Reviewed: https://review.openstack.org/301335
Committed:
https://git.openstack.org/cgit/openstack/neutron/commit/?id=b8d520ffe2afbffe26b554bff55165531e36e758
Submitter: Jenkins
Branch: master
commit b8d520ffe2afbffe26b554bff55165531e36e758
Author: Kevin Benton <ke...@benton.pub>
Date: Fri Apr 1 02:42:54 2016 -0700
L3 agent: match format used by iptables
This fixes the iptables rules generated by the L3 agent
(SNAT, DNAT, set-mark and metadata), and the DHCP agent
(checksum-fill) to match the format that will be returned
by iptables-save to prevent excessive extra replacement
work done by the iptables manager.
It also fixes the iptables test that was not passing the
expected arguments (-p PROTO -m PROTO) for block rules.
A simple test was added to the L3 agent to ensure that the
rules have converged during the normal lifecycle tests.
Closes-Bug: #1566007
Change-Id: I5e8e27cdbf0d0448011881614671efe53bb1b6a1
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1566007
Title:
l3 iptables floating IP rules don't match iptables rules
Status in neutron:
Fix Released
Bug description:
The floating IP translation rules generated by the l3 agent do not
match the format in which they are returned by iptables. This causes
the iptables diffing code to think they are different and replace
every one of them on an iptables apply call, which is very expensive.
See https://gist.github.com/busterswt/479e4e5484df7e91017da48b38fa5814
for an example diff.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1566007/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
