[Bug 1759918] Re: [dvr] ip policy rules for tenant networks do not get deleted in qrouter namespaces after a router port is removed from a tenant network

Thu, 29 Mar 2018 11:16:08 -0700 

A subnet is not even removed from a router after "openstack router
remove subnet <id>"

openstack router show pubrouter -f value -c interfaces_info && openstack router 
remove subnet pubrouter 6694cc70-7667-4583-8eec-1decb19063c9 && openstack 
router show pubrouter -f value -c interfaces_info
[{"subnet_id": "40a17fc3-30f2-4991-8541-a65e9717dd28", "ip_address": 
"192.168.100.1", "port_id": "a9696fa7-967c-4789-97c1-6ae47733ac0d"}, 
{"subnet_id": "6694cc70-7667-4583-8eec-1decb19063c9", "ip_address": 
"192.168.200.1", "port_id": "ad410866-0c90-46db-8cae-eb9f28e336fa"}, 
{"subnet_id": "40a17fc3-30f2-4991-8541-a65e9717dd28", "ip_address": 
"192.168.100.11", "port_id": "b8dcfe58-b6e8-4237-ac90-5245bd495664"}, 
{"subnet_id": "6694cc70-7667-4583-8eec-1decb19063c9", "ip_address": 
"192.168.200.12", "port_id": "ea140f1d-d006-4f77-b2c1-85d6fba94a4a"}]
[{"subnet_id": "40a17fc3-30f2-4991-8541-a65e9717dd28", "ip_address": 
"192.168.100.1", "port_id": "a9696fa7-967c-4789-97c1-6ae47733ac0d"}, 
{"subnet_id": "6694cc70-7667-4583-8eec-1decb19063c9", "ip_address": 
"192.168.200.1", "port_id": "ad410866-0c90-46db-8cae-eb9f28e336fa"}, 
{"subnet_id": "40a17fc3-30f2-4991-8541-a65e9717dd28", "ip_address": 
"192.168.100.11", "port_id": "b8dcfe58-b6e8-4237-ac90-5245bd495664"}, 
{"subnet_id": "6694cc70-7667-4583-8eec-1decb19063c9", "ip_address": 
"192.168.200.12", "port_id": "ea140f1d-d006-4f77-b2c1-85d6fba94a4a"}]


** Description changed:

  Scenario: Queens, DVR without L3 HA, distributed non-HA virtual router
  (pubrouter), all subnets are attached to 2 different subnet pools, all
  of them have one global address scope so DVR "fast exit" is triggered
  (https://review.openstack.org/#/c/474007/), floating ips are not used,
  snat is not enabled.
  
  Commands:
  openstack address scope create dev
  openstack subnet pool create --address-scope dev --pool-prefix 10.232.40.0/21 
--pool-prefix 10.232.16.0/21 dev
  openstack subnet pool create --address-scope dev --pool-prefix 
192.168.100.0/24 tenant
  openstack network create --external --provider-physical-network physnet1 
--provider-network-type flat pubnet
  openstack network segment set --name segment1 
d8391bfb-4466-4a45-972c-45ffcec9f6bc
  openstack network segment create --physical-network physnet2 --network-type 
flat --network pubnet segment2
  openstack subnet create --no-dhcp --subnet-pool dev --subnet-range 
10.232.16.0/21 --allocation-pool start=10.232.17.0,end=10.232.17.255 
--dns-nameserver 10.232.36.101 --ip-version 4 --network pubnet 
--network-segment segment1 pubsubnetl1
  openstack subnet create --gateway 10.232.40.100 --no-dhcp --subnet-pool dev 
--subnet-range 10.232.40.0/21 --allocation-pool 
start=10.232.41.0,end=10.232.41.255 --dns-nameserver 10.232.36.101 --ip-version 
4 --network pubnet --network-segment segment2 pubsubnetl2
  openstack network create --internal --provider-network-type vxlan tenantnet
-  openstack subnet create --dhcp --ip-version 4 --subnet-range 
192.168.100.0/24 --subnet-pool tenant --dns-nameserver 10.232.36.101 --network 
tenantnet tenantsubnet
+  openstack subnet create --dhcp --ip-version 4 --subnet-range 
192.168.100.0/24 --subnet-pool tenant --dns-nameserver 10.232.36.101 --network 
tenantnet tenantsubnet
  openstack router create --disable --no-ha --distributed pubrouter
  openstack router set --disable-snat --external-gateway pubnet --enable 
pubrouter
  openstack network create --internal --provider-network-type vxlan 
othertenantnet
  openstack subnet pool set --pool-prefix 192.168.200.0/24 tenant
  openstack subnet create --dhcp --ip-version 4 --subnet-range 192.168.200.0/24 
--subnet-pool tenant --dns-nameserver 10.232.36.101 --network othertenantnet 
othertenantsubnet
  openstack router add subnet pubrouter othertenantsubnet
  
  outputs in case they are needed:
  https://pastebin.canonical.com/p/fRQTxRKYCt/
  
  Note: (This setup uses routed provider networks so unit names correspond to 
nodes that have connectivity to the right physnets, however, this is irrelevant 
for this bug)
  l1 - leaf 1
  l2 - leaf 2)
  
  openstack subnet show tenantsubnet | grep cid
  | cidr              | 192.168.100.0/24                     |
  
- 
  openstack subnet show othertenantsubnet | grep cid
  | cidr              | 192.168.200.0/24                     |
  
- 
- # 2 qr- interfaces per namespace on every compute - one per tenant network
+ # 2 qr- interfaces per namespace on every compute - one per tenant
+ network
  
  juju run --application 
neutron-gateway-l2,neutron-gateway-l1,neutron-openvswitch-l1,neutron-openvswitch-l2
 'sudo ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip -4 -o -br 
a s'
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nqr-a9696fa7-96@if23 
UP             192.168.100.1/24
-     \nqr-ad410866-0c@if24 UP             192.168.200.1/24 \nrfp-4f9ca9ef-3   
UP             169.254.109.46/31
-     \n"
-   UnitId: neutron-gateway-l1/0
+     \nqr-ad410866-0c@if24 UP             192.168.200.1/24 \nrfp-4f9ca9ef-3   
UP             169.254.109.46/31
+     \n"
+   UnitId: neutron-gateway-l1/0
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nqr-a9696fa7-96@if26 
UP             192.168.100.1/24
-     \nqr-ad410866-0c@if28 UP             192.168.200.1/24 \nrfp-4f9ca9ef-3   
UP             169.254.109.46/31
-     \n"
-   UnitId: neutron-gateway-l2/0
+     \nqr-ad410866-0c@if28 UP             192.168.200.1/24 \nrfp-4f9ca9ef-3   
UP             169.254.109.46/31
+     \n"
+   UnitId: neutron-gateway-l2/0
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l1/0
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l1/0
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l1/1
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l1/1
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l1/2
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l1/2
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l2/0
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l2/0
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l2/1
- 
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l2/1
  
  # removed 192.168.200.0/24 from pubrouter
  openstack router remove subnet pubrouter othertenantsubnet
  
- # ports are gone
+ # ports are still there
  juju run --application 
neutron-gateway-l2,neutron-gateway-l1,neutron-openvswitch-l1,neutron-openvswitch-l2
 'sudo ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip -4 -o -br 
a s'
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nqr-a9696fa7-96@if23 
UP             192.168.100.1/24
-     \nqr-ad410866-0c@if24 UP             192.168.200.1/24 \nrfp-4f9ca9ef-3   
UP             169.254.109.46/31
-     \n"
-   UnitId: neutron-gateway-l1/0
+     \nqr-ad410866-0c@if24 UP             192.168.200.1/24 \nrfp-4f9ca9ef-3   
UP             169.254.109.46/31
+     \n"
+   UnitId: neutron-gateway-l1/0
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l1/0
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l1/0
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l1/1
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l1/1
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l1/2
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l1/2
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l2/0
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l2/0
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nrfp-4f9ca9ef-3@if3 
UP             169.254.109.46/31
-     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
-     \       192.168.200.1/24 \n"
-   UnitId: neutron-openvswitch-l2/1
+     \nqr-a9696fa7-96   UNKNOWN        192.168.100.1/24 \nqr-ad410866-0c   
UNKNOWN
+     \       192.168.200.1/24 \n"
+   UnitId: neutron-openvswitch-l2/1
  - Stdout: "lo               UNKNOWN        127.0.0.1/8 \nqr-a9696fa7-96@if26 
UP             192.168.100.1/24
-     \nqr-ad410866-0c@if28 UP             192.168.200.1/24 \nrfp-4f9ca9ef-3   
UP             169.254.109.46/31
-     \n"
-   UnitId: neutron-gateway-l2/0
+     \nqr-ad410866-0c@if28 UP             192.168.200.1/24 \nrfp-4f9ca9ef-3   
UP             169.254.109.46/31
+     \n"
+   UnitId: neutron-gateway-l2/0
  
  # but not policy rules
  
  juju run --application 
neutron-gateway-l2,neutron-gateway-l1,neutron-openvswitch-l1,neutron-openvswitch-l2
 'sudo ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip rule'
  - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main 
\n32767:\tfrom
-     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
-     lookup 16 \n"
-   UnitId: neutron-gateway-l1/0
+     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
+     lookup 16 \n"
+   UnitId: neutron-gateway-l1/0
  - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main 
\n32767:\tfrom
-     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
-     lookup 16 \n"
-   UnitId: neutron-openvswitch-l1/0
+     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
+     lookup 16 \n"
+   UnitId: neutron-openvswitch-l1/0
  - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main 
\n32767:\tfrom
-     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
-     lookup 16 \n"
-   UnitId: neutron-openvswitch-l1/1
+     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
+     lookup 16 \n"
+   UnitId: neutron-openvswitch-l1/1
  - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main 
\n32767:\tfrom
-     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
-     lookup 16 \n"
-   UnitId: neutron-openvswitch-l1/2
+     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
+     lookup 16 \n"
+   UnitId: neutron-openvswitch-l1/2
  - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main 
\n32767:\tfrom
-     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
-     lookup 16 \n"
-   UnitId: neutron-openvswitch-l2/0
+     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
+     lookup 16 \n"
+   UnitId: neutron-openvswitch-l2/0
  - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main 
\n32767:\tfrom
-     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
-     lookup 16 \n"
-   UnitId: neutron-openvswitch-l2/1
+     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
+     lookup 16 \n"
+   UnitId: neutron-openvswitch-l2/1
  - Stdout: "0:\tfrom all lookup local \n32766:\tfrom all lookup main 
\n32767:\tfrom
-     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
-     lookup 16 \n"
-   UnitId: neutron-gateway-l2/0
+     all lookup default \n80000:\tfrom 192.168.100.0/24 lookup 16 
\n80000:\tfrom 192.168.200.0/24
+     lookup 16 \n"
+   UnitId: neutron-gateway-l2/0

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1759918

Title:
  [dvr] ip policy rules for tenant networks do not get deleted in
  qrouter namespaces after a router port is removed from a tenant
  network

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1759918/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to