** Also affects: charm-neutron-openvswitch
Importance: Undecided
Status: New
** This bug is no longer a duplicate of bug 1722584
[SRU] Return traffic from metadata service may get dropped by hypervisor due
to wrong checksum
** Changed in: neutron
Status: New => Incomplete
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1832021
Title:
Checksum drop of metadata traffic on isolated provider networks
Status in OpenStack neutron-openvswitch charm:
New
Status in neutron:
Incomplete
Bug description:
When an isolated network using provider networks for tenants (meaning
without virtual routers: DVR or network node), metadata access occurs
in the qdhcp ip netns rather than the qrouter netns.
The following options are set in the dhcp_agent.ini file:
force_metadata = True
enable_isolated_metadata = True
VMs on the provider tenant network are unable to access metadata as
packets are dropped due to checksum.
When we added the following in the qdhcp netns, VMs regained access to
metadata:
iptables -t mangle -A OUTPUT -o ns-+ -p tcp --sport 80 -j CHECKSUM
--checksum-fill
It seems this setting was recently removed from the qrouter netns [0]
but it never existed in the qdhcp to begin with.
[0] https://review.opendev.org/#/c/654645/
Related LP Bug #1831935
See
https://bugs.launchpad.net/charm-neutron-openvswitch/+bug/1831935/comments/10
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-neutron-openvswitch/+bug/1832021/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
