neutron

[dvr_no_external][ha][dataplane down]centralized floating IP nat rules not install in every HA node

Bug #1793527 reported by LIU Yulong
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
LIU Yulong

Bug Description

ENV:
master
devstack multinode install:
1 controller node
2 compute nodes -> dvr_no_external (compute1, compute2)
2 network nodes -> dvr_snat (network1, network2)

Problem:
For L3 DVR HA router, the centralized floating IPs nat rules are not installed in every HA node snat namespace.

How to reproduce:
1. create DVR_HA router connecting user private network and public external network
2. create a VM in dvr_no_external compute in private network
3. create floating IP and associate to the VM port

Then, only in the `master` node snat-namespace has the iptables rules.
Even the DVR_HA router has state change(backup -> master, master -> backup), the iptables rules are still not re-created in the new `master` snat-namespace.

All centralized floating IPs can be unreachable after a HA router state change.

See original description
LIU Yulong (dragon889)
Changed in neutron:
assignee: nobody → LIU Yulong (dragon889)
LIU Yulong (dragon889)
summary: - [dvr_no_external][ha] centralized floating IP nat rules not install in
- every HA node
+ [dvr_no_external][ha][dataplane down]centralized floating IP nat rules
+ not install in every HA node
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/604094

Changed in neutron:
status: New → In Progress
LIU Yulong (dragon889)
description: updated
Swaminathan Vasudevan (swaminathan-vasudevan)
tags: added: l3-dvr-backlog
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/604094
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ee7660f593f0f997fff457021b3d5feb5c71906d
Submitter: Zuul
Branch: master

commit ee7660f593f0f997fff457021b3d5feb5c71906d
Author: LIU Yulong <email address hidden>
Date: Thu Sep 20 21:30:09 2018 +0800

    Install centralized floating IP nat rules to all ha nodes

    For L3 DVR HA router, the centralized floating IP nat rules are not
    installed in every HA node snat namespace. So, install the rules to
    all the router snat-namespace on every scheduled HA router host.

    Closes-Bug: #1793527
    Change-Id: I08132510b3ed374a3f85146498f3624a103873d7

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/609613

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/609615

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/609617

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/609615
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b93ef2f7e8cded1d9ac35b92bcdb3056a2efab5b
Submitter: Zuul
Branch: stable/queens

commit b93ef2f7e8cded1d9ac35b92bcdb3056a2efab5b
Author: LIU Yulong <email address hidden>
Date: Thu Sep 20 21:30:09 2018 +0800

    Install centralized floating IP nat rules to all ha nodes

    For L3 DVR HA router, the centralized floating IP nat rules are not
    installed in every HA node snat namespace. So, install the rules to
    all the router snat-namespace on every scheduled HA router host.

    Conflicts:
     neutron/tests/common/l3_test_common.py
     neutron/tests/functional/agent/l3/test_dvr_router.py

    Closes-Bug: #1793527
    Change-Id: I08132510b3ed374a3f85146498f3624a103873d7
    (cherry picked from commit ee7660f593f0f997fff457021b3d5feb5c71906d)
    (cherry picked from commit 2a1cdf01b58f42bfdf20cccdf7db209493897356)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/rocky)

Reviewed: https://review.openstack.org/609613
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=2a1cdf01b58f42bfdf20cccdf7db209493897356
Submitter: Zuul
Branch: stable/rocky

commit 2a1cdf01b58f42bfdf20cccdf7db209493897356
Author: LIU Yulong <email address hidden>
Date: Thu Sep 20 21:30:09 2018 +0800

    Install centralized floating IP nat rules to all ha nodes

    For L3 DVR HA router, the centralized floating IP nat rules are not
    installed in every HA node snat namespace. So, install the rules to
    all the router snat-namespace on every scheduled HA router host.

    Conflicts:
     neutron/tests/common/l3_test_common.py
     neutron/tests/functional/agent/l3/test_dvr_router.py

    Closes-Bug: #1793527
    Change-Id: I08132510b3ed374a3f85146498f3624a103873d7
    (cherry picked from commit ee7660f593f0f997fff457021b3d5feb5c71906d)

tags: added: in-stable-rocky
Bernard Cafarelli (bcafarel)
tags: added: neutron-proactive-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.2

This issue was fixed in the openstack/neutron 13.0.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.5

This issue was fixed in the openstack/neutron 12.0.5 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/609617
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7dad724b0d06a115c91ec0d5b7960a57e21b100b
Submitter: Zuul
Branch: stable/pike

commit 7dad724b0d06a115c91ec0d5b7960a57e21b100b
Author: LIU Yulong <email address hidden>
Date: Thu Sep 20 21:30:09 2018 +0800

    Install centralized floating IP nat rules to all ha nodes

    For L3 DVR HA router, the centralized floating IP nat rules are not
    installed in every HA node snat namespace. So, install the rules to
    all the router snat-namespace on every scheduled HA router host.

    Conflicts:
     neutron/tests/common/l3_test_common.py
     neutron/tests/functional/agent/l3/test_dvr_router.py

    Conflicts:
     neutron/tests/common/l3_test_common.py

    Closes-Bug: #1793527
    Change-Id: I08132510b3ed374a3f85146498f3624a103873d7
    (cherry picked from commit ee7660f593f0f997fff457021b3d5feb5c71906d)
    (cherry picked from commit 2a1cdf01b58f42bfdf20cccdf7db209493897356)
    (cherry picked from commit b93ef2f7e8cded1d9ac35b92bcdb3056a2efab5b)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 14.0.0.0b1

This issue was fixed in the openstack/neutron 14.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.7

This issue was fixed in the openstack/neutron 11.0.7 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.