Reviewed: https://review.openstack.org/572168 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f98f239a15d68344f84ca755dd8a55698d528b1c Submitter: Zuul Branch: master
commit f98f239a15d68344f84ca755dd8a55698d528b1c Author: Swaminathan Vasudevan <[email protected]> Date: Mon Jun 4 16:57:00 2018 +0000 Revert "DVR: Fix allowed_address_pair IP, ARP table update by neutron agent" This reverts commit fbe308bdc12191c187343b5ef103dea9af738380. This does not help the ARP update for the unbound Allowed-address-pair IP, since the temporary ARP update (NUD: reachable) goes to incomplete state when the router tries to re-ARP for the IP, before it responds to a VM, since DVR routers does not allow the ARP requests to flow through the br-tun. Closes-bug: #1773999 Change-Id: I9977c8cbbbc1e68565249e7f80c59319fe967300 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1773999 Title: Allowed Address Pairs doesn’t work after neutron-port update Status in neutron: Fix Released Bug description: Before the patch of https://review.openstack.org/#/c/550676/ it was possible to mitigate the issue of allowed-address pairs and DVR by neutron-port update. After applying the patch above, reachability of the virtual IP is only given for around 20 to 30 seconds until the ARP cache is timed out. Since it doesn’t seem that the GARP is reaching other DVR routers, then the local one, to update the ARP entry all router namespaces. Steps to reproduce: 1. Create two networks with one subnet each and connect them to a router 2. Spawn three instances on, three different (DVR enabled) compute nodes. Two in the same subnet, one in the other. 3. Install and enable keepalived on the instances which are in the same subnet 4. Start a ping from the third instance in different subnet to the virtual IP 5. Failover from the active to the standby instance 6. Ping will stop 7. Neutron port-update --allowed-address-pair ip_address=<ip> <port-id> 8. Ping will start for 20 – 30 seconds and stop 9. After sending a port update ping will work for some seconds again When reverting the patch, ping will stay stable after a neutron port- update. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1773999/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
