[openstack-dev] Interface detach results in incorrect DHCP6 functioning on higher-index interfaces
Kevin Benton
kevin at benton.pub
Tue Sep 27 06:01:07 UTC 2016
Hi,
Sorry about the huge delay. Is this behavior still present? Did you file a
bug here? https://bugs.launchpad.net/neutron
Bugs reported via the mailing list tend to fall through the cracks.
Cheers,
Kevin Benton
On Tue, Mar 8, 2016 at 7:50 AM, Andrei Radulescu-Banu <
andrei.radulescu-banu at exfo.com> wrote:
> I'm using the latest Devstack installed as a standalone, and testing the
> interface detach functionality through the Horizon GUI. In my case, I have
> a special Linux image with DHCP and DHCPv6 enabled on all interfaces. Here
> is my config:
> - Two separate subnets, 'private', with DHCP enabled, and 'private6', with
> DHCP6 enabled
> - Interface eth0 on 'private', eth1 on 'private6', eth2 on 'private' and
> eth3 again on 'private6'
> - Initially, eth0 and eth2 acquire a DHCP address; eth1 and eth3 a DHCP6
> address. Note their MAC addresses in the display.
>
> [stack at paradise devstack]$ neutron net-show private
> +-------------------------+--------------------------------------+
> | Field | Value |
> +-------------------------+--------------------------------------+
> | admin_state_up | True |
> | availability_zone_hints | |
> | availability_zones | nova |
> | id | e63dc15c-bc65-41ef-8aaf-ca047d8f208c |
> | ipv4_address_scope | |
> | ipv6_address_scope | |
> | mtu | 1450 |
> | name | private |
> | port_security_enabled | True |
> | router:external | False |
> | shared | False |
> | status | ACTIVE |
> | subnets | 9b3df9c8-6de9-4373-a567-6b59b5312d8a |
> | tenant_id | 2876a2eb470b4ff1a8a04c960820f317 |
> +-------------------------+--------------------------------------+
> [stack at paradise devstack]$ neutron net-show private6
> +-------------------------+--------------------------------------+
> | Field | Value |
> +-------------------------+--------------------------------------+
> | admin_state_up | True |
> | availability_zone_hints | |
> | availability_zones | nova |
> | id | 67e7aa17-50e3-436a-99c9-1618683d2983 |
> | ipv4_address_scope | |
> | ipv6_address_scope | |
> | mtu | 1450 |
> | name | private6 |
> | port_security_enabled | True |
> | router:external | False |
> | shared | False |
> | status | ACTIVE |
> | subnets | a6e39a5b-7153-481c-acd0-72ac26bb6288 |
> | tenant_id | 2876a2eb470b4ff1a8a04c960820f317 |
> +-------------------------+--------------------------------------+
> [stack at paradise devstack]$ neutron subnet-show private-subnet
> +-------------------+--------------------------------------------+
> | Field | Value |
> +-------------------+--------------------------------------------+
> | allocation_pools | {"start": "10.1.0.2", "end": "10.1.0.254"} |
> | cidr | 10.1.0.0/24 |
> | dns_nameservers | |
> | enable_dhcp | True |
> | gateway_ip | 10.1.0.1 |
> | host_routes | |
> | id | 9b3df9c8-6de9-4373-a567-6b59b5312d8a |
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | private-subnet |
> | network_id | e63dc15c-bc65-41ef-8aaf-ca047d8f208c |
> | subnetpool_id | |
> | tenant_id | 2876a2eb470b4ff1a8a04c960820f317 |
> +-------------------+--------------------------------------------+
> [stack at paradise devstack]$ neutron subnet-show private-subnet6
> +-------------------+--------------------------------------------------+
> | Field | Value |
> +-------------------+--------------------------------------------------+
> | allocation_pools | {"start": "1:2:3:4::100", "end": "1:2:3:4::200"} |
> | cidr | 1:2:3:4::/64 |
> | dns_nameservers | 1:2:3:4::2 |
> | enable_dhcp | True |
> | gateway_ip | 1:2:3:4::1 |
> | host_routes | |
> | id | a6e39a5b-7153-481c-acd0-72ac26bb6288 |
> | ip_version | 6 |
> | ipv6_address_mode | dhcpv6-stateful |
> | ipv6_ra_mode | dhcpv6-stateful |
> | name | private-subnet6 |
> | network_id | 67e7aa17-50e3-436a-99c9-1618683d2983 |
> | subnetpool_id | |
> | tenant_id | 2876a2eb470b4ff1a8a04c960820f317 |
> +-------------------+--------------------------------------------------+
> [stack at paradise devstack]$ neutron port-list
> +-----------------------+------+-------------------+--------
> ---------------+
> | id | name | mac_address | fixed_ips
> |
> +-----------------------+------+-------------------+--------
> ---------------+
> | 03eeedab-d7c0-457d-b8 | | fa:16:3e:3a:15:9f | {"subnet_id":
> |
> | 99-c73c27f2c35d | | | "a6e39a5b-7153-481c-
> |
> | | | | acd0-72ac26bb6288",
> |
> | | | | "ip_address":
> |
> | | | | "1:2:3:4::1"}
> |
> | 10167b6e-e1df-441a- | | fa:16:3e:00:e8:e7 | {"subnet_id":
> |
> | 8b38-b0c3b311af01 | | | "a6e39a5b-7153-481c-
> |
> | | | | acd0-72ac26bb6288",
> |
> | | | | "ip_address":
> |
> | | | | "1:2:3:4::116"}
> |
> | 54cfcafa-218b-4939-9f | | fa:16:3e:e1:4d:bd | {"subnet_id":
> |
> | 28-e3db8f4252b8 | | | "a6e39a5b-7153-481c-
> |
> | | | | acd0-72ac26bb6288",
> |
> | | | | "ip_address":
> |
> | | | | "1:2:3:4::115"}
> |
> | 61051003-ef3c-4590-a3 | | fa:16:3e:62:80:22 | {"subnet_id": "9b3df9
> |
> | e4-7df2ebb3f561 | | | c8-6de9-4373-a567-6b5
> |
> | | | | 9b5312d8a",
> |
> | | | | "ip_address":
> |
> | | | | "10.1.0.1"}
> |
> | 9ad22299-bd0a-4c74 | | fa:16:3e:46:ed:46 | {"subnet_id": "9b3df9
> |
> | -b9aa-0809b01881c4 | | | c8-6de9-4373-a567-6b5
> |
> | | | | 9b5312d8a",
> |
> | | | | "ip_address":
> |
> | | | | "10.1.0.2"}
> |
> | c176f27a-4324-45d7 | | fa:16:3e:05:07:ad | {"subnet_id": "9b3df9
> |
> | -8d8f-7e60eb38d74e | | | c8-6de9-4373-a567-6b5
> |
> | | | | 9b5312d8a",
> |
> | | | | "ip_address":
> |
> | | | | "10.1.0.20"}
> |
> | e72c52f1-a0af-45cc- | | fa:16:3e:8f:b4:1e | {"subnet_id":
> |
> | aacb-788145e5fdf1 | | | "a6e39a5b-7153-481c-
> |
> | | | | acd0-72ac26bb6288",
> |
> | | | | "ip_address":
> |
> | | | | "1:2:3:4::100"}
> |
> | f2f7203b-bffc-4a4c- | | fa:16:3e:0b:95:f2 | {"subnet_id": "9b3df9
> |
> | 8ea8-e228d60e43fe | | | c8-6de9-4373-a567-6b5
> |
> | | | | 9b5312d8a",
> |
> | | | | "ip_address":
> |
> | | | | "10.1.0.19"}
> |
> +-----------------------+------+-------------------+--------
> ---------------+
>
> Here are my interfaces on the guest:
>
> / #ifconfig
> eth0 Link encap:Ethernet HWaddr FA:16:3E:0B:95:F2
> inet addr:10.1.0.19 Bcast:10.1.0.255 Mask:255.255.255.0
> <--- Acquired DHCP address as expected
> inet6 addr: fe80::f816:3eff:fe0b:95f2/64 Scope:Link
> UP BROADCAST RUNNING MTU:1500 Metric:1
> RX packets:154 errors:0 dropped:0 overruns:0 frame:0
> TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:17785 (17.3 KiB) TX bytes:20141 (19.6 KiB)
>
> eth1 Link encap:Ethernet HWaddr FA:16:3E:E1:4D:BD
> inet6 addr: fe80::f816:3eff:fee1:4dbd/64 Scope:Link
> inet6 addr: 1:2:3:4::115/64 Scope:Global
> <--- Acquired DHCP6 address as expected
> UP BROADCAST RUNNING MTU:1500 Metric:1
> RX packets:25 errors:0 dropped:0 overruns:0 frame:0
> TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2336 (2.2 KiB) TX bytes:14768 (14.4 KiB)
>
> eth2 Link encap:Ethernet HWaddr FA:16:3E:05:07:AD
> inet addr:10.1.0.20 Bcast:10.1.0.255 Mask:255.255.255.0
> <--- Acquired DHCP address as expected
> inet6 addr: fe80::f816:3eff:fe05:7ad/64 Scope:Link
> UP BROADCAST RUNNING MTU:1500 Metric:1
> RX packets:14 errors:0 dropped:0 overruns:0 frame:0
> TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2184 (2.1 KiB) TX bytes:2732 (2.6 KiB)
>
> eth3 Link encap:Ethernet HWaddr FA:16:3E:00:E8:E7
> inet6 addr: 1:2:3:4::116/64 Scope:Global
> <--- Acquired DHCP6 address as expected
> inet6 addr: fe80::f816:3eff:fe00:e8e7/64 Scope:Link
> UP BROADCAST RUNNING MTU:1500 Metric:1
> RX packets:18 errors:0 dropped:0 overruns:0 frame:0
> TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1870 (1.8 KiB) TX bytes:12540 (12.2 KiB)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:65536 Metric:1
> RX packets:1 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:29 (29.0 B) TX bytes:29 (29.0 B)
>
> Next, I am detaching eth1. On the guest side, a hotplug event is
> triggered, and if I read the interfaces with ifconfig, the interface eth1
> is missing - as expected, because it's been detached. Since I don't want a
> gap in the interface, the guest OS will auto-reboot itself when this
> hotplug is triggered - and upon reboot, eth2 becomes eth1, and eth3 becomes
> eth2. Here is the ifconfig after reboot:
>
> / #ifconfig
> eth0 Link encap:Ethernet HWaddr FA:16:3E:0B:95:F2
> inet addr:10.1.0.19 Bcast:10.1.0.255 Mask:255.255.255.0
> inet6 addr: fe80::f816:3eff:fe0b:95f2/64 Scope:Link
> UP BROADCAST RUNNING MTU:1500 Metric:1
> RX packets:203 errors:0 dropped:0 overruns:0 frame:0
> TX packets:209 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:23143 (22.6 KiB) TX bytes:32793 (32.0 KiB)
>
> eth1 Link encap:Ethernet HWaddr FA:16:3E:05:07:AD
> <--- MAC is correct as it matches old eth2
> inet addr:10.1.0.20 Bcast:10.1.0.255 Mask:255.255.255.0
> <--- Correct DHCP4 address is acquired
> inet6 addr: fe80::f816:3eff:fe05:7ad/64 Scope:Link
> inet6 addr: 1:2:3:4::115/64 Scope:Global
> <--- BUG: no DHCP6 address should be acquired!
> UP BROADCAST RUNNING MTU:1500 Metric:1
> RX packets:9 errors:0 dropped:0 overruns:0 frame:0
> TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1762 (1.7 KiB) TX bytes:4228 (4.1 KiB)
>
> eth2 Link encap:Ethernet HWaddr FA:16:3E:00:E8:E7
> <--- MAC is correct as it matches old eth3
> inet6 addr: fe80::f816:3eff:fe00:e8e7/64 Scope:Link
> <--- BUG: the DHCP6 address 1:2:3:4::116/64 should be acquired!
> UP BROADCAST RUNNING MTU:1500 Metric:1
> RX packets:7 errors:0 dropped:0 overruns:0 frame:0
> TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:866 (866.0 B) TX bytes:6286 (6.1 KiB)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:65536 Metric:1
> RX packets:2 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:117 (117.0 B) TX bytes:117 (117.0 B)
>
> So here is where we seem to have a bug in OpenStack. Eth1 is acquired a
> DHCP6 address it should not acquire, and Eth2 is not acquiring a DHCP6
> address it should acquire.
>
> Here are more details, captured after eth2 was detached, in the hope that
> it will help track this issue:
>
> [stack at paradise devstack]$ sudo iptables -L -n
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> neutron-openvswi-INPUT all -- 0.0.0.0/0 0.0.0.0/0
> nova-api-INPUT all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp dpt:22
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> neutron-filter-top all -- 0.0.0.0/0 0.0.0.0/0
> neutron-openvswi-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
> nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
> nova-api-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
> RELATED,ESTABLISHED
> ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> icmp-port-unreachable
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> icmp-port-unreachable
> REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
> icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> neutron-filter-top all -- 0.0.0.0/0 0.0.0.0/0
> neutron-openvswi-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
> nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0
> nova-api-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
>
> Chain neutron-filter-top (2 references)
> target prot opt source destination
> neutron-openvswi-local all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain neutron-openvswi-FORWARD (1 references)
> target prot opt source destination
> neutron-openvswi-scope all -- 0.0.0.0/0 0.0.0.0/0
> neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-out tap10167b6e-e1 --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-out tapc176f27a-43 --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-out tapf2f7203b-bf --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
> neutron-openvswi-sg-chain all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /*
> Direct traffic from the VM interface to the security group chain. */
>
> Chain neutron-openvswi-INPUT (1 references)
> target prot opt source destination
> neutron-openvswi-o10167b6e-e all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /*
> Direct incoming traffic from VM to the security group chain. */
> neutron-openvswi-oc176f27a-4 all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /* Direct
> incoming traffic from VM to the security group chain. */
> neutron-openvswi-of2f7203b-b all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /*
> Direct incoming traffic from VM to the security group chain. */
>
> Chain neutron-openvswi-OUTPUT (1 references)
> target prot opt source destination
>
> Chain neutron-openvswi-i10167b6e-e (1 references)
> target prot opt source destination
> RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN all -- 0.0.0.0/0 0.0.0.0/0 match-set
> NIPv426f35bdc-1c1d-4251-9d9b- src
> DROP all -- 0.0.0.0/0 0.0.0.0/0 state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0
> /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-ic176f27a-4 (1 references)
> target prot opt source destination
> RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN udp -- 10.1.0.2 0.0.0.0/0 udp spt:67
> udp dpt:68
> RETURN all -- 0.0.0.0/0 0.0.0.0/0 match-set
> NIPv426f35bdc-1c1d-4251-9d9b- src
> DROP all -- 0.0.0.0/0 0.0.0.0/0 state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0
> /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-if2f7203b-b (1 references)
> target prot opt source destination
> RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN udp -- 10.1.0.2 0.0.0.0/0 udp spt:67
> udp dpt:68
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp
> multiport dports 1:65535
> RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> multiport dports 1:65535
> RETURN icmp -- 0.0.0.0/0 0.0.0.0/0
> DROP all -- 0.0.0.0/0 0.0.0.0/0 state
> INVALID /* D
> rop packets that appear related to an existing connection (e.g. TCP
> ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0
> /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-local (1 references)
> target prot opt source destination
>
> Chain neutron-openvswi-o10167b6e-e (2 references)
> target prot opt source destination
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:68
> udp dpt:67 /* Allow DHCP client traffic. */
> DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67
> udp dpt:68 /* Prevent DHCP Spoofing by VM. */
> RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN all -- 0.0.0.0/0 0.0.0.0/0
> DROP all -- 0.0.0.0/0 0.0.0.0/0 state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0
> /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-oc176f27a-4 (2 references)
> target prot opt source destination
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:68
> udp dpt:67 /* Allow DHCP client traffic. */
> neutron-openvswi-sc176f27a-4 all -- 0.0.0.0/0 0.0.0.0/0
> DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67
> udp dpt:68 /* Prevent DHCP Spoofing by VM. */
> RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN all -- 0.0.0.0/0 0.0.0.0/0
> DROP all -- 0.0.0.0/0 0.0.0.0/0 state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0
> /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-of2f7203b-b (2 references)
> target prot opt source destination
> RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:68
> udp dpt:67 /* Allow DHCP client traffic. */
> neutron-openvswi-sf2f7203b-b all -- 0.0.0.0/0 0.0.0.0/0
> DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67
> udp dpt:68 /* Prevent DHCP Spoofing by VM. */
> RETURN all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED /* Direct packets associated with a known session to
> the RETURN chain. */
> RETURN all -- 0.0.0.0/0 0.0.0.0/0
> DROP all -- 0.0.0.0/0 0.0.0.0/0 state
> INVALID /* Drop packets that appear related to an existing connection (e.g.
> TCP ACK/FIN) but do not have an entry in conntrack. */
> neutron-openvswi-sg-fallback all -- 0.0.0.0/0 0.0.0.0/0
> /* Send unmatched traffic to the fallback chain. */
>
> Chain neutron-openvswi-sc176f27a-4 (1 references)
> target prot opt source destination
> RETURN all -- 10.1.0.20 0.0.0.0/0 MAC
> FA:16:3E:05:07:AD /* Allow traffic from defined IP/MAC pairs. */
> DROP all -- 0.0.0.0/0 0.0.0.0/0 /* Drop
> traffic without an IP/MAC allow rule. */
>
> Chain neutron-openvswi-scope (1 references)
> target prot opt source destination
>
> Chain neutron-openvswi-sf2f7203b-b (1 references)
> target prot opt source destination
> RETURN all -- 10.1.0.19 0.0.0.0/0 MAC
> FA:16:3E:0B:95:F2 /* Allow traffic from defined IP/MAC pairs. */
> DROP all -- 0.0.0.0/0 0.0.0.0/0 /* Drop
> traffic without an IP/MAC allow rule. */
>
> Chain neutron-openvswi-sg-chain (6 references)
> target prot opt source destination
> neutron-openvswi-i10167b6e-e all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-out tap10167b6e-e1 --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-o10167b6e-e all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tap10167b6e-e1 --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-ic176f27a-4 all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-out tapc176f27a-43 --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-oc176f27a-4 all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tapc176f27a-43 --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-if2f7203b-b all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-out tapf2f7203b-bf --physdev-is-bridged /*
> Jump to the VM specific chain. */
> neutron-openvswi-of2f7203b-b all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match --physdev-in tapf2f7203b-bf --physdev-is-bridged /*
> Jump to the VM specific chain. */
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain neutron-openvswi-sg-fallback (6 references)
> target prot opt source destination
> DROP all -- 0.0.0.0/0 0.0.0.0/0 /* Default
> drop ru
> le for unmatched traffic. */
>
> Chain nova-api-FORWARD (1 references)
> target prot opt source destination
>
> Chain nova-api-INPUT (1 references)
> target prot opt source destination
> ACCEPT tcp -- 0.0.0.0/0 10.25.100.2 tcp dpt:8775
>
> Chain nova-api-OUTPUT (1 references)
> target prot opt source destination
>
> Chain nova-api-local (1 references)
> target prot opt source destination
>
> Chain nova-filter-top (2 references)
> target prot opt source destination
> nova-api-local all -- 0.0.0.0/0 0.0.0.0/0
>
>
> [stack at paradise devstack]$ neutron port-list
> +-----------------------+------+-------------------+--------
> ---------------+
> | id | name | mac_address | fixed_ips
> |
> +-----------------------+------+-------------------+--------
> ---------------+
> | 03eeedab-d7c0-457d-b8 | | fa:16:3e:3a:15:9f | {"subnet_id":
> |
> | 99-c73c27f2c35d | | | "a6e39a5b-7153-481c-
> |
> | | | | acd0-72ac26bb6288",
> |
> | | | | "ip_address":
> |
> | | | | "1:2:3:4::1"}
> |
> | 10167b6e-e1df-441a- | | fa:16:3e:00:e8:e7 | {"subnet_id":
> |
> | 8b38-b0c3b311af01 | | | "a6e39a5b-7153-481c-
> |
> | | | | acd0-72ac26bb6288",
> |
> | | | | "ip_address":
> |
> | | | | "1:2:3:4::116"}
> |
> | 61051003-ef3c-4590-a3 | | fa:16:3e:62:80:22 | {"subnet_id": "9b3df9
> |
> | e4-7df2ebb3f561 | | | c8-6de9-4373-a567-6b5
> |
> | | | | 9b5312d8a",
> |
> | | | | "ip_address":
> |
> | | | | "10.1.0.1"}
> |
> | 9ad22299-bd0a-4c74 | | fa:16:3e:46:ed:46 | {"subnet_id": "9b3df9
> |
> | -b9aa-0809b01881c4 | | | c8-6de9-4373-a567-6b5
> |
> | | | | 9b5312d8a",
> |
> | | | | "ip_address":
> |
> | | | | "10.1.0.2"}
> |
> | c176f27a-4324-45d7 | | fa:16:3e:05:07:ad | {"subnet_id": "9b3df9
> |
> | -8d8f-7e60eb38d74e | | | c8-6de9-4373-a567-6b5
> |
> | | | | 9b5312d8a",
> |
> | | | | "ip_address":
> |
> | | | | "10.1.0.20"}
> |
> | e72c52f1-a0af-45cc- | | fa:16:3e:8f:b4:1e | {"subnet_id":
> |
> | aacb-788145e5fdf1 | | | "a6e39a5b-7153-481c-
> |
> | | | | acd0-72ac26bb6288",
> |
> | | | | "ip_address":
> |
> | | | | "1:2:3:4::100"}
> |
> | f2f7203b-bffc-4a4c- | | fa:16:3e:0b:95:f2 | {"subnet_id": "9b3df9
> |
> | 8ea8-e228d60e43fe | | | c8-6de9-4373-a567-6b5
> |
> | | | | 9b5312d8a",
> |
> | | | | "ip_address":
> |
> | | | | "10.1.0.19"}
> |
> +-----------------------+------+-------------------+--------
> ---------------+
> [stack at paradise devstack]$ ps -ef|grep dns
> stack 18932 8609 0 10:48 pts/24 00:00:00 grep --color=auto dns
> nobody 21505 1 0 Mar02 ? 00:00:00 dnsmasq --no-hosts
> --no-resolv --strict-order --except-interface=lo --pid-file=/opt/stack/data/
> neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/pid
> --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/e63dc15c-
> bc65-41ef-8aaf-ca047d8f208c/host --addn-hosts=/opt/stack/data/
> neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/addn_hosts
> --dhcp-optsfile=/opt/stack/data/neutron/dhcp/e63dc15c-
> bc65-41ef-8aaf-ca047d8f208c/opts --dhcp-leasefile=/opt/stack/
> data/neutron/dhcp/e63dc15c-bc65-41ef-8aaf-ca047d8f208c/leases
> --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap9ad22299-bd
> --dhcp-range=set:tag0,10.1.0.0,static,86400s --dhcp-option-force=option:mtu,1450
> --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
> nobody 46958 1 0 Mar03 ? 00:00:00 dnsmasq --no-hosts
> --no-resolv --strict-order --except-interface=lo --pid-file=/opt/stack/data/
> neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/pid
> --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/67e7aa17-
> 50e3-436a-99c9-1618683d2983/host --addn-hosts=/opt/stack/data/
> neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/addn_hosts
> --dhcp-optsfile=/opt/stack/data/neutron/dhcp/67e7aa17-
> 50e3-436a-99c9-1618683d2983/opts --dhcp-leasefile=/opt/stack/
> data/neutron/dhcp/67e7aa17-50e3-436a-99c9-1618683d2983/leases
> --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tape72c52f1-a0
> --dhcp-range=set:tag0,1:2:3:4::,static,64,86400s
> --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=16777216
> --conf-file= --domain=openstacklocal
> [stack at paradise devstack]$ cat /opt/stack/data/neutron/dhcp/
> e63dc15c-bc65-41ef-8aaf-ca047d8f208c/host
> fa:16:3e:46:ed:46,host-10-1-0-2.openstacklocal,10.1.0.2
> fa:16:3e:0b:95:f2,host-10-1-0-19.openstacklocal,10.1.0.19
> fa:16:3e:05:07:ad,host-10-1-0-20.openstacklocal,10.1.0.20
> [stack at paradise devstack]$ cat /opt/stack/data/neutron/dhcp/
> 67e7aa17-50e3-436a-99c9-1618683d2983/host
> fa:16:3e:8f:b4:1e,host-1-2-3-4--100.openstacklocal,[1:2:3:4::100]
> fa:16:3e:00:e8:e7,host-1-2-3-4--116.openstacklocal,[1:2:3:4::116]
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160926/dfc13fd7/attachment-0001.html>
More information about the OpenStack-dev
mailing list