When we enable metering on a given client nat rules are changed and traffic of VMs inside his network is nated

Solution In Progress - Updated -

Issue

  • Without metering enabled traffic from one VM to the other is done using VMs private network IPs. When we enable metering all traffic goes through the floating IP of the VM and acess from one internal VM to the other is also using the floating IP instead of the private IP.

  • If neutron-meter-agent is installed and enabled, and a meter-label is created, all traffic between internal networks becomes NATed, which is unexpected and potentially causes firewall/routing issues. This happens because meter-agent does not define stateless flag during iptables initialization which later during _modify_rules in agent/linux/iptables_manager.py results in moving the following rules:

before:
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom

after:
-A POSTROUTING -j neutron-postrouting-bottom
-A POSTROUTING -j neutron-l3-agent-POSTROUTING

Environment

  • Red Hat OpenStack Platform 7.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content