The problem was fixed after updating to v.Rocky
** Changed in: neutron
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1850137
Title:
Hosts in a VPNaaS-VPNaas VPN lose their interconnect.
Status in neutron:
Fix Released
Bug description:
When i building an IPSec tunnel between two projects (VPNaaS-VPNaaS)
everything works fine. But after an random period of time (from 20 minutes to a
week), the connection between the end hosts in the opposite local networks
disappears.
Ping from the end host to the gateways of both local networks passes.
For example. There is the following topology:
host-loc-1(10.9.9.2/24) - (10.9.9.1/24)VPNaaS1 - VPNaaS2(192.168.10.1/24) -
host-loc-2(192.168.10.8/24)
When a problem occurs, the address 10.9.9.2 stops pinging
192.168.10.8, but continues to ping 192.168.10.1.
VPN connection status is active and the cause of the problem is the
loss of iptables rules in the FORWARD chain for the project namespace.
Normal condition:
"""
ip netns exec qrouter-ID iptables -L -n | grep -A 5 "Chain FORWARD"
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 192.168.10.0/24 10.9.9.0/24 policy match dir
in pol ipsec reqid 1 proto 50
ACCEPT all -- 10.9.9.0/24 192.168.10.0/24 policy match dir
out pol ipsec reqid 1 proto 50
neutron-filter-top all -- 0.0.0.0/0 0.0.0.0/0
neutron-l3-agent-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
"""
Problem state:
"""
ip netns exec qrouter-ID iptables -L -n | grep -A 5 "Chain FORWARD"
Chain FORWARD (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- 0.0.0.0/0 0.0.0.0/0
neutron-l3-agent-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
"""
How can I understand why the FORWARD rule disappears?
Installed software version:
dpkg -l | grep neutron
ii neutron-common 2:12.0.6-0ubuntu3~cloud0
all Neutron is a virtual network service for Openstack - common
ii neutron-dhcp-agent 2:12.0.6-0ubuntu3~cloud0
all Neutron is a virtual network service for Openstack - DHCP
agent
ii neutron-l3-agent 2:12.0.6-0ubuntu3~cloud0
all Neutron is a virtual network service for Openstack - l3
agent
ii neutron-metadata-agent 2:12.0.6-0ubuntu3~cloud0
all Neutron is a virtual network service for Openstack -
metadata agent
ii neutron-openvswitch-agent 2:12.0.6-0ubuntu3~cloud0
all Neutron is a virtual network service for Openstack - Open
vSwitch plugin agent
ii python-neutron 2:12.0.6-0ubuntu3~cloud0
all Neutron is a virtual network service for Openstack - Python
library
ii python-neutron-fwaas 1:12.0.1-0ubuntu1~cloud0
all Firewall-as-a-Service driver for OpenStack Neutron
ii python-neutron-lib 1.13.0-0ubuntu1~cloud0
all Neutron shared routines and utilities - Python 2.7
ii python-neutron-vpnaas 2:12.0.1-0ubuntu1~cloud0
all VPN-as-a-Service driver for OpenStack Neutron
ii python-neutronclient 1:6.7.0-0ubuntu1~cloud0
all client API library for Neutron - Python 2.7
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1850137/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
