Public bug reported:
The metering agent running on compute nodes fails to report metering
data for DVR routers.
How to reproduce:
1. Have a multi-node OpenStack Pike deployment with a network node and a
compute node (alongside other nodes needed).
2. Create a distributed public router and attach it to a private network.
3. Create some metering rules. In my case I have a metering label with the
ingress rule 0.0.0.0/0 and another metering label with the egress rule
0.0.0.0/0.
3. Create an instance attached to the private network. You can optionally
associate a floating ip with it.
4. Do something on the instance that would generate external traffic. For
example, download a file.
5. Check the metering samples for the metering rules in gnocchi. The traffic
generated by the instance is not recorded. You can also ssh into the compute
and network nodes and check the iptables rules with the argument -v on the
qrouter- and snat- namespaces for the public router. You can see the traffic on
the snat- namespace on the network node when not using a floating ip and on the
qrouter- namespace on the compute node when using a floating ip. However, the
metering labels are missing.
Checking the code in
`neutron/services/metering/drivers/iptables/iptables_driver.py` I
noticed the following:
1. The metering agent adds the metering iptables rules on the qrouter-
namespace for the qg- interface. This is for centralized routers and works well.
2. The metering agent adds the metering iptables rules on the snat- namespace
for the rpf- interface. This is wrong. The snat- namespace (which exists only
on network nodes for DVR routers) houses a qg- interface for doing NAT. The
rfp- interface exists only on compute nodes in the qrouter- namespace and it is
used to route floating ip traffic.
3. The metering agent adds the metering rules only once for the qrouter-
namespace. It uses the RouterWithMetering.metering_labels dictionary to avoid
adding the same metering label twice in iptables. But it uses the dictionary
for both the qrouter- and the snat- namespaces. When a label is added to the
qrouter- namespace it will not be added to the snat- namespace too because it
will already be present in the dictionary.
Also, in `neutron/db/metering/metering_rpc.py` the
`get_sync_data_metering` function doesn't include DVR routers for
compute node hosts. The l3_plugin.get_l3_agents function in Pike seems
to only return the scheduled routers on the host (which doesn't include
DVR routers).
The metering agent code has not changed significantly since stable/pike,
so I assume that the problem still persists.
** Affects: neutron
Importance: Undecided
Status: New
** Tags: metering
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1807157
Title:
Metering doesn't work for DVR routers on compute nodes
Status in neutron:
New
Bug description:
The metering agent running on compute nodes fails to report metering
data for DVR routers.
How to reproduce:
1. Have a multi-node OpenStack Pike deployment with a network node and a
compute node (alongside other nodes needed).
2. Create a distributed public router and attach it to a private network.
3. Create some metering rules. In my case I have a metering label with the
ingress rule 0.0.0.0/0 and another metering label with the egress rule
0.0.0.0/0.
3. Create an instance attached to the private network. You can optionally
associate a floating ip with it.
4. Do something on the instance that would generate external traffic. For
example, download a file.
5. Check the metering samples for the metering rules in gnocchi. The traffic
generated by the instance is not recorded. You can also ssh into the compute
and network nodes and check the iptables rules with the argument -v on the
qrouter- and snat- namespaces for the public router. You can see the traffic on
the snat- namespace on the network node when not using a floating ip and on the
qrouter- namespace on the compute node when using a floating ip. However, the
metering labels are missing.
Checking the code in
`neutron/services/metering/drivers/iptables/iptables_driver.py` I
noticed the following:
1. The metering agent adds the metering iptables rules on the qrouter-
namespace for the qg- interface. This is for centralized routers and works well.
2. The metering agent adds the metering iptables rules on the snat- namespace
for the rpf- interface. This is wrong. The snat- namespace (which exists only
on network nodes for DVR routers) houses a qg- interface for doing NAT. The
rfp- interface exists only on compute nodes in the qrouter- namespace and it is
used to route floating ip traffic.
3. The metering agent adds the metering rules only once for the qrouter-
namespace. It uses the RouterWithMetering.metering_labels dictionary to avoid
adding the same metering label twice in iptables. But it uses the dictionary
for both the qrouter- and the snat- namespaces. When a label is added to the
qrouter- namespace it will not be added to the snat- namespace too because it
will already be present in the dictionary.
Also, in `neutron/db/metering/metering_rpc.py` the
`get_sync_data_metering` function doesn't include DVR routers for
compute node hosts. The l3_plugin.get_l3_agents function in Pike seems
to only return the scheduled routers on the host (which doesn't
include DVR routers).
The metering agent code has not changed significantly since
stable/pike, so I assume that the problem still persists.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1807157/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
