Public bug reported:
I have a mitaka openstack deployment with neutron DVR enabled. When I
try to test the snat HA failover I found that even though the snat
namespace was created on the other backup node, it doesn't has any nat
rule in snat namespace iptable. And run "ip a" in the sant namespace you
will find the sg port is missing.
Here is what I found on the second neutron network node
sandy-pistachio:/opt/openstack # ip netns
qrouter-e25b81f9-8810-4654-9be0-ebac09c700fb
qdhcp-abe36e89-f7a5-4cbd-a7e4-852d80ed92d6
snat-e25b81f9-8810-4654-9be0-ebac09c700fb
sandy-pistachio:/opt/openstack # ip netns exec
snat-e25b81f9-8810-4654-9be0-ebac09c700fb ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
70: qg-cc3b2f8c-b7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default
link/ether fa:16:3e:cb:27:cd brd ff:ff:ff:ff:ff:ff
inet 10.240.117.98/28 brd 10.240.117.111 scope global qg-cc3b2f8c-b7
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fecb:27cd/64 scope link
valid_lft forever preferred_lft forever
sandy-pistachio:/opt/openstack # ip netns exec
snat-e25b81f9-8810-4654-9be0-ebac09c700fb iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
sandy-pistachio:/opt/openstack #
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1593354
Title:
SNAT HA failed because of missing nat rule in snat namespace iptable
Status in neutron:
New
Bug description:
I have a mitaka openstack deployment with neutron DVR enabled. When I
try to test the snat HA failover I found that even though the snat
namespace was created on the other backup node, it doesn't has any nat
rule in snat namespace iptable. And run "ip a" in the sant namespace
you will find the sg port is missing.
Here is what I found on the second neutron network node
sandy-pistachio:/opt/openstack # ip netns
qrouter-e25b81f9-8810-4654-9be0-ebac09c700fb
qdhcp-abe36e89-f7a5-4cbd-a7e4-852d80ed92d6
snat-e25b81f9-8810-4654-9be0-ebac09c700fb
sandy-pistachio:/opt/openstack # ip netns exec
snat-e25b81f9-8810-4654-9be0-ebac09c700fb ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
70: qg-cc3b2f8c-b7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default
link/ether fa:16:3e:cb:27:cd brd ff:ff:ff:ff:ff:ff
inet 10.240.117.98/28 brd 10.240.117.111 scope global qg-cc3b2f8c-b7
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fecb:27cd/64 scope link
valid_lft forever preferred_lft forever
sandy-pistachio:/opt/openstack # ip netns exec
snat-e25b81f9-8810-4654-9be0-ebac09c700fb iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
sandy-pistachio:/opt/openstack #
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1593354/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
