[l3][port_forwarding] should not allow creating port_forwarding to a port which already has a binding floating IP

What about step 5? I feel like you're missing to report what happens after 4.

@Armando Migliaccio (armando-migliaccio)
Thanks for the comment. There is no step 5.
And this is the consequence:
"""
Then floating IP B with port forwarding will not work.
"""

Let's say something in detail, if VM port has binding floating IP-A (1.1.1.1).
And then floating IP-B (1.1.1.2) added a port forwarding to the VM port with the following inputs:
"port_forwarding": {
"external_port": 8080,
"internal_port": 22,
"protocol": "tcp",
"internal_ip_address": "10.111.0.4",
"internal_port_id": "9f4fccec-fb70-4ff0-a9ed-14d6c4701413"
}

Then, this floating IP-B port forwarding will not work, because the DVR rules in the compute node will redirect the traffic.

Fix proposed to branch: master
Review: https://review.openstack.org/614452

I remember that DVR case just support the centrilized cases, which is the l3 agent of network node in DVR_SNAT, and compute node is 'DVR_NO_EXTERNAL'. That's the valid case.

Could you please tell us about the deployment details?

@zhaobo, there is no restrictive conditions for user to create port forwarding to DVR routers.
And, for a port which already has a binding floating IP, we should not let user to waste IP for it.
That binding floating IP can process all protocol/connection etc.
So in conclusion, we should limit the user to create port forwarding to a port which has binding floating IP.
To make things simple, all type of routers will be considered, aka to save the public IP address.

Reviewed: https://review.openstack.org/614452
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b8d2ab8543a27b03bde534ef994027d9b44556c4
Submitter: Zuul
Branch: master

commit b8d2ab8543a27b03bde534ef994027d9b44556c4
Author: LIU Yulong <email address hidden>
Date: Mon Oct 8 14:52:16 2018 +0800

    Prevent create port forwarding to port which has binding fip

    For dvr scenario, if port has a bound floating, and then create
    port forwarding to it, this port forwarding will not work, due to
    the traffic is redirected to dvr rules.

    This patch restricts such API request, if user try to create port
    forwarding to a port, check if it has bound floating IP first.
    This will be run for all type of routers, since neutron should
    not let user to waste public IP address on a port which already
    has a floating IP, it can take care all the procotol port
    numbers.

    Closes-Bug: #1799137
    Change-Id: I4ba4b023d79185f8d478d60ce16417d3501bf785

This issue was fixed in the openstack/neutron 14.0.0.0b1 development milestone.

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/666235

Reviewed: https://review.opendev.org/666235
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=9749fd270c1f7493fe4daf8b0e8412fcf0412184
Submitter: Zuul
Branch: stable/rocky

commit 9749fd270c1f7493fe4daf8b0e8412fcf0412184
Author: LIU Yulong <email address hidden>
Date: Mon Oct 8 14:52:16 2018 +0800

    Prevent create port forwarding to port which has binding fip

    For dvr scenario, if port has a bound floating, and then create
    port forwarding to it, this port forwarding will not work, due to
    the traffic is redirected to dvr rules.

    This patch restricts such API request, if user try to create port
    forwarding to a port, check if it has bound floating IP first.
    This will be run for all type of routers, since neutron should
    not let user to waste public IP address on a port which already
    has a floating IP, it can take care all the procotol port
    numbers.

    Conflicts:
        neutron/services/portforwarding/pf_plugin.py

    Closes-Bug: #1799137
    Change-Id: I4ba4b023d79185f8d478d60ce16417d3501bf785
    (cherry picked from commit b8d2ab8543a27b03bde534ef994027d9b44556c4)

This issue was fixed in the openstack/neutron 13.0.5 release.