If a distributed router has interfaces on multiple tenant networks, with
'fast exit' functionality policy based rules are created in qrouter
namespace for every tenant network subnet and 'from <cidr>' is included
into an 'ip rule' command invocation.
When a port on a tenant network is deleted 'from <cidr>' part is not
included and a first rule matching specified parameters gets deleted.
For example with the following layout
ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
80000: from 192.168.100.0/24 lookup 16
80000: from 192.168.200.0/24 lookup 16
and neutron l3 agent will use this command
ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip -4 rule\
del priority 80000 table 16 type unicast
and 192.168.100.0/24 rule will get deleted even if you actually removed
a port on 192.168.200.0.
This results in an extra rule present and not cleaned up and the right
rule removed. It is only recreated if a router is disabled and enabled
again.
additional changes:
1) Floating IP rules are identified by priority only as implemented
currently - for this reason this change adds fixed_ip to the rule
removal code. Rule priorities are 32-bit values in iproute2 so,
in theory, those should be not be used to cover IPv6.
2) IP protocol information for 'from all' rules is currently
derived from link-local address IP version. The same approach
is preserved by using version-specific /0 addresses without
changing the API provided by ip_lib.
Reviewed: https:/ /review. openstack. org/557836 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=81db328b2df 08f2b4adcc80104 cf05ad8966c019
Committed: https:/
Submitter: Zuul
Branch: master
commit 81db328b2df08f2 b4adcc80104cf05 ad8966c019
Author: Dmitrii Shcherbakov <email address hidden>
Date: Thu Mar 29 17:32:01 2018 -0400
Use cidr during tenant network rule deletion
If a distributed router has interfaces on multiple tenant networks, with
'fast exit' functionality policy based rules are created in qrouter
namespace for every tenant network subnet and 'from <cidr>' is included
into an 'ip rule' command invocation.
When a port on a tenant network is deleted 'from <cidr>' part is not
included and a first rule matching specified parameters gets deleted.
For example with the following layout
ip netns exec qrouter- 4f9ca9ef- 303b-4082- abbc-e50782d9b8 00 ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
80000: from 192.168.100.0/24 lookup 16
80000: from 192.168.200.0/24 lookup 16
and neutron l3 agent will use this command
ip netns exec qrouter- 4f9ca9ef- 303b-4082- abbc-e50782d9b8 00 ip -4 rule\
del priority 80000 table 16 type unicast
and 192.168.100.0/24 rule will get deleted even if you actually removed
a port on 192.168.200.0.
This results in an extra rule present and not cleaned up and the right
rule removed. It is only recreated if a router is disabled and enabled
again.
additional changes:
1) Floating IP rules are identified by priority only as implemented
currently - for this reason this change adds fixed_ip to the rule
removal code. Rule priorities are 32-bit values in iproute2 so,
in theory, those should be not be used to cover IPv6.
2) IP protocol information for 'from all' rules is currently
derived from link-local address IP version. The same approach
is preserved by using version-specific /0 addresses without
changing the API provided by ip_lib.
Change-Id: I0ea6dddd26e177 71be223a1fbdf21 792c90f3e9c
Closes-Bug: #1759956