Reviewed: https://review.openstack.org/550676 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=fbe308bdc12191c187343b5ef103dea9af738380 Submitter: Zuul Branch: master
commit fbe308bdc12191c187343b5ef103dea9af738380 Author: Swaminathan Vasudevan <svasude...@suse.com> Date: Wed Mar 7 19:03:42 2018 -0800 DVR: Fix allowed_address_pair IP, ARP table update by neutron agent Allowed_address_pair IP when associated with a network port will inherit the services MAC. Right now the ARP entry is updated with the last MAC that it is associated with. But when allowed_address_pair IPs are used in the context of VRRP the MAC keeps switching between the MASTER and SLAVE. VRRP instance sends out GARP, but the ARP entry in the router namespace is not getting updated based on the GARP. This might cause the VRRP IP and the service using the IP to fail. Since we having been adding the ARP entry with NUD state as PERMANENT, the ARP entries are set for ever and does not adopt the GARP sent out by the VRRP instance. This will cause instances associated with DVR routers to have a service interruption. So the proposed patch will add the ARP entry for the Allowed address pair with NUD for 'REACHABLE'. This allows the Allowed_address_pair IP MAC to be updated on the fly. Change-Id: I43c3471f5d259e8c2ee1685398a06a4680c0bfcd Closes-Bug: #1608400 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1608400 Title: Neutron should not add ARP entry for allowed-address-pair-fixed-ip in DVR router Status in neutron: Fix Released Bug description: When we set a fixed IP as allowed-address-pair IP, Neutron will notify l3-agent to add permanent ARP entry for this IP in DVR router namespace. But if we set the same IP to multiple ports as allowed- address-pair IP, ARP entry with same IP but different MAC will be added multiple times.In the end, the ARP entry will always lead us to last port that set the fixed IP as allowed-address-pair.This makes VRRP application goes wrong. This was noticed when deploying Octavia on Active/Standby mode. How to reproduce: 1.Launch 2 VMs,vm-1 and vm-2, which connected to a DVR router. 2.Create an allowed-address-pair port Neutron port-create --name demo-port demo-net 3.Set allowed-address-pair for vm-1 and vm-2, use fixed IP of demo-port neutron port-update --allowed-address-pair ip_address=10.0.0.29 3c8fac1c-4b1b-4258-8b18-8d74eebb48e4 neutron port-update --allowed-address-pair ip_address=10.0.0.29 a8b36d75-89ff-41d6-b891-fb65b7be88b4 4.Check ARP table of the DVR router.The ARP entry will always lead to 10.0.0.21(vm-1). [root@R1Network1 ~]# ip netns exec qrouter-4832ea04-cfa1-4c43-9ca9-e916b5fd1c28 arp -n Address HWtype HWaddress Flags Mask Iface 10.0.0.2 ether fa:16:3e:78:91:99 CM qr-2451ce9e-fa 10.0.0.21 ether fa:16:3e:a7:7d:7a CM qr-2451ce9e-fa * 10.0.0.29 ether fa:16:3e:a7:7d:7a CM qr-2451ce9e-fa * 10.0.0.20 ether fa:16:3e:16:da:45 CM qr-2451ce9e-fa * 10.0.0.3 ether fa:16:3e:bc:92:e9 CM qr-2451ce9e-fa To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1608400/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp