug report, "remote_ip_prefix" is considered to be "source address/cidr" for ingress traffic, but this is not suitable for metering concepts.
https:/
┌────┐ ┌────┐ ┌────┐
│external│
└────┘ 100.100.20.0/24 └────┘ 10.0.1.0/24 └────┘
│
│ ┌────┐
└─────────│ VMs │
In case of ingress traffic(inbound), source should be 0.0.0.0/0 and destination should be address/cidr of VMs .
That way, it is possible to meter bandwidth per address/cidr of VMs.
This is my test case.
1. Create Label
# neutron meter-label-create --tenant-id $TEANAT_ID --description "leegy" meter_ingress
Created a new metering_label:
+------
| Field | Value |
+------
| description | leegy |
| id | b1c41f6f-
| name | meter_ingress |
| project_id | e8c282b3d5e9477
| shared | False |
| tenant_id | e8c282b3d5e9477
+------
2. Create rule
ingress rule(traffic from qg- interface to gr- interface), remote_ip_prefix is network cidr of VMs.
# neutron meter-label-
Created a new metering_
+------
| Field | Value |
+------
| direction | ingress |
| excluded | False |
| id | f9829983-
| metering_label_id | b1c41f6f-
| remote_ip_prefix | 10.0.1.0/24 |
+------
3. Check iptables rules
I want to meter bandwidth from external to VMs.
[expected rules]
Chain neutron-
pkts bytes target prot opt in out source destination
0 0 neutron-
[but result is...]
Chain neutron-
pkts bytes target prot opt in out source destination
0 0 neutron-
4. Modify neutron source
neutron/
def _prepare_rule(self, ext_dev, rule, label_chain):
remote_ip = rule['remote_
if rule['direction'] == 'egress':
dir_opt = '-s %s -o %s' % (remote_ip, ext_dev)
else:
dir_opt = '-d %s -i %s' % (remote_ip, ext_dev)
if rule['excluded']:
else:
return ipt_rule
5. Check iptables rules
possble to meter the bandwidth from external to VMs.
Chain neutron-
pkts bytes target prot opt in out source destination
0 0 neutron-
6. ping test
ping from qdhcp-namespace of VM network to another router gateway ip
# neutron net-list
+------
| id | name | subnets |
+------
| 19bd6565-
| | | 10.0.1.0/24 |
| dca679c6-
| | | 100.100.20.0/24 |
+------
# neutron router-list
+------
| id | name | external_
+------
| 03c2fe17-
| 02260c703b64 | | "dca679c6-
| | | 30fd6d6d0c53", | | |
| | | "enable_snat": false, | | |
| | | "external_
| | | [{"subnet_id": "47458829 | | |
| | | -cc7b-498d- | | |
| | | 8dd6-2a97c797cc61", | | |
| | | "ip_address": | | |
| | | "100.100.20.14"}]} | | |
| 1a30bf59-
| 248cf026978d | | "dca679c6-
| | | 30fd6d6d0c53", | | |
| | | "enable_snat": true, | | |
| | | "external_
| | | [{"subnet_id": "47458829 | | |
| | | -cc7b-498d- | | |
| | | 8dd6-2a97c797cc61", | | |
| | | "ip_address": | | |
| | | "100.100.20.11"}]} | | |
+------
# ip netns exec qdhcp-19bd6565-
PING 100.100.20.14 (100.100.20.14) 56(84) bytes of data.
64 bytes from 100.100.20.14: icmp_seq=1 ttl=63 time=1.22 ms
64 bytes from 100.100.20.14: icmp_seq=2 ttl=63 time=0.086 ms
64 bytes from 100.100.20.14: icmp_seq=3 ttl=63 time=0.097 ms
64 bytes from 100.100.20.14: icmp_seq=4 ttl=63 time=0.101 ms
64 bytes from 100.100.20.14: icmp_seq=5 ttl=63 time=0.097 ms
^C
--- 100.100.20.14 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.086/0.
7. Check iptables rules
ping response is captured (5 pkts)
# ip netns exec qrouter-
Chain neutron-
pkts bytes target prot opt in out source destination
5 420 all -- * * 0.0.0.0/0 0.0.0.0/0
Chain neutron-
pkts bytes target prot opt in out source destination
5 420 neutron-
+
OpenStack version : newton
platform : ubuntu + openstack, it is occured on redhat osp and packstack.
Changed in neutron: | |
assignee: | nobody → leegayeon (leegy) |
tags: | added: metering |
Changed in neutron: | |
assignee: | leegayeon (leegy) → Gary Kotton (garyk) |
tags: | added: neutron-proactive-backport-potential |
Can you create a patch for this? Thanks.