Public bug reported: Scenario: Queens, DVR without L3 HA, distributed non-HA virtual router (pubrouter), all subnets are attached to 2 different subnet pools, all of them have one global address scope so DVR "fast exit" is triggered (https://review.openstack.org/#/c/474007/), floating ips are not used, snat is not enabled.
Commands: openstack address scope create dev openstack subnet pool create --address-scope dev --pool-prefix 10.232.40.0/21 --pool-prefix 10.232.16.0/21 dev openstack subnet pool create --address-scope dev --pool-prefix 192.168.100.0/24 tenant openstack network create --external --provider-physical-network physnet1 --provider-network-type flat pubnet openstack network segment set --name segment1 d8391bfb-4466-4a45-972c-45ffcec9f6bc openstack network segment create --physical-network physnet2 --network-type flat --network pubnet segment2 openstack subnet create --no-dhcp --subnet-pool dev --subnet-range 10.232.16.0/21 --allocation-pool start=10.232.17.0,end=10.232.17.255 --dns-nameserver 10.232.36.101 --ip-version 4 --network pubnet --network-segment segment1 pubsubnetl1 openstack subnet create --gateway 10.232.40.100 --no-dhcp --subnet-pool dev --subnet-range 10.232.40.0/21 --allocation-pool start=10.232.41.0,end=10.232.41.255 --dns-nameserver 10.232.36.101 --ip-version 4 --network pubnet --network-segment segment2 pubsubnetl2 openstack network create --internal --provider-network-type vxlan tenantnet openstack subnet create --dhcp --ip-version 4 --subnet-range 192.168.100.0/24 --subnet-pool tenant --dns-nameserver 10.232.36.101 --network tenantnet tenantsubnet openstack router create --disable --no-ha --distributed pubrouter openstack router set --disable-snat --external-gateway pubnet --enable pubrouter openstack network create --internal --provider-network-type vxlan othertenantnet openstack subnet pool set --pool-prefix 192.168.200.0/24 tenant openstack subnet create --dhcp --ip-version 4 --subnet-range 192.168.200.0/24 --subnet-pool tenant --dns-nameserver 10.232.36.101 --network othertenantnet othertenantsubnet openstack router add subnet pubrouter othertenantsubnet outputs in case they are needed: https://pastebin.canonical.com/p/fRQTxRKYCt/ Note: (This setup uses routed provider networks so unit names correspond to nodes that have connectivity to the right physnets, however, this is irrelevant for this bug) l1 - leaf 1 l2 - leaf 2) openstack subnet show tenantsubnet | grep cid | cidr | 192.168.100.0/24 | openstack subnet show othertenantsubnet | grep cid | cidr | 192.168.200.0/24 | # 2 qr- interfaces per namespace on every compute - one per tenant network juju run --application neutron-gateway-l2,neutron-gateway-l1,neutron-openvswitch-l1,neutron-openvswitch-l2 'sudo ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip -4 -o -br a s' - Stdout: "lo UNKNOWN 127.0.0.1/8 \nqr-a9696fa7-96@if23 UP 192.168.100.1/24 \nqr-ad410866-0c@if24 UP 192.168.200.1/24 \nrfp-4f9ca9ef-3 UP 169.254.109.46/31 \n" UnitId: neutron-gateway-l1/0 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nqr-a9696fa7-96@if26 UP 192.168.100.1/24 \nqr-ad410866-0c@if28 UP 192.168.200.1/24 \nrfp-4f9ca9ef-3 UP 169.254.109.46/31 \n" UnitId: neutron-gateway-l2/0 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l1/0 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l1/1 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l1/2 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l2/0 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l2/1 # removed 192.168.200.0/24 from pubrouter openstack router remove subnet pubrouter othertenantsubnet # ports are still there juju run --application neutron-gateway-l2,neutron-gateway-l1,neutron-openvswitch-l1,neutron-openvswitch-l2 'sudo ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip -4 -o -br a s' - Stdout: "lo UNKNOWN 127.0.0.1/8 \nqr-a9696fa7-96@if23 UP 192.168.100.1/24 \nqr-ad410866-0c@if24 UP 192.168.200.1/24 \nrfp-4f9ca9ef-3 UP 169.254.109.46/31 \n" UnitId: neutron-gateway-l1/0 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l1/0 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l1/1 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l1/2 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l2/0 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 UP 169.254.109.46/31 \nqr-a9696fa7-96 UNKNOWN 192.168.100.1/24 \nqr-ad410866-0c UNKNOWN \ 192.168.200.1/24 \n" UnitId: neutron-openvswitch-l2/1 - Stdout: "lo UNKNOWN 127.0.0.1/8 \nqr-a9696fa7-96@if26 UP 192.168.100.1/24 \nqr-ad410866-0c@if28 UP 192.168.200.1/24 \nrfp-4f9ca9ef-3 UP 169.254.109.46/31 \n" UnitId: neutron-gateway-l2/0 # but not policy rules juju run --application neutron-gateway-l2,neutron-gateway-l1,neutron-openvswitch-l1,neutron-openvswitch-l2 'sudo ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip rule' - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main \n32767:\tfrom all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 \n80000:\tfrom 192.168.200.0/24 lookup 16 \n" UnitId: neutron-gateway-l1/0 - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main \n32767:\tfrom all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 \n80000:\tfrom 192.168.200.0/24 lookup 16 \n" UnitId: neutron-openvswitch-l1/0 - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main \n32767:\tfrom all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 \n80000:\tfrom 192.168.200.0/24 lookup 16 \n" UnitId: neutron-openvswitch-l1/1 - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main \n32767:\tfrom all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 \n80000:\tfrom 192.168.200.0/24 lookup 16 \n" UnitId: neutron-openvswitch-l1/2 - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main \n32767:\tfrom all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 \n80000:\tfrom 192.168.200.0/24 lookup 16 \n" UnitId: neutron-openvswitch-l2/0 - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main \n32767:\tfrom all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 \n80000:\tfrom 192.168.200.0/24 lookup 16 \n" UnitId: neutron-openvswitch-l2/1 - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main \n32767:\tfrom all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 \n80000:\tfrom 192.168.200.0/24 lookup 16 \n" UnitId: neutron-gateway-l2/0 ** Affects: neutron (Ubuntu) Importance: Undecided Status: New ** Tags: cpe-onsite -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1759918 Title: [dvr] ip policy rules for tenant networks do not get deleted in qrouter namespaces after a router port is removed from a tenant network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1759918/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs