Reviewed: https://review.opendev.org/c/openstack/neutron/+/800059 Committed: https://opendev.org/openstack/neutron/commit/19375b3e78ad6b635793b716e5ecabd53dc73a76 Submitter: "Zuul (22348)" Branch: master
commit 19375b3e78ad6b635793b716e5ecabd53dc73a76 Author: Slawek Kaplonski <[email protected]> Date: Thu Jul 8 15:53:39 2021 +0200 [DVR] Set arp entries only for single IPs given as allowed addr pair In allowed address pairs of the port there can be given not single IP address but whole CIDR. In such case ARP entries for IPs from such cidr will not be added in the DVR router namespace. Closes-Bug: #1934912 Change-Id: I7bdefea943379125f93b116bb899446b874d9505 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1934912 Title: Router update fails for ports with allowed_address_pairs containg IP range in CIDR notation Status in neutron: Fix Released Bug description: With https://review.opendev.org/c/openstack/neutron/+/792791 neutron build from branch `stable/train` fails to update routers with ports containing an `allowed_address_pair` containing an IP address range in CIDR notation, i.e.: ``` openstack port show 135515bf-6cdf-45d7-affa-c775d2a43ce1 -f value -c allowed_address_pairs [{'mac_address': 'fa:16:3e:1e:c4:f1', 'ip_address': '192.168.0.0/16'}] ``` I could not find definitive information on wether this is an allowed value for allowed_address_pairs, but at least the openstack/magnum project makes use of this. Once the above is set neutron-l3-agent logs errors shown in http://paste.openstack.org/show/807237/ and connection to all resources behind the router stop. Steps to reproduce: Set up openstack environment with neutron build from git branch stable/train with OVS, DVR and router HA in a multinode deployment on ubuntu bionic. Create a test environment: openstack network create test openstack subnet create --network test --subnet-range 10.0.0.0/24 test openstack router create --ha --distributed test openstack router set --external-gateway <provider network> test openstack router add subnet test test openstack server create --image <test image> --flavor m1.small --security-group <default> --network test test openstack security group create icmp openstack security group rule create --protocol icmp --ingress icmp openstack server add security group test icmp openstack floating ip create <provider network> openstack server add floating ip test <floating ip> ping <floating ip> openstack port set --allowed-address ip-address=192.168.0.0/16 <instance port> ping <floating ip> Observe loss of ping after setting allowed_address_pairs. Revert https://review.opendev.org/c/openstack/neutron/+/792791 and redeploy neutron ping <floating ip> Observe reestablishment of the connection. Please let me know if you need any other information To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1934912/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
