openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/agent/linux
History
Kevin Benton a6b2c22dce Set IPset hash type to 'net' instead of 'ip' 
The previous hash type was 'ip' and this caused a major
issue with the allowed address pairs extension since it
results in CIDRs being passed to ipset. When the hash type
is 'ip', a CIDR is completely enumerated into all of its
addresses so 10.100.0.0/16 results in ~65k entries. This
meant a single allowed_address_pairs entry could easily
exhaust an entire set.

This patch changes the hash type to 'net', which is designed
to handle a CIDRs as a single entry.

This patch also changes the names of the ipsets because
creating an ipset with different parameters will cause an
error and our ipset manager code isn't robust enough to handle
that at this time. There is another ongoing patch to fix
that but it won't be ready in time.[1]

The related bug was closed by increasing the set limit, which
did alleviate the problem. However, this change would also
address the issue because the gate tests run an allowed address
pairs extension test with the CIDR mentioned above.

1. I59e2e1c090cb95ee1bd14dbb53b6ff2c5e2713fd

Related-Bug: #1439817
Closes-Bug: #1444397
Change-Id: I8177699b157cd3eac46e2f481f47b5d966c49b07
(cherry picked from commit a38b5df5cd)
 		2015-04-16 19:13:57 -07:00
..
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
async_process.py Add full-stack tests framework 2015-03-26 20:21:40 +02:00
bridge_lib.py iptables firewall: add framework for iptables firewall functional test 2015-03-16 02:10:14 +08:00
daemon.py Allow metadata proxy to log with nobody user/group 2015-04-01 22:41:07 +02:00
dhcp.py Always run dnsmasq as root 2015-04-02 13:09:30 -07:00
external_process.py Always run dnsmasq as root 2015-04-02 13:09:30 -07:00
interface.py Support IPv6 Router 2015-03-30 13:32:46 -04:00
ip_lib.py Merge "Fix dynamic arp populate error for dvr routers" 2015-04-07 18:28:26 +00:00
ip_link_support.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
ip_monitor.py Replace keepalived notifier bash script with Python ip monitor 2015-03-18 18:59:33 -04:00
ipset_manager.py Set IPset hash type to 'net' instead of 'ip' 2015-04-16 19:13:57 -07:00
iptables_comments.py Add portsecurity extension support 2015-03-17 05:13:04 +08:00
iptables_firewall.py Fix common misspellings 2015-03-24 11:44:15 +01:00
iptables_manager.py Make floatingip reachable from the same network 2015-03-31 10:05:03 +09:00
keepalived.py Support Dual-Stack Gateway Ports on Neutron Routers 2015-03-27 23:37:58 -04:00
ovs_lib.py Add missing DeferredOVSBridge export 2015-03-26 11:15:19 -07:00
ovsdb_monitor.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
polling.py OVS agent support on Hyper-V 2015-03-25 13:48:33 -07:00
ra.py Support multiple IPv6 prefixes on internal router ports 2015-04-03 03:19:51 +00:00
utils.py Allow metadata proxy running with nobody user/group 2015-04-06 18:31:37 +02:00