Public bug reported:
Steps to reproduce:
1) Create one private and one public network.
2) Create DVR Router.
3) Add internal interface to router.
4) Set gateway to router. (qrouter & snat namespace should be created).
5) Remove internal interface from router (by port or by subnet)
6) Notice that corresponding SNAT interface for the internal network from SNAT
namespace is still there.
So if we add internal interface again to a router then 2 SNAT interfaces
for internal network will be there in the SNAT Namespace, which breaks
external traffic for private subnet.
$ neutron net-list
+--------------------------------------+---------+------------------------------------------------------+
| id | name | subnets
|
+--------------------------------------+---------+------------------------------------------------------+
| 6a180ace-23a5-4300-89b2-e54872b4994c | n1 |
f16081e0-5674-4caf-aeef-19f1ca3ab4cf 192.168.20.0/24 |
| acf1512c-683b-435c-a161-5c5eba916fa0 | ext-net |
8bf3aa4a-8791-44d1-8a7a-0c99a9412c09 10.10.20.0/24 |
+--------------------------------------+---------+------------------------------------------------------+
$ neutron router-list
+--------------------------------------+------+-----------------------+-------------+-------+
| id | name | external_gateway_info |
distributed | ha |
+--------------------------------------+------+-----------------------+-------------+-------+
| 4948fdfa-6f67-4ede-8e9a-dc960c08b4fd | r1 | null | True
| False |
+--------------------------------------+------+-----------------------+-------------+-------+
$ neutron router-interface-add r1 s1
Added interface 59f3fd7b-5125-41a3-95fe-368890f955e4 to router r1.
$ neutron router-gateway-set r1 ext-net
Set gateway for router r1
$ ip netns
snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd
qrouter-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd
$ neutron router-interface-delete r1 s1
Removed interface from router r1
It remove interface from qrouter namespace
$ sudo ip netns exec qrouter-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Not removing sg interface from sname namespace.
sudo ip netns exec snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
qg-9c6eb6ec-17 Link encap:Ethernet HWaddr fa:16:3e:77:4c:43
inet addr:10.10.20.107 Bcast:10.10.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe77:4c43/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1300 (1.3 KB)
sg-4f5377ff-fc Link encap:Ethernet HWaddr fa:16:3e:ae:ac:d2
inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:feae:acd2/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:992 (992.0 B) TX bytes:952 (952.0 B)
Re-adding internal interface to router will have 2 sg ports inside the
SNAT namespace.
$ neutron router-interface-add r1 s1
Added interface 57d66312-c222-4df2-9120-273a9a540925 to router r1.
$ sudo ip netns exec snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
qg-9c6eb6ec-17 Link encap:Ethernet HWaddr fa:16:3e:77:4c:43
inet addr:10.10.20.107 Bcast:10.10.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe77:4c43/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1300 (1.3 KB)
sg-4f5377ff-fc Link encap:Ethernet HWaddr fa:16:3e:ae:ac:d2
inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:feae:acd2/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:992 (992.0 B) TX bytes:952 (952.0 B)
sg-9ea241ad-af Link encap:Ethernet HWaddr fa:16:3e:8c:ac:bb
inet addr:192.168.20.4 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe8c:acbb/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:174 (174.0 B) TX bytes:964 (964.0 B)
Note: This issue is noticed in Kilo and later.
** Affects: neutron
Importance: Undecided
Status: New
** Tags: l3-dvr-backlog
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1479130
Title:
DVR:Removing interface from router with ext gw set does not remove
interface from SNAT namespace
Status in neutron:
New
Bug description:
Steps to reproduce:
1) Create one private and one public network.
2) Create DVR Router.
3) Add internal interface to router.
4) Set gateway to router. (qrouter & snat namespace should be created).
5) Remove internal interface from router (by port or by subnet)
6) Notice that corresponding SNAT interface for the internal network from
SNAT namespace is still there.
So if we add internal interface again to a router then 2 SNAT
interfaces for internal network will be there in the SNAT Namespace,
which breaks external traffic for private subnet.
$ neutron net-list
+--------------------------------------+---------+------------------------------------------------------+
| id | name | subnets
|
+--------------------------------------+---------+------------------------------------------------------+
| 6a180ace-23a5-4300-89b2-e54872b4994c | n1 |
f16081e0-5674-4caf-aeef-19f1ca3ab4cf 192.168.20.0/24 |
| acf1512c-683b-435c-a161-5c5eba916fa0 | ext-net |
8bf3aa4a-8791-44d1-8a7a-0c99a9412c09 10.10.20.0/24 |
+--------------------------------------+---------+------------------------------------------------------+
$ neutron router-list
+--------------------------------------+------+-----------------------+-------------+-------+
| id | name | external_gateway_info |
distributed | ha |
+--------------------------------------+------+-----------------------+-------------+-------+
| 4948fdfa-6f67-4ede-8e9a-dc960c08b4fd | r1 | null | True
| False |
+--------------------------------------+------+-----------------------+-------------+-------+
$ neutron router-interface-add r1 s1
Added interface 59f3fd7b-5125-41a3-95fe-368890f955e4 to router r1.
$ neutron router-gateway-set r1 ext-net
Set gateway for router r1
$ ip netns
snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd
qrouter-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd
$ neutron router-interface-delete r1 s1
Removed interface from router r1
It remove interface from qrouter namespace
$ sudo ip netns exec qrouter-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Not removing sg interface from sname namespace.
sudo ip netns exec snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
qg-9c6eb6ec-17 Link encap:Ethernet HWaddr fa:16:3e:77:4c:43
inet addr:10.10.20.107 Bcast:10.10.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe77:4c43/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1300 (1.3 KB)
sg-4f5377ff-fc Link encap:Ethernet HWaddr fa:16:3e:ae:ac:d2
inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:feae:acd2/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:992 (992.0 B) TX bytes:952 (952.0 B)
Re-adding internal interface to router will have 2 sg ports inside
the SNAT namespace.
$ neutron router-interface-add r1 s1
Added interface 57d66312-c222-4df2-9120-273a9a540925 to router r1.
$ sudo ip netns exec snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
qg-9c6eb6ec-17 Link encap:Ethernet HWaddr fa:16:3e:77:4c:43
inet addr:10.10.20.107 Bcast:10.10.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe77:4c43/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1300 (1.3 KB)
sg-4f5377ff-fc Link encap:Ethernet HWaddr fa:16:3e:ae:ac:d2
inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:feae:acd2/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:992 (992.0 B) TX bytes:952 (952.0 B)
sg-9ea241ad-af Link encap:Ethernet HWaddr fa:16:3e:8c:ac:bb
inet addr:192.168.20.4 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe8c:acbb/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:174 (174.0 B) TX bytes:964 (964.0 B)
Note: This issue is noticed in Kilo and later.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1479130/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
