Public bug reported:
Before the patch of https://review.openstack.org/#/c/550676/ it was possible to
mitigate the issue of allowed-address pairs and DVR by neutron-port update.
After applying the patch above, reachability of the virtual IP is only given
for around 20 to 30 seconds until the ARP cache is timed out. Since it doesn’t
seem that the GARP is reaching other DVR routers, then the local one, to update
the ARP entry all router namespaces.
Steps to reproduce:
1. Create two networks with one subnet each and connect them to a router
2. Spawn three instances on, three different (DVR enabled) compute nodes.
Two in the same subnet, one in the other.
3. Install and enable keepalived on the instances which are in the same
subnet
4. Start a ping from the third instance in different subnet to the virtual
IP
5. Failover from the active to the standby instance
6. Ping will stop
7. Neutron port-update --allowed-address-pair ip_address=<ip> <port-id>
8. Ping will start for 20 – 30 seconds and stop
9. After sending a port update ping will work for some seconds again
When reverting the patch, ping will stay stable after a neutron port-
update.
** Affects: neutron
Importance: Undecided
Assignee: Boris (boris-maeck)
Status: In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1773999
Title:
Allowed Address Pairs doesn’t work after neutron-port update
Status in neutron:
In Progress
Bug description:
Before the patch of https://review.openstack.org/#/c/550676/ it was possible
to mitigate the issue of allowed-address pairs and DVR by neutron-port update.
After applying the patch above, reachability of the virtual IP is only given
for around 20 to 30 seconds until the ARP cache is timed out. Since it doesn’t
seem that the GARP is reaching other DVR routers, then the local one, to update
the ARP entry all router namespaces.
Steps to reproduce:
1. Create two networks with one subnet each and connect them to a router
2. Spawn three instances on, three different (DVR enabled) compute nodes.
Two in the same subnet, one in the other.
3. Install and enable keepalived on the instances which are in the same
subnet
4. Start a ping from the third instance in different subnet to the virtual
IP
5. Failover from the active to the standby instance
6. Ping will stop
7. Neutron port-update --allowed-address-pair ip_address=<ip> <port-id>
8. Ping will start for 20 – 30 seconds and stop
9. After sending a port update ping will work for some seconds again
When reverting the patch, ping will stay stable after a neutron port-
update.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1773999/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
