openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/tests/unit/agent/l3
History
Dmitrii Shcherbakov 0224dcfea4 Use cidr during tenant network rule deletion 
If a distributed router has interfaces on multiple tenant networks, with
'fast exit' functionality policy based rules are created in qrouter
namespace for every tenant network subnet and 'from <cidr>' is included
into an 'ip rule' command invocation.

When a port on a tenant network is deleted 'from <cidr>' part is not
included and a first rule matching specified parameters gets deleted.

For example with the following layout

ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip rule
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
80000:  from 192.168.100.0/24 lookup 16
80000:  from 192.168.200.0/24 lookup 16

and neutron l3 agent will use this command

ip netns exec qrouter-4f9ca9ef-303b-4082-abbc-e50782d9b800 ip -4 rule\
del priority 80000 table 16 type unicast

and 192.168.100.0/24 rule will get deleted even if you actually removed
a port on 192.168.200.0.

This results in an extra rule present and not cleaned up and the right
rule removed. It is only recreated if a router is disabled and enabled
again.

additional changes:

1) Floating IP rules are identified by priority only as implemented
currently - for this reason this change adds fixed_ip to the rule
removal code. Rule priorities are 32-bit values in iproute2 so,
in theory, those should be not be used to cover IPv6.

2) IP protocol information for 'from all' rules is currently
derived from link-local address IP version. The same approach
is preserved by using version-specific /0 addresses without
changing the API provided by ip_lib.

Change-Id: I0ea6dddd26e17771be223a1fbdf21792c90f3e9c
Closes-Bug: #1759956
(cherry picked from commit 81db328b2d)
 		2018-04-06 02:39:36 +00:00
..
__init__.py Move extra routes processing to router classes 2015-02-05 10:25:45 -05:00
test_agent.py Fix l3-agent crash on routers without ha_state 2018-03-30 17:55:55 +00:00
test_dvr_fip_ns.py Merge "Do not respond to ARP on IPv6-only interfaces" 2017-07-27 02:12:47 +00:00
test_dvr_local_router.py Use cidr during tenant network rule deletion 2018-04-06 02:39:36 +00:00
test_dvr_snat_ns.py DVR: properly track SNAT traffic 2017-04-07 20:25:10 +00:00
test_fip_rule_priority_allocator.py Fix some pep8 errors under l3 unit tests 2017-07-31 13:27:07 +00:00
test_ha_router.py Move check_ha_state_for_router() into notification code 2017-11-09 00:09:49 +00:00
test_item_allocator.py DVR: Create router to fip namespace connection based on gateway state 2017-04-11 15:27:48 -07:00
test_l3_agent_extension_api.py Merge "Add agent object in router info" 2017-01-10 12:03:05 +00:00
test_legacy_router.py Remove deprecated send_arp_for_ha option 2017-04-18 13:38:35 -04:00
test_link_local_allocator.py Preserve DVR FIP rule priority over Agent restarts 2015-08-12 15:52:19 -05:00
test_namespace_manager.py DVR: Clean stale snat-ns by checking its existence when agent restarts 2016-08-04 10:39:15 -07:00
test_router_info.py Agent common config 2017-03-15 09:52:18 -06:00
test_router_processing_queue.py Move check_ha_state_for_router() into notification code 2017-11-09 00:09:49 +00:00