[SRU] dnsmasq fails at leasing issues when using vlan mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dnsmasq (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Won't Fix
|
High
|
Unassigned |
Bug Description
** Issue **
There is an issue with the way nova uses dnsmasq in VLAN mode. It starts
up a single copy of dnsmasq for each vlan on the network host (or on
every host in multi_host mode). The problem is in the way that dnsmasq
binds to an ip address and port[2]. Both copies can respond to broadcast
packet, but unicast packets can only be answered by one of the copies.
In nova this means that guests from only one project will get responses
to their unicast dhcp renew requests. Unicast projects from guests in
other projects get ignored. What happens next is different depending on
the guest os. Linux generally will send a broadcast packet out after
the unicast fails, and so the only effect is a small (tens of ms) hiccup
while interface is reconfigured. It can be much worse than that,
however. I have seen cases where Windows just gives up and ends up with
a non-configured interface.
This bug was first noticed by some users of openstack who rolled their
own fix. Basically, on linux, if you set the SO_BINDTODEVICE socket
option, it will allow different daemons to share the port and respond to
unicast packets, as long as they listen on different interfaces. I
managed to communicate with Simon Kelley, the maintainer of dnsmasq and
he has integrated a fix[3] for the issue in the current version[1] of
dnsmaq.
** Development Fix **
This has been fixed in quantal with the newer version of dnmasq.
** Stable Fix **
I have backported the patch which fixes this issue, I have attached the debdiff and the buildlog.
** Test Case **
1. Install openstack with vlan mode.
2. Watch instances loose their IP addresses.
** Regression Potential **
Minimal, most installations dont use this type of networking.
Changed in dnsmasq (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in dnsmasq (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04.1 |
Changed in dnsmasq (Ubuntu Precise): | |
assignee: | nobody → Stéphane Graber (stgraber) |
Changed in dnsmasq (Ubuntu Precise): | |
milestone: | ubuntu-12.04.1 → precise-updates |
Changed in dnsmasq (Ubuntu Precise): | |
importance: | Medium → High |
Changed in dnsmasq (Ubuntu Precise): | |
assignee: | Jorge Niedbalski (niedbalski) → nobody |
this looks like something we should pull in.
Since Ubuntu has unmodified debian package, and debian maintainer is upstream maintainer, we should probably let the quantal package get synced from debian. Then, we can patch the 12.04 Ubuntu version in an SRU.
@Simon,
If you're reading this, do you have plans for a 2.6.2 release and subsequent 2.6.2-1 upload soon?