Fix meter-label-rule creation
The existing method is to meter outgoing traffic from the entire VM to a specific "remote_ip_addr"(in case of outbound), but the method I suggested can meter outgoing traffic from a particular subnet to external network. From a metering point of view, it does not matter which address/CIDR is the destination for outbound. But, it is important to know where(subnet or VM) the packet leaves from. That way you can see how much VMs are using the external network. For outbound metering, dst is 0.0.0.0/0 and src is network of VMs and for inbound metering, src is 0.0.0.0/0 and dst is network of VMs. When creating a meter-label-rule, it is correct to specify src address for "remote_ip_prefix" option for outbound and specify dst address for inbound. If you are confused by the term "remote_ip_prefix", you need to clarify this option. Change-Id: Ia3f3e26410a73d7b44abae637703fda41c4bc09a Closes-Bug: #1716913
This commit is contained in:
parent
e971f0c317
commit
92db1d4a2c
|
@ -209,9 +209,9 @@ class IptablesMeteringDriver(abstract_driver.MeteringAbstractDriver):
|
||||||
def _prepare_rule(self, ext_dev, rule, label_chain):
|
def _prepare_rule(self, ext_dev, rule, label_chain):
|
||||||
remote_ip = rule['remote_ip_prefix']
|
remote_ip = rule['remote_ip_prefix']
|
||||||
if rule['direction'] == 'egress':
|
if rule['direction'] == 'egress':
|
||||||
dir_opt = '-d %s -o %s' % (remote_ip, ext_dev)
|
dir_opt = '-s %s -o %s' % (remote_ip, ext_dev)
|
||||||
else:
|
else:
|
||||||
dir_opt = '-s %s -i %s' % (remote_ip, ext_dev)
|
dir_opt = '-d %s -i %s' % (remote_ip, ext_dev)
|
||||||
|
|
||||||
if rule['excluded']:
|
if rule['excluded']:
|
||||||
ipt_rule = '%s -j RETURN' % dir_opt
|
ipt_rule = '%s -j RETURN' % dir_opt
|
||||||
|
|
|
@ -260,7 +260,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 10.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 10.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
|
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
|
||||||
|
@ -274,7 +274,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
||||||
'-d 20.0.0.0/24 -o qg-7d411f48-ec'
|
'-s 20.0.0.0/24 -o qg-7d411f48-ec'
|
||||||
' -j neutron-meter-l-eeef45da-c60',
|
' -j neutron-meter-l-eeef45da-c60',
|
||||||
wrap=False, top=False)]
|
wrap=False, top=False)]
|
||||||
|
|
||||||
|
@ -331,7 +331,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 10.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 10.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
|
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
|
||||||
|
@ -345,7 +345,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
||||||
'-s 20.0.0.0/24 -i qg-7d411f48-ec'
|
'-d 20.0.0.0/24 -i qg-7d411f48-ec'
|
||||||
' -j RETURN',
|
' -j RETURN',
|
||||||
wrap=False, top=True)]
|
wrap=False, top=True)]
|
||||||
|
|
||||||
|
@ -383,17 +383,17 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 10.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 10.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60',
|
mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-d 10.0.0.0/24 -o qg-6d411f48-ec'
|
'-s 10.0.0.0/24 -o qg-6d411f48-ec'
|
||||||
' -j RETURN',
|
' -j RETURN',
|
||||||
wrap=False, top=True),
|
wrap=False, top=True),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 20.0.0.0/24 -i qg-6d411f48-ec -j '
|
'-d 20.0.0.0/24 -i qg-6d411f48-ec -j '
|
||||||
'neutron-meter-l-c5df2fe5-c60',
|
'neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False)]
|
wrap=False, top=False)]
|
||||||
|
|
||||||
|
@ -426,17 +426,17 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 10.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 10.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 20.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 20.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60',
|
mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 10.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 10.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False)]
|
wrap=False, top=False)]
|
||||||
|
|
||||||
|
@ -449,11 +449,11 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
self.metering.add_metering_label_rule(None, new_routers_rules)
|
self.metering.add_metering_label_rule(None, new_routers_rules)
|
||||||
calls = [
|
calls = [
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 30.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 30.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
||||||
'-d 40.0.0.0/24 -o qg-7d411f48-ec'
|
'-s 40.0.0.0/24 -o qg-7d411f48-ec'
|
||||||
' -j neutron-meter-l-eeef45da-c60',
|
' -j neutron-meter-l-eeef45da-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
]
|
]
|
||||||
|
@ -480,7 +480,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-e27fe2df-376',
|
mock.call.add_rule('neutron-meter-r-e27fe2df-376',
|
||||||
'-s 50.0.0.0/24 '
|
'-d 50.0.0.0/24 '
|
||||||
'-i qg-6d411f48-ec '
|
'-i qg-6d411f48-ec '
|
||||||
'-j neutron-meter-l-e27fe2df-376',
|
'-j neutron-meter-l-e27fe2df-376',
|
||||||
top=False,
|
top=False,
|
||||||
|
@ -539,11 +539,11 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
self.metering.remove_metering_label_rule(None, new_routers_rules)
|
self.metering.remove_metering_label_rule(None, new_routers_rules)
|
||||||
calls = [
|
calls = [
|
||||||
mock.call.remove_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.remove_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 30.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 30.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.remove_rule('neutron-meter-r-eeef45da-c60',
|
mock.call.remove_rule('neutron-meter-r-eeef45da-c60',
|
||||||
'-d 40.0.0.0/24 -o qg-7d411f48-ec'
|
'-s 40.0.0.0/24 -o qg-7d411f48-ec'
|
||||||
' -j neutron-meter-l-eeef45da-c60',
|
' -j neutron-meter-l-eeef45da-c60',
|
||||||
wrap=False, top=False)
|
wrap=False, top=False)
|
||||||
]
|
]
|
||||||
|
@ -566,7 +566,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 10.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 10.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.remove_chain('neutron-meter-l-c5df2fe5-c60',
|
mock.call.remove_chain('neutron-meter-l-c5df2fe5-c60',
|
||||||
|
@ -613,7 +613,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 10.0.0.0/24 -i qg-6d411f48-ec'
|
'-d 10.0.0.0/24 -i qg-6d411f48-ec'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False),
|
wrap=False, top=False),
|
||||||
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
|
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
|
||||||
|
@ -627,7 +627,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
||||||
'-s 20.0.0.0/24 -i qg-7d411f48-ec'
|
'-d 20.0.0.0/24 -i qg-7d411f48-ec'
|
||||||
' -j RETURN',
|
' -j RETURN',
|
||||||
wrap=False, top=True),
|
wrap=False, top=True),
|
||||||
mock.call.remove_chain('neutron-meter-l-c5df2fe5-c60',
|
mock.call.remove_chain('neutron-meter-l-c5df2fe5-c60',
|
||||||
|
@ -645,7 +645,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
||||||
'',
|
'',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-s 10.0.0.0/24 -i qg-587b63c1-22'
|
'-d 10.0.0.0/24 -i qg-587b63c1-22'
|
||||||
' -j neutron-meter-l-c5df2fe5-c60',
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
wrap=False, top=False)]
|
wrap=False, top=False)]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue