)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"268c6368b802028877a3c59907bd528b3904c6c1","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Spec for distributed datapath for metadata"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Closes-Bug: #1933222"},{"line_number":10,"context_line":"Change-Id: Ice457e4ead492d3d128017a1bb551d482658ade5"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"6e76d19b_7432a44c","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":6},"updated":"2021-11-11 13:33:01.000000000","message":"Nit: related-bug","commit_id":"97f904256d117d05d04da529904e14b6058aed2e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"b453a181e29f271ce8fff48aca3087c6cbd9b4ba","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Spec for distributed datapath for metadata"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Closes-Bug: #1933222"},{"line_number":10,"context_line":"Change-Id: Ice457e4ead492d3d128017a1bb551d482658ade5"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"8b1e518f_7a5f6af4","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":6},"in_reply_to":"6e76d19b_7432a44c","updated":"2021-11-12 03:01:56.000000000","message":"Done","commit_id":"97f904256d117d05d04da529904e14b6058aed2e"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"b949642efda7431ede2a94344bdbfeea8642f8a4","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Spec for distributed datapath for metadata"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Related-Bug: #1933222"},{"line_number":10,"context_line":"Change-Id: Ice457e4ead492d3d128017a1bb551d482658ade5"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":9,"id":"8d46aa8c_45bf9be9","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":7},"updated":"2022-02-08 10:01:42.000000000","message":"Partial?","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Spec for distributed datapath for metadata"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Related-Bug: #1933222"},{"line_number":10,"context_line":"Change-Id: Ice457e4ead492d3d128017a1bb551d482658ade5"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":9,"id":"5a9c85b7_d8bed615","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":7},"in_reply_to":"3e7c266c_da3c5f61","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"b0be291fad979a129fc680341b786dc5007a4e0c","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Spec for distributed datapath for metadata"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Related-Bug: #1933222"},{"line_number":10,"context_line":"Change-Id: Ice457e4ead492d3d128017a1bb551d482658ade5"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":9,"id":"a4ecfff4_38121c1e","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":7},"in_reply_to":"5a9c85b7_d8bed615","updated":"2022-02-09 15:03:11.000000000","message":"As I read it, \"Related\" sounds more like indirectly/barely related patch; \"Partial\" however is more like an explicit step towards fixing the bug (or adding a feature for RFE bugs), but maybe it\u0027s just me. Anyway just a nit","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"e31d513f03b856bddeaa317db4321764bc252ecf","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Spec for distributed datapath for metadata"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Related-Bug: #1933222"},{"line_number":10,"context_line":"Change-Id: Ice457e4ead492d3d128017a1bb551d482658ade5"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":9,"id":"f0ecb294_8ba8b113","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":7},"in_reply_to":"8d46aa8c_45bf9be9","updated":"2022-02-09 13:43:41.000000000","message":"+1","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3735c9aa837732cd1d2d5546bdff94a116c0ecc2","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Spec for distributed datapath for metadata"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Related-Bug: #1933222"},{"line_number":10,"context_line":"Change-Id: Ice457e4ead492d3d128017a1bb551d482658ade5"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":9,"id":"3e7c266c_da3c5f61","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":7},"in_reply_to":"f0ecb294_8ba8b113","updated":"2022-02-09 14:24:30.000000000","message":"But we had many spec get merged with \"related\". This is not the code implementation, so \"Partial\" seems not a good choice? Anyway, I\u0027m fine with all cases. Just get confused about the standard of this prefix.\n\nhttps://review.opendev.org/c/openstack/neutron-specs/+/767337\nhttps://review.opendev.org/c/openstack/neutron-specs/+/815994\nhttps://review.opendev.org/c/openstack/neutron-specs/+/779511","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"6796545d_9fbfda74","updated":"2021-11-03 15:07:55.000000000","message":"Overall it makes sense to me. A few notes and small questions of clarification.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"268c6368b802028877a3c59907bd528b3904c6c1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"43b04232_708ff517","updated":"2021-11-11 13:33:01.000000000","message":"Really good idea.\nsoft -1 for the config section, but that is more a question","commit_id":"97f904256d117d05d04da529904e14b6058aed2e"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"e31d513f03b856bddeaa317db4321764bc252ecf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"3d580ce1_174cfcfe","updated":"2022-02-09 13:43:41.000000000","message":"I am generally fine with it, please check the earlier comments and close them or fix/change the text accordingly","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"3debe7defd0a558d86b1f94ba92eff30a0397e82","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"08a915c8_d11bc3f6","updated":"2022-02-10 17:31:31.000000000","message":"thanks","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1d7900910ab9a1d30e47c8149ae147f990b8fb90","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"fdfb2b81_809dcca8","in_reply_to":"3d580ce1_174cfcfe","updated":"2022-02-09 14:26:57.000000000","message":"How to close the unresolved comments?\n\nAfter some recheck, seems all comments are addressed.","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"}],"specs/xena/distributed-metadata-data-path.rst":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"4126e3509eabbfa36d2910ad5f60bbe4d62bac20","unresolved":true,"context_lines":[{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services uri."},{"line_number":89,"context_line":"* ``provider_cidr`` will be used as the IP range to generate the VM\u0027s metadata IP."},{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s metadata MAC."},{"line_number":92,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"75658847_eab66c06","line":89,"updated":"2021-09-29 07:20:09.000000000","message":"what if the same range will be user by some user in their private network?","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"32b7d683487772c7eaf8cc246e28be9411359f10","unresolved":true,"context_lines":[{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services uri."},{"line_number":89,"context_line":"* ``provider_cidr`` will be used as the IP range to generate the VM\u0027s metadata IP."},{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s metadata MAC."},{"line_number":92,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"d7c00f3a_3deae18c","line":89,"in_reply_to":"75658847_eab66c06","updated":"2021-09-29 15:27:06.000000000","message":"It\u0027s a common case, what if user set private subnet with external network. A simple answer, we just do not let it happen. Cloud operators needs to restrict such case. Typically cloud prividers will limit tenant subnet IP range to \"IPv4 Private Address Space\". So usually, we chose a subnet of this 100.64.0.0/10 [1] for it in a data center.\n\n[1] https://datatracker.ietf.org/doc/html/rfc6598","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services uri."},{"line_number":89,"context_line":"* ``provider_cidr`` will be used as the IP range to generate the VM\u0027s metadata IP."},{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s metadata MAC."},{"line_number":92,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"6dd8798c_46ea6c89","line":89,"in_reply_to":"d7c00f3a_3deae18c","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"4126e3509eabbfa36d2910ad5f60bbe4d62bac20","unresolved":true,"context_lines":[{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services uri."},{"line_number":89,"context_line":"* ``provider_cidr`` will be used as the IP range to generate the VM\u0027s metadata IP."},{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s metadata MAC."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"Meatadata data piplines"}],"source_content_type":"text/x-rst","patch_set":2,"id":"c8b63947_fa205794","line":90,"updated":"2021-09-29 07:20:09.000000000","message":"same question here: what if user will use that vlan id in their provider network?","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services uri."},{"line_number":89,"context_line":"* ``provider_cidr`` will be used as the IP range to generate the VM\u0027s metadata IP."},{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s metadata MAC."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"Meatadata data piplines"}],"source_content_type":"text/x-rst","patch_set":2,"id":"81d8877d_70db6c04","line":90,"in_reply_to":"459e723b_ed4a011e","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"32b7d683487772c7eaf8cc246e28be9411359f10","unresolved":true,"context_lines":[{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services uri."},{"line_number":89,"context_line":"* ``provider_cidr`` will be used as the IP range to generate the VM\u0027s metadata IP."},{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s metadata MAC."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"Meatadata data piplines"}],"source_content_type":"text/x-rst","patch_set":2,"id":"459e723b_ed4a011e","line":90,"in_reply_to":"c8b63947_fa205794","updated":"2021-09-29 15:27:06.000000000","message":"Tenant traffic will not be send to this bridge, so it\u0027s ok to override with any provider vlan IDs.","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"4126e3509eabbfa36d2910ad5f60bbe4d62bac20","unresolved":true,"context_lines":[{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s metadata MAC."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"Meatadata data piplines"},{"line_number":94,"context_line":"***********************"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"TCP Egress"}],"source_content_type":"text/x-rst","patch_set":2,"id":"2bd83b9e_20fd784a","line":93,"range":{"start_line":93,"start_character":0,"end_line":93,"end_character":9},"updated":"2021-09-29 07:20:09.000000000","message":"nit: Metadata","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"1d7900910ab9a1d30e47c8149ae147f990b8fb90","unresolved":false,"context_lines":[{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s metadata MAC."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"Meatadata data piplines"},{"line_number":94,"context_line":"***********************"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"TCP Egress"}],"source_content_type":"text/x-rst","patch_set":2,"id":"ca733873_fbf16f36","line":93,"range":{"start_line":93,"start_character":0,"end_line":93,"end_character":9},"in_reply_to":"2bd83b9e_20fd784a","updated":"2022-02-09 14:26:57.000000000","message":"Done","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"4126e3509eabbfa36d2910ad5f60bbe4d62bac20","unresolved":true,"context_lines":[{"line_number":104,"context_line":"  ┌─────────────┐    TCP   ┌───────────────────────────────────┐    TCP   ┌─────────────────────────────────────────────┐ TCP  ┌────────────────────────┐     TCP     ┌────────────────────────┐"},{"line_number":105,"context_line":"  │             ├──────────►             Br-int                ├──────────►                   Br-meta                   ├──────►        tap-Meta        ├─────────────►        Haproxy         │"},{"line_number":106,"context_line":"  │     VM      │          │ From VM port + 169.254.169.254:80 │          │   Source (VM MAC + IP --\u003e Meta MAC + IP)    │      │  Meta Gateway MAC + IP │             │   Match Meta MAC + IP  │"},{"line_number":107,"context_line":"  │             │          │          add local vlan           │          │  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  │      │       Listened by      │             │     Add Http header    │"},{"line_number":108,"context_line":"  │             │          │           to Br-meta              │          │                 to tap-Meta                 │      │        Haproxy         │             │  to Nova-Metadata-API  │"},{"line_number":109,"context_line":"  └─────────────┘          └───────────────────────────────────┘          └─────────────────────────────────────────────┘      └────────────────────────┘             └────────────────────────┘"},{"line_number":110,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"04ce1e64_d302cf7f","line":107,"range":{"start_line":107,"start_character":83,"end_line":107,"end_character":91},"updated":"2021-09-29 07:20:09.000000000","message":"what MAC+IP it is? VM or Meta? Or something else?","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"32b7d683487772c7eaf8cc246e28be9411359f10","unresolved":true,"context_lines":[{"line_number":104,"context_line":"  ┌─────────────┐    TCP   ┌───────────────────────────────────┐    TCP   ┌─────────────────────────────────────────────┐ TCP  ┌────────────────────────┐     TCP     ┌────────────────────────┐"},{"line_number":105,"context_line":"  │             ├──────────►             Br-int                ├──────────►                   Br-meta                   ├──────►        tap-Meta        ├─────────────►        Haproxy         │"},{"line_number":106,"context_line":"  │     VM      │          │ From VM port + 169.254.169.254:80 │          │   Source (VM MAC + IP --\u003e Meta MAC + IP)    │      │  Meta Gateway MAC + IP │             │   Match Meta MAC + IP  │"},{"line_number":107,"context_line":"  │             │          │          add local vlan           │          │  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  │      │       Listened by      │             │     Add Http header    │"},{"line_number":108,"context_line":"  │             │          │           to Br-meta              │          │                 to tap-Meta                 │      │        Haproxy         │             │  to Nova-Metadata-API  │"},{"line_number":109,"context_line":"  └─────────────┘          └───────────────────────────────────┘          └─────────────────────────────────────────────┘      └────────────────────────┘             └────────────────────────┘"},{"line_number":110,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"63a8c997_48998d61","line":107,"range":{"start_line":107,"start_character":83,"end_line":107,"end_character":91},"in_reply_to":"04ce1e64_d302cf7f","updated":"2021-09-29 15:27:06.000000000","message":"When your VM trying to access 169.254.169.254:80, what should the dest MAC + IP be?\nThe dest IP is clear, it is 169.254.169.254. The complicated case is the dest MAC.\nWe have three scenarios:\na. if your VM has only one default route which point to gateway, so this mac should be gateway MAC.\n\nb. if your VM has a route which directly point to 169.254.169.254 (for instance, to 169.254.169.254 via 192.168.1.2 (the dhcp port IP), normally, this is set by original DHCP-agent and metadata mechanism), so some ARP responder(s) will be added for such DHCP port IPs, in case of upgrading. A fake mac will be responded for these DHCP port IPs.\n\nc. if your VM has a link route which is telling us 169.254.169.254 is directly reachable. So an ARP responder for 169.254.169.254 will be added. So the dest MAC will be a fake one as well.","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":104,"context_line":"  ┌─────────────┐    TCP   ┌───────────────────────────────────┐    TCP   ┌─────────────────────────────────────────────┐ TCP  ┌────────────────────────┐     TCP     ┌────────────────────────┐"},{"line_number":105,"context_line":"  │             ├──────────►             Br-int                ├──────────►                   Br-meta                   ├──────►        tap-Meta        ├─────────────►        Haproxy         │"},{"line_number":106,"context_line":"  │     VM      │          │ From VM port + 169.254.169.254:80 │          │   Source (VM MAC + IP --\u003e Meta MAC + IP)    │      │  Meta Gateway MAC + IP │             │   Match Meta MAC + IP  │"},{"line_number":107,"context_line":"  │             │          │          add local vlan           │          │  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  │      │       Listened by      │             │     Add Http header    │"},{"line_number":108,"context_line":"  │             │          │           to Br-meta              │          │                 to tap-Meta                 │      │        Haproxy         │             │  to Nova-Metadata-API  │"},{"line_number":109,"context_line":"  └─────────────┘          └───────────────────────────────────┘          └─────────────────────────────────────────────┘      └────────────────────────┘             └────────────────────────┘"},{"line_number":110,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"8cbfd00b_da50ca5a","line":107,"range":{"start_line":107,"start_character":83,"end_line":107,"end_character":91},"in_reply_to":"63a8c997_48998d61","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"4126e3509eabbfa36d2910ad5f60bbe4d62bac20","unresolved":true,"context_lines":[{"line_number":116,"context_line":"  Match: ip,in_port\u003d\u003cof_vm1\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":117,"context_line":"  Match: ip,in_port\u003d\u003cof_vm2\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:2,output:\"To_br_meta\""},{"line_number":118,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":119,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:4,output:\"To_br_meta\""},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"Flows on br-meta:"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"addf50f4_0873014a","line":119,"range":{"start_line":119,"start_character":75,"end_line":119,"end_character":76},"updated":"2021-09-29 07:20:09.000000000","message":"what are those vlan_ids exactly? The same lvid used for all other traffic for the port or something else?","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":116,"context_line":"  Match: ip,in_port\u003d\u003cof_vm1\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":117,"context_line":"  Match: ip,in_port\u003d\u003cof_vm2\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:2,output:\"To_br_meta\""},{"line_number":118,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":119,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:4,output:\"To_br_meta\""},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"Flows on br-meta:"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"cf03193b_51c2d808","line":119,"range":{"start_line":119,"start_character":75,"end_line":119,"end_character":76},"in_reply_to":"22263fc1_2e7ecc44","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"32b7d683487772c7eaf8cc246e28be9411359f10","unresolved":true,"context_lines":[{"line_number":116,"context_line":"  Match: ip,in_port\u003d\u003cof_vm1\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":117,"context_line":"  Match: ip,in_port\u003d\u003cof_vm2\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:2,output:\"To_br_meta\""},{"line_number":118,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":119,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:4,output:\"To_br_meta\""},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"Flows on br-meta:"},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"22263fc1_2e7ecc44","line":119,"range":{"start_line":119,"start_character":75,"end_line":119,"end_character":76},"in_reply_to":"addf50f4_0873014a","updated":"2021-09-29 15:27:06.000000000","message":"It s local vlan. See the 2nd box of Br-int above.","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"4126e3509eabbfa36d2910ad5f60bbe4d62bac20","unresolved":true,"context_lines":[{"line_number":129,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_1\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:11,mod_nw_src:100.100.0.10, resubmit(,87)"},{"line_number":130,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_2\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.2.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:22,mod_nw_src:100.100.0.11, resubmit(,87)"},{"line_number":131,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_3\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.20 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:33,mod_nw_src:100.100.0.12, resubmit(,87)"},{"line_number":132,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_4\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.3.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:44,mod_nw_src:100.100.0.13, resubmit(,87)"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"  Table\u003d87"},{"line_number":135,"context_line":"  Match: tcp,nw_dst\u003d169.254.169.254,tp_dst\u003d80 Action: mod_nw_dst:100.100.0.1, mod_dl_dst:fa:16:ee:00:00:01,output:\"tap-meta\""}],"source_content_type":"text/x-rst","patch_set":2,"id":"64c3dfb3_94c97115","line":132,"range":{"start_line":132,"start_character":64,"end_line":132,"end_character":76},"updated":"2021-09-29 07:20:09.000000000","message":"what are those IP addresses exactly? Are those the fixed IPs assigned for VMs in Neutron?","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"4126e3509eabbfa36d2910ad5f60bbe4d62bac20","unresolved":true,"context_lines":[{"line_number":129,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_1\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:11,mod_nw_src:100.100.0.10, resubmit(,87)"},{"line_number":130,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_2\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.2.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:22,mod_nw_src:100.100.0.11, resubmit(,87)"},{"line_number":131,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_3\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.20 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:33,mod_nw_src:100.100.0.12, resubmit(,87)"},{"line_number":132,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_4\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.3.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:44,mod_nw_src:100.100.0.13, resubmit(,87)"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"  Table\u003d87"},{"line_number":135,"context_line":"  Match: tcp,nw_dst\u003d169.254.169.254,tp_dst\u003d80 Action: mod_nw_dst:100.100.0.1, mod_dl_dst:fa:16:ee:00:00:01,output:\"tap-meta\""}],"source_content_type":"text/x-rst","patch_set":2,"id":"0fd8ed0b_6023b61f","line":132,"range":{"start_line":132,"start_character":39,"end_line":132,"end_character":56},"updated":"2021-09-29 07:20:09.000000000","message":"why all 4 rules have the same dl_src mac address?","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"32b7d683487772c7eaf8cc246e28be9411359f10","unresolved":true,"context_lines":[{"line_number":129,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_1\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:11,mod_nw_src:100.100.0.10, resubmit(,87)"},{"line_number":130,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_2\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.2.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:22,mod_nw_src:100.100.0.11, resubmit(,87)"},{"line_number":131,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_3\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.20 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:33,mod_nw_src:100.100.0.12, resubmit(,87)"},{"line_number":132,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_4\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.3.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:44,mod_nw_src:100.100.0.13, resubmit(,87)"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"  Table\u003d87"},{"line_number":135,"context_line":"  Match: tcp,nw_dst\u003d169.254.169.254,tp_dst\u003d80 Action: mod_nw_dst:100.100.0.1, mod_dl_dst:fa:16:ee:00:00:01,output:\"tap-meta\""}],"source_content_type":"text/x-rst","patch_set":2,"id":"94da038f_fd560760","line":132,"range":{"start_line":132,"start_character":39,"end_line":132,"end_character":56},"in_reply_to":"0fd8ed0b_6023b61f","updated":"2021-09-29 15:27:06.000000000","message":"Nice catch, mac should be different. It\u0027s 4 VMs.","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":129,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_1\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:11,mod_nw_src:100.100.0.10, resubmit(,87)"},{"line_number":130,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_2\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.2.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:22,mod_nw_src:100.100.0.11, resubmit(,87)"},{"line_number":131,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_3\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.20 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:33,mod_nw_src:100.100.0.12, resubmit(,87)"},{"line_number":132,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_4\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.3.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:44,mod_nw_src:100.100.0.13, resubmit(,87)"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"  Table\u003d87"},{"line_number":135,"context_line":"  Match: tcp,nw_dst\u003d169.254.169.254,tp_dst\u003d80 Action: mod_nw_dst:100.100.0.1, mod_dl_dst:fa:16:ee:00:00:01,output:\"tap-meta\""}],"source_content_type":"text/x-rst","patch_set":2,"id":"dc4dff70_9931404a","line":132,"range":{"start_line":132,"start_character":64,"end_line":132,"end_character":76},"in_reply_to":"5f536627_fa2063f3","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"32b7d683487772c7eaf8cc246e28be9411359f10","unresolved":true,"context_lines":[{"line_number":129,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_1\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:11,mod_nw_src:100.100.0.10, resubmit(,87)"},{"line_number":130,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_2\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.2.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:22,mod_nw_src:100.100.0.11, resubmit(,87)"},{"line_number":131,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_3\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.20 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:33,mod_nw_src:100.100.0.12, resubmit(,87)"},{"line_number":132,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_4\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.3.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:44,mod_nw_src:100.100.0.13, resubmit(,87)"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"  Table\u003d87"},{"line_number":135,"context_line":"  Match: tcp,nw_dst\u003d169.254.169.254,tp_dst\u003d80 Action: mod_nw_dst:100.100.0.1, mod_dl_dst:fa:16:ee:00:00:01,output:\"tap-meta\""}],"source_content_type":"text/x-rst","patch_set":2,"id":"5f536627_fa2063f3","line":132,"range":{"start_line":132,"start_character":64,"end_line":132,"end_character":76},"in_reply_to":"64c3dfb3_94c97115","updated":"2021-09-29 15:27:06.000000000","message":"It is VM\u0027s fixed IP and its own real mac. See the 3rd box of Br-meta above.","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":129,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_1\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:11,mod_nw_src:100.100.0.10, resubmit(,87)"},{"line_number":130,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_2\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.2.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:22,mod_nw_src:100.100.0.11, resubmit(,87)"},{"line_number":131,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_3\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.20 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:33,mod_nw_src:100.100.0.12, resubmit(,87)"},{"line_number":132,"context_line":"  Match: dl_vlan\u003d\u003clocal_vlan_4\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.3.10 Action: strip_vlan,mod_dl_src:fa:22:33:11:22:44,mod_nw_src:100.100.0.13, resubmit(,87)"},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"  Table\u003d87"},{"line_number":135,"context_line":"  Match: tcp,nw_dst\u003d169.254.169.254,tp_dst\u003d80 Action: mod_nw_dst:100.100.0.1, mod_dl_dst:fa:16:ee:00:00:01,output:\"tap-meta\""}],"source_content_type":"text/x-rst","patch_set":2,"id":"7760611c_5133e886","line":132,"range":{"start_line":132,"start_character":39,"end_line":132,"end_character":56},"in_reply_to":"94da038f_fd560760","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"4126e3509eabbfa36d2910ad5f60bbe4d62bac20","unresolved":true,"context_lines":[{"line_number":277,"context_line":"        ..."},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    backend backend_{{ instance_4.uuid }}_{{ metadata_ip_4 }}"},{"line_number":280,"context_line":"        ..."},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"Implementation"},{"line_number":283,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"cd43d399_ba8768c4","line":280,"updated":"2021-09-29 07:20:09.000000000","message":"I\u0027m missing IPv6 implementation here. We added it some time ago to neutron so maybe would be good to support it here too :)","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":277,"context_line":"        ..."},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    backend backend_{{ instance_4.uuid }}_{{ metadata_ip_4 }}"},{"line_number":280,"context_line":"        ..."},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"Implementation"},{"line_number":283,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":2,"id":"40fdece8_9c06014a","line":280,"in_reply_to":"cd43d399_ba8768c4","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"73980c7a3a1259e8b189c1a91e962f74dc7bab36"}],"specs/yoga/distributed-metadata-data-path.rst":[{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"d2fc71c2c210f1e86db9476b655a9df9a85317f9","unresolved":true,"context_lines":[{"line_number":36,"context_line":"inside VMs. Can not change userdata online for users specific scripts."},{"line_number":37,"context_line":"The security issue is that because the mounting FS can be access by all users,"},{"line_number":38,"context_line":"if the metadata includes root password or key, the password and the key"},{"line_number":39,"context_line":"can be access by none root users."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If you are running Neutron agents, there is no alternative to replace"},{"line_number":42,"context_line":"metadata agent for cloud deployments."}],"source_content_type":"text/x-rst","patch_set":3,"id":"902589cb_300c3484","line":39,"range":{"start_line":39,"start_character":7,"end_line":39,"end_character":13},"updated":"2021-10-06 12:18:38.000000000","message":"nit: accessed","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3ff01c6378a873b645cf043e7a5d96a4720af567","unresolved":false,"context_lines":[{"line_number":36,"context_line":"inside VMs. Can not change userdata online for users specific scripts."},{"line_number":37,"context_line":"The security issue is that because the mounting FS can be access by all users,"},{"line_number":38,"context_line":"if the metadata includes root password or key, the password and the key"},{"line_number":39,"context_line":"can be access by none root users."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If you are running Neutron agents, there is no alternative to replace"},{"line_number":42,"context_line":"metadata agent for cloud deployments."}],"source_content_type":"text/x-rst","patch_set":3,"id":"4abc1575_221e19fe","line":39,"range":{"start_line":39,"start_character":7,"end_line":39,"end_character":13},"in_reply_to":"902589cb_300c3484","updated":"2021-10-12 10:13:33.000000000","message":"Done","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8eb6f7846a3c088d4870eded92779bd906aaf1ac","unresolved":true,"context_lines":[{"line_number":43,"context_line":""},{"line_number":44,"context_line":"As we can see, the metadata datapath is very long via many devices, namespaces"},{"line_number":45,"context_line":"and agents. One metadata path goes down, such as agent down or external process"},{"line_number":46,"context_line":"die, will not only influence the host, but also all related hosts that will"},{"line_number":47,"context_line":"boot new VMs on."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":3,"id":"647d9939_684fba18","line":46,"range":{"start_line":46,"start_character":0,"end_line":46,"end_character":3},"updated":"2021-10-12 09:06:47.000000000","message":"dead","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":43,"context_line":""},{"line_number":44,"context_line":"As we can see, the metadata datapath is very long via many devices, namespaces"},{"line_number":45,"context_line":"and agents. One metadata path goes down, such as agent down or external process"},{"line_number":46,"context_line":"die, will not only influence the host, but also all related hosts that will"},{"line_number":47,"context_line":"boot new VMs on."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":3,"id":"750f1f3d_95617e04","line":46,"range":{"start_line":46,"start_character":0,"end_line":46,"end_character":3},"in_reply_to":"647d9939_684fba18","updated":"2022-02-09 14:28:41.000000000","message":"Done","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"61c011a6f43d2af18fedcf1b6b93132ff9685265","unresolved":true,"context_lines":[{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."}],"source_content_type":"text/x-rst","patch_set":3,"id":"36b92c37_09745504","line":84,"range":{"start_line":83,"start_character":2,"end_line":84,"end_character":24},"updated":"2021-09-30 09:09:25.000000000","message":"Seems this can be treated similar to existing HA network","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8eb6f7846a3c088d4870eded92779bd906aaf1ac","unresolved":true,"context_lines":[{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."}],"source_content_type":"text/x-rst","patch_set":3,"id":"81968e8d_0b8e26c1","line":84,"range":{"start_line":83,"start_character":2,"end_line":84,"end_character":24},"in_reply_to":"36b92c37_09745504","updated":"2021-10-12 09:06:47.000000000","message":"These are configrations for ovs agent, while similar CIDR is set for neutron server side.","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."}],"source_content_type":"text/x-rst","patch_set":3,"id":"834c5e79_bcab45bf","line":84,"range":{"start_line":83,"start_character":2,"end_line":84,"end_character":24},"in_reply_to":"81968e8d_0b8e26c1","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"61c011a6f43d2af18fedcf1b6b93132ff9685265","unresolved":true,"context_lines":[{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s META MAC."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"Metadata data piplines"},{"line_number":94,"context_line":"**********************"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"a70f5ecb_727112df","line":93,"range":{"start_line":93,"start_character":14,"end_line":93,"end_character":22},"updated":"2021-09-30 09:09:25.000000000","message":"pipelines","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3ff01c6378a873b645cf043e7a5d96a4720af567","unresolved":false,"context_lines":[{"line_number":90,"context_line":"* ``provider_vlan_id`` will be a fixed vlan for data from local tap-meta dev."},{"line_number":91,"context_line":"* ``provider_base_mac`` will be the MAC prefix to generate the VM\u0027s META MAC."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"Metadata data piplines"},{"line_number":94,"context_line":"**********************"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"91df4322_8f4d928a","line":93,"range":{"start_line":93,"start_character":14,"end_line":93,"end_character":22},"in_reply_to":"a70f5ecb_727112df","updated":"2021-10-12 10:13:33.000000000","message":"Done","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"d2fc71c2c210f1e86db9476b655a9df9a85317f9","unresolved":true,"context_lines":[{"line_number":108,"context_line":"~~~~~~~~~~"},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"HTTP request packets from VM direct to br-meta, and change IP headers to tap-meta,"},{"line_number":111,"context_line":"add HTTP headers in host haproxy then goto nova-metadata API. Datapath:"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"::"},{"line_number":114,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"994b57c4_e11d88e8","line":111,"range":{"start_line":111,"start_character":38,"end_line":111,"end_character":42},"updated":"2021-10-06 12:18:38.000000000","message":"nit: go to","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3ff01c6378a873b645cf043e7a5d96a4720af567","unresolved":false,"context_lines":[{"line_number":108,"context_line":"~~~~~~~~~~"},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"HTTP request packets from VM direct to br-meta, and change IP headers to tap-meta,"},{"line_number":111,"context_line":"add HTTP headers in host haproxy then goto nova-metadata API. Datapath:"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"::"},{"line_number":114,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"d1dd02d9_719bba41","line":111,"range":{"start_line":111,"start_character":38,"end_line":111,"end_character":42},"in_reply_to":"994b57c4_e11d88e8","updated":"2021-10-12 10:13:33.000000000","message":"Done","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"d2fc71c2c210f1e86db9476b655a9df9a85317f9","unresolved":true,"context_lines":[{"line_number":113,"context_line":"::"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"  +----+ TCP +-----------------------------------+ TCP +---------------------------------------------+ TCP +------------------------+ TCP +-----------------------+"},{"line_number":116,"context_line":"  |    +-----\u003e             Br-int                +-----\u003e                   Br-meta                   +-----\u003e        tap-Meta        +-----\u003e        Haproxy        |"},{"line_number":117,"context_line":"  | VM |     | From VM port + 169.254.169.254:80 |     |   Source (VM MAC + IP --\u003e Meta MAC + IP)    |     |  Meta Gateway MAC + IP |     |   Match Meta IP       |"},{"line_number":118,"context_line":"  |    |     |          add local vlan           |     |  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  |     |       Listened by      |     |     Add Http header   |"},{"line_number":119,"context_line":"  |    |     |           to Br-meta              |     |                 to tap-Meta                 |     |        Haproxy         |     |  to Nova-Metadata-API |"}],"source_content_type":"text/x-rst","patch_set":3,"id":"a0b08aff_3fd4ff22","line":116,"range":{"start_line":116,"start_character":147,"end_line":116,"end_character":154},"updated":"2021-10-06 12:18:38.000000000","message":"ovs-agent (the metdata extension) will run haproxy?","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8eb6f7846a3c088d4870eded92779bd906aaf1ac","unresolved":true,"context_lines":[{"line_number":113,"context_line":"::"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"  +----+ TCP +-----------------------------------+ TCP +---------------------------------------------+ TCP +------------------------+ TCP +-----------------------+"},{"line_number":116,"context_line":"  |    +-----\u003e             Br-int                +-----\u003e                   Br-meta                   +-----\u003e        tap-Meta        +-----\u003e        Haproxy        |"},{"line_number":117,"context_line":"  | VM |     | From VM port + 169.254.169.254:80 |     |   Source (VM MAC + IP --\u003e Meta MAC + IP)    |     |  Meta Gateway MAC + IP |     |   Match Meta IP       |"},{"line_number":118,"context_line":"  |    |     |          add local vlan           |     |  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  |     |       Listened by      |     |     Add Http header   |"},{"line_number":119,"context_line":"  |    |     |           to Br-meta              |     |                 to tap-Meta                 |     |        Haproxy         |     |  to Nova-Metadata-API |"}],"source_content_type":"text/x-rst","patch_set":3,"id":"e37e5ecc_9a1342ac","line":116,"range":{"start_line":116,"start_character":147,"end_line":116,"end_character":154},"in_reply_to":"a0b08aff_3fd4ff22","updated":"2021-10-12 09:06:47.000000000","message":"Yes, only one haproxy process for one host.","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":113,"context_line":"::"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"  +----+ TCP +-----------------------------------+ TCP +---------------------------------------------+ TCP +------------------------+ TCP +-----------------------+"},{"line_number":116,"context_line":"  |    +-----\u003e             Br-int                +-----\u003e                   Br-meta                   +-----\u003e        tap-Meta        +-----\u003e        Haproxy        |"},{"line_number":117,"context_line":"  | VM |     | From VM port + 169.254.169.254:80 |     |   Source (VM MAC + IP --\u003e Meta MAC + IP)    |     |  Meta Gateway MAC + IP |     |   Match Meta IP       |"},{"line_number":118,"context_line":"  |    |     |          add local vlan           |     |  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  |     |       Listened by      |     |     Add Http header   |"},{"line_number":119,"context_line":"  |    |     |           to Br-meta              |     |                 to tap-Meta                 |     |        Haproxy         |     |  to Nova-Metadata-API |"}],"source_content_type":"text/x-rst","patch_set":3,"id":"c059230d_9a1477c4","line":116,"range":{"start_line":116,"start_character":147,"end_line":116,"end_character":154},"in_reply_to":"e37e5ecc_9a1342ac","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"d2fc71c2c210f1e86db9476b655a9df9a85317f9","unresolved":true,"context_lines":[{"line_number":165,"context_line":"TCP Ingress"},{"line_number":166,"context_line":"~~~~~~~~~~~"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"HTTP packets come from tap-meta to br-meta directly, then goto br-int and finnaly direct to VM. Datapath:"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":"::"},{"line_number":171,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"a425f102_bd9bbe73","line":168,"range":{"start_line":168,"start_character":58,"end_line":168,"end_character":62},"updated":"2021-10-06 12:18:38.000000000","message":"nit: go to","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3ff01c6378a873b645cf043e7a5d96a4720af567","unresolved":false,"context_lines":[{"line_number":165,"context_line":"TCP Ingress"},{"line_number":166,"context_line":"~~~~~~~~~~~"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"HTTP packets come from tap-meta to br-meta directly, then goto br-int and finnaly direct to VM. Datapath:"},{"line_number":169,"context_line":""},{"line_number":170,"context_line":"::"},{"line_number":171,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"1b5b48a9_b797a5dc","line":168,"range":{"start_line":168,"start_character":58,"end_line":168,"end_character":62},"in_reply_to":"a425f102_bd9bbe73","updated":"2021-10-12 10:13:33.000000000","message":"Done","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"61c011a6f43d2af18fedcf1b6b93132ff9685265","unresolved":true,"context_lines":[{"line_number":202,"context_line":"ARP for Metadata IPs"},{"line_number":203,"context_line":"~~~~~~~~~~~~~~~~~~~~"},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"ARP will be sent from tap-meta device to br-meta responder. Datapath:"},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"::"},{"line_number":208,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"15cbdd06_9076e865","line":205,"range":{"start_line":205,"start_character":0,"end_line":205,"end_character":58},"updated":"2021-09-30 09:09:25.000000000","message":"Seems tap-meta sends only responses, not requests. Why would tap-meta send ARP requests for Meta IPs? Could you please describe the case?","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8eb6f7846a3c088d4870eded92779bd906aaf1ac","unresolved":true,"context_lines":[{"line_number":202,"context_line":"ARP for Metadata IPs"},{"line_number":203,"context_line":"~~~~~~~~~~~~~~~~~~~~"},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"ARP will be sent from tap-meta device to br-meta responder. Datapath:"},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"::"},{"line_number":208,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"4b7f8740_6ac42811","line":205,"range":{"start_line":205,"start_character":0,"end_line":205,"end_character":58},"in_reply_to":"15cbdd06_9076e865","updated":"2021-10-12 09:06:47.000000000","message":"Tap-meta device will be resident on host kernel IP stack, before the first response of TCP, the host (protocol stack) needs to know the META_IP\u0027s MAC address. So ARP reqeust is broadcast. Here are packets dumped from tap-meta device for one \"curl 169.254.169.254:80\" request inside the VM. See that ARP from the beginning:\n\n11:57:30.000692 fa:16:ee:4a:90:8f \u003e fa:16:ee:00:00:01, ethertype IPv4 (0x0800), length 74: 100.100.218.14.50748 \u003e 100.100.0.1.80: Flags [S], seq 2056405560, win 28200, options [mss 1410,sackOK,TS val 484666 ecr 0,nop,wscale 3], length 0\n11:57:30.000742 fa:16:ee:00:00:01 \u003e ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 100.100.218.14 tell 100.100.0.1, length 28\n11:57:30.000798 fa:16:ee:4a:90:8f \u003e fa:16:ee:00:00:01, ethertype ARP (0x0806), length 42: Reply 100.100.218.14 is-at fa:16:ee:4a:90:8f, length 28\n11:57:30.000800 fa:16:ee:00:00:01 \u003e fa:16:ee:4a:90:8f, ethertype IPv4 (0x0800), length 74: 100.100.0.1.80 \u003e 100.100.218.14.50748: Flags [S.], seq 2186364364, ack 2056405561, win 28960, options [mss 1460,sackOK,TS val 7888646 ecr 484666,nop,wscale 7], length 0\n11:57:30.007066 fa:16:ee:4a:90:8f \u003e fa:16:ee:00:00:01, ethertype IPv4 (0x0800), length 66: 100.100.218.14.50748 \u003e 100.100.0.1.80: Flags [.], ack 1, win 3525, options [nop,nop,TS val 484668 ecr 7888646], length 0\n11:57:30.017042 fa:16:ee:4a:90:8f \u003e fa:16:ee:00:00:01, ethertype IPv4 (0x0800), length 145: 100.100.218.14.50748 \u003e 100.100.0.1.80: Flags [P.], seq 1:80, ack 1, win 3525, options [nop,nop,TS val 484670 ecr 7888646], length 79: HTTP: GET / HTTP/1.1\n11:57:30.020030 fa:16:ee:00:00:01 \u003e fa:16:ee:4a:90:8f, ethertype IPv4 (0x0800), length 244: 100.100.0.1.80 \u003e 100.100.218.14.50748: Flags [P.], seq 1:179, ack 80, win 227, options [nop,nop,TS val 7888665 ecr 484670], length 178: HTTP: HTTP/1.1 200 OK\n11:57:30.025537 fa:16:ee:4a:90:8f \u003e fa:16:ee:00:00:01, ethertype IPv4 (0x0800), length 66: 100.100.218.14.50748 \u003e 100.100.0.1.80: Flags [.], ack 179, win 3525, options [nop,nop,TS val 484673 ecr 7888665], length 0\n11:57:30.038188 fa:16:ee:4a:90:8f \u003e fa:16:ee:00:00:01, ethertype IPv4 (0x0800), length 66: 100.100.218.14.50748 \u003e 100.100.0.1.80: Flags [F.], seq 80, ack 179, win 3525, options [nop,nop,TS val 484676 ecr 7888665], length 0\n11:57:30.038319 fa:16:ee:00:00:01 \u003e fa:16:ee:4a:90:8f, ethertype IPv4 (0x0800), length 66: 100.100.0.1.80 \u003e 100.100.218.14.50748: Flags [F.], seq 179, ack 81, win 227, options [nop,nop,TS val 7888684 ecr 484676], length 0\n11:57:30.041092 fa:16:ee:4a:90:8f \u003e fa:16:ee:00:00:01, ethertype IPv4 (0x0800), length 66: 100.100.218.14.50748 \u003e 100.100.0.1.80: Flags [.], ack 180, win 3525, options [nop,nop,TS val 484677 ecr 7888684], length 0","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":5948,"name":"Oleg Bondarev","email":"obondarev@mirantis.com","username":"obondarev"},"change_message_id":"b949642efda7431ede2a94344bdbfeea8642f8a4","unresolved":false,"context_lines":[{"line_number":202,"context_line":"ARP for Metadata IPs"},{"line_number":203,"context_line":"~~~~~~~~~~~~~~~~~~~~"},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"ARP will be sent from tap-meta device to br-meta responder. Datapath:"},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"::"},{"line_number":208,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"f17bf60a_63e1c949","line":205,"range":{"start_line":205,"start_character":0,"end_line":205,"end_character":58},"in_reply_to":"4b7f8740_6ac42811","updated":"2022-02-08 10:01:42.000000000","message":"Ack","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"d2fc71c2c210f1e86db9476b655a9df9a85317f9","unresolved":true,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"The host haproxy is one only process which is used for all VMs. The host"},{"line_number":233,"context_line":"haproxy will add HTTP headers to the metadata request which is needed for"},{"line_number":234,"context_line":"metadata API. The headers have a fixed algorithm which is easily to"},{"line_number":235,"context_line":"assemble. For each VM\u0027s request, haproxy will add an independent backend"},{"line_number":236,"context_line":"and a match rule of checking the source IP (aka Meta_IP). While the request"},{"line_number":237,"context_line":"from one VM\u0027s (Meta_IP) it will be send to the matched backend, which add"}],"source_content_type":"text/x-rst","patch_set":3,"id":"70532d58_e5afc7f8","line":234,"range":{"start_line":234,"start_character":58,"end_line":234,"end_character":64},"updated":"2021-10-06 12:18:38.000000000","message":"nit: easy","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"3ff01c6378a873b645cf043e7a5d96a4720af567","unresolved":false,"context_lines":[{"line_number":231,"context_line":""},{"line_number":232,"context_line":"The host haproxy is one only process which is used for all VMs. The host"},{"line_number":233,"context_line":"haproxy will add HTTP headers to the metadata request which is needed for"},{"line_number":234,"context_line":"metadata API. The headers have a fixed algorithm which is easily to"},{"line_number":235,"context_line":"assemble. For each VM\u0027s request, haproxy will add an independent backend"},{"line_number":236,"context_line":"and a match rule of checking the source IP (aka Meta_IP). While the request"},{"line_number":237,"context_line":"from one VM\u0027s (Meta_IP) it will be send to the matched backend, which add"}],"source_content_type":"text/x-rst","patch_set":3,"id":"b3c8ecb9_1e107f08","line":234,"range":{"start_line":234,"start_character":58,"end_line":234,"end_character":64},"in_reply_to":"70532d58_e5afc7f8","updated":"2021-10-12 10:13:33.000000000","message":"Done","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"d2fc71c2c210f1e86db9476b655a9df9a85317f9","unresolved":true,"context_lines":[{"line_number":279,"context_line":"        http-request set-header X-Instance-ID {{ instance_1.uuid }}"},{"line_number":280,"context_line":"        http-request set-header X-Tenant-ID {{ instance_1.project_id }}"},{"line_number":281,"context_line":"        http-request set-header X-Instance-ID-Signature {{ instance_1.signature }}"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        server metasrv_{{ meta_api.index_1 }} {{ real_meta_api.uri }}"},{"line_number":284,"context_line":"        server metasrv_{{ meta_api.index_2 }} {{ real_meta_api.uri }}"},{"line_number":285,"context_line":"        server metasrv_{{ meta_api.index_3 }} {{ real_meta_api.uri }}"}],"source_content_type":"text/x-rst","patch_set":3,"id":"4d28b4e0_7b6d1c56","line":282,"updated":"2021-10-06 12:18:38.000000000","message":"with this solution we can drop x-forwarded-for header?","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"8eb6f7846a3c088d4870eded92779bd906aaf1ac","unresolved":true,"context_lines":[{"line_number":279,"context_line":"        http-request set-header X-Instance-ID {{ instance_1.uuid }}"},{"line_number":280,"context_line":"        http-request set-header X-Tenant-ID {{ instance_1.project_id }}"},{"line_number":281,"context_line":"        http-request set-header X-Instance-ID-Signature {{ instance_1.signature }}"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        server metasrv_{{ meta_api.index_1 }} {{ real_meta_api.uri }}"},{"line_number":284,"context_line":"        server metasrv_{{ meta_api.index_2 }} {{ real_meta_api.uri }}"},{"line_number":285,"context_line":"        server metasrv_{{ meta_api.index_3 }} {{ real_meta_api.uri }}"}],"source_content_type":"text/x-rst","patch_set":3,"id":"f8a5b61c_9173ce43","line":282,"in_reply_to":"4d28b4e0_7b6d1c56","updated":"2021-10-12 09:06:47.000000000","message":"Not needed, because the client IP is real META_IP.","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":279,"context_line":"        http-request set-header X-Instance-ID {{ instance_1.uuid }}"},{"line_number":280,"context_line":"        http-request set-header X-Tenant-ID {{ instance_1.project_id }}"},{"line_number":281,"context_line":"        http-request set-header X-Instance-ID-Signature {{ instance_1.signature }}"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        server metasrv_{{ meta_api.index_1 }} {{ real_meta_api.uri }}"},{"line_number":284,"context_line":"        server metasrv_{{ meta_api.index_2 }} {{ real_meta_api.uri }}"},{"line_number":285,"context_line":"        server metasrv_{{ meta_api.index_3 }} {{ real_meta_api.uri }}"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7c19fc1b_8260f144","line":282,"in_reply_to":"f8a5b61c_9173ce43","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"d2fc71c2c210f1e86db9476b655a9df9a85317f9","unresolved":true,"context_lines":[{"line_number":330,"context_line":"* Adding host haproxy manager for ovs-agent"},{"line_number":331,"context_line":"* Adding host metadata IP and Mac generator with ovsdb settings"},{"line_number":332,"context_line":"* Adding ovs-agent extension to set up flows for VM ports"},{"line_number":333,"context_line":"* Testing."},{"line_number":334,"context_line":"* Documentation."},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":3,"id":"8ab43941_c4fcdaff","line":333,"range":{"start_line":333,"start_character":2,"end_line":333,"end_character":10},"updated":"2021-10-06 12:18:38.000000000","message":"yeah for this we need new job","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":330,"context_line":"* Adding host haproxy manager for ovs-agent"},{"line_number":331,"context_line":"* Adding host metadata IP and Mac generator with ovsdb settings"},{"line_number":332,"context_line":"* Adding ovs-agent extension to set up flows for VM ports"},{"line_number":333,"context_line":"* Testing."},{"line_number":334,"context_line":"* Documentation."},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":3,"id":"f16490bf_1a344c99","line":333,"range":{"start_line":333,"start_character":2,"end_line":333,"end_character":10},"in_reply_to":"803f4094_2aab41df","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"8da462ea20657f29d90b559817752edb45db046f","unresolved":true,"context_lines":[{"line_number":330,"context_line":"* Adding host haproxy manager for ovs-agent"},{"line_number":331,"context_line":"* Adding host metadata IP and Mac generator with ovsdb settings"},{"line_number":332,"context_line":"* Adding ovs-agent extension to set up flows for VM ports"},{"line_number":333,"context_line":"* Testing."},{"line_number":334,"context_line":"* Documentation."},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":3,"id":"803f4094_2aab41df","line":333,"range":{"start_line":333,"start_character":2,"end_line":333,"end_character":10},"in_reply_to":"8ab43941_c4fcdaff","updated":"2021-10-12 11:55:50.000000000","message":"or we can modify one of the existing ones hopefully :)","commit_id":"f3f6bf9e2fd4694f553e23c77f5de67e5c51bc05"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":34,"context_line":"instance, if you set config drive to use local disk, the live migration may"},{"line_number":35,"context_line":"not be available. Config drive uses extra storage device and mounting it"},{"line_number":36,"context_line":"inside VMs. Can not change userdata online for users specific scripts."},{"line_number":37,"context_line":"The security issue is that because the mounting FS can be access by all users,"},{"line_number":38,"context_line":"if the metadata includes root password or key, the password and the key"},{"line_number":39,"context_line":"can be accessed by none root users."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If you are running Neutron agents, there is no alternative to replace"},{"line_number":42,"context_line":"metadata agent for cloud deployments."}],"source_content_type":"text/x-rst","patch_set":4,"id":"387eed53_7b967965","line":39,"range":{"start_line":37,"start_character":0,"end_line":39,"end_character":35},"updated":"2021-11-03 15:07:55.000000000","message":"This is true, but the same applies to metadata, doesn\u0027t it? So this is not an advantage on either side.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":34,"context_line":"instance, if you set config drive to use local disk, the live migration may"},{"line_number":35,"context_line":"not be available. Config drive uses extra storage device and mounting it"},{"line_number":36,"context_line":"inside VMs. Can not change userdata online for users specific scripts."},{"line_number":37,"context_line":"The security issue is that because the mounting FS can be access by all users,"},{"line_number":38,"context_line":"if the metadata includes root password or key, the password and the key"},{"line_number":39,"context_line":"can be accessed by none root users."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If you are running Neutron agents, there is no alternative to replace"},{"line_number":42,"context_line":"metadata agent for cloud deployments."}],"source_content_type":"text/x-rst","patch_set":4,"id":"559a8f1d_cc647cf8","line":39,"range":{"start_line":37,"start_character":0,"end_line":39,"end_character":35},"in_reply_to":"2665e9bc_ca92e983","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":34,"context_line":"instance, if you set config drive to use local disk, the live migration may"},{"line_number":35,"context_line":"not be available. Config drive uses extra storage device and mounting it"},{"line_number":36,"context_line":"inside VMs. Can not change userdata online for users specific scripts."},{"line_number":37,"context_line":"The security issue is that because the mounting FS can be access by all users,"},{"line_number":38,"context_line":"if the metadata includes root password or key, the password and the key"},{"line_number":39,"context_line":"can be accessed by none root users."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"If you are running Neutron agents, there is no alternative to replace"},{"line_number":42,"context_line":"metadata agent for cloud deployments."}],"source_content_type":"text/x-rst","patch_set":4,"id":"2665e9bc_ca92e983","line":39,"range":{"start_line":37,"start_character":0,"end_line":39,"end_character":35},"in_reply_to":"387eed53_7b967965","updated":"2021-11-04 01:42:50.000000000","message":"\u0027password\u0027 can be only transited to VM for the first time request. Then, it will be ignored by nova. But mount a FS is not, it mounted forever.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":62,"context_line":"Metadata Special purpose IP and MAC"},{"line_number":63,"context_line":"***********************************"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"Each VM in one host will generate a Meta IP + MAC pair which is unique among"},{"line_number":66,"context_line":"VMs on host. The agent extension will do the generation work when handle port"},{"line_number":67,"context_line":"in the first time, and store the Meta IP + MAC to ovsdb. When ovs-agent is"},{"line_number":68,"context_line":"restarting, handle_port funtion will try to read the ovsdb first to reload"}],"source_content_type":"text/x-rst","patch_set":4,"id":"34c6a6e9_b2c9516a","line":65,"range":{"start_line":65,"start_character":36,"end_line":65,"end_character":54},"updated":"2021-11-03 15:07:55.000000000","message":"It would be easier to read the spec if it said: Meta IP + MAC pair which is unique among VMs on a host and which will be used to temporarily identify the metadata requestor vm/port.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":false,"context_lines":[{"line_number":62,"context_line":"Metadata Special purpose IP and MAC"},{"line_number":63,"context_line":"***********************************"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"Each VM in one host will generate a Meta IP + MAC pair which is unique among"},{"line_number":66,"context_line":"VMs on host. The agent extension will do the generation work when handle port"},{"line_number":67,"context_line":"in the first time, and store the Meta IP + MAC to ovsdb. When ovs-agent is"},{"line_number":68,"context_line":"restarting, handle_port funtion will try to read the ovsdb first to reload"}],"source_content_type":"text/x-rst","patch_set":4,"id":"807dd352_06247704","line":65,"range":{"start_line":65,"start_character":36,"end_line":65,"end_character":54},"in_reply_to":"34c6a6e9_b2c9516a","updated":"2021-11-04 01:42:50.000000000","message":"Done","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"517ae072_7eeaa58e","line":82,"range":{"start_line":82,"start_character":2,"end_line":82,"end_character":20},"updated":"2021-11-03 15:07:55.000000000","message":"Shall we maybe get this from keystone\u0027s endpoint list? It would make the system easier to reconfigure, but also adds a point of failure in keystone.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"268c6368b802028877a3c59907bd528b3904c6c1","unresolved":true,"context_lines":[{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"2ae86fbb_3676b411","line":82,"range":{"start_line":82,"start_character":2,"end_line":82,"end_character":20},"updated":"2021-11-11 13:33:01.000000000","message":"There\u0027s already cfg option for this: nova_metadata_host \u0026 nova_metadata_port\n\n\nhttps://opendev.org/openstack/neutron/src/branch/master/neutron/conf/agent/metadata/config.py#L46-L52","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"c244fcde_b19dd08b","line":82,"range":{"start_line":82,"start_character":2,"end_line":82,"end_character":20},"in_reply_to":"2ae86fbb_3676b411","updated":"2022-02-09 14:28:41.000000000","message":"Done","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"bfa0a99c_540d1194","line":82,"range":{"start_line":82,"start_character":2,"end_line":82,"end_character":20},"in_reply_to":"3e4a8f51_396a4b4d","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"3e4a8f51_396a4b4d","line":82,"range":{"start_line":82,"start_character":2,"end_line":82,"end_character":20},"in_reply_to":"517ae072_7eeaa58e","updated":"2021-11-04 01:42:50.000000000","message":"keystone endpoints sometimes are only one VIP from the real keystone servers. This is equal to set the real servers for the host metadata haproxy.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":77,"context_line":""},{"line_number":78,"context_line":"::"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services URI."}],"source_content_type":"text/x-rst","patch_set":4,"id":"6da15a7b_c507cee7","line":85,"range":{"start_line":80,"start_character":2,"end_line":85,"end_character":41},"updated":"2021-11-03 15:07:55.000000000","message":"This is config to ovs-agent, right?","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"3a061dbc7bd36d96042dc240f51a7a8258f47dfd","unresolved":true,"context_lines":[{"line_number":77,"context_line":""},{"line_number":78,"context_line":"::"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services URI."}],"source_content_type":"text/x-rst","patch_set":4,"id":"e339d245_14dc4556","line":85,"range":{"start_line":80,"start_character":2,"end_line":85,"end_character":41},"in_reply_to":"1afc9ae9_3046df3b","updated":"2021-11-19 14:37:57.000000000","message":"ok, thanks","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":77,"context_line":""},{"line_number":78,"context_line":"::"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services URI."}],"source_content_type":"text/x-rst","patch_set":4,"id":"7ea6e836_78059053","line":85,"range":{"start_line":80,"start_character":2,"end_line":85,"end_character":41},"in_reply_to":"6da15a7b_c507cee7","updated":"2021-11-04 01:42:50.000000000","message":"Yes, for ovs-agent.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"268c6368b802028877a3c59907bd528b3904c6c1","unresolved":true,"context_lines":[{"line_number":77,"context_line":""},{"line_number":78,"context_line":"::"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services URI."}],"source_content_type":"text/x-rst","patch_set":4,"id":"8c924c26_90488bd6","line":85,"range":{"start_line":80,"start_character":2,"end_line":85,"end_character":41},"in_reply_to":"7ea6e836_78059053","updated":"2021-11-11 13:33:01.000000000","message":"Can\u0027t we use the config options in https://opendev.org/openstack/neutron/src/branch/master/neutron/conf/agent/metadata/config.py instead of repeating them?\nmetadata_proxy_shared_secret \u0026 nova_metadata_apis are already there (as I wrote above not apis, but metadata_host and metadata_port)","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"b453a181e29f271ce8fff48aca3087c6cbd9b4ba","unresolved":true,"context_lines":[{"line_number":77,"context_line":""},{"line_number":78,"context_line":"::"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services URI."}],"source_content_type":"text/x-rst","patch_set":4,"id":"1afc9ae9_3046df3b","line":85,"range":{"start_line":80,"start_character":2,"end_line":85,"end_character":41},"in_reply_to":"8c924c26_90488bd6","updated":"2021-11-12 03:01:56.000000000","message":"Sure, we can use that config option, it\u0027s better to use the existing config option. My original thought is to let haproxy directly access the nova-metadata-APIs, not go though a LB, since the metadata host is one single address of that nova_metadata_host.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":77,"context_line":""},{"line_number":78,"context_line":"::"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"  [METADATA]"},{"line_number":81,"context_line":"  metadata_proxy_shared_secret \u003d"},{"line_number":82,"context_line":"  nova_metadata_apis \u003d 172.16.20.10:8775,172.16.20.11:8775,172.16.20.12:8775"},{"line_number":83,"context_line":"  provider_cidr \u003d 100.100.0.0/16"},{"line_number":84,"context_line":"  provider_vlan_id \u003d 998"},{"line_number":85,"context_line":"  provider_base_mac \u003d \"fa:16:ee:00:00:00\""},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"* ``metadata_proxy_shared_secret`` will be used to calculate HTTP header of signature."},{"line_number":88,"context_line":"* ``nova_metadata_apis`` is the list of nova-metadata-api services URI."}],"source_content_type":"text/x-rst","patch_set":4,"id":"2467c420_731b2d82","line":85,"range":{"start_line":80,"start_character":2,"end_line":85,"end_character":41},"in_reply_to":"e339d245_14dc4556","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"8da462ea20657f29d90b559817752edb45db046f","unresolved":true,"context_lines":[{"line_number":117,"context_line":"  | VM |     | From VM port + 169.254.169.254:80 |     |   Source (VM MAC + IP --\u003e Meta MAC + IP)    |     |  Meta Gateway MAC + IP |     |   Match Meta IP       |"},{"line_number":118,"context_line":"  |    |     |          add local vlan           |     |  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  |     |       Listened by      |     |     Add Http header   |"},{"line_number":119,"context_line":"  |    |     |           to Br-meta              |     |                 to tap-Meta                 |     |        Haproxy         |     |  to Nova-Metadata-API |"},{"line_number":120,"context_line":"  +----+     +-----------------------------------+     +---------------------------------------------+     +------------------------+     +-----------------------+"},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"Flows (some keywords are pseudo code) on br-int:"},{"line_number":123,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"fcce3c32_88961c76","line":120,"updated":"2021-10-12 11:55:50.000000000","message":"just an idea: if You would do something similar to what ovn is doing and run haproxy process per network on the node, You could plug it directly into br-int and make all that stuff a lot easier. Or am I missing something?","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":117,"context_line":"  | VM |     | From VM port + 169.254.169.254:80 |     |   Source (VM MAC + IP --\u003e Meta MAC + IP)    |     |  Meta Gateway MAC + IP |     |   Match Meta IP       |"},{"line_number":118,"context_line":"  |    |     |          add local vlan           |     |  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  |     |       Listened by      |     |     Add Http header   |"},{"line_number":119,"context_line":"  |    |     |           to Br-meta              |     |                 to tap-Meta                 |     |        Haproxy         |     |  to Nova-Metadata-API |"},{"line_number":120,"context_line":"  +----+     +-----------------------------------+     +---------------------------------------------+     +------------------------+     +-----------------------+"},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"Flows (some keywords are pseudo code) on br-int:"},{"line_number":123,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"eeb2c9ce_e8e0c8ec","line":120,"in_reply_to":"982f012b_514b2033","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"aacbf1ce20e56870d5c502da71f999914222576c","unresolved":true,"context_lines":[{"line_number":117,"context_line":"  | VM |     | From VM port + 169.254.169.254:80 |     |   Source (VM MAC + IP --\u003e Meta MAC + IP)    |     |  Meta Gateway MAC + IP |     |   Match Meta IP       |"},{"line_number":118,"context_line":"  |    |     |          add local vlan           |     |  Dest (MAC + IP --\u003e Meta Gateway MAC + IP)  |     |       Listened by      |     |     Add Http header   |"},{"line_number":119,"context_line":"  |    |     |           to Br-meta              |     |                 to tap-Meta                 |     |        Haproxy         |     |  to Nova-Metadata-API |"},{"line_number":120,"context_line":"  +----+     +-----------------------------------+     +---------------------------------------------+     +------------------------+     +-----------------------+"},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"Flows (some keywords are pseudo code) on br-int:"},{"line_number":123,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"982f012b_514b2033","line":120,"in_reply_to":"fcce3c32_88961c76","updated":"2021-10-12 15:36:00.000000000","message":"This is a traditional topology for neutron ml2-ovs, do specific work on specific bridge, something like tunnel bridge and various provider network bridges. And more things we do not want to mix the new flows with those complicated list on br-int. So an independent bridge makes sense. More about ovn is that OVN will create haproxy process for one network, not to use one process for all VMs in one host. So the solution here is an advanced progress. Regard to the flows and the CIDRs you mentioned in the team meeting, IMO, it\u0027s all in-memory data, it is not heavy load process and namespace. So it is light. And after counting the flows for each VM, it is only 5 flows each. Assuming you have 1000 VMs in a host, it\u0027s only 5000 static entries. It\u0027s better than the related flows of security group which has 100K+ level of flows usually.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":123,"context_line":""},{"line_number":124,"context_line":"::"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"  Table\u003d0"},{"line_number":127,"context_line":"  Match: ip,in_port\u003d\u003cof_vm1\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":128,"context_line":"  Match: ip,in_port\u003d\u003cof_vm2\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:2,output:\"To_br_meta\""},{"line_number":129,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":130,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"When your VM trying to access 169.254.169.254:80, what should the dest"},{"line_number":133,"context_line":"MAC + IP be? The dest IP is clear, it is 169.254.169.254. The complicated"}],"source_content_type":"text/x-rst","patch_set":4,"id":"a7f80432_7c6ac39a","line":130,"range":{"start_line":126,"start_character":2,"end_line":130,"end_character":96},"updated":"2021-11-03 15:07:55.000000000","message":"For security this needs to be after rules protecting against mac spoofing.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":123,"context_line":""},{"line_number":124,"context_line":"::"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"  Table\u003d0"},{"line_number":127,"context_line":"  Match: ip,in_port\u003d\u003cof_vm1\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":128,"context_line":"  Match: ip,in_port\u003d\u003cof_vm2\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:2,output:\"To_br_meta\""},{"line_number":129,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":130,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"When your VM trying to access 169.254.169.254:80, what should the dest"},{"line_number":133,"context_line":"MAC + IP be? The dest IP is clear, it is 169.254.169.254. The complicated"}],"source_content_type":"text/x-rst","patch_set":4,"id":"392eb216_e2818430","line":130,"range":{"start_line":126,"start_character":2,"end_line":130,"end_character":96},"in_reply_to":"842eb4e1_b8e23a00","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":123,"context_line":""},{"line_number":124,"context_line":"::"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"  Table\u003d0"},{"line_number":127,"context_line":"  Match: ip,in_port\u003d\u003cof_vm1\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":128,"context_line":"  Match: ip,in_port\u003d\u003cof_vm2\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:2,output:\"To_br_meta\""},{"line_number":129,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":130,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"When your VM trying to access 169.254.169.254:80, what should the dest"},{"line_number":133,"context_line":"MAC + IP be? The dest IP is clear, it is 169.254.169.254. The complicated"}],"source_content_type":"text/x-rst","patch_set":4,"id":"842eb4e1_b8e23a00","line":130,"range":{"start_line":126,"start_character":2,"end_line":130,"end_character":96},"in_reply_to":"a7f80432_7c6ac39a","updated":"2021-11-04 01:42:50.000000000","message":"Since we have source MAC and IP match rules in table 80 of br-meta:\ndl_vlan\u003d\u003clocal_vlan_1\u003e,dl_src\u003dfa:16:3e:4a:fd:c1,nw_src\u003d192.168.1.10\nIMO, both should be fine.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":129,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":130,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"When your VM trying to access 169.254.169.254:80, what should the dest"},{"line_number":133,"context_line":"MAC + IP be? The dest IP is clear, it is 169.254.169.254. The complicated"},{"line_number":134,"context_line":"case is the dest MAC. We have three scenarios:"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"a. if your VM has only one default route which point to gateway, so the request"},{"line_number":137,"context_line":"dest MAC should be gateway MAC."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"b. if your VM has a route which directly point to 169.254.169.254 (for instance,"},{"line_number":140,"context_line":"to 169.254.169.254 via 192.168.1.2 \u003cthe DHCP port IP\u003e, normally, this is set"},{"line_number":141,"context_line":"by original DHCP-agent and metadata mechanism), so some ARP responder(s) will"},{"line_number":142,"context_line":"be added for such DHCP port IPs, in case of upgrading. A fake mac will be"},{"line_number":143,"context_line":"responded for these DHCP port IPs."},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"c. if your VM has a link route which is telling guest OS 169.254.169.254 is"},{"line_number":146,"context_line":"directly reachable. So an ARP responder for 169.254.169.254 will be added."},{"line_number":147,"context_line":"So the dest MAC will be a fake one as well."},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Flows on br-meta:"},{"line_number":150,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"b159fbd8_7c82cd6a","line":147,"range":{"start_line":132,"start_character":0,"end_line":147,"end_character":43},"updated":"2021-11-03 15:07:55.000000000","message":"And with this implementation we can stop using the route pushing hacks, because as long as the guest OS sends metadata traffic out (to any dst mac) we can catch it on br-int. So in the long term we can slowly kill two cases out of the three (probably killing b and c makes sense). But I understand we need to handle them for the upgrade.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":129,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":130,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"When your VM trying to access 169.254.169.254:80, what should the dest"},{"line_number":133,"context_line":"MAC + IP be? The dest IP is clear, it is 169.254.169.254. The complicated"},{"line_number":134,"context_line":"case is the dest MAC. We have three scenarios:"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"a. if your VM has only one default route which point to gateway, so the request"},{"line_number":137,"context_line":"dest MAC should be gateway MAC."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"b. if your VM has a route which directly point to 169.254.169.254 (for instance,"},{"line_number":140,"context_line":"to 169.254.169.254 via 192.168.1.2 \u003cthe DHCP port IP\u003e, normally, this is set"},{"line_number":141,"context_line":"by original DHCP-agent and metadata mechanism), so some ARP responder(s) will"},{"line_number":142,"context_line":"be added for such DHCP port IPs, in case of upgrading. A fake mac will be"},{"line_number":143,"context_line":"responded for these DHCP port IPs."},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"c. if your VM has a link route which is telling guest OS 169.254.169.254 is"},{"line_number":146,"context_line":"directly reachable. So an ARP responder for 169.254.169.254 will be added."},{"line_number":147,"context_line":"So the dest MAC will be a fake one as well."},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Flows on br-meta:"},{"line_number":150,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"84fa091f_6ee1011f","line":147,"range":{"start_line":132,"start_character":0,"end_line":147,"end_character":43},"in_reply_to":"a29ba430_ed9f4835","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":129,"context_line":"  Match: ip,in_port\u003d\u003cof_vm3\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:1,output:\"To_br_meta\""},{"line_number":130,"context_line":"  Match: ip,in_port\u003d\u003cof_vm4\u003e,nw_dst\u003d169.254.169.254 actions\u003dmod_local_vlan:3,output:\"To_br_meta\""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"When your VM trying to access 169.254.169.254:80, what should the dest"},{"line_number":133,"context_line":"MAC + IP be? The dest IP is clear, it is 169.254.169.254. The complicated"},{"line_number":134,"context_line":"case is the dest MAC. We have three scenarios:"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"a. if your VM has only one default route which point to gateway, so the request"},{"line_number":137,"context_line":"dest MAC should be gateway MAC."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"b. if your VM has a route which directly point to 169.254.169.254 (for instance,"},{"line_number":140,"context_line":"to 169.254.169.254 via 192.168.1.2 \u003cthe DHCP port IP\u003e, normally, this is set"},{"line_number":141,"context_line":"by original DHCP-agent and metadata mechanism), so some ARP responder(s) will"},{"line_number":142,"context_line":"be added for such DHCP port IPs, in case of upgrading. A fake mac will be"},{"line_number":143,"context_line":"responded for these DHCP port IPs."},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"c. if your VM has a link route which is telling guest OS 169.254.169.254 is"},{"line_number":146,"context_line":"directly reachable. So an ARP responder for 169.254.169.254 will be added."},{"line_number":147,"context_line":"So the dest MAC will be a fake one as well."},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"Flows on br-meta:"},{"line_number":150,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"a29ba430_ed9f4835","line":147,"range":{"start_line":132,"start_character":0,"end_line":147,"end_character":43},"in_reply_to":"b159fbd8_7c82cd6a","updated":"2021-11-04 01:42:50.000000000","message":"If the routes of b and c are still in the VMs, or the subnets do not change the routes for new created VMs, we still need to handle these cases.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":184,"context_line":"  Table\u003d0"},{"line_number":185,"context_line":"  Match: ip,in_port\u003d\"tap-meta\" actions\u003dpush_vlan,goto_table:81"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"  Table\u003d91"},{"line_number":188,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.10 Action: mod_vlan_vid:1,mod_dl_dst:fa:16:3e:4a:fd:c1,mod_nw_dst:192.168.1.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":189,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.11 Action: mod_vlan_vid:2,mod_dl_dst:fa:16:3e:4a:fd:c2,mod_nw_dst:192.168.2.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":190,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.12 Action: mod_vlan_vid:3,mod_dl_dst:fa:16:3e:4a:fd:c3,mod_nw_dst:192.168.1.20,mod_nw_src:169.254.169.254,output:\"to-br-int\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"74ca6bac_92d471b5","line":187,"range":{"start_line":187,"start_character":8,"end_line":187,"end_character":10},"updated":"2021-11-03 15:07:55.000000000","message":"typo? 81?","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":184,"context_line":"  Table\u003d0"},{"line_number":185,"context_line":"  Match: ip,in_port\u003d\"tap-meta\" actions\u003dpush_vlan,goto_table:81"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"  Table\u003d91"},{"line_number":188,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.10 Action: mod_vlan_vid:1,mod_dl_dst:fa:16:3e:4a:fd:c1,mod_nw_dst:192.168.1.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":189,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.11 Action: mod_vlan_vid:2,mod_dl_dst:fa:16:3e:4a:fd:c2,mod_nw_dst:192.168.2.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":190,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.12 Action: mod_vlan_vid:3,mod_dl_dst:fa:16:3e:4a:fd:c3,mod_nw_dst:192.168.1.20,mod_nw_src:169.254.169.254,output:\"to-br-int\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"762cfd70_0133954e","line":187,"range":{"start_line":187,"start_character":8,"end_line":187,"end_character":10},"in_reply_to":"74ca6bac_92d471b5","updated":"2021-11-04 01:42:50.000000000","message":"Here is right, line 185 shoule be goto_table:91","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":184,"context_line":"  Table\u003d0"},{"line_number":185,"context_line":"  Match: ip,in_port\u003d\"tap-meta\" actions\u003dpush_vlan,goto_table:81"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"  Table\u003d91"},{"line_number":188,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.10 Action: mod_vlan_vid:1,mod_dl_dst:fa:16:3e:4a:fd:c1,mod_nw_dst:192.168.1.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":189,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.11 Action: mod_vlan_vid:2,mod_dl_dst:fa:16:3e:4a:fd:c2,mod_nw_dst:192.168.2.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":190,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.12 Action: mod_vlan_vid:3,mod_dl_dst:fa:16:3e:4a:fd:c3,mod_nw_dst:192.168.1.20,mod_nw_src:169.254.169.254,output:\"to-br-int\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"45199188_7b45fdae","line":187,"range":{"start_line":187,"start_character":8,"end_line":187,"end_character":10},"in_reply_to":"762cfd70_0133954e","updated":"2022-02-09 14:28:41.000000000","message":"Done","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":185,"context_line":"  Match: ip,in_port\u003d\"tap-meta\" actions\u003dpush_vlan,goto_table:81"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"  Table\u003d91"},{"line_number":188,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.10 Action: mod_vlan_vid:1,mod_dl_dst:fa:16:3e:4a:fd:c1,mod_nw_dst:192.168.1.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":189,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.11 Action: mod_vlan_vid:2,mod_dl_dst:fa:16:3e:4a:fd:c2,mod_nw_dst:192.168.2.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":190,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.12 Action: mod_vlan_vid:3,mod_dl_dst:fa:16:3e:4a:fd:c3,mod_nw_dst:192.168.1.20,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":191,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.13 Action: mod_vlan_vid:4,mod_dl_dst:fa:16:3e:4a:fd:c4,mod_nw_dst:192.168.3.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"21fbf704_20df640a","line":188,"range":{"start_line":188,"start_character":18,"end_line":188,"end_character":22},"updated":"2021-11-03 15:07:55.000000000","message":"What is vlan 2000? Why is the response coming from a vlan? Does this want to be the provider_vlan? In the example config above that was vlan 998. What exactly do we use provider_vlan for?","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"d8ef7f836a81b8d583965edbc4947887d681f207","unresolved":false,"context_lines":[{"line_number":185,"context_line":"  Match: ip,in_port\u003d\"tap-meta\" actions\u003dpush_vlan,goto_table:81"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"  Table\u003d91"},{"line_number":188,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.10 Action: mod_vlan_vid:1,mod_dl_dst:fa:16:3e:4a:fd:c1,mod_nw_dst:192.168.1.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":189,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.11 Action: mod_vlan_vid:2,mod_dl_dst:fa:16:3e:4a:fd:c2,mod_nw_dst:192.168.2.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":190,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.12 Action: mod_vlan_vid:3,mod_dl_dst:fa:16:3e:4a:fd:c3,mod_nw_dst:192.168.1.20,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":191,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.13 Action: mod_vlan_vid:4,mod_dl_dst:fa:16:3e:4a:fd:c4,mod_nw_dst:192.168.3.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"c38966bd_847098d6","line":188,"range":{"start_line":188,"start_character":18,"end_line":188,"end_character":22},"in_reply_to":"0a5d921e_6b218692","updated":"2021-11-04 01:43:50.000000000","message":"Done","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":185,"context_line":"  Match: ip,in_port\u003d\"tap-meta\" actions\u003dpush_vlan,goto_table:81"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":"  Table\u003d91"},{"line_number":188,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.10 Action: mod_vlan_vid:1,mod_dl_dst:fa:16:3e:4a:fd:c1,mod_nw_dst:192.168.1.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":189,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.11 Action: mod_vlan_vid:2,mod_dl_dst:fa:16:3e:4a:fd:c2,mod_nw_dst:192.168.2.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":190,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.12 Action: mod_vlan_vid:3,mod_dl_dst:fa:16:3e:4a:fd:c3,mod_nw_dst:192.168.1.20,mod_nw_src:169.254.169.254,output:\"to-br-int\""},{"line_number":191,"context_line":"  Match: dl_vlan\u003d\u003c2000\u003e,ip,nw_dst\u003d100.100.0.13 Action: mod_vlan_vid:4,mod_dl_dst:fa:16:3e:4a:fd:c4,mod_nw_dst:192.168.3.10,mod_nw_src:169.254.169.254,output:\"to-br-int\""}],"source_content_type":"text/x-rst","patch_set":4,"id":"0a5d921e_6b218692","line":188,"range":{"start_line":188,"start_character":18,"end_line":188,"end_character":22},"in_reply_to":"21fbf704_20df640a","updated":"2021-11-04 01:42:50.000000000","message":"Yes, it shuold be provider_vlan_id \u003d 998.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":253,"context_line":"        daemon"},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"    frontend public"},{"line_number":256,"context_line":"        bind            *:80 name clear"},{"line_number":257,"context_line":"        mode            http"},{"line_number":258,"context_line":"        log             global"},{"line_number":259,"context_line":"        option          httplog"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9b239273_a212a093","line":256,"range":{"start_line":256,"start_character":24,"end_line":256,"end_character":28},"updated":"2021-11-03 15:07:55.000000000","message":"For ipv6 too \"::80\".","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":253,"context_line":"        daemon"},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"    frontend public"},{"line_number":256,"context_line":"        bind            *:80 name clear"},{"line_number":257,"context_line":"        mode            http"},{"line_number":258,"context_line":"        log             global"},{"line_number":259,"context_line":"        option          httplog"}],"source_content_type":"text/x-rst","patch_set":4,"id":"765be0ec_e28a2845","line":256,"range":{"start_line":256,"start_character":24,"end_line":256,"end_character":28},"in_reply_to":"562bea04_ddf4401b","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":253,"context_line":"        daemon"},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"    frontend public"},{"line_number":256,"context_line":"        bind            *:80 name clear"},{"line_number":257,"context_line":"        mode            http"},{"line_number":258,"context_line":"        log             global"},{"line_number":259,"context_line":"        option          httplog"}],"source_content_type":"text/x-rst","patch_set":4,"id":"562bea04_ddf4401b","line":256,"range":{"start_line":256,"start_character":24,"end_line":256,"end_character":28},"in_reply_to":"9b239273_a212a093","updated":"2021-11-04 01:42:50.000000000","message":"I will not mixed the IPv6 related config to this sample here to avoid the complexity. Since it is already pretty complex.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":273,"context_line":""},{"line_number":274,"context_line":"    backend backend_{{ instance_1.uuid }}_{{ metadata_ip_1 }}"},{"line_number":275,"context_line":"        mode            http"},{"line_number":276,"context_line":"        balance         roundrobin"},{"line_number":277,"context_line":"        retries         3"},{"line_number":278,"context_line":"        option redispatch"},{"line_number":279,"context_line":"        timeout http-request    30s"}],"source_content_type":"text/x-rst","patch_set":4,"id":"28630e2d_da4ed50c","line":276,"range":{"start_line":276,"start_character":8,"end_line":276,"end_character":34},"updated":"2021-11-03 15:07:55.000000000","message":"\"balance source\" could make more sense for this kind of load.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":273,"context_line":""},{"line_number":274,"context_line":"    backend backend_{{ instance_1.uuid }}_{{ metadata_ip_1 }}"},{"line_number":275,"context_line":"        mode            http"},{"line_number":276,"context_line":"        balance         roundrobin"},{"line_number":277,"context_line":"        retries         3"},{"line_number":278,"context_line":"        option redispatch"},{"line_number":279,"context_line":"        timeout http-request    30s"}],"source_content_type":"text/x-rst","patch_set":4,"id":"a61633fc_4e292c3b","line":276,"range":{"start_line":276,"start_character":8,"end_line":276,"end_character":34},"in_reply_to":"28630e2d_da4ed50c","updated":"2021-11-04 01:42:50.000000000","message":"It will make make each VM to access same metadata API. roundrobin can avoid some request failure if one real metadata server is down.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":273,"context_line":""},{"line_number":274,"context_line":"    backend backend_{{ instance_1.uuid }}_{{ metadata_ip_1 }}"},{"line_number":275,"context_line":"        mode            http"},{"line_number":276,"context_line":"        balance         roundrobin"},{"line_number":277,"context_line":"        retries         3"},{"line_number":278,"context_line":"        option redispatch"},{"line_number":279,"context_line":"        timeout http-request    30s"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bdbd1b31_e73288be","line":276,"range":{"start_line":276,"start_character":8,"end_line":276,"end_character":34},"in_reply_to":"a61633fc_4e292c3b","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":15554,"name":"Bence Romsics","email":"bence.romsics@gmail.com","username":"ebenrom","status":"working for Ericsson, UTC+1 (+DST)"},"change_message_id":"86e3a6b08a1dca421992f7aa6a15c146914aae0b","unresolved":true,"context_lines":[{"line_number":312,"context_line":"        ..."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"IPv6 metadata"},{"line_number":315,"context_line":"*************"},{"line_number":316,"context_line":""},{"line_number":317,"context_line":"The metadata for IPv6 [2]_ only network has similar address ``fe80::a9fe:a9fe``,"},{"line_number":318,"context_line":"so all these works can be mirrored for IPv6. For IPv6 the generator"}],"source_content_type":"text/x-rst","patch_set":4,"id":"352cef75_c6f49107","line":315,"updated":"2021-11-03 15:07:55.000000000","message":"One little complication to keep in mind here: the link-local src address of the metadata request will not be an address assigned by neutron, but it contains a MAC address assigned by neutron.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":312,"context_line":"        ..."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"IPv6 metadata"},{"line_number":315,"context_line":"*************"},{"line_number":316,"context_line":""},{"line_number":317,"context_line":"The metadata for IPv6 [2]_ only network has similar address ``fe80::a9fe:a9fe``,"},{"line_number":318,"context_line":"so all these works can be mirrored for IPv6. For IPv6 the generator"}],"source_content_type":"text/x-rst","patch_set":4,"id":"cf678f1f_362d75d9","line":315,"in_reply_to":"04f4dd1e_477a3115","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"9d400862ba5ea872a1d11185183fa9897d4f8b8b","unresolved":true,"context_lines":[{"line_number":312,"context_line":"        ..."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"IPv6 metadata"},{"line_number":315,"context_line":"*************"},{"line_number":316,"context_line":""},{"line_number":317,"context_line":"The metadata for IPv6 [2]_ only network has similar address ``fe80::a9fe:a9fe``,"},{"line_number":318,"context_line":"so all these works can be mirrored for IPv6. For IPv6 the generator"}],"source_content_type":"text/x-rst","patch_set":4,"id":"04f4dd1e_477a3115","line":315,"in_reply_to":"352cef75_c6f49107","updated":"2021-11-04 01:42:50.000000000","message":"The match rule does not check the source LLA.","commit_id":"55ef06f24bbd17516583873bfa7652e73e74f60b"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"268c6368b802028877a3c59907bd528b3904c6c1","unresolved":true,"context_lines":[{"line_number":353,"context_line":"* Adding host haproxy manager for ovs-agent"},{"line_number":354,"context_line":"* Adding host metadata IP and Mac generator with ovsdb settings"},{"line_number":355,"context_line":"* Adding ovs-agent extension to set up flows for VM ports"},{"line_number":356,"context_line":"* Testing."},{"line_number":357,"context_line":"* Documentation."},{"line_number":358,"context_line":""},{"line_number":359,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":6,"id":"c8fc6661_52824a43","line":356,"range":{"start_line":356,"start_character":2,"end_line":356,"end_character":9},"updated":"2021-11-11 13:33:01.000000000","message":"functional env would be a good candidate, currently we have only OVN metadata functional tests (and some checks in l3 functional tests)","commit_id":"97f904256d117d05d04da529904e14b6058aed2e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":353,"context_line":"* Adding host haproxy manager for ovs-agent"},{"line_number":354,"context_line":"* Adding host metadata IP and Mac generator with ovsdb settings"},{"line_number":355,"context_line":"* Adding ovs-agent extension to set up flows for VM ports"},{"line_number":356,"context_line":"* Testing."},{"line_number":357,"context_line":"* Documentation."},{"line_number":358,"context_line":""},{"line_number":359,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ac80cd4a_e3f87cbb","line":356,"range":{"start_line":356,"start_character":2,"end_line":356,"end_character":9},"in_reply_to":"c8fc6661_52824a43","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"97f904256d117d05d04da529904e14b6058aed2e"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"268c6368b802028877a3c59907bd528b3904c6c1","unresolved":true,"context_lines":[{"line_number":364,"context_line":"Testing"},{"line_number":365,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"Test cases to verify the metadata can be set properly."},{"line_number":368,"context_line":""},{"line_number":369,"context_line":"References"},{"line_number":370,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fb632079_3e2329d5","line":367,"range":{"start_line":367,"start_character":0,"end_line":367,"end_character":54},"updated":"2021-11-11 13:33:01.000000000","message":"I suppose the existing jobs should be enough with new job to use the new metadata driver","commit_id":"97f904256d117d05d04da529904e14b6058aed2e"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"e06853deab56144e08824bcaab5ed6ab277d91a3","unresolved":false,"context_lines":[{"line_number":364,"context_line":"Testing"},{"line_number":365,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"Test cases to verify the metadata can be set properly."},{"line_number":368,"context_line":""},{"line_number":369,"context_line":"References"},{"line_number":370,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"eb21c6b6_3355f0d7","line":367,"range":{"start_line":367,"start_character":0,"end_line":367,"end_character":54},"in_reply_to":"fb632079_3e2329d5","updated":"2022-02-09 14:28:41.000000000","message":"Ack","commit_id":"97f904256d117d05d04da529904e14b6058aed2e"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"3a061dbc7bd36d96042dc240f51a7a8258f47dfd","unresolved":true,"context_lines":[{"line_number":294,"context_line":"  Match: arp,arp_tpa\u003d100.100.0.13 Action: ARP Responder with Meta_MAC fa:16:ee:00:00:44,IN_PORT"},{"line_number":295,"context_line":""},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Host haproxy configrations"},{"line_number":298,"context_line":"**************************"},{"line_number":299,"context_line":""},{"line_number":300,"context_line":"The host haproxy is one only process which is used for all VMs. The host"}],"source_content_type":"text/x-rst","patch_set":8,"id":"1e49483f_521723f1","line":297,"range":{"start_line":297,"start_character":13,"end_line":297,"end_character":26},"updated":"2021-11-19 14:37:57.000000000","message":"nit: configurations","commit_id":"5100ba3a7b4d7b663c0121468bab9412b34f61f6"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"0fafba9eedc756be8b2bd27cc988c17898042165","unresolved":false,"context_lines":[{"line_number":294,"context_line":"  Match: arp,arp_tpa\u003d100.100.0.13 Action: ARP Responder with Meta_MAC fa:16:ee:00:00:44,IN_PORT"},{"line_number":295,"context_line":""},{"line_number":296,"context_line":""},{"line_number":297,"context_line":"Host haproxy configrations"},{"line_number":298,"context_line":"**************************"},{"line_number":299,"context_line":""},{"line_number":300,"context_line":"The host haproxy is one only process which is used for all VMs. The host"}],"source_content_type":"text/x-rst","patch_set":8,"id":"9cb1bc04_f4cded9f","line":297,"range":{"start_line":297,"start_character":13,"end_line":297,"end_character":26},"in_reply_to":"1e49483f_521723f1","updated":"2022-02-08 08:55:24.000000000","message":"Done","commit_id":"5100ba3a7b4d7b663c0121468bab9412b34f61f6"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"3a061dbc7bd36d96042dc240f51a7a8258f47dfd","unresolved":true,"context_lines":[{"line_number":305,"context_line":"from one VM\u0027s (Meta_IP) it will be send to the matched backend, which add"},{"line_number":306,"context_line":"HTTP headers and then send to real nova-metadata-api."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Configrations:"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"::"},{"line_number":311,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"b48902ac_d2aeb5a9","line":308,"range":{"start_line":308,"start_character":0,"end_line":308,"end_character":13},"updated":"2021-11-19 14:37:57.000000000","message":"nit: Configurations","commit_id":"5100ba3a7b4d7b663c0121468bab9412b34f61f6"},{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"0fafba9eedc756be8b2bd27cc988c17898042165","unresolved":false,"context_lines":[{"line_number":305,"context_line":"from one VM\u0027s (Meta_IP) it will be send to the matched backend, which add"},{"line_number":306,"context_line":"HTTP headers and then send to real nova-metadata-api."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Configrations:"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"::"},{"line_number":311,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"0dbc41f3_14c01a11","line":308,"range":{"start_line":308,"start_character":0,"end_line":308,"end_character":13},"in_reply_to":"b48902ac_d2aeb5a9","updated":"2022-02-08 08:55:24.000000000","message":"Done","commit_id":"5100ba3a7b4d7b663c0121468bab9412b34f61f6"},{"author":{"_account_id":7730,"name":"Sahid Orentino Ferdjaoui","email":"sahid.ferdjaoui@industrialdiscipline.com","username":"sahid"},"change_message_id":"5ffac89d082598c24b5de55cbf61c8be264ae832","unresolved":true,"context_lines":[{"line_number":269,"context_line":""},{"line_number":270,"context_line":"Tap-meta device will be resident on host kernel IP stack, before the first"},{"line_number":271,"context_line":"response of TCP, the host (protocol stack) needs to know the META_IP\u0027s MAC"},{"line_number":272,"context_line":"address. So ARP reqeust is broadcast. ARP will be sent from tap-meta device"},{"line_number":273,"context_line":"to br-meta responder. The ARP responder datapath:"},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"::"}],"source_content_type":"text/x-rst","patch_set":9,"id":"b6ce9745_422b1cf1","line":272,"updated":"2023-04-05 10:05:04.000000000","message":"request","commit_id":"ebaa98925010b666d10ed64a116888a77e364790"}]}
