[Bug 1751396] Re: DVR: Inter Tenant Traffic between two networks and connected through a shared network not reachable with DVR routers
OpenStack Infra
1751396 at bugs.launchpad.net
Wed Jul 18 12:04:02 UTC 2018
Reviewed: https://review.openstack.org/578112
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f65e7ba05d0502bdc7163a6221ed8138ac183055
Submitter: Zuul
Branch: stable/ocata
commit f65e7ba05d0502bdc7163a6221ed8138ac183055
Author: Swaminathan Vasudevan <SVasudevan at suse.com>
Date: Fri Feb 23 16:22:33 2018 -0800
DVR: Inter Tenant Traffic between networks not possible with shared net
Inter Tenant Traffic between two different networks that belong
to two different Tenants is not possible when connected through
a shared network that are internally connected through DVR
routers.
This issue can be seen in multinode environment where there
is network isolation.
The issue is, we have two different IP for the ports that are
connecting the two routers and DVR does not expose the router
interfaces outside a compute and is blocked by ovs tunnel bridge
rules.
This patch fixes the issue by not applying the DVR specific
rules in the tunnel-bridge to the shared network ports that
are connecting the routers.
Closes-Bug: #1751396
Change-Id: I0717f29209f1354605d2f4128949ddbaefd99629
(cherry picked from commit d019790fe436b72cb05b8d0ff1f3a62ebd9e9bee)
** Tags added: in-stable-ocata
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1751396
Title:
DVR: Inter Tenant Traffic between two networks and connected through a
shared network not reachable with DVR routers
Status in Ubuntu Cloud Archive:
Fix Committed
Status in Ubuntu Cloud Archive pike series:
Fix Committed
Status in Ubuntu Cloud Archive queens series:
Fix Released
Status in neutron:
Fix Released
Status in neutron package in Ubuntu:
Fix Released
Status in neutron source package in Artful:
Triaged
Status in neutron source package in Bionic:
Fix Released
Bug description:
Inter Tenant Traffic between Two Tenants on two different private
networks connected through a common shared network (created by Admin)
is not route able through DVR routers
Steps to reproduce it:
(NOTE: No external, just shared network)
This is only reproducable in Multinode scenario. ( 1 Controller - 2 compute ).
Make sure that the two VMs are isolated in two different computes.
openstack network create --share shared_net
openstack subnet create shared_net_sn --network shared_net --subnet-
range 172.168.10.0/24
openstack network create net_A
openstack subnet create net_A_sn --network net_A --subnet-range 10.1.0.0/24
openstack network create net_B
openstack subnet create net_B_sn --network net_B --subnet-range 10.2.0.0/24
openstack router create router_A
openstack port create --network=shared_net --fixed-ip subnet=shared_net_sn,ip-address=172.168.10.20 port_router_A_shared_net
openstack router add port router_A port_router_A_shared_net
openstack router add subnet router_A net_A_sn
openstack router create router_B
openstack port create --network=shared_net --fixed-ip subnet=shared_net_sn,ip-address=172.168.10.30 port_router_B_shared_net
openstack router add port router_B port_router_B_shared_net
openstack router add subnet router_B net_B_sn
openstack server create server_A --flavor m1.tiny --image cirros --nic net-id=net_A
openstack server create server_B --flavor m1.tiny --image cirros --nic net-id=net_B
Add static routes to the router.
openstack router set router_A --route destination=10.1.0.0/24,gateway=172.168.10.20
openstack router set router_B --route destination=10.2.0.0/24,gateway=172.168.10.30
```
Ping from one instance to the other times out
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1751396/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list