openstack/nova
Code Issues Proposed changes

Cloudpipe tap vpn not always working

Browse Source 
Fixes bug 975043

Since Essex, all instances will have an eth0 MAC address in the range
of FA:16:3E, which is near the end of the MAC address space.

When openvpn is started, a TAP interface is created with a random
generated MAC address. Chances are high the generated MAC address is
lower in value than the eth0 MAC address. Once the tap interface is
added to the bridge interface, the bridge interface will no longer have
the eth0 MAC address, but take over the TAP MAC address. This is a
feature of the linux kernel, whereby a bridge interface will take the
MAC address with the lowest value amongst its interfaces. After the ARP
entries expire, this will result in the cloudpipe instance being no
longer reachable.

This fix, randomly generates a MAC address starting with FA:17:3E, which
is greater than FA, and will thus ensure the brige will keep the eth0 MAC
address.

Change-Id: I0bd994b6dc7a92738ed23cd62ee42a021fd394e2
This commit is contained in:
Cor Cornelisse 2012-04-06 15:54:16 +02:00
parent 5f5295b884
commit bc9f8d4fff
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nova/cloudpipe/bootscript.template
View File

@ -24,6 +24,10 @@ export VPN_IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2
export BROADCAST=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f3 | awk '{print $$1}'`
export DHCP_MASK=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f4 | awk '{print $$1}'`
export GATEWAY=`netstat -r | grep default | cut -d' ' -f10`
# Need a higher valued MAC address than eth0, to prevent the TAP MAC address
# from becoming the bridge MAC address. Since Essex eth0 MAC starts with
# FA:16:3E, we'll thus generate a MAC starting with FA:17:3E to be higher than eth0.
export RANDOM_TAP_MAC=`openssl rand -hex 8 | sed 's/\(..\)/\1:/g' | cut -b-8 | awk '{print "FA:17:3E:"$$1}'`
DHCP_LOWER=`echo $$BROADCAST | awk -F. '{print $$1"."$$2"."$$3"." $$4 - ${num_vpn} }'`
DHCP_UPPER=`echo $$BROADCAST | awk -F. '{print $$1"."$$2"."$$3"." $$4 - 1 }'`
@ -47,5 +51,6 @@ sed -i -e s/max-clients\ 1/max-clients\ 10/g server.conf
echo "push \"route ${dmz_net} ${dmz_mask} $$GATEWAY\"" >> server.conf
echo "duplicate-cn" >> server.conf
echo "crl-verify /etc/openvpn/crl.pem" >> server.conf
echo "lladdr $$RANDOM_TAP_MAC" >> server.conf
/etc/init.d/openvpn start