[Yahoo-eng-team] [Bug 1696684] [NEW] When the router of admin_state_up becomes false, the IPSec process is not terminated

Thu, 08 Jun 2017 02:02:18 -0700 

Public bug reported:

Router1---router2 establishes the IPSec connection, and after the IPSec
connection is established, you can see two IPSec processes

ps -ef |grep ipsec
root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets 
--virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets 
--virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

Operate on router1:
Neutron router-update router1 --admin-state-up False
The admin-state-up of router has changed to False, but the corresponding IPSec 
process has not been terminated
Then, operate on the router1
Neutron router-update router1 --admin-state-up True
The admin-state-up of router changes to True and starts the new IPSec process

ps -ef |grep ipsec
root     13796     1  0 16:43 ?        00:00:00 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets 
--virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets 
--virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets 
--virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

** Affects: neutron
     Importance: Undecided
     Assignee: Li Xiao (leeshow)
         Status: In Progress

** Changed in: neutron
     Assignee: (unassigned) => Li Xiao (leeshow)

** Changed in: neutron
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1696684

Title:
  When the router of admin_state_up becomes false, the IPSec process is
  not terminated

Status in neutron:
  In Progress

Bug description:
  Router1---router2 establishes the IPSec connection, and after the
  IPSec connection is established, you can see two IPSec processes

  ps -ef |grep ipsec
  root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets 
--virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets 
--virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

  Operate on router1:
  Neutron router-update router1 --admin-state-up False
  The admin-state-up of router has changed to False, but the corresponding 
IPSec process has not been terminated
  Then, operate on the router1
  Neutron router-update router1 --admin-state-up True
  The admin-state-up of router changes to True and starts the new IPSec process

  ps -ef |grep ipsec
  root     13796     1  0 16:43 ?        00:00:00 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets 
--virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets 
--virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto 
--ctlbase 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto 
--ipsecdir 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d 
--uniqueids --nat_traversal --secretsfile 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets 
--virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase 
/var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1696684/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to