[openstack-dev] Interface detach results in incorrect DHCP6 functioning on higher-index interfaces
Andrei Radulescu-Banu
andrei.radulescu-banu at exfo.com
Tue Mar 8 15:50:44 UTC 2016
I'm using the latest Devstack installed as a standalone, and testing the interface detach functionality through the Horizon GUI. In my case, I have a special Linux image with DHCP and DHCPv6 enabled on all interfaces. Here is my config:
- Two separate subnets, 'private', with DHCP enabled, and 'private6', with DHCP6 enabled
- Interface eth0 on 'private', eth1 on 'private6', eth2 on 'private' and eth3 again on 'private6'
- Initially, eth0 and eth2 acquire a DHCP address; eth1 and eth3 a DHCP6 address. Note their MAC addresses in the display.
[stack at paradise devstack]$ neutron net-show private
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | nova |
| id | e63dc15c-bc65-41ef-8aaf-ca047d8f208c |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1450 |
| name | private |
| port_security_enabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | 9b3df9c8-6de9-4373-a567-6b59b5312d8a |
| tenant_id | 2876a2eb470b4ff1a8a04c960820f317 |
+-------------------------+--------------------------------------+
[stack at paradise devstack]$ neutron net-show private6
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | nova |
| id | 67e7aa17-50e3-436a-99c9-1618683d2983 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1450 |
| name | private6 |
| port_security_enabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | a6e39a5b-7153-481c-acd0-72ac26bb6288 |
| tenant_id | 2876a2eb470b4ff1a8a04c960820f317 |
+-------------------------+--------------------------------------+
[stack at paradise devstack]$ neutron subnet-show private-subnet
+-------------------+--------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------+
| allocation_pools | {"start": "10.1.0.2", "end": "10.1.0.254"} |
| cidr | 10.1.0.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.1.0.1 |
| host_routes | |
| id | 9b3df9c8-6de9-4373-a567-6b59b5312d8a |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | private-subnet |
| network_id | e63dc15c-bc65-41ef-8aaf-ca047d8f208c |
| subnetpool_id | |
| tenant_id | 2876a2eb470b4ff1a8a04c960820f317 |
+-------------------+--------------------------------------------+
[stack at paradise devstack]$ neutron subnet-show private-subnet6
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "1:2:3:4::100", "end": "1:2:3:4::200"} |
| cidr | 1:2:3:4::/64 |
| dns_nameservers | 1:2:3:4::2 |
| enable_dhcp | True |
| gateway_ip | 1:2:3:4::1 |
| host_routes | |
| id | a6e39a5b-7153-481c-acd0-72ac26bb6288 |
| ip_version | 6 |
| ipv6_address_mode | dhcpv6-stateful |
| ipv6_ra_mode | dhcpv6-stateful |
| name | private-subnet6 |
| network_id | 67e7aa17-50e3-436a-99c9-1618683d2983 |
| subnetpool_id | |
| tenant_id | 2876a2eb470b4ff1a8a04c960820f317 |
+-------------------+--------------------------------------------------+
[stack at paradise devstack]$ neutron port-list
+-----------------------+------+-------------------+-----------------------+
| id | name | mac_address | fixed_ips |
+-----------------------+------+-------------------+-----------------------+
| 03eeedab-d7c0-457d-b8 | | fa:16:3e:3a:15:9f | {"subnet_id": |
| 99-c73c27f2c35d | | | "a6e39a5b-7153-481c- |
| | | | acd0-72ac26bb6288", |
| | | | "ip_address": |
| | | | "1:2:3:4::1"} |
| 10167b6e-e1df-441a- | | fa:16:3e:00:e8:e7 | {"subnet_id": |
| 8b38-b0c3b311af01 | | | "a6e39a5b-7153-481c- |
| | | | acd0-72ac26bb6288", |
| | | | "ip_address": |
| | | | "1:2:3:4::116"} |
| 54cfcafa-218b-4939-9f | | fa:16:3e:e1:4d:bd | {"subnet_id": |
| 28-e3db8f4252b8 | | | "a6e39a5b-7153-481c- |
| | | | acd0-72ac26bb6288", |
| | | | "ip_address": |
| | | | "1:2:3:4::115"} |
| 61051003-ef3c-4590-a3 | | fa:16:3e:62:80:22 | {"subnet_id": "9b3df9 |
| e4-7df2ebb3f561 | | | c8-6de9-4373-a567-6b5 |
| | | | 9b5312d8a", |
| | | | "ip_address": |
| | | | "10.1.0.1"} |
| 9ad22299-bd0a-4c74 | | fa:16:3e:46:ed:46 | {"subnet_id": "9b3df9 |
| -b9aa-0809b01881c4 | | | c8-6de9-4373-a567-6b5 |
| | | | 9b5312d8a", |
| | | | "ip_address": |
| | | | "10.1.0.2"} |
| c176f27a-4324-45d7 | | fa:16:3e:05:07:ad | {"subnet_id": "9b3df9 |
| -8d8f-7e60eb38d74e | | | c8-6de9-4373-a567-6b5 |
| | | | 9b5312d8a", |
| | | | "ip_address": |
| | | | "10.1.0.20"} |
| e72c52f1-a0af-45cc- | | fa:16:3e:8f:b4:1e | {"subnet_id": |
| aacb-788145e5fdf1 | | | "a6e39a5b-7153-481c- |
| | | | acd0-72ac26bb6288", |
| | | | "ip_address": |
| | | | "1:2:3:4::100"} |
| f2f7203b-bffc-4a4c- | | fa:16:3e:0b:95:f2 | {"subnet_id": "9b3df9 |
| 8ea8-e228d60e43fe | | | c8-6de9-4373-a567-6b5 |
| | | | 9b5312d8a", |
| | | | "ip_address": |
| | | | "10.1.0.19"} |
+-----------------------+------+-------------------+-----------------------+
Here are my interfaces on the guest:
/ #ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:0B:95:F2
inet addr:10.1.0.19 Bcast:10.1.0.255 Mask:255.255.255.0 <--- Acquired DHCP address as expected
inet6 addr: fe80::f816:3eff:fe0b:95f2/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:154 errors:0 dropped:0 overruns:0 frame:0
TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17785 (17.3 KiB) TX bytes:20141 (19.6 KiB)
eth1 Link encap:Ethernet HWaddr FA:16:3E:E1:4D:BD
inet6 addr: fe80::f816:3eff:fee1:4dbd/64 Scope:Link
inet6 addr: 1:2:3:4::115/64 Scope:Global <--- Acquired DHCP6 address as expected
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:25 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2336 (2.2 KiB) TX bytes:14768 (14.4 KiB)
eth2 Link encap:Ethernet HWaddr FA:16:3E:05:07:AD
inet addr:10.1.0.20 Bcast:10.1.0.255 Mask:255.255.255.0 <--- Acquired DHCP address as expected
inet6 addr: fe80::f816:3eff:fe05:7ad/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2184 (2.1 KiB) TX bytes:2732 (2.6 KiB)
eth3 Link encap:Ethernet HWaddr FA:16:3E:00:E8:E7
inet6 addr: 1:2:3:4::116/64 Scope:Global <--- Acquired DHCP6 address as expected
inet6 addr: fe80::f816:3eff:fe00:e8e7/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1870 (1.8 KiB) TX bytes:12540 (12.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29 (29.0 B) TX bytes:29 (29.0 B)
Next, I am detaching eth1. On the guest side, a hotplug event is triggered, and if I read the interfaces with ifconfig, the interface eth1 is missing - as expected, because it's been detached. Since I don't want a gap in the interface, the guest OS will auto-reboot itself when this hotplug is triggered - and upon reboot, eth2 becomes eth1, and eth3 becomes eth2. Here is the ifconfig after reboot:
/ #ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:0B:95:F2
inet addr:10.1.0.19 Bcast:10.1.0.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe0b:95f2/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:203 errors:0 dropped:0 overruns:0 frame:0
TX packets:209 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23143 (22.6 KiB) TX bytes:32793 (32.0 KiB)
eth1 Link encap:Ethernet HWaddr FA:16:3E:05:07:AD <--- MAC is correct as it matches old eth2
inet addr:10.1.0.20 Bcast:10.1.0.255 Mask:255.255.255.0 <--- Correct DHCP4 address is acquired
inet6 addr: fe80::f816:3eff:fe05:7ad/64 Scope:Link
inet6 addr: 1:2:3:4::115/64 Scope:Global <--- BUG: no DHCP6 address should be acquired!
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1762 (1.7 KiB) TX bytes:4228 (4.1 KiB)
eth2 Link encap:Ethernet HWaddr FA:16:3E:00:E8:E7 <--- MAC is correct as it matches old eth3
inet6 addr: fe80::f816:3eff:fe00:e8e7/64 Scope:Link <--- BUG: the DHCP6 address 1:2:3:4::116/64 should be acquired!
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:866 (866.0 B) TX bytes:6286 (6.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:117 (117.0 B) TX bytes:117 (117.0 B)
So here is where we seem to have a bug in OpenStack. Eth1 is acquired a DHCP6 address it should not acquire, and Eth2 is not acquiring a DHCP6 address it should acquire.
Here are more details, captured after eth2 was detached, in the hope that it will help track this issue:
[stack at paradise devstack]$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
neutron-openvswi-INPUT all -- 0.0.0.0/0 0.0.0.0/0
nova-api-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
Chain FORWARD (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- 0.0.0.0/0 0.0.0.0/0
neutron-openvswi-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
nova-api-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- 0.0.0.0/0 0.0.0.0/0
neutron-openvswi-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
nova-api-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
Chain neutron-filter-top (2 references)
target prot opt source destination
neutron-openvswi-local all -- 0.0.0.0/0 0.0.0.0/0
Chain neutron-openvswi-FORWARD (1 references)
target prot opt source destination
neutron-openvswi-scope all -- 0.0.0.0/0 0.0.0.0/0
neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out tap10167b6e-e1 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out tapc176f27a-43 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out tapf2f7203b-bf --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /* Direct traffic from the VM interface to the security group chain. */
Chain neutron-openvswi-INPUT (1 references)
target prot opt source destination
neutron-openvswi-o10167b6e-e all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */
neutron-openvswi-oc176f27a-4 all -- 0.0.0.0/0 0.0.0.0/0
PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */
neutron-openvswi-of2f7203b-b all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /* Direct incoming traffic from VM to the security group chain. */
Chain neutron-openvswi-OUTPUT (1 references)
target prot opt source destination
Chain neutron-openvswi-i10167b6e-e (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN all -- 0.0.0.0/0 0.0.0.0/0 match-set NIPv426f35bdc-1c1d-4251-9d9b- src
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0 /* Send unmatched traffic to the fallback chain. */
Chain neutron-openvswi-ic176f27a-4 (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN udp -- 10.1.0.2 0.0.0.0/0 udp spt:67 udp dpt:68
RETURN all -- 0.0.0.0/0 0.0.0.0/0 match-set NIPv426f35bdc-1c1d-4251-9d9b- src
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0 /* Send unmatched traffic to the fallback chain. */
Chain neutron-openvswi-if2f7203b-b (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN udp -- 10.1.0.2 0.0.0.0/0 udp spt:67 udp dpt:68
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp multiport dports 1:65535
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp multiport dports 1:65535
RETURN icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID /* D
rop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0 /* Send unmatched traffic to the fallback chain. */
Chain neutron-openvswi-local (1 references)
target prot opt source destination
Chain neutron-openvswi-o10167b6e-e (2 references)
target prot opt source destination
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:68 udp dpt:67 /* Allow DHCP client traffic. */
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 udp dpt:68 /* Prevent DHCP Spoofing by VM. */
RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0 /* Send unmatched traffic to the fallback chain. */
Chain neutron-openvswi-oc176f27a-4 (2 references)
target prot opt source destination
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:68 udp dpt:67 /* Allow DHCP client traffic. */
neutron-openvswi-sc176f27a-4 all -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 udp dpt:68 /* Prevent DHCP Spoofing by VM. */
RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0 /* Send unmatched traffic to the fallback chain. */
Chain neutron-openvswi-of2f7203b-b (2 references)
target prot opt source destination
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:68 udp dpt:67 /* Allow DHCP client traffic. */
neutron-openvswi-sf2f7203b-b all -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 udp dpt:68 /* Prevent DHCP Spoofing by VM. */
RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Direct packets associated with a known session to the RETURN chain. */
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID /* Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack. */
neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0 /* Send unmatched traffic to the fallback chain. */
Chain neutron-openvswi-sc176f27a-4 (1 references)
target prot opt source destination
RETURN all -- 10.1.0.20 0.0.0.0/0 MAC FA:16:3E:05:07:AD /* Allow traffic from defined IP/MAC pairs. */
DROP all -- 0.0.0.0/0 0.0.0.0/0 /* Drop traffic without an IP/MAC allow rule. */
Chain neutron-openvswi-scope (1 references)
target prot opt source destination
Chain neutron-openvswi-sf2f7203b-b (1 references)
target prot opt source destination
RETURN all -- 10.1.0.19 0.0.0.0/0 MAC FA:16:3E:0B:95:F2 /* Allow traffic from defined IP/MAC pairs. */
DROP all -- 0.0.0.0/0 0.0.0.0/0 /* Drop traffic without an IP/MAC allow rule. */
Chain neutron-openvswi-sg-chain (6 references)
target prot opt source destination
neutron-openvswi-i10167b6e-e all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out tap10167b6e-e1 --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-o10167b6e-e all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-ic176f27a-4 all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out tapc176f27a-43 --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-oc176f27a-4 all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-if2f7203b-b all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out tapf2f7203b-bf --physdev-is-bridged /* Jump to the VM specific chain. */
neutron-openvswi-of2f7203b-b all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /* Jump to the VM specific chain. */
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain neutron-openvswi-sg-fallback (6 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 /* Default drop ru
le for unmatched traffic. */
Chain nova-api-FORWARD (1 references)
target prot opt source destination
Chain nova-api-INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 10.25.100.2 tcp dpt:8775
Chain nova-api-OUTPUT (1 references)
target prot opt source destination
Chain nova-api-local (1 references)
target prot opt source destination
Chain nova-filter-top (2 references)
target prot opt source destination
nova-api-local all -- 0.0.0.0/0 0.0.0.0/0
[stack at paradise devstack]$ neutron port-list
+-----------------------+------+-------------------+-----------------------+
| id | name | mac_address | fixed_ips |
+-----------------------+------+-------------------+-----------------------+
| 03eeedab-d7c0-457d-b8 | | fa:16:3e:3a:15:9f | {"subnet_id": |
| 99-c73c27f2c35d | | | "a6e39a5b-7153-481c- |
| | | | acd0-72ac26bb6288", |
| | | | "ip_address": |
| | | | "1:2:3:4::1"} |
| 10167b6e-e1df-441a- | | fa:16:3e:00:e8:e7 | {"subnet_id": |
| 8b38-b0c3b311af01 | | | "a6e39a5b-7153-481c- |
| | | | acd0-72ac26bb6288", |
| | | | "ip_address": |
| | | | "1:2:3:4::116"} |
| 61051003-ef3c-4590-a3 | | fa:16:3e:62:80:22 | {"subnet_id": "9b3df9 |
| e4-7df2ebb3f561 | | | c8-6de9-4373-a567-6b5 |
| | | | 9b5312d8a", |
| | | | "ip_address": |
| | | | "10.1.0.1"} |
| 9ad22299-bd0a-4c74 | | fa:16:3e:46:ed:46 | {"subnet_id": "9b3df9 |
| -b9aa-0809b01881c4 | | | c8-6de9-4373-a567-6b5 |
| | | | 9b5312d8a", |
| | | | "ip_address": |
| | | | "10.1.0.2"} |
| c176f27a-4324-45d7 | | fa:16:3e:05:07:ad | {"subnet_id": "9b3df9 |
| -8d8f-7e60eb38d74e | | | c8-6de9-4373-a567-6b5 |
| | | | 9b5312d8a", |
| | | | "ip_address": |
| | | | "10.1.0.20"} |
| e72c52f1-a0af-45cc- | | fa:16:3e:8f:b4:1e | {"subnet_id": |
| aacb-788145e5fdf1 | | | "a6e39a5b-7153-481c- |
| | | | acd0-72ac26bb6288", |
| | | | "ip_address": |
| | | | "1:2:3:4::100"} |
| f2f7203b-bffc-4a4c- | | fa:16:3e:0b:95:f2 | {"subnet_id": "9b3df9 |
| 8ea8-e228d60e43fe | | | c8-6de9-4373-a567-6b5 |
| | | | 9b5312d8a", |
| | | | "ip_address": |
| | | | "10.1.0.19"} |
+-----------------------+------+-------------------+-----------------------+
[stack at paradise devstack]$ ps -ef|grep dns
stack 18932 8609 0 10:48 pts/24 00:00:00 grep --color=auto dns
nobody 21505 1 0 Mar02 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/pid --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/host --addn-hosts=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/addn_hosts --dhcp-optsfile=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/opts --dhcp-leasefile=/opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap9ad22299-bd --dhcp-range=set:tag0,10.1.0.0,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
nobody 46958 1 0 Mar03 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/pid --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/host --addn-hosts=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/addn_hosts --dhcp-optsfile=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/opts --dhcp-leasefile=/opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tape72c52f1-a0 --dhcp-range=set:tag0,1:2:3:4::,static,64,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=16777216 --conf-file= --domain=openstacklocal
[stack at paradise devstack]$ cat /opt/stack/data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/host
fa:16:3e:46:ed:46,host-10-1-0-2.openstacklocal,10.1.0.2
fa:16:3e:0b:95:f2,host-10-1-0-19.openstacklocal,10.1.0.19
fa:16:3e:05:07:ad,host-10-1-0-20.openstacklocal,10.1.0.20
[stack at paradise devstack]$ cat /opt/stack/data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/host
fa:16:3e:8f:b4:1e,host-1-2-3-4--100.openstacklocal,[1:2:3:4::100]
fa:16:3e:00:e8:e7,host-1-2-3-4--116.openstacklocal,[1:2:3:4::116]
More information about the OpenStack-dev
mailing list