aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIhar Hrachyshka <ihrachys@redhat.com>2017-05-23 18:13:28 -0700
committerIhar Hrachyshka <ihrachys@redhat.com>2017-05-30 10:39:26 -0700
commit0b6ce86e7ae59f25a6502269b216f16e2189708a (patch)
treed4484b33dd21ecb04637bb535e704194383f5ae5
parent7859f30ebf76edaa1f9af83f5783eb60ddb96fb8 (diff)
Enable arp_accept for all interfaces
OpenStack heavily relies on gratuitous ARP updates when moving floating IP addresses between devices. When a floating IP moves, Neutron L3 agent issues a burst of gratuitous ARP packets that should update any existing ARP table entries on all nodes that belong to the same network segment. Due to locktime kernel behavior, some gratuitous ARP packets may be ignored [1], rendering ARP table entries broken for some time. Due to a kernel bug [2], the time may be as long as hours, depending on other traffic flowing to the node. With the current EL7 kernel, the only way to make sure that nodes honor all sent gratuitous ARP updates is to set arp_accept to 1; this will disable locktime mechanism for the packets sent by Neutron L3 agent, and will make sure ARP tables are always updated. [1] https://patchwork.ozlabs.org/patch/762732/ [2] https://bugzilla.redhat.com/show_bug.cgi?id=1450203 Conflicts: puppet/services/kernel.yaml Related-Bug: #1690165 Change-Id: I863b240e0ab4c4d5bb844f91b607fd0937d5cedf (cherry picked from commit 804fd3427eeb31a2846ee096dbdac924ec39bcbc)
-rw-r--r--puppet/services/kernel.yaml2
-rw-r--r--releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml9
2 files changed, 11 insertions, 0 deletions
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index fec455d..90c84d7 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -39,6 +39,8 @@ outputs:
value: 5
net.ipv4.tcp_keepalive_time:
value: 5
+ net.ipv4.conf.all.arp_accept:
+ value: 1
net.nf_conntrack_max:
value: 500000
net.netfilter.nf_conntrack_max:
diff --git a/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml b/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml
new file mode 100644
index 0000000..4025477
--- /dev/null
+++ b/releasenotes/notes/enable-arp_accept-6296b0113bc56b10.yaml
@@ -0,0 +1,9 @@
+---
+other:
+ - |
+ All nodes now enable ``arp_accept`` sysctl setting to help with honoring
+ gratuitous ARP packets in their ARP tables. While sources of gratuitous ARP
+ packets are diverse, this comes especially useful for Neutron floating IP
+ addresses that roam between devices, and for which Neutron L3 agent sends
+ gratuitous ARP packets to update all network nodes about IP address new
+ locations.