[L3][Port forwarding] multiple floating_ip:port to same internal fixed_ip:port (N-to-1 rule support)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
Medium
|
LIU Yulong |
Bug Description
Floating ip port forwradings table has constraints:
TABLE_NAME = 'portforwardings'
op.
)
op.
)
This allows create port forwardings like:
172.24.4.64:22 -> tcp -> 192.168.111.45:22
It does not support (failed on constraint uniq_port_
172.24.4.64:22 -> tcp -> 192.168.111.45:22
172.24.4.64:122 -> tcp -> 192.168.111.45:22
172.24.4.168:22 -> tcp -> 192.168.111.45:22
With some local tests, IMO, all these rules works fine in L3 agent side:
# ip netns exec snat-b247f145-
conntrack v1.4.4 (conntrack-tools): 9 flow entries have been shown.
tcp 6 431835 ESTABLISHED src=172.24.4.1 dst=172.24.4.64 sport=53774 dport=122 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53774 [ASSURED] mark=0 use=1
tcp 6 430336 ESTABLISHED src=172.24.4.1 dst=172.24.4.168 sport=53443 dport=22 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53443 [ASSURED] mark=0 use=1
tcp 6 431995 ESTABLISHED src=172.24.4.1 dst=172.24.4.64 sport=53781 dport=22 src=192.168.111.45 dst=172.24.4.1 sport=22 dport=53781 [ASSURED] mark=0 use=1
All rules can be used to login (ssh) the VM.
So here, I'd like to remove the constraint uniq_port_
summary: |
- [L3][Port forwarding] multiple floating_ips to same internal - fixed_ip:port + [L3][Port forwarding] multiple floating_ip:port to same internal + fixed_ip:port (N-to-1 rule support) |
tags: | added: l3-dvr-backlog |
Changed in neutron: | |
assignee: | nobody → LIU Yulong (dragon889) |
status: | Confirmed → In Progress |
Test iptables rules: l3-agent- fip-pf (1 references) l3-agent- pf-12d9bdf5 all -- * * 0.0.0.0/0 0.0.0.0/0 l3-agent- pf-81ef8183 all -- * * 0.0.0.0/0 0.0.0.0/0 l3-agent- pf-4155e90a all -- * * 0.0.0.0/0 0.0.0.0/0
Chain neutron-
pkts bytes target prot opt in out source destination
26078 3295K neutron-
2858 423K neutron-
594 120K neutron-
Chain neutron- l3-agent- pf-12d9bdf5 (1 references) 168.111. 45:22
pkts bytes target prot opt in out source destination
13 676 DNAT tcp -- * * 0.0.0.0/0 172.24.4.64 tcp dpt:22 to:192.
Chain neutron- l3-agent- pf-4155e90a (1 references) 168.111. 45:22
pkts bytes target prot opt in out source destination
1 52 DNAT tcp -- * * 0.0.0.0/0 172.24.4.64 tcp dpt:122 to:192.
Chain neutron- l3-agent- pf-81ef8183 (1 references) 168.111. 45:22
pkts bytes target prot opt in out source destination
2 104 DNAT tcp -- * * 0.0.0.0/0 172.24.4.168 tcp dpt:22 to:192.