IPv6 forwarding disabled on L3HA routers without gateway

Bug #1818224 reported by Slawek Kaplonski
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Slawek Kaplonski

Bug Description

When L3HA router is created, it is first transitioned to backup on all nodes. In such case IPv6 forwarding is disabled in router's namespace. It was introduced by commit https://github.com/openstack/neutron/commit/676a3ebe2f5b62f0ce7a3f7f434526931d5504a5

Later router is transitioned to be master on one of nodes. And then IPv6 forwarding should be enabled. Unfortunately it is enabled only when gateway is configured: https://github.com/openstack/neutron/blob/929d3fe9f49aeea817c8a922d0b28d605cc9b562/neutron/agent/l3/router_info.py#L704

So if there is no gateway connected to router and it has only tenant networks ports, IPv6 forwarding will not be turned on and IPv6 connectivity between subnets will not be possible.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/640746

Changed in neutron:
status: New → In Progress
Changed in neutron:
milestone: none → stein-rc1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/643552

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/643553

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/643556

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/640746
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=66eb1e29f31a07573be2a5a7789fb7bfce598827
Submitter: Zuul
Branch: master

commit 66eb1e29f31a07573be2a5a7789fb7bfce598827
Author: Slawek Kaplonski <email address hidden>
Date: Mon Mar 4 13:16:04 2019 +0100

    Enable ipv6_forwarding in HA router's namespace

    When HA router is created in "stanby" mode, ipv6 forwarding is
    disabled by default in its namespace.
    But when router is transitioned to be "master" on node, ipv6
    forwarding should be enabled. This was fine for routers with
    configured gateway but we somehow missed the case when router don't
    have gateway configured.
    Because of that missing ipv6 forwarding setting in such case, IPv6
    W-E traffic between 2 subnets was not working fine in L3 HA case.

    This patch fixes it by adding configuring ipv6_forwarding on
    "all" interface in router's namespace always, even if it don't have
    gateway configured.

    Change-Id: I8b1b2b426f7a26a4b2407a83f9bf29dd6e9ba7b0
    CLoses-Bug: #1818224

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/rocky)

Reviewed: https://review.openstack.org/643552
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=c07e6a5ea8aa4c7b741191c1649352643624ddb9
Submitter: Zuul
Branch: stable/rocky

commit c07e6a5ea8aa4c7b741191c1649352643624ddb9
Author: Slawek Kaplonski <email address hidden>
Date: Mon Mar 4 13:16:04 2019 +0100

    Enable ipv6_forwarding in HA router's namespace

    When HA router is created in "stanby" mode, ipv6 forwarding is
    disabled by default in its namespace.
    But when router is transitioned to be "master" on node, ipv6
    forwarding should be enabled. This was fine for routers with
    configured gateway but we somehow missed the case when router don't
    have gateway configured.
    Because of that missing ipv6 forwarding setting in such case, IPv6
    W-E traffic between 2 subnets was not working fine in L3 HA case.

    This patch fixes it by adding configuring ipv6_forwarding on
    "all" interface in router's namespace always, even if it don't have
    gateway configured.

    Conflicts:
        neutron/tests/functional/agent/l3/framework.py

    Change-Id: I8b1b2b426f7a26a4b2407a83f9bf29dd6e9ba7b0
    CLoses-Bug: #1818224
    (cherry picked from commit b119247bea89aec5604e7ac61675aed240195931)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/643553
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=270912a8c7da8aace6b8b23dde690007ba2ccf2d
Submitter: Zuul
Branch: stable/queens

commit 270912a8c7da8aace6b8b23dde690007ba2ccf2d
Author: Slawek Kaplonski <email address hidden>
Date: Mon Mar 4 13:16:04 2019 +0100

    Enable ipv6_forwarding in HA router's namespace

    When HA router is created in "stanby" mode, ipv6 forwarding is
    disabled by default in its namespace.
    But when router is transitioned to be "master" on node, ipv6
    forwarding should be enabled. This was fine for routers with
    configured gateway but we somehow missed the case when router don't
    have gateway configured.
    Because of that missing ipv6 forwarding setting in such case, IPv6
    W-E traffic between 2 subnets was not working fine in L3 HA case.

    This patch fixes it by adding configuring ipv6_forwarding on
    "all" interface in router's namespace always, even if it don't have
    gateway configured.

    Conflicts:
        neutron/tests/functional/agent/l3/framework.py

    Change-Id: I8b1b2b426f7a26a4b2407a83f9bf29dd6e9ba7b0
    CLoses-Bug: #1818224
    (cherry picked from commit b119247bea89aec5604e7ac61675aed240195931)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/643556
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6c9a282bcd36d744d1ad753afd8e7a219b1189c4
Submitter: Zuul
Branch: stable/pike

commit 6c9a282bcd36d744d1ad753afd8e7a219b1189c4
Author: Slawek Kaplonski <email address hidden>
Date: Mon Mar 4 13:16:04 2019 +0100

    Enable ipv6_forwarding in HA router's namespace

    When HA router is created in "stanby" mode, ipv6 forwarding is
    disabled by default in its namespace.
    But when router is transitioned to be "master" on node, ipv6
    forwarding should be enabled. This was fine for routers with
    configured gateway but we somehow missed the case when router don't
    have gateway configured.
    Because of that missing ipv6 forwarding setting in such case, IPv6
    W-E traffic between 2 subnets was not working fine in L3 HA case.

    This patch fixes it by adding configuring ipv6_forwarding on
    "all" interface in router's namespace always, even if it don't have
    gateway configured.

    Conflicts:
        neutron/tests/functional/agent/l3/framework.py
        neutron/tests/unit/agent/l3/test_agent.py

    Change-Id: I8b1b2b426f7a26a4b2407a83f9bf29dd6e9ba7b0
    CLoses-Bug: #1818224
    (cherry picked from commit b119247bea89aec5604e7ac61675aed240195931)
    (cherry picked from commit 270912a8c7da8aace6b8b23dde690007ba2ccf2d)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 14.0.0.0rc1

This issue was fixed in the openstack/neutron 14.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.7

This issue was fixed in the openstack/neutron 11.0.7 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.3

This issue was fixed in the openstack/neutron 13.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.6

This issue was fixed in the openstack/neutron 12.0.6 release.

tags: added: neutron-proactive-backport-potential
tags: removed: neutron-proactive-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers