From e0eeadc97ee094d6dfa5f4139c1c4aa871b514d5 Mon Sep 17 00:00:00 2001 From: Assaf Muller Date: Tue, 13 Oct 2015 10:19:36 -0400 Subject: [PATCH] Kill conntrackd state on HA routers FIP disassociation Legacy routers kill conntrackd states on FIP disassociation, so that traffic to FIPs that have been disassociated is properly dropped. This is not the case with HA routers, and this patch changes that. Change-Id: Ic962c518ce33a4936d0f1655d60d308c5e776a9b Closes-Bug: #1505700 --- neutron/agent/l3/ha_router.py | 2 ++ neutron/tests/functional/agent/test_l3_agent.py | 13 +++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/neutron/agent/l3/ha_router.py b/neutron/agent/l3/ha_router.py index 55d4eebb9..b8673fabc 100644 --- a/neutron/agent/l3/ha_router.py +++ b/neutron/agent/l3/ha_router.py @@ -257,6 +257,8 @@ class HaRouter(router.RouterInfo): def remove_floating_ip(self, device, ip_cidr): self._remove_vip(ip_cidr) + if self.ha_state == 'master' and device.addr.list(): + super(HaRouter, self).remove_floating_ip(device, ip_cidr) def internal_network_updated(self, interface_name, ip_cidrs): self._clear_vips(interface_name) diff --git a/neutron/tests/functional/agent/test_l3_agent.py b/neutron/tests/functional/agent/test_l3_agent.py index 02c83a395..8be8ffe5e 100644 --- a/neutron/tests/functional/agent/test_l3_agent.py +++ b/neutron/tests/functional/agent/test_l3_agent.py @@ -431,11 +431,17 @@ class L3AgentTestCase(L3AgentTestFramework): def test_ha_router_lifecycle(self): self._router_lifecycle(enable_ha=True) - def test_conntrack_disassociate_fip(self): + def test_conntrack_disassociate_fip_legacy_router(self): + self._test_conntrack_disassociate_fip(ha=False) + + def test_conntrack_disassociate_fip_ha_router(self): + self._test_conntrack_disassociate_fip(ha=True) + + def _test_conntrack_disassociate_fip(self, ha): '''Test that conntrack immediately drops stateful connection that uses floating IP once it's disassociated. ''' - router_info = self.generate_router_info(enable_ha=False) + router_info = self.generate_router_info(enable_ha=ha) router = self.manage_router(self.agent, router_info) port = net_helpers.get_free_namespace_port(l3_constants.PROTO_NAME_TCP, @@ -462,6 +468,9 @@ class L3AgentTestCase(L3AgentTestFramework): self.assertEqual( n, len([line for line in out.strip().split('\n') if line])) + if ha: + utils.wait_until_true(lambda: router.ha_state == 'master') + with self.assert_max_execution_time(100): assert_num_of_conntrack_rules(0) -- 2.45.2