neutron

Gateway which is not in subnet CIDR is unsupported in ha router

Bug #1861674 reported by Zhengdong Wu
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
LIU Yulong

Bug Description

The external network gateway witch may not be in the CIDR of the subnet is supported, but ha router currently does not support it.

Zhengdong Wu (zhengdong.wu)
tags: added: l3-ha
Revision history for this message
Slawek Kaplonski (slaweq) wrote :

Can You explain it with little bit more details? What You are exactly doing, what is the actual and expected result and what version of Neutron are You running.

OpenStack Infra (hudson-openstack)
Changed in neutron:
assignee: nobody → Zhengdong Wu (zhengdong.wu)
status: New → In Progress
Revision history for this message
Zhengdong Wu (zhengdong.wu) wrote :
Download full text (3.8 KiB)

When we set l3_ha=true and gateway is not in exteranl network subnet cidr:

root@devstack-controller:~# neutron subnet-list |grep pub
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| 941fd5a3-897e-4c24-9f26-0c51e3ced2e6 | public-subnet | ebe65b5c2dc848e58e55b9640acf1279 | 192.168.5.128/25 | {"start": "192.168.5.130", "end": "192.168.5.254"} |
| d9bddf94-c4a6-47d2-b1ab-c30f2f85b177 | ipv6-public-subnet | ebe65b5c2dc848e58e55b9640acf1279 | 2001:db8::/64 | {"start": "2001:db8::3", "end": "2001:db8::ffff:ffff:ffff:ffff"} |
 root@devstack-controller:~# neutron subnet-show 941fd5a3-897e-4c24-9f26-0c51e3ced2e6
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+-------------------+----------------------------------------------------+
| Field | Value |
 +-------------------+----------------------------------------------------+
| allocation_pools | {"start": "192.168.5.130", "end": "192.168.5.254"} |
| cidr | 192.168.5.128/25 |
| created_at | 2019-05-24T10:08:29Z |
| description | |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 192.168.4.129 |
| host_routes | |
| id | 941fd5a3-897e-4c24-9f26-0c51e3ced2e6 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public-subnet |
| network_id | d08a0c6f-27a9-4921-912b-c6884833c5da |
| project_id | ebe65b5c2dc848e58e55b9640acf1279 |
| revision_number | 2 |
| service_types | |
| subnetpool_id | |
| tags | |
| tenant_id | ebe65b5c2dc848e58e55b9640acf1279 |
| updated_at | 2020-02-05T04:58:34Z |
 +-------------------+----------------------------------------------------+

create a router and see ns route rules:

root@devstack-controller:/etc/neutron# ip netns exec qrouter-0dccc9f9-cf9f-4fa3-860f-7790401ddf89 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
169.254.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ha-96299f41-44
169.254.192.0 0.0.0.0 255.255.192.0 U 0 0 0 ha-96299f41-44
192.168.5.128 0.0.0.0 255.255.255....

Read more...

OpenStack Infra (hudson-openstack)
Changed in neutron:
assignee: Zhengdong Wu (zhengdong.wu) → Slawek Kaplonski (slaweq)
OpenStack Infra (hudson-openstack)
Changed in neutron:
assignee: Slawek Kaplonski (slaweq) → Zhengdong Wu (zhengdong.wu)
OpenStack Infra (hudson-openstack)
Changed in neutron:
assignee: Zhengdong Wu (zhengdong.wu) → LIU Yulong (dragon889)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/705441
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=554b5c226750ec75e99ebce241df8b7a700ff016
Submitter: Zuul
Branch: master

commit 554b5c226750ec75e99ebce241df8b7a700ff016
Author: jufeng <email address hidden>
Date: Mon Feb 3 14:54:12 2020 +0800

    Support gateway which is not in subnet CIDR in ha_router

    There is case that gateway is not in subnet CIDR.
    We can set 2 routes as follows to support this:
    ip route add 172.16.0.1/32 dev eth0
    ip route add default via 172.16.0.1 dev eth0

    Closes-bug: #1861674
    Change-Id: I69356e926b15de7f1f99540e7cb98671c634e8a9

Changed in neutron:
status: In Progress → Fix Released
Flavien Hardy (flhar)
information type: Public → Public Security
information type: Public Security → Public
Revision history for this message
Flavien Hardy (flhar) wrote :

This issue released a patch for ha router, but as I explained in a duplicated issue (https://bugs.launchpad.net/neutron/+bug/1888121) is also affect non-ha routers.

I tested a patch (http://paste.openstack.org/show/796104/) based on what you have done here, it works well.

Versions affected: train & ussuri.

Should we publish this additional patch here ?

Bernard Cafarelli (bcafarel)
tags: added: neutron-proactive-backport-potential
Revision history for this message
Slawek Kaplonski (slaweq) wrote :

@Flavien: If You have any other issue after that was fixed (or e.g. for non-ha routers), please open new bug and please send this patch to gerrit so we can review it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/757044

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/757045

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/757046

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/757048

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/757049

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/ussuri)

Reviewed: https://review.opendev.org/757044
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=2bedb02a80d7518918c54d47f74282c81700b624
Submitter: Zuul
Branch: stable/ussuri

commit 2bedb02a80d7518918c54d47f74282c81700b624
Author: jufeng <email address hidden>
Date: Mon Feb 3 14:54:12 2020 +0800

    Support gateway which is not in subnet CIDR in ha_router

    There is case that gateway is not in subnet CIDR.
    We can set 2 routes as follows to support this:
    ip route add 172.16.0.1/32 dev eth0
    ip route add default via 172.16.0.1 dev eth0

    Closes-bug: #1861674
    Change-Id: I69356e926b15de7f1f99540e7cb98671c634e8a9
    (cherry picked from commit 554b5c226750ec75e99ebce241df8b7a700ff016)

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/757045
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=bfa14f7f2974d7974ee874d07ed9618bcd4c69cf
Submitter: Zuul
Branch: stable/train

commit bfa14f7f2974d7974ee874d07ed9618bcd4c69cf
Author: jufeng <email address hidden>
Date: Mon Feb 3 14:54:12 2020 +0800

    Support gateway which is not in subnet CIDR in ha_router

    There is case that gateway is not in subnet CIDR.
    We can set 2 routes as follows to support this:
    ip route add 172.16.0.1/32 dev eth0
    ip route add default via 172.16.0.1 dev eth0

    Closes-bug: #1861674
    Change-Id: I69356e926b15de7f1f99540e7cb98671c634e8a9
    (cherry picked from commit 554b5c226750ec75e99ebce241df8b7a700ff016)

tags: added: in-stable-train
tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/stein)

Reviewed: https://review.opendev.org/757046
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=aaf18653e66a74a593f373314ccc68d8129d7897
Submitter: Zuul
Branch: stable/stein

commit aaf18653e66a74a593f373314ccc68d8129d7897
Author: jufeng <email address hidden>
Date: Mon Feb 3 14:54:12 2020 +0800

    Support gateway which is not in subnet CIDR in ha_router

    There is case that gateway is not in subnet CIDR.
    We can set 2 routes as follows to support this:
    ip route add 172.16.0.1/32 dev eth0
    ip route add default via 172.16.0.1 dev eth0

    Closes-bug: #1861674
    Change-Id: I69356e926b15de7f1f99540e7cb98671c634e8a9
    (cherry picked from commit 554b5c226750ec75e99ebce241df8b7a700ff016)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/rocky)

Reviewed: https://review.opendev.org/757048
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=8d39f02d4637ca6409b8cfce4fcab8c91267fe19
Submitter: Zuul
Branch: stable/rocky

commit 8d39f02d4637ca6409b8cfce4fcab8c91267fe19
Author: jufeng <email address hidden>
Date: Mon Feb 3 14:54:12 2020 +0800

    Support gateway which is not in subnet CIDR in ha_router

    There is case that gateway is not in subnet CIDR.
    We can set 2 routes as follows to support this:
    ip route add 172.16.0.1/32 dev eth0
    ip route add default via 172.16.0.1 dev eth0

    Conflicts:
        neutron/agent/l3/ha_router.py

    Closes-bug: #1861674
    Change-Id: I69356e926b15de7f1f99540e7cb98671c634e8a9
    (cherry picked from commit 554b5c226750ec75e99ebce241df8b7a700ff016)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.opendev.org/757049
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=c2acb249c804cefc411ed6586b694e21e3271cc2
Submitter: Zuul
Branch: stable/queens

commit c2acb249c804cefc411ed6586b694e21e3271cc2
Author: jufeng <email address hidden>
Date: Mon Feb 3 14:54:12 2020 +0800

    Support gateway which is not in subnet CIDR in ha_router

    There is case that gateway is not in subnet CIDR.
    We can set 2 routes as follows to support this:
    ip route add 172.16.0.1/32 dev eth0
    ip route add default via 172.16.0.1 dev eth0

    Conflicts:
        neutron/agent/l3/ha_router.py

    Closes-bug: #1861674
    Change-Id: I69356e926b15de7f1f99540e7cb98671c634e8a9
    (cherry picked from commit 554b5c226750ec75e99ebce241df8b7a700ff016)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 15.3.1

This issue was fixed in the openstack/neutron 15.3.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 16.3.0

This issue was fixed in the openstack/neutron 16.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron queens-eol

This issue was fixed in the openstack/neutron queens-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron rocky-eol

This issue was fixed in the openstack/neutron rocky-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.