Kill conntrackd state on HA routers FIP disassociation

Legacy routers kill conntrackd states on FIP disassociation, so that traffic to FIPs that have been disassociated is properly dropped. This is not the case with HA routers, and this patch changes that. Change-Id: Ic962c518ce33a4936d0f1655d60d308c5e776a9b Closes-Bug: #1505700
2015-10-13 10:19:36 -04:00 · 2015-10-13 10:19:36 -04:00 · e0eeadc97e
parent 090fe71359
commit e0eeadc97e
2 changed files with 13 additions and 2 deletions
--- a/neutron/agent/l3/ha_router.py
+++ b/neutron/agent/l3/ha_router.py
@ -257,6 +257,8 @@ class HaRouter(router.RouterInfo):

    def remove_floating_ip(self, device, ip_cidr):
        self._remove_vip(ip_cidr)
+        if self.ha_state == 'master' and device.addr.list():
+            super(HaRouter, self).remove_floating_ip(device, ip_cidr)

    def internal_network_updated(self, interface_name, ip_cidrs):
        self._clear_vips(interface_name)
--- a/neutron/tests/functional/agent/test_l3_agent.py
+++ b/neutron/tests/functional/agent/test_l3_agent.py
@ -431,11 +431,17 @@ class L3AgentTestCase(L3AgentTestFramework):
    def test_ha_router_lifecycle(self):
        self._router_lifecycle(enable_ha=True)

-    def test_conntrack_disassociate_fip(self):
+    def test_conntrack_disassociate_fip_legacy_router(self):
+        self._test_conntrack_disassociate_fip(ha=False)
+
+    def test_conntrack_disassociate_fip_ha_router(self):
+        self._test_conntrack_disassociate_fip(ha=True)
+
+    def _test_conntrack_disassociate_fip(self, ha):
        '''Test that conntrack immediately drops stateful connection
           that uses floating IP once it's disassociated.
        '''
-        router_info = self.generate_router_info(enable_ha=False)
+        router_info = self.generate_router_info(enable_ha=ha)
        router = self.manage_router(self.agent, router_info)

        port = net_helpers.get_free_namespace_port(l3_constants.PROTO_NAME_TCP,
@ -462,6 +468,9 @@ class L3AgentTestCase(L3AgentTestFramework):
            self.assertEqual(
                n, len([line for line in out.strip().split('\n') if line]))

+        if ha:
+            utils.wait_until_true(lambda: router.ha_state == 'master')
+
        with self.assert_max_execution_time(100):
            assert_num_of_conntrack_rules(0)