Reviewed: https://review.openstack.org/550676
Committed:
https://git.openstack.org/cgit/openstack/neutron/commit/?id=fbe308bdc12191c187343b5ef103dea9af738380
Submitter: Zuul
Branch: master
commit fbe308bdc12191c187343b5ef103dea9af738380
Author: Swaminathan Vasudevan <svasude...@suse.com>
Date: Wed Mar 7 19:03:42 2018 -0800
DVR: Fix allowed_address_pair IP, ARP table update by neutron agent
Allowed_address_pair IP when associated with a network port will
inherit the services MAC.
Right now the ARP entry is updated with the last MAC that it is
associated with. But when allowed_address_pair IPs are used in
the context of VRRP the MAC keeps switching between the MASTER
and SLAVE. VRRP instance sends out GARP, but the ARP entry in the
router namespace is not getting updated based on the GARP.
This might cause the VRRP IP and the service using the IP to fail.
Since we having been adding the ARP entry with NUD state as
PERMANENT, the ARP entries are set for ever and does not adopt the
GARP sent out by the VRRP instance.
This will cause instances associated with DVR routers to have a
service interruption.
So the proposed patch will add the ARP entry for the Allowed address
pair with NUD for 'REACHABLE'.
This allows the Allowed_address_pair IP MAC to be updated on the
fly.
Change-Id: I43c3471f5d259e8c2ee1685398a06a4680c0bfcd
Closes-Bug: #1608400
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1608400
Title:
Neutron should not add ARP entry for allowed-address-pair-fixed-ip in
DVR router
Status in neutron:
Fix Released
Bug description:
When we set a fixed IP as allowed-address-pair IP, Neutron will notify
l3-agent to add permanent ARP entry for this IP in DVR router
namespace. But if we set the same IP to multiple ports as allowed-
address-pair IP, ARP entry with same IP but different MAC will be
added multiple times.In the end, the ARP entry will always lead us to
last port that set the fixed IP as allowed-address-pair.This makes
VRRP application goes wrong.
This was noticed when deploying Octavia on Active/Standby mode.
How to reproduce:
1.Launch 2 VMs,vm-1 and vm-2, which connected to a DVR router.
2.Create an allowed-address-pair port
Neutron port-create --name demo-port demo-net
3.Set allowed-address-pair for vm-1 and vm-2, use fixed IP of demo-port
neutron port-update --allowed-address-pair ip_address=10.0.0.29
3c8fac1c-4b1b-4258-8b18-8d74eebb48e4
neutron port-update --allowed-address-pair ip_address=10.0.0.29
a8b36d75-89ff-41d6-b891-fb65b7be88b4
4.Check ARP table of the DVR router.The ARP entry will always lead to
10.0.0.21(vm-1).
[root@R1Network1 ~]# ip netns exec
qrouter-4832ea04-cfa1-4c43-9ca9-e916b5fd1c28 arp -n
Address HWtype HWaddress Flags Mask
Iface
10.0.0.2 ether fa:16:3e:78:91:99 CM
qr-2451ce9e-fa
10.0.0.21 ether fa:16:3e:a7:7d:7a CM
qr-2451ce9e-fa *
10.0.0.29 ether fa:16:3e:a7:7d:7a CM
qr-2451ce9e-fa *
10.0.0.20 ether fa:16:3e:16:da:45 CM
qr-2451ce9e-fa *
10.0.0.3 ether fa:16:3e:bc:92:e9 CM
qr-2451ce9e-fa
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1608400/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
