[openstack-dev] Interface detach results in incorrect DHCP6 functioning on higher-index interfaces

Kevin Benton kevin at benton.pub
Tue Sep 27 06:01:07 UTC 2016


Hi,

Sorry about the huge delay. Is this behavior still present? Did you file a
bug here? https://bugs.launchpad.net/neutron

Bugs reported via the mailing list tend to fall through the cracks.

Cheers,
Kevin Benton

On Tue, Mar 8, 2016 at 7:50 AM, Andrei Radulescu-Banu <
andrei.radulescu-banu at exfo.com> wrote:

> I'm using the latest Devstack installed as a standalone, and testing the
> interface detach functionality through the Horizon GUI. In my case, I have
> a special Linux image with DHCP and DHCPv6 enabled on all interfaces. Here
> is my config:
> - Two separate subnets, 'private', with DHCP enabled, and 'private6', with
> DHCP6 enabled
> - Interface eth0 on 'private', eth1 on 'private6', eth2 on 'private' and
> eth3 again on 'private6'
> - Initially, eth0 and eth2 acquire a DHCP address; eth1 and eth3 a DHCP6
> address. Note their MAC addresses in the display.
>
> [stack at paradise devstack]$ neutron net-show private
> +-------------------------+--------------------------------------+
> | Field                   | Value                                |
> +-------------------------+--------------------------------------+
> | admin_state_up          | True                                 |
> | availability_zone_hints |                                      |
> | availability_zones      | nova                                 |
> | id                      | e63dc15c-bc65-41ef-8aaf-ca047d8f208c |
> | ipv4_address_scope      |                                      |
> | ipv6_address_scope      |                                      |
> | mtu                     | 1450                                 |
> | name                    | private                              |
> | port_security_enabled   | True                                 |
> | router:external         | False                                |
> | shared                  | False                                |
> | status                  | ACTIVE                               |
> | subnets                 | 9b3df9c8-6de9-4373-a567-6b59b5312d8a |
> | tenant_id               | 2876a2eb470b4ff1a8a04c960820f317     |
> +-------------------------+--------------------------------------+
> [stack at paradise devstack]$ neutron net-show private6
> +-------------------------+--------------------------------------+
> | Field                   | Value                                |
> +-------------------------+--------------------------------------+
> | admin_state_up          | True                                 |
> | availability_zone_hints |                                      |
> | availability_zones      | nova                                 |
> | id                      | 67e7aa17-50e3-436a-99c9-1618683d2983 |
> | ipv4_address_scope      |                                      |
> | ipv6_address_scope      |                                      |
> | mtu                     | 1450                                 |
> | name                    | private6                             |
> | port_security_enabled   | True                                 |
> | router:external         | False                                |
> | shared                  | False                                |
> | status                  | ACTIVE                               |
> | subnets                 | a6e39a5b-7153-481c-acd0-72ac26bb6288 |
> | tenant_id               | 2876a2eb470b4ff1a8a04c960820f317     |
> +-------------------------+--------------------------------------+
> [stack at paradise devstack]$ neutron subnet-show private-subnet
> +-------------------+--------------------------------------------+
> | Field             | Value                                      |
> +-------------------+--------------------------------------------+
> | allocation_pools  | {"start": "10.1.0.2", "end": "10.1.0.254"} |
> | cidr              | 10.1.0.0/24                                |
> | dns_nameservers   |                                            |
> | enable_dhcp       | True                                       |
> | gateway_ip        | 10.1.0.1                                   |
> | host_routes       |                                            |
> | id                | 9b3df9c8-6de9-4373-a567-6b59b5312d8a       |
> | ip_version        | 4                                          |
> | ipv6_address_mode |                                            |
> | ipv6_ra_mode      |                                            |
> | name              | private-subnet                             |
> | network_id        | e63dc15c-bc65-41ef-8aaf-ca047d8f208c       |
> | subnetpool_id     |                                            |
> | tenant_id         | 2876a2eb470b4ff1a8a04c960820f317           |
> +-------------------+--------------------------------------------+
> [stack at paradise devstack]$ neutron subnet-show private-subnet6
> +-------------------+--------------------------------------------------+
> | Field             | Value                                            |
> +-------------------+--------------------------------------------------+
> | allocation_pools  | {"start": "1:2:3:4::100", "end": "1:2:3:4::200"} |
> | cidr              | 1:2:3:4::/64                                     |
> | dns_nameservers   | 1:2:3:4::2                                       |
> | enable_dhcp       | True                                             |
> | gateway_ip        | 1:2:3:4::1                                       |
> | host_routes       |                                                  |
> | id                | a6e39a5b-7153-481c-acd0-72ac26bb6288             |
> | ip_version        | 6                                                |
> | ipv6_address_mode | dhcpv6-stateful                                  |
> | ipv6_ra_mode      | dhcpv6-stateful                                  |
> | name              | private-subnet6                                  |
> | network_id        | 67e7aa17-50e3-436a-99c9-1618683d2983             |
> | subnetpool_id     |                                                  |
> | tenant_id         | 2876a2eb470b4ff1a8a04c960820f317                 |
> +-------------------+--------------------------------------------------+
> [stack at paradise devstack]$ neutron port-list
> +-----------------------+------+-------------------+--------
> ---------------+
> | id                    | name | mac_address       | fixed_ips
>  |
> +-----------------------+------+-------------------+--------
> ---------------+
> | 03eeedab-d7c0-457d-b8 |      | fa:16:3e:3a:15:9f | {"subnet_id":
>  |
> | 99-c73c27f2c35d       |      |                   | "a6e39a5b-7153-481c-
> |
> |                       |      |                   | acd0-72ac26bb6288",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "1:2:3:4::1"}
>  |
> | 10167b6e-e1df-441a-   |      | fa:16:3e:00:e8:e7 | {"subnet_id":
>  |
> | 8b38-b0c3b311af01     |      |                   | "a6e39a5b-7153-481c-
> |
> |                       |      |                   | acd0-72ac26bb6288",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "1:2:3:4::116"}
>  |
> | 54cfcafa-218b-4939-9f |      | fa:16:3e:e1:4d:bd | {"subnet_id":
>  |
> | 28-e3db8f4252b8       |      |                   | "a6e39a5b-7153-481c-
> |
> |                       |      |                   | acd0-72ac26bb6288",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "1:2:3:4::115"}
>  |
> | 61051003-ef3c-4590-a3 |      | fa:16:3e:62:80:22 | {"subnet_id": "9b3df9
> |
> | e4-7df2ebb3f561       |      |                   | c8-6de9-4373-a567-6b5
> |
> |                       |      |                   | 9b5312d8a",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "10.1.0.1"}
>  |
> | 9ad22299-bd0a-4c74    |      | fa:16:3e:46:ed:46 | {"subnet_id": "9b3df9
> |
> | -b9aa-0809b01881c4    |      |                   | c8-6de9-4373-a567-6b5
> |
> |                       |      |                   | 9b5312d8a",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "10.1.0.2"}
>  |
> | c176f27a-4324-45d7    |      | fa:16:3e:05:07:ad | {"subnet_id": "9b3df9
> |
> | -8d8f-7e60eb38d74e    |      |                   | c8-6de9-4373-a567-6b5
> |
> |                       |      |                   | 9b5312d8a",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "10.1.0.20"}
> |
> | e72c52f1-a0af-45cc-   |      | fa:16:3e:8f:b4:1e | {"subnet_id":
>  |
> | aacb-788145e5fdf1     |      |                   | "a6e39a5b-7153-481c-
> |
> |                       |      |                   | acd0-72ac26bb6288",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "1:2:3:4::100"}
>  |
> | f2f7203b-bffc-4a4c-   |      | fa:16:3e:0b:95:f2 | {"subnet_id": "9b3df9
> |
> | 8ea8-e228d60e43fe     |      |                   | c8-6de9-4373-a567-6b5
> |
> |                       |      |                   | 9b5312d8a",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "10.1.0.19"}
> |
> +-----------------------+------+-------------------+--------
> ---------------+
>
> Here are my interfaces on the guest:
>
> / #ifconfig
> eth0      Link encap:Ethernet  HWaddr FA:16:3E:0B:95:F2
>           inet addr:10.1.0.19  Bcast:10.1.0.255  Mask:255.255.255.0
>  <--- Acquired DHCP address as expected
>           inet6 addr: fe80::f816:3eff:fe0b:95f2/64 Scope:Link
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:154 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:17785 (17.3 KiB)  TX bytes:20141 (19.6 KiB)
>
> eth1      Link encap:Ethernet  HWaddr FA:16:3E:E1:4D:BD
>           inet6 addr: fe80::f816:3eff:fee1:4dbd/64 Scope:Link
>           inet6 addr: 1:2:3:4::115/64 Scope:Global
>  <--- Acquired DHCP6 address as expected
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:25 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:2336 (2.2 KiB)  TX bytes:14768 (14.4 KiB)
>
> eth2      Link encap:Ethernet  HWaddr FA:16:3E:05:07:AD
>           inet addr:10.1.0.20  Bcast:10.1.0.255  Mask:255.255.255.0
> <--- Acquired DHCP address as expected
>           inet6 addr: fe80::f816:3eff:fe05:7ad/64 Scope:Link
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:14 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:2184 (2.1 KiB)  TX bytes:2732 (2.6 KiB)
>
> eth3      Link encap:Ethernet  HWaddr FA:16:3E:00:E8:E7
>           inet6 addr: 1:2:3:4::116/64 Scope:Global
>  <--- Acquired DHCP6 address as expected
>           inet6 addr: fe80::f816:3eff:fe00:e8e7/64 Scope:Link
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:18 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:1870 (1.8 KiB)  TX bytes:12540 (12.2 KiB)
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>           RX packets:1 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:29 (29.0 B)  TX bytes:29 (29.0 B)
>
> Next, I am detaching eth1. On the guest side, a hotplug event is
> triggered, and if I read the interfaces with ifconfig, the interface eth1
> is missing - as expected, because it's been detached. Since I don't want a
> gap in the interface, the guest OS will auto-reboot itself when this
> hotplug is triggered - and upon reboot, eth2 becomes eth1, and eth3 becomes
> eth2. Here is the ifconfig after reboot:
>
> / #ifconfig
> eth0      Link encap:Ethernet  HWaddr FA:16:3E:0B:95:F2
>           inet addr:10.1.0.19  Bcast:10.1.0.255  Mask:255.255.255.0
>           inet6 addr: fe80::f816:3eff:fe0b:95f2/64 Scope:Link
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:203 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:209 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:23143 (22.6 KiB)  TX bytes:32793 (32.0 KiB)
>
> eth1      Link encap:Ethernet  HWaddr FA:16:3E:05:07:AD
>      <--- MAC is correct as it matches old eth2
>           inet addr:10.1.0.20  Bcast:10.1.0.255  Mask:255.255.255.0
>      <--- Correct DHCP4 address is acquired
>           inet6 addr: fe80::f816:3eff:fe05:7ad/64 Scope:Link
>           inet6 addr: 1:2:3:4::115/64 Scope:Global
>       <--- BUG: no DHCP6 address should be acquired!
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:9 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:1762 (1.7 KiB)  TX bytes:4228 (4.1 KiB)
>
> eth2      Link encap:Ethernet  HWaddr FA:16:3E:00:E8:E7
>      <--- MAC is correct as it matches old eth3
>           inet6 addr: fe80::f816:3eff:fe00:e8e7/64 Scope:Link
>      <--- BUG: the DHCP6 address 1:2:3:4::116/64 should be acquired!
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:7 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:866 (866.0 B)  TX bytes:6286 (6.1 KiB)
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>           RX packets:2 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:117 (117.0 B)  TX bytes:117 (117.0 B)
>
> So here is where we seem to have a bug in OpenStack. Eth1 is acquired a
> DHCP6 address it should not acquire, and Eth2 is not acquiring a DHCP6
> address it should acquire.
>
> Here are more details, captured after eth2 was detached, in the hope that
> it will help track this issue:
>
> [stack at paradise devstack]$ sudo iptables -L -n
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> neutron-openvswi-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
> nova-api-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state
> RELATED,ESTABLISHED
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW
> tcp dpt:22
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> neutron-filter-top  all  --  0.0.0.0/0            0.0.0.0/0
> neutron-openvswi-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0
> nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0
> nova-api-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate
> RELATED,ESTABLISHED
> ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
> icmp-port-unreachable
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
> icmp-port-unreachable
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
> icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> neutron-filter-top  all  --  0.0.0.0/0            0.0.0.0/0
> neutron-openvswi-OUTPUT  all  --  0.0.0.0/0            0.0.0.0/0
> nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0
> nova-api-OUTPUT  all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
>
> Chain neutron-filter-top (2 references)
> target     prot opt source               destination
> neutron-openvswi-local  all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain neutron-openvswi-FORWARD (1 references)
> target     prot opt source               destination
> neutron-openvswi-scope  all  --  0.0.0.0/0            0.0.0.0/0
> neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0
>     PHYSDEV match --physdev-out tap10167b6e-e1 --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0
>     PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0
>     PHYSDEV match --physdev-out tapc176f27a-43 --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0
>     PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0
>     PHYSDEV match --physdev-out tapf2f7203b-bf --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain  all  --  0.0.0.0/0            0.0.0.0/0
>     PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
>
> Chain neutron-openvswi-INPUT (1 references)
> target     prot opt source               destination
> neutron-openvswi-o10167b6e-e  all  --  0.0.0.0/0            0.0.0.0/0
>         PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /*
> Direct incoming traffic from VM to the security group chain. */
> neutron-openvswi-oc176f27a-4  all  --  0.0.0.0/0            0.0.0.0/0
> PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /* Direct
> incoming traffic from VM to the security group chain. */
> neutron-openvswi-of2f7203b-b  all  --  0.0.0.0/0            0.0.0.0/0
>         PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /*
> Direct incoming traffic from VM to the security group chain. */
>
> Chain neutron-openvswi-OUTPUT (1 references)
> target     prot opt source               destination
>
> Chain neutron-openvswi-i10167b6e-e (1 references)
> target     prot opt source               destination
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0            match-set
> NIPv426f35bdc-1c1d-4251-9d9b- src
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0
>         /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-ic176f27a-4 (1 references)
> target     prot opt source               destination
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN     udp  --  10.1.0.2             0.0.0.0/0            udp spt:67
> udp dpt:68
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0            match-set
> NIPv426f35bdc-1c1d-4251-9d9b- src
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0
>         /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-if2f7203b-b (1 references)
> target     prot opt source               destination
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN     udp  --  10.1.0.2             0.0.0.0/0            udp spt:67
> udp dpt:68
> RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp
> multiport dports 1:65535
> RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
> multiport dports 1:65535
> RETURN     icmp --  0.0.0.0/0            0.0.0.0/0
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            state
> INVALID /* D
> rop packets that appear related to an existing connection (e.g. TCP
> ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0
>         /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-local (1 references)
> target     prot opt source               destination
>
> Chain neutron-openvswi-o10167b6e-e (2 references)
> target     prot opt source               destination
> RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:68
> udp dpt:67 /* Allow DHCP client traffic. */
> DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67
> udp dpt:68 /* Prevent DHCP Spoofing by VM. */
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0
>         /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-oc176f27a-4 (2 references)
> target     prot opt source               destination
> RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:68
> udp dpt:67 /* Allow DHCP client traffic. */
> neutron-openvswi-sc176f27a-4  all  --  0.0.0.0/0            0.0.0.0/0
> DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67
> udp dpt:68 /* Prevent DHCP Spoofing by VM. */
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0
>         /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-of2f7203b-b (2 references)
> target     prot opt source               destination
> RETURN     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:68
> udp dpt:67 /* Allow DHCP client traffic. */
> neutron-openvswi-sf2f7203b-b  all  --  0.0.0.0/0            0.0.0.0/0
> DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:67
> udp dpt:68 /* Prevent DHCP Spoofing by VM. */
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0            state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN     all  --  0.0.0.0/0            0.0.0.0/0
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback  all  --  0.0.0.0/0            0.0.0.0/0
>         /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-sc176f27a-4 (1 references)
> target     prot opt source               destination
> RETURN     all  --  10.1.0.20            0.0.0.0/0            MAC
> FA:16:3E:05:07:AD /* Allow traffic from defined IP/MAC pairs. */
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            /* Drop
> traffic without an IP/MAC allow rule. */
>
> Chain neutron-openvswi-scope (1 references)
> target     prot opt source               destination
>
> Chain neutron-openvswi-sf2f7203b-b (1 references)
> target     prot opt source               destination
> RETURN     all  --  10.1.0.19            0.0.0.0/0            MAC
> FA:16:3E:0B:95:F2 /* Allow traffic from defined IP/MAC pairs. */
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            /* Drop
> traffic without an IP/MAC allow rule. */
>
> Chain neutron-openvswi-sg-chain (6 references)
> target     prot opt source               destination
> neutron-openvswi-i10167b6e-e  all  --  0.0.0.0/0            0.0.0.0/0
>         PHYSDEV match --physdev-out tap10167b6e-e1 --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-o10167b6e-e  all  --  0.0.0.0/0            0.0.0.0/0
>         PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-ic176f27a-4  all  --  0.0.0.0/0            0.0.0.0/0
>         PHYSDEV match --physdev-out tapc176f27a-43 --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-oc176f27a-4  all  --  0.0.0.0/0            0.0.0.0/0
>         PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-if2f7203b-b  all  --  0.0.0.0/0            0.0.0.0/0
>         PHYSDEV match --physdev-out tapf2f7203b-bf --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-of2f7203b-b  all  --  0.0.0.0/0            0.0.0.0/0
>         PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /*
> Jump to the VM specific chain. */
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain neutron-openvswi-sg-fallback (6 references)
> target     prot opt source               destination
> DROP       all  --  0.0.0.0/0            0.0.0.0/0            /* Default
> drop ru
> le for unmatched traffic. */
>
> Chain nova-api-FORWARD (1 references)
> target     prot opt source               destination
>
> Chain nova-api-INPUT (1 references)
> target     prot opt source               destination
> ACCEPT     tcp  --  0.0.0.0/0            10.25.100.2          tcp dpt:8775
>
> Chain nova-api-OUTPUT (1 references)
> target     prot opt source               destination
>
> Chain nova-api-local (1 references)
> target     prot opt source               destination
>
> Chain nova-filter-top (2 references)
> target     prot opt source               destination
> nova-api-local  all  --  0.0.0.0/0            0.0.0.0/0
>
>
> [stack at paradise devstack]$ neutron port-list
> +-----------------------+------+-------------------+--------
> ---------------+
> | id                    | name | mac_address       | fixed_ips
>  |
> +-----------------------+------+-------------------+--------
> ---------------+
> | 03eeedab-d7c0-457d-b8 |      | fa:16:3e:3a:15:9f | {"subnet_id":
>  |
> | 99-c73c27f2c35d       |      |                   | "a6e39a5b-7153-481c-
> |
> |                       |      |                   | acd0-72ac26bb6288",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "1:2:3:4::1"}
>  |
> | 10167b6e-e1df-441a-   |      | fa:16:3e:00:e8:e7 | {"subnet_id":
>  |
> | 8b38-b0c3b311af01     |      |                   | "a6e39a5b-7153-481c-
> |
> |                       |      |                   | acd0-72ac26bb6288",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "1:2:3:4::116"}
>  |
> | 61051003-ef3c-4590-a3 |      | fa:16:3e:62:80:22 | {"subnet_id": "9b3df9
> |
> | e4-7df2ebb3f561       |      |                   | c8-6de9-4373-a567-6b5
> |
> |                       |      |                   | 9b5312d8a",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "10.1.0.1"}
>  |
> | 9ad22299-bd0a-4c74    |      | fa:16:3e:46:ed:46 | {"subnet_id": "9b3df9
> |
> | -b9aa-0809b01881c4    |      |                   | c8-6de9-4373-a567-6b5
> |
> |                       |      |                   | 9b5312d8a",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "10.1.0.2"}
>  |
> | c176f27a-4324-45d7    |      | fa:16:3e:05:07:ad | {"subnet_id": "9b3df9
> |
> | -8d8f-7e60eb38d74e    |      |                   | c8-6de9-4373-a567-6b5
> |
> |                       |      |                   | 9b5312d8a",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "10.1.0.20"}
> |
> | e72c52f1-a0af-45cc-   |      | fa:16:3e:8f:b4:1e | {"subnet_id":
>  |
> | aacb-788145e5fdf1     |      |                   | "a6e39a5b-7153-481c-
> |
> |                       |      |                   | acd0-72ac26bb6288",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "1:2:3:4::100"}
>  |
> | f2f7203b-bffc-4a4c-   |      | fa:16:3e:0b:95:f2 | {"subnet_id": "9b3df9
> |
> | 8ea8-e228d60e43fe     |      |                   | c8-6de9-4373-a567-6b5
> |
> |                       |      |                   | 9b5312d8a",
>  |
> |                       |      |                   | "ip_address":
>  |
> |                       |      |                   | "10.1.0.19"}
> |
> +-----------------------+------+-------------------+--------
> ---------------+
> [stack at paradise devstack]$ ps -ef|grep dns
> stack    18932  8609  0 10:48 pts/24   00:00:00 grep --color=auto dns
> nobody   21505     1  0 Mar02 ?        00:00:00 dnsmasq --no-hosts
> --no-resolv --strict-order --except-interface=lo --pid-file=/opt/stack/data/
> neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/pid
> --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/e63dc15c-
> bc65-41ef-8aaf-ca047d8f208c/host --addn-hosts=/opt/stack/data/
> neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/addn_hosts
> --dhcp-optsfile=/opt/stack/data/neutron/dhcp/e63dc15c-
> bc65-41ef-8aaf-ca047d8f208c/opts --dhcp-leasefile=/opt/stack/
> data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/leases
> --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap9ad22299-bd
> --dhcp-range=set:tag0,10.1.0.0,static,86400s --dhcp-option-force=option:mtu,1450
> --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
> nobody   46958     1  0 Mar03 ?        00:00:00 dnsmasq --no-hosts
> --no-resolv --strict-order --except-interface=lo --pid-file=/opt/stack/data/
> neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/pid
> --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/67e7aa17-
> 50e3-436a-99c9-1618683d2983/host --addn-hosts=/opt/stack/data/
> neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/addn_hosts
> --dhcp-optsfile=/opt/stack/data/neutron/dhcp/67e7aa17-
> 50e3-436a-99c9-1618683d2983/opts --dhcp-leasefile=/opt/stack/
> data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/leases
> --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tape72c52f1-a0
> --dhcp-range=set:tag0,1:2:3:4::,static,64,86400s
> --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=16777216
> --conf-file= --domain=openstacklocal
> [stack at paradise devstack]$ cat /opt/stack/data/neutron/dhcp/
> e63dc15c-bc65-41ef-8aaf-ca047d8f208c/host
> fa:16:3e:46:ed:46,host-10-1-0-2.openstacklocal,10.1.0.2
> fa:16:3e:0b:95:f2,host-10-1-0-19.openstacklocal,10.1.0.19
> fa:16:3e:05:07:ad,host-10-1-0-20.openstacklocal,10.1.0.20
> [stack at paradise devstack]$ cat /opt/stack/data/neutron/dhcp/
> 67e7aa17-50e3-436a-99c9-1618683d2983/host
> fa:16:3e:8f:b4:1e,host-1-2-3-4--100.openstacklocal,[1:2:3:4::100]
> fa:16:3e:00:e8:e7,host-1-2-3-4--116.openstacklocal,[1:2:3:4::116]
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160926/dfc13fd7/attachment-0001.html>


More information about the OpenStack-dev mailing list