Public bug reported: Steps to reproduce: 1) Create one private and one public network. 2) Create DVR Router. 3) Add internal interface to router. 4) Set gateway to router. (qrouter & snat namespace should be created). 5) Remove internal interface from router (by port or by subnet) 6) Notice that corresponding SNAT interface for the internal network from SNAT namespace is still there.
So if we add internal interface again to a router then 2 SNAT interfaces for internal network will be there in the SNAT Namespace, which breaks external traffic for private subnet. $ neutron net-list +--------------------------------------+---------+------------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+------------------------------------------------------+ | 6a180ace-23a5-4300-89b2-e54872b4994c | n1 | f16081e0-5674-4caf-aeef-19f1ca3ab4cf 192.168.20.0/24 | | acf1512c-683b-435c-a161-5c5eba916fa0 | ext-net | 8bf3aa4a-8791-44d1-8a7a-0c99a9412c09 10.10.20.0/24 | +--------------------------------------+---------+------------------------------------------------------+ $ neutron router-list +--------------------------------------+------+-----------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+------+-----------------------+-------------+-------+ | 4948fdfa-6f67-4ede-8e9a-dc960c08b4fd | r1 | null | True | False | +--------------------------------------+------+-----------------------+-------------+-------+ $ neutron router-interface-add r1 s1 Added interface 59f3fd7b-5125-41a3-95fe-368890f955e4 to router r1. $ neutron router-gateway-set r1 ext-net Set gateway for router r1 $ ip netns snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd qrouter-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd $ neutron router-interface-delete r1 s1 Removed interface from router r1 It remove interface from qrouter namespace $ sudo ip netns exec qrouter-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Not removing sg interface from sname namespace. sudo ip netns exec snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) qg-9c6eb6ec-17 Link encap:Ethernet HWaddr fa:16:3e:77:4c:43 inet addr:10.10.20.107 Bcast:10.10.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe77:4c43/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:1300 (1.3 KB) sg-4f5377ff-fc Link encap:Ethernet HWaddr fa:16:3e:ae:ac:d2 inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:feae:acd2/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:992 (992.0 B) TX bytes:952 (952.0 B) Re-adding internal interface to router will have 2 sg ports inside the SNAT namespace. $ neutron router-interface-add r1 s1 Added interface 57d66312-c222-4df2-9120-273a9a540925 to router r1. $ sudo ip netns exec snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) qg-9c6eb6ec-17 Link encap:Ethernet HWaddr fa:16:3e:77:4c:43 inet addr:10.10.20.107 Bcast:10.10.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe77:4c43/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:1300 (1.3 KB) sg-4f5377ff-fc Link encap:Ethernet HWaddr fa:16:3e:ae:ac:d2 inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:feae:acd2/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:992 (992.0 B) TX bytes:952 (952.0 B) sg-9ea241ad-af Link encap:Ethernet HWaddr fa:16:3e:8c:ac:bb inet addr:192.168.20.4 Bcast:192.168.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe8c:acbb/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:174 (174.0 B) TX bytes:964 (964.0 B) Note: This issue is noticed in Kilo and later. ** Affects: neutron Importance: Undecided Status: New ** Tags: l3-dvr-backlog -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1479130 Title: DVR:Removing interface from router with ext gw set does not remove interface from SNAT namespace Status in neutron: New Bug description: Steps to reproduce: 1) Create one private and one public network. 2) Create DVR Router. 3) Add internal interface to router. 4) Set gateway to router. (qrouter & snat namespace should be created). 5) Remove internal interface from router (by port or by subnet) 6) Notice that corresponding SNAT interface for the internal network from SNAT namespace is still there. So if we add internal interface again to a router then 2 SNAT interfaces for internal network will be there in the SNAT Namespace, which breaks external traffic for private subnet. $ neutron net-list +--------------------------------------+---------+------------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+------------------------------------------------------+ | 6a180ace-23a5-4300-89b2-e54872b4994c | n1 | f16081e0-5674-4caf-aeef-19f1ca3ab4cf 192.168.20.0/24 | | acf1512c-683b-435c-a161-5c5eba916fa0 | ext-net | 8bf3aa4a-8791-44d1-8a7a-0c99a9412c09 10.10.20.0/24 | +--------------------------------------+---------+------------------------------------------------------+ $ neutron router-list +--------------------------------------+------+-----------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+------+-----------------------+-------------+-------+ | 4948fdfa-6f67-4ede-8e9a-dc960c08b4fd | r1 | null | True | False | +--------------------------------------+------+-----------------------+-------------+-------+ $ neutron router-interface-add r1 s1 Added interface 59f3fd7b-5125-41a3-95fe-368890f955e4 to router r1. $ neutron router-gateway-set r1 ext-net Set gateway for router r1 $ ip netns snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd qrouter-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd $ neutron router-interface-delete r1 s1 Removed interface from router r1 It remove interface from qrouter namespace $ sudo ip netns exec qrouter-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Not removing sg interface from sname namespace. sudo ip netns exec snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) qg-9c6eb6ec-17 Link encap:Ethernet HWaddr fa:16:3e:77:4c:43 inet addr:10.10.20.107 Bcast:10.10.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe77:4c43/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:1300 (1.3 KB) sg-4f5377ff-fc Link encap:Ethernet HWaddr fa:16:3e:ae:ac:d2 inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:feae:acd2/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:992 (992.0 B) TX bytes:952 (952.0 B) Re-adding internal interface to router will have 2 sg ports inside the SNAT namespace. $ neutron router-interface-add r1 s1 Added interface 57d66312-c222-4df2-9120-273a9a540925 to router r1. $ sudo ip netns exec snat-4948fdfa-6f67-4ede-8e9a-dc960c08b4fd ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) qg-9c6eb6ec-17 Link encap:Ethernet HWaddr fa:16:3e:77:4c:43 inet addr:10.10.20.107 Bcast:10.10.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe77:4c43/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:1300 (1.3 KB) sg-4f5377ff-fc Link encap:Ethernet HWaddr fa:16:3e:ae:ac:d2 inet addr:192.168.20.3 Bcast:192.168.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:feae:acd2/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:992 (992.0 B) TX bytes:952 (952.0 B) sg-9ea241ad-af Link encap:Ethernet HWaddr fa:16:3e:8c:ac:bb inet addr:192.168.20.4 Bcast:192.168.20.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe8c:acbb/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:174 (174.0 B) TX bytes:964 (964.0 B) Note: This issue is noticed in Kilo and later. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1479130/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp