Public bug reported:
We found this bug using the vmware-nsx plugin, but should be applicable
to all plugins support L3.
Created devstack_master + vmware-nsx
Created router-interface and assigned fip's to router interface which is
allowed.
I dont find any usecase to assign ip to router port other than its LB vip port.
Main reason for restricted this:
-> To remove unwanted entries of fip from neutron db.
-> To reduce overhead of using floating ip pool (other pool may get exhausted).
REPO STEPS:
myuser@kvm-compute-node1:~/devstack$ neutron router-port-list rtr3
neutron CLI is deprecated and will be removed in the future. Use openstack CLI
instead.
+--------------------------------------+------+----------------------------------+-------------------+------------------------------------------------------------------------------------+
| id | name | tenant_id
| mac_address | fixed_ips
|
+--------------------------------------+------+----------------------------------+-------------------+------------------------------------------------------------------------------------+
| 3318efcd-fcd1-4dda-bdde-4c8a19fbee3a | |
| fa:16:3e:c1:00:fd | {"subnet_id": "afb2f79d-3c25-47de-a273-27bab2b78800",
"ip_address": "172.24.0.19"} |
| 8fcda443-dd4d-431f-ba3d-fbd5764830d9 | |
00b7a6f394e946688c83545da6a27804 | fa:16:3e:9a:a1:3e | {"subnet_id":
"7ff038d6-3b3c-4127-a45a-f135ac07f3bb", "ip_address": "3.0.100.1"} |
| f6d54233-a8aa-4304-bc16-20f0071dfc47 | |
00b7a6f394e946688c83545da6a27804 | fa:16:3e:99:35:61 | {"subnet_id":
"c16dce8d-899e-45f7-b615-557c2e231ce5", "ip_address": "3.3.100.1"} |
+--------------------------------------+------+----------------------------------+-------------------+------------------------------------------------------------------------------------+
myuser@kvm-compute-node1:~/devstack$ neutron port-show
8fcda443-dd4d-431f-ba3d-fbd5764830d9
neutron CLI is deprecated and will be removed in the future. Use openstack CLI
instead.
+--------------------------+------------------------------------------------------------------------------------------------------------------+
| Field | Value
|
+--------------------------+------------------------------------------------------------------------------------------------------------------+
| admin_state_up | True
|
| allowed_address_pairs |
|
| binding:host_id |
|
| binding:vif_details | {"ovs_hybrid_plug": false,
"nsx-logical-switch-id": "c1a562e9-54bd-4ca6-9071-d622155e7ee6", "port_filter":
true} |
| binding:vif_type | ovs
|
| binding:vnic_type | normal
|
| created_at | 2018-08-13T16:19:11Z
|
| description |
|
| device_id | 0fa3bbcd-2a24-4c1d-ba56-d7e2c88a60ba
|
| device_owner | network:router_interface
|
| dns_assignment | {"hostname": "host-3-0-100-1", "ip_address":
"3.0.100.1", "fqdn": "host-3-0-100-1.somedom.org."} |
| dns_name |
|
| extra_dhcp_opts |
|
| fixed_ips | {"subnet_id":
"7ff038d6-3b3c-4127-a45a-f135ac07f3bb", "ip_address": "3.0.100.1"}
|
| id | 8fcda443-dd4d-431f-ba3d-fbd5764830d9
|
| mac_address | fa:16:3e:9a:a1:3e
|
| name |
|
| network_id | 186a719b-7ca8-485a-9869-3eb60ef62020
|
| port_security_enabled | False
|
| project_id | 00b7a6f394e946688c83545da6a27804
|
| provider_security_groups |
|
| qos_policy_id |
|
| revision_number | 3
|
| security_groups |
|
| status | ACTIVE
|
| tags |
|
| tenant_id | 00b7a6f394e946688c83545da6a27804
|
| updated_at | 2018-08-13T16:19:12Z
|
+--------------------------+------------------------------------------------------------------------------------------------------------------+
myuser@kvm-compute-node1:~/devstack$ neutron floatingip-create
--port-id=8fcda443-dd4d-431f-ba3d-fbd5764830d9 public
neutron CLI is deprecated and will be removed in the future. Use openstack CLI
instead.
Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2018-08-14T12:10:23Z |
| description | |
| dns_domain | |
| dns_name | |
| fixed_ip_address | 3.0.100.1 |
| floating_ip_address | 172.24.0.22 |
| floating_network_id | b07e294c-68d1-48aa-be7f-153d8957d16e |
| id | ecc1da5f-1323-4774-9667-0c5341534aa1 |
| port_id | 8fcda443-dd4d-431f-ba3d-fbd5764830d9 |
| project_id | 00b7a6f394e946688c83545da6a27804 |
| revision_number | 0 |
| router_id | 0fa3bbcd-2a24-4c1d-ba56-d7e2c88a60ba |
| status | ACTIVE |
| tags | |
| tenant_id | 00b7a6f394e946688c83545da6a27804 |
| updated_at | 2018-08-14T12:10:23Z |
+---------------------+--------------------------------------+
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1787420
Title:
Floating ip association to router interface should be restricted
Status in neutron:
New
Bug description:
We found this bug using the vmware-nsx plugin, but should be
applicable to all plugins support L3.
Created devstack_master + vmware-nsx
Created router-interface and assigned fip's to router interface which is
allowed.
I dont find any usecase to assign ip to router port other than its LB vip
port.
Main reason for restricted this:
-> To remove unwanted entries of fip from neutron db.
-> To reduce overhead of using floating ip pool (other pool may get
exhausted).
REPO STEPS:
myuser@kvm-compute-node1:~/devstack$ neutron router-port-list rtr3
neutron CLI is deprecated and will be removed in the future. Use openstack
CLI instead.
+--------------------------------------+------+----------------------------------+-------------------+------------------------------------------------------------------------------------+
| id | name | tenant_id
| mac_address | fixed_ips
|
+--------------------------------------+------+----------------------------------+-------------------+------------------------------------------------------------------------------------+
| 3318efcd-fcd1-4dda-bdde-4c8a19fbee3a | |
| fa:16:3e:c1:00:fd | {"subnet_id": "afb2f79d-3c25-47de-a273-27bab2b78800",
"ip_address": "172.24.0.19"} |
| 8fcda443-dd4d-431f-ba3d-fbd5764830d9 | |
00b7a6f394e946688c83545da6a27804 | fa:16:3e:9a:a1:3e | {"subnet_id":
"7ff038d6-3b3c-4127-a45a-f135ac07f3bb", "ip_address": "3.0.100.1"} |
| f6d54233-a8aa-4304-bc16-20f0071dfc47 | |
00b7a6f394e946688c83545da6a27804 | fa:16:3e:99:35:61 | {"subnet_id":
"c16dce8d-899e-45f7-b615-557c2e231ce5", "ip_address": "3.3.100.1"} |
+--------------------------------------+------+----------------------------------+-------------------+------------------------------------------------------------------------------------+
myuser@kvm-compute-node1:~/devstack$ neutron port-show
8fcda443-dd4d-431f-ba3d-fbd5764830d9
neutron CLI is deprecated and will be removed in the future. Use openstack
CLI instead.
+--------------------------+------------------------------------------------------------------------------------------------------------------+
| Field | Value
|
+--------------------------+------------------------------------------------------------------------------------------------------------------+
| admin_state_up | True
|
| allowed_address_pairs |
|
| binding:host_id |
|
| binding:vif_details | {"ovs_hybrid_plug": false,
"nsx-logical-switch-id": "c1a562e9-54bd-4ca6-9071-d622155e7ee6", "port_filter":
true} |
| binding:vif_type | ovs
|
| binding:vnic_type | normal
|
| created_at | 2018-08-13T16:19:11Z
|
| description |
|
| device_id | 0fa3bbcd-2a24-4c1d-ba56-d7e2c88a60ba
|
| device_owner | network:router_interface
|
| dns_assignment | {"hostname": "host-3-0-100-1", "ip_address":
"3.0.100.1", "fqdn": "host-3-0-100-1.somedom.org."} |
| dns_name |
|
| extra_dhcp_opts |
|
| fixed_ips | {"subnet_id":
"7ff038d6-3b3c-4127-a45a-f135ac07f3bb", "ip_address": "3.0.100.1"}
|
| id | 8fcda443-dd4d-431f-ba3d-fbd5764830d9
|
| mac_address | fa:16:3e:9a:a1:3e
|
| name |
|
| network_id | 186a719b-7ca8-485a-9869-3eb60ef62020
|
| port_security_enabled | False
|
| project_id | 00b7a6f394e946688c83545da6a27804
|
| provider_security_groups |
|
| qos_policy_id |
|
| revision_number | 3
|
| security_groups |
|
| status | ACTIVE
|
| tags |
|
| tenant_id | 00b7a6f394e946688c83545da6a27804
|
| updated_at | 2018-08-13T16:19:12Z
|
+--------------------------+------------------------------------------------------------------------------------------------------------------+
myuser@kvm-compute-node1:~/devstack$ neutron floatingip-create
--port-id=8fcda443-dd4d-431f-ba3d-fbd5764830d9 public
neutron CLI is deprecated and will be removed in the future. Use openstack
CLI instead.
Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2018-08-14T12:10:23Z |
| description | |
| dns_domain | |
| dns_name | |
| fixed_ip_address | 3.0.100.1 |
| floating_ip_address | 172.24.0.22 |
| floating_network_id | b07e294c-68d1-48aa-be7f-153d8957d16e |
| id | ecc1da5f-1323-4774-9667-0c5341534aa1 |
| port_id | 8fcda443-dd4d-431f-ba3d-fbd5764830d9 |
| project_id | 00b7a6f394e946688c83545da6a27804 |
| revision_number | 0 |
| router_id | 0fa3bbcd-2a24-4c1d-ba56-d7e2c88a60ba |
| status | ACTIVE |
| tags | |
| tenant_id | 00b7a6f394e946688c83545da6a27804 |
| updated_at | 2018-08-14T12:10:23Z |
+---------------------+--------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1787420/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
