Reviewed: https://review.openstack.org/301335 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b8d520ffe2afbffe26b554bff55165531e36e758 Submitter: Jenkins Branch: master
commit b8d520ffe2afbffe26b554bff55165531e36e758 Author: Kevin Benton <ke...@benton.pub> Date: Fri Apr 1 02:42:54 2016 -0700 L3 agent: match format used by iptables This fixes the iptables rules generated by the L3 agent (SNAT, DNAT, set-mark and metadata), and the DHCP agent (checksum-fill) to match the format that will be returned by iptables-save to prevent excessive extra replacement work done by the iptables manager. It also fixes the iptables test that was not passing the expected arguments (-p PROTO -m PROTO) for block rules. A simple test was added to the L3 agent to ensure that the rules have converged during the normal lifecycle tests. Closes-Bug: #1566007 Change-Id: I5e8e27cdbf0d0448011881614671efe53bb1b6a1 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1566007 Title: l3 iptables floating IP rules don't match iptables rules Status in neutron: Fix Released Bug description: The floating IP translation rules generated by the l3 agent do not match the format in which they are returned by iptables. This causes the iptables diffing code to think they are different and replace every one of them on an iptables apply call, which is very expensive. See https://gist.github.com/busterswt/479e4e5484df7e91017da48b38fa5814 for an example diff. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1566007/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp