Public bug reported: Originally reported for RHOSP-14 by Candido Campos.
Description of problem: When neutron does a switch-over between router 1 and router2, the contrack flows of router1 shoud be deleted How reproducible: Steps to Reproduce: 1. Deploy OpenStack with 3 controllers 2. Create a Network with a router and at least one vm 3. create a fip and assign it to the vm 4. ssh to vm fip: ssh -vvv [email protected] 5. In controller with active router: ip netns exec qrouter-XX ip link set ha-XXX down ; ip netns exec qrouter-XX ip link set ha-XXX up 7.Check that contrack flows are not deleted: docker exec -t -i -u root neutron_l3_agent ip netns exec qrouter-XXX conntrack -L 7. Again In controller with active router: ip netns exec qrouter-XX ip link set ha-XXX down ; ip netns exec qrouter-XX ip link set ha-XXX up 8.When router active switch back to the previous router ssh connection is broken. Actual results: conntrack flows are reused. SSh connection is broken. Expected results: contrack flows are recreated. ssh connection isn't broken. The problem exists only if second failover will be done in short time, before conntrack table on first controller will be cleared. So it's not very serious problem for real L3HA deployments probably but it would be nice to have it fixed. ** Affects: neutron Importance: Low Status: Confirmed ** Tags: l3-ha -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1865061 Title: When neutron does a switch-over between router 1 and router2, the router1 conntrack flows shoud be deleted Status in neutron: Confirmed Bug description: Originally reported for RHOSP-14 by Candido Campos. Description of problem: When neutron does a switch-over between router 1 and router2, the contrack flows of router1 shoud be deleted How reproducible: Steps to Reproduce: 1. Deploy OpenStack with 3 controllers 2. Create a Network with a router and at least one vm 3. create a fip and assign it to the vm 4. ssh to vm fip: ssh -vvv [email protected] 5. In controller with active router: ip netns exec qrouter-XX ip link set ha-XXX down ; ip netns exec qrouter-XX ip link set ha-XXX up 7.Check that contrack flows are not deleted: docker exec -t -i -u root neutron_l3_agent ip netns exec qrouter-XXX conntrack -L 7. Again In controller with active router: ip netns exec qrouter-XX ip link set ha-XXX down ; ip netns exec qrouter-XX ip link set ha-XXX up 8.When router active switch back to the previous router ssh connection is broken. Actual results: conntrack flows are reused. SSh connection is broken. Expected results: contrack flows are recreated. ssh connection isn't broken. The problem exists only if second failover will be done in short time, before conntrack table on first controller will be cleared. So it's not very serious problem for real L3HA deployments probably but it would be nice to have it fixed. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1865061/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
