[openstack-dev] Interface detach results in incorrect DHCP6 functioning on higher-index interfaces

Andrei Radulescu-Banu andrei.radulescu-banu at exfo.com
Tue Mar 8 15:50:44 UTC 2016


I'm using the latest Devstack installed as a standalone, and testing the interface detach functionality through the Horizon GUI. In my case, I have a special Linux image with DHCP and DHCPv6 enabled on all interfaces. Here is my config:
- Two separate subnets, 'private', with DHCP enabled, and 'private6', with DHCP6 enabled
- Interface eth0 on 'private', eth1 on 'private6', eth2 on 'private' and eth3 again on 'private6'
- Initially, eth0 and eth2 acquire a DHCP address; eth1 and eth3 a DHCP6 address. Note their MAC addresses in the display.

[stack at paradise devstack]$ neutron net-show private
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| admin_state_up          | True                                 |
| availability_zone_hints |                                      |
| availability_zones      | nova                                 |
| id                      | e63dc15c-bc65-41ef-8aaf-ca047d8f208c |
| ipv4_address_scope      |                                      |
| ipv6_address_scope      |                                      |
| mtu                     | 1450                                 |
| name                    | private                              |
| port_security_enabled   | True                                 |
| router:external         | False                                |
| shared                  | False                                |
| status                  | ACTIVE                               |
| subnets                 | 9b3df9c8-6de9-4373-a567-6b59b5312d8a |
| tenant_id               | 2876a2eb470b4ff1a8a04c960820f317     |
+-------------------------+--------------------------------------+
[stack at paradise devstack]$ neutron net-show private6
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| admin_state_up          | True                                 |
| availability_zone_hints |                                      |
| availability_zones      | nova                                 |
| id                      | 67e7aa17-50e3-436a-99c9-1618683d2983 |
| ipv4_address_scope      |                                      |
| ipv6_address_scope      |                                      |
| mtu                     | 1450                                 |
| name                    | private6                             |
| port_security_enabled   | True                                 |
| router:external         | False                                |
| shared                  | False                                |
| status                  | ACTIVE                               |
| subnets                 | a6e39a5b-7153-481c-acd0-72ac26bb6288 |
| tenant_id               | 2876a2eb470b4ff1a8a04c960820f317     |
+-------------------------+--------------------------------------+
[stack at paradise devstack]$ neutron subnet-show private-subnet
+-------------------+--------------------------------------------+
| Field             | Value                                      |
+-------------------+--------------------------------------------+
| allocation_pools  | {"start": "10.1.0.2", "end": "10.1.0.254"} |
| cidr              | 10.1.0.0/24                                |
| dns_nameservers   |                                            |
| enable_dhcp       | True                                       |
| gateway_ip        | 10.1.0.1                                   |
| host_routes       |                                            |
| id                | 9b3df9c8-6de9-4373-a567-6b59b5312d8a       |
| ip_version        | 4                                          |
| ipv6_address_mode |                                            |
| ipv6_ra_mode      |                                            |
| name              | private-subnet                             |
| network_id        | e63dc15c-bc65-41ef-8aaf-ca047d8f208c       |
| subnetpool_id     |                                            |
| tenant_id         | 2876a2eb470b4ff1a8a04c960820f317           |
+-------------------+--------------------------------------------+
[stack at paradise devstack]$ neutron subnet-show private-subnet6
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "1:2:3:4::100", "end": "1:2:3:4::200"} |
| cidr              | 1:2:3:4::/64                                     |
| dns_nameservers   | 1:2:3:4::2                                       |
| enable_dhcp       | True                                             |
| gateway_ip        | 1:2:3:4::1                                       |
| host_routes       |                                                  |
| id                | a6e39a5b-7153-481c-acd0-72ac26bb6288             |
| ip_version        | 6                                                |
| ipv6_address_mode | dhcpv6-stateful                                  |
| ipv6_ra_mode      | dhcpv6-stateful                                  |
| name              | private-subnet6                                  |
| network_id        | 67e7aa17-50e3-436a-99c9-1618683d2983             |
| subnetpool_id     |                                                  |
| tenant_id         | 2876a2eb470b4ff1a8a04c960820f317                 |
+-------------------+--------------------------------------------------+
[stack at paradise devstack]$ neutron port-list
+-----------------------+------+-------------------+-----------------------+
| id                    | name | mac_address       | fixed_ips             |
+-----------------------+------+-------------------+-----------------------+
| 03eeedab-d7c0-457d-b8 |      | fa:16:3e:3a:15:9f | {"subnet_id":         |
| 99-c73c27f2c35d       |      |                   | "a6e39a5b-7153-481c-  |
|                       |      |                   | acd0-72ac26bb6288",   |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "1:2:3:4::1"}         |
| 10167b6e-e1df-441a-   |      | fa:16:3e:00:e8:e7 | {"subnet_id":         |
| 8b38-b0c3b311af01     |      |                   | "a6e39a5b-7153-481c-  |
|                       |      |                   | acd0-72ac26bb6288",   |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "1:2:3:4::116"}       |
| 54cfcafa-218b-4939-9f |      | fa:16:3e:e1:4d:bd | {"subnet_id":         |
| 28-e3db8f4252b8       |      |                   | "a6e39a5b-7153-481c-  |
|                       |      |                   | acd0-72ac26bb6288",   |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "1:2:3:4::115"}       |
| 61051003-ef3c-4590-a3 |      | fa:16:3e:62:80:22 | {"subnet_id": "9b3df9 |
| e4-7df2ebb3f561       |      |                   | c8-6de9-4373-a567-6b5 |
|                       |      |                   | 9b5312d8a",           |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "10.1.0.1"}           |
| 9ad22299-bd0a-4c74    |      | fa:16:3e:46:ed:46 | {"subnet_id": "9b3df9 |
| -b9aa-0809b01881c4    |      |                   | c8-6de9-4373-a567-6b5 |
|                       |      |                   | 9b5312d8a",           |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "10.1.0.2"}           |
| c176f27a-4324-45d7    |      | fa:16:3e:05:07:ad | {"subnet_id": "9b3df9 |
| -8d8f-7e60eb38d74e    |      |                   | c8-6de9-4373-a567-6b5 |
|                       |      |                   | 9b5312d8a",           |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "10.1.0.20"}          |
| e72c52f1-a0af-45cc-   |      | fa:16:3e:8f:b4:1e | {"subnet_id":         |
| aacb-788145e5fdf1     |      |                   | "a6e39a5b-7153-481c-  |
|                       |      |                   | acd0-72ac26bb6288",   |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "1:2:3:4::100"}       |
| f2f7203b-bffc-4a4c-   |      | fa:16:3e:0b:95:f2 | {"subnet_id": "9b3df9 |
| 8ea8-e228d60e43fe     |      |                   | c8-6de9-4373-a567-6b5 |
|                       |      |                   | 9b5312d8a",           |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "10.1.0.19"}          |
+-----------------------+------+-------------------+-----------------------+

Here are my interfaces on the guest:

/ #ifconfig 
eth0      Link encap:Ethernet  HWaddr FA:16:3E:0B:95:F2  
          inet addr:10.1.0.19  Bcast:10.1.0.255  Mask:255.255.255.0       <--- Acquired DHCP address as expected
          inet6 addr: fe80::f816:3eff:fe0b:95f2/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:154 errors:0 dropped:0 overruns:0 frame:0
          TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:17785 (17.3 KiB)  TX bytes:20141 (19.6 KiB)

eth1      Link encap:Ethernet  HWaddr FA:16:3E:E1:4D:BD  
          inet6 addr: fe80::f816:3eff:fee1:4dbd/64 Scope:Link
          inet6 addr: 1:2:3:4::115/64 Scope:Global                         <--- Acquired DHCP6 address as expected
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:25 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2336 (2.2 KiB)  TX bytes:14768 (14.4 KiB)

eth2      Link encap:Ethernet  HWaddr FA:16:3E:05:07:AD  
          inet addr:10.1.0.20  Bcast:10.1.0.255  Mask:255.255.255.0        <--- Acquired DHCP address as expected
          inet6 addr: fe80::f816:3eff:fe05:7ad/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2184 (2.1 KiB)  TX bytes:2732 (2.6 KiB)

eth3      Link encap:Ethernet  HWaddr FA:16:3E:00:E8:E7  
          inet6 addr: 1:2:3:4::116/64 Scope:Global                         <--- Acquired DHCP6 address as expected
          inet6 addr: fe80::f816:3eff:fe00:e8e7/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1870 (1.8 KiB)  TX bytes:12540 (12.2 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:29 (29.0 B)  TX bytes:29 (29.0 B)

Next, I am detaching eth1. On the guest side, a hotplug event is triggered, and if I read the interfaces with ifconfig, the interface eth1 is missing - as expected, because it's been detached. Since I don't want a gap in the interface, the guest OS will auto-reboot itself when this hotplug is triggered - and upon reboot, eth2 becomes eth1, and eth3 becomes eth2. Here is the ifconfig after reboot:

/ #ifconfig 
eth0      Link encap:Ethernet  HWaddr FA:16:3E:0B:95:F2  
          inet addr:10.1.0.19  Bcast:10.1.0.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe0b:95f2/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:203 errors:0 dropped:0 overruns:0 frame:0
          TX packets:209 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:23143 (22.6 KiB)  TX bytes:32793 (32.0 KiB)

eth1      Link encap:Ethernet  HWaddr FA:16:3E:05:07:AD                         <--- MAC is correct as it matches old eth2
          inet addr:10.1.0.20  Bcast:10.1.0.255  Mask:255.255.255.0             <--- Correct DHCP4 address is acquired
          inet6 addr: fe80::f816:3eff:fe05:7ad/64 Scope:Link
          inet6 addr: 1:2:3:4::115/64 Scope:Global                              <--- BUG: no DHCP6 address should be acquired!
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1762 (1.7 KiB)  TX bytes:4228 (4.1 KiB)

eth2      Link encap:Ethernet  HWaddr FA:16:3E:00:E8:E7                         <--- MAC is correct as it matches old eth3
          inet6 addr: fe80::f816:3eff:fe00:e8e7/64 Scope:Link                   <--- BUG: the DHCP6 address 1:2:3:4::116/64 should be acquired!
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:866 (866.0 B)  TX bytes:6286 (6.1 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:117 (117.0 B)  TX bytes:117 (117.0 B)

So here is where we seem to have a bug in OpenStack. Eth1 is acquired a DHCP6 address it should not acquire, and Eth2 is not acquiring a DHCP6 address it should acquire.

Here are more details, captured after eth2 was detached, in the hope that it will help track this issue:

[stack at paradise devstack]$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
neutron-openvswi-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
neutron-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
neutron-openvswi-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0           
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
neutron-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
neutron-openvswi-OUTPUT  all  --  0.0.0.0/0            0.0.0.0/0           
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-OUTPUT  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68

Chain neutron-filter-top (2 references)
target     prot opt source               destination         
neutron-openvswi-local  all  --  0.0.0.0/0            0.0.0.0/0           

Chain neutron-openvswi-FORWARD (1 references)
target     prot opt source               destination         
neutron-openvswi-scope  all  --  0.0.0.0/0            0.0.0.0/0           
neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tap10167b6e-e1 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tapc176f27a-43 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tapf2f7203b-bf --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */

Chain neutron-openvswi-INPUT (1 references)
target     prot opt source               destination         
neutron-openvswi-o10167b6e-e  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */
neutron-openvswi-oc176f27a-4  all  --  0.0.0.0/0            0.0.0.0/0           
PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */
neutron-openvswi-of2f7203b-b  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */

Chain neutron-openvswi-OUTPUT (1 references)
target     prot opt source               destination         

Chain neutron-openvswi-i10167b6e-e (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            match-set NIPv426f35bdc-1c1d-4251-9d9b- src
DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-ic176f27a-4 (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN     udp  --  10.1.0.2             0.0.0.0/0            udp spt:67 udp dpt:68
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            match-set NIPv426f35bdc-1c1d-4251-9d9b- src
DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-if2f7203b-b (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN     udp  --  10.1.0.2             0.0.0.0/0            udp spt:67 udp dpt:68
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp multiport dports 1:65535
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp multiport dports 1:65535
RETURN     icmp --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID /* D
rop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-local (1 references)
target     prot opt source               destination         

Chain neutron-openvswi-o10167b6e-e (2 references)
target     prot opt source               destination         
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:68 udp dpt:67 /* Allow DHCP client traffic. */
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67 udp dpt:68 /* Prevent DHCP Spoofing by VM. */
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-oc176f27a-4 (2 references)
target     prot opt source               destination         
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:68 udp dpt:67 /* Allow DHCP client traffic. */
neutron-openvswi-sc176f27a-4  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67 udp dpt:68 /* Prevent DHCP Spoofing by VM. */
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-of2f7203b-b (2 references)
target     prot opt source               destination         
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:68 udp dpt:67 /* Allow DHCP client traffic. */
neutron-openvswi-sf2f7203b-b  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67 udp dpt:68 /* Prevent DHCP Spoofing by VM. */
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0            /* Send unmatched traffic to the fallback chain. */

Chain neutron-openvswi-sc176f27a-4 (1 references)
target     prot opt source               destination         
RETURN     all  --  10.1.0.20            0.0.0.0/0            MAC FA:16:3E:05:07:AD /* Allow traffic from defined IP/MAC pairs. */
DROP       all  --  0.0.0.0/0            0.0.0.0/0            /* Drop traffic without an IP/MAC allow rule. */

Chain neutron-openvswi-scope (1 references)
target     prot opt source               destination         

Chain neutron-openvswi-sf2f7203b-b (1 references)
target     prot opt source               destination         
RETURN     all  --  10.1.0.19            0.0.0.0/0            MAC FA:16:3E:0B:95:F2 /* Allow traffic from defined IP/MAC pairs. */
DROP       all  --  0.0.0.0/0            0.0.0.0/0            /* Drop traffic without an IP/MAC allow rule. */

Chain neutron-openvswi-sg-chain (6 references)
target     prot opt source               destination         
neutron-openvswi-i10167b6e-e  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tap10167b6e-e1 --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-o10167b6e-e  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-ic176f27a-4  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tapc176f27a-43 --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-oc176f27a-4  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-if2f7203b-b  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-out tapf2f7203b-bf --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-of2f7203b-b  all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /* Jump to the VM specific chain. */
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain neutron-openvswi-sg-fallback (6 references)
target     prot opt source               destination         
DROP       all  --  0.0.0.0/0            0.0.0.0/0            /* Default drop ru
le for unmatched traffic. */

Chain nova-api-FORWARD (1 references)
target     prot opt source               destination         

Chain nova-api-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            10.25.100.2          tcp dpt:8775

Chain nova-api-OUTPUT (1 references)
target     prot opt source               destination         

Chain nova-api-local (1 references)
target     prot opt source               destination         

Chain nova-filter-top (2 references)
target     prot opt source               destination         
nova-api-local  all  --  0.0.0.0/0            0.0.0.0/0           


[stack at paradise devstack]$ neutron port-list
+-----------------------+------+-------------------+-----------------------+
| id                    | name | mac_address       | fixed_ips             |
+-----------------------+------+-------------------+-----------------------+
| 03eeedab-d7c0-457d-b8 |      | fa:16:3e:3a:15:9f | {"subnet_id":         |
| 99-c73c27f2c35d       |      |                   | "a6e39a5b-7153-481c-  |
|                       |      |                   | acd0-72ac26bb6288",   |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "1:2:3:4::1"}         |
| 10167b6e-e1df-441a-   |      | fa:16:3e:00:e8:e7 | {"subnet_id":         |
| 8b38-b0c3b311af01     |      |                   | "a6e39a5b-7153-481c-  |
|                       |      |                   | acd0-72ac26bb6288",   |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "1:2:3:4::116"}       |
| 61051003-ef3c-4590-a3 |      | fa:16:3e:62:80:22 | {"subnet_id": "9b3df9 |
| e4-7df2ebb3f561       |      |                   | c8-6de9-4373-a567-6b5 |
|                       |      |                   | 9b5312d8a",           |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "10.1.0.1"}           |
| 9ad22299-bd0a-4c74    |      | fa:16:3e:46:ed:46 | {"subnet_id": "9b3df9 |
| -b9aa-0809b01881c4    |      |                   | c8-6de9-4373-a567-6b5 |
|                       |      |                   | 9b5312d8a",           |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "10.1.0.2"}           |
| c176f27a-4324-45d7    |      | fa:16:3e:05:07:ad | {"subnet_id": "9b3df9 |
| -8d8f-7e60eb38d74e    |      |                   | c8-6de9-4373-a567-6b5 |
|                       |      |                   | 9b5312d8a",           |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "10.1.0.20"}          |
| e72c52f1-a0af-45cc-   |      | fa:16:3e:8f:b4:1e | {"subnet_id":         |
| aacb-788145e5fdf1     |      |                   | "a6e39a5b-7153-481c-  |
|                       |      |                   | acd0-72ac26bb6288",   |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "1:2:3:4::100"}       |
| f2f7203b-bffc-4a4c-   |      | fa:16:3e:0b:95:f2 | {"subnet_id": "9b3df9 |
| 8ea8-e228d60e43fe     |      |                   | c8-6de9-4373-a567-6b5 |
|                       |      |                   | 9b5312d8a",           |
|                       |      |                   | "ip_address":         |
|                       |      |                   | "10.1.0.19"}          |
+-----------------------+------+-------------------+-----------------------+
[stack at paradise devstack]$ ps -ef|grep dns
stack    18932  8609  0 10:48 pts/24   00:00:00 grep --color=auto dns
nobody   21505     1  0 Mar02 ?        00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/pid --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/host --addn-hosts=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/addn_hosts --dhcp-optsfile=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/opts --dhcp-leasefile=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap9ad22299-bd --dhcp-range=set:tag0,10.1.0.0,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
nobody   46958     1  0 Mar03 ?        00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/pid --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/host --addn-hosts=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/addn_hosts --dhcp-optsfile=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/opts --dhcp-leasefile=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tape72c52f1-a0 --dhcp-range=set:tag0,1:2:3:4::,static,64,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=16777216 --conf-file= --domain=openstacklocal
[stack at paradise devstack]$ cat /opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/host
fa:16:3e:46:ed:46,host-10-1-0-2.openstacklocal,10.1.0.2
fa:16:3e:0b:95:f2,host-10-1-0-19.openstacklocal,10.1.0.19
fa:16:3e:05:07:ad,host-10-1-0-20.openstacklocal,10.1.0.20
[stack at paradise devstack]$ cat /opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/host
fa:16:3e:8f:b4:1e,host-1-2-3-4--100.openstacklocal,[1:2:3:4::100]
fa:16:3e:00:e8:e7,host-1-2-3-4--116.openstacklocal,[1:2:3:4::116]




More information about the OpenStack-dev mailing list