Reviewed: https://review.openstack.org/524037 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=af73882a9db994b06d8df18d4d5abc05c7aecd32 Submitter: Zuul Branch: master
commit af73882a9db994b06d8df18d4d5abc05c7aecd32 Author: Daniel Russell <[email protected]> Date: Wed Nov 29 15:27:06 2017 +1100 Prevent LBaaS VRRP ports from populating DVR router ARP table Prevents the MAC address of the VIP address of an LBaaS or LBaaSv2 instance from populating in the DVR router ARP table Change-Id: If49aaa48a5e95ccd0a236db984d3984a6e44c87c Closes-Bug: 1733852 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1733852 Title: Incorrect ARP entries in new DVR routers for Octavia VRRP addresses Status in neutron: Fix Released Bug description: Hi, I am running Ocata Neutron with OVS DVR, l2_population is on, and Ocata Octavia is also installed. Under a certain circumstance, I am getting incorrect ARP entries in the routers for the VRRP address of the loadbalancers created. Here is the ARP table for a router that preexisted a Load Balancer creation : [root@<shnip> ~]# ip netns exec qrouter-6b5fe9df-eab2-4147-b95f-419d0c620344 ip neigh 10.2.2.11 dev qr-458b6819-4f lladdr fa:16:3e:3c:df:9c PERMANENT 10.2.2.1 dev qr-458b6819-4f lladdr fa:16:3e:f0:45:c9 PERMANENT 10.2.2.2 dev qr-458b6819-4f lladdr fa:16:3e:70:0e:8c PERMANENT [root@<shnip> ~]# After creating a loadbalancer, ports are created for the load balancer instance in the project network and the vrrp address (but as far as I understand, the vrrp port is just there to reserve the IP): [root@<shnip> /]# openstack port show 9bb862a7-fdb5-487e-94f5-4fac8b55d5d2 +-----------------------+-------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+-------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | ip_address='10.2.2.8', mac_address='fa:16:3e:78:82:cb' | | binding_host_id | <shnip> | | binding_profile | | | binding_vif_details | ovs_hybrid_plug='True', port_filter='True' | | binding_vif_type | ovs | | binding_vnic_type | normal | | created_at | 2017-11-22T10:35:11Z | | description | | | device_id | 3355a8e7-95fe-4f15-8233-3ffcbb935d5c | | device_owner | compute:None | | dns_assignment | fqdn='amphora-8cc77a78-359e-4829-968b-2d026869d845.cloud.<shnip>.', hostname | | | ='amphora-8cc77a78-359e-4829-968b-2d026869d845', ip_address='10.2.2.5' | | dns_name | amphora-8cc77a78-359e-4829-968b-2d026869d845 | | extra_dhcp_opts | | | fixed_ips | ip_address='10.2.2.5', subnet_id='0c8633c6-96a1-4c0e-a73f-212eddfd6172' | | id | 9bb862a7-fdb5-487e-94f5-4fac8b55d5d2 | | ip_address | None | | mac_address | fa:16:3e:78:82:cb | | name | octavia-lb-vrrp-8cc77a78-359e-4829-968b-2d026869d845 | | network_id | 8d365ce2-d909-410d-991c-7f503a65d67b | | option_name | None | | option_value | None | | port_security_enabled | False | | project_id | 905d2c54fe08456abee3c44feb1d8e05 | | qos_policy_id | None | | revision_number | 18 | | security_groups | 355790da-7eec-4685-b92e-7a6e2cd1ba1e | | status | ACTIVE | | subnet_id | None | | updated_at | 2017-11-22T12:04:36Z | +-----------------------+-------------------------------------------------------------------------------------------+ [root@<shnip> /]# openstack port show 85848204-7127-4080-bdde-dccef083f330 +-----------------------+-------------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+-------------------------------------------------------------------------------------------+ | admin_state_up | DOWN | | allowed_address_pairs | | | binding_host_id | | | binding_profile | | | binding_vif_details | | | binding_vif_type | unbound | | binding_vnic_type | normal | | created_at | 2017-11-22T10:35:04Z | | description | None | | device_id | 0f0f57b3-d0a7-45d3-bddb-e5353c9d9134 | | device_owner | neutron:LOADBALANCERV2 | | dns_assignment | fqdn='host-10-2-2-8.cloud.<shnip>.', hostname='host-10-2-2-8', | | | ip_address='10.2.2.8' | | dns_name | | | extra_dhcp_opts | | | fixed_ips | ip_address='10.2.2.8', subnet_id='0c8633c6-96a1-4c0e-a73f-212eddfd6172' | | id | 85848204-7127-4080-bdde-dccef083f330 | | ip_address | None | | mac_address | fa:16:3e:d0:3c:aa | | name | loadbalancer-0f0f57b3-d0a7-45d3-bddb-e5353c9d9134 | | network_id | 8d365ce2-d909-410d-991c-7f503a65d67b | | option_name | None | | option_value | None | | port_security_enabled | False | | project_id | c053ae2460e741008fa0ea908ae7da8c | | qos_policy_id | None | | revision_number | 6 | | security_groups | 355790da-7eec-4685-b92e-7a6e2cd1ba1e | | status | DOWN | | subnet_id | None | | updated_at | 2017-11-22T10:35:10Z | +-----------------------+-------------------------------------------------------------------------------------------+ [root@<shnip> /]# The router ARP table is updated as I would expect : [root@<shnip> ~]# ip netns exec qrouter-6b5fe9df-eab2-4147-b95f-419d0c620344 ip neigh 10.2.2.11 dev qr-458b6819-4f lladdr fa:16:3e:3c:df:9c PERMANENT 10.2.2.1 dev qr-458b6819-4f lladdr fa:16:3e:f0:45:c9 PERMANENT 10.2.2.2 dev qr-458b6819-4f lladdr fa:16:3e:70:0e:8c PERMANENT 10.2.2.8 dev qr-458b6819-4f lladdr fa:16:3e:78:82:cb PERMANENT 10.2.2.5 dev qr-458b6819-4f lladdr fa:16:3e:78:82:cb PERMANENT [root@<shnip> ~]# However, if I create a new router and attach an interface to the project subnet, the ARP table is populated with the MAC address of the vrrp port that was created. This prevents traffic from flowing as the MAC should either be absent (so it can ARP itself) or the MAC for the active port. [root@<shnip> ~]# ip netns exec qrouter-a5158caa-893c-4e6e-babf-141125f1e476 ip neigh 10.2.2.2 dev qr-f8e750c0-31 lladdr fa:16:3e:70:0e:8c PERMANENT 10.2.2.1 dev qr-f8e750c0-31 lladdr fa:16:3e:f0:45:c9 PERMANENT 10.2.2.11 dev qr-f8e750c0-31 lladdr fa:16:3e:3c:df:9c PERMANENT 10.2.2.5 dev qr-f8e750c0-31 lladdr fa:16:3e:78:82:cb PERMANENT 10.2.2.8 dev qr-f8e750c0-31 lladdr fa:16:3e:d0:3c:aa PERMANENT [root@<shnip> ~]# To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1733852/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
