why neutron metadata proxy is running with the router id?

asked 2015-04-06 11:00:53 -0500

pradeepcsekar gravatar image

I see the neutron metadata proxy is running with the router id attached to it, Can somebody please explain the theory behind this? My thought was, all the metadata requests eventually go to the

Thanks and Appreciate your explanation!

/usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/664c634a-d7f4-4886-a0f0-702c2f5acfac.pid --metadata_proxy_socket=/tmp/proxy_sockets/a.sock --router_id=664c634a-d7f4-4886-a0f0-702c2f5acfac --state_path=/var/lib/neutron --metadata_port=9697 --verbose --log-file=neutron-ns-metadata-proxy-664c634a-d7f4-4886-a0f0-702c2f5acfac.log --log-dir=/var/log/neutron

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2015-04-06 14:00:36 -0500

dbaxps gravatar image

View core stuff written for Quantum :-
You can also take a look at remake just verifying same principles from original link for Neutron on RDO Juno are still the same

[root@juno1 ~(keystone_admin)]# ip netns exec qrouter-1cf08ea2-959f-4206-b2f1-a9b4708399c1 netstat -anpt

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0  *               LISTEN      6755/python        

[root@juno1 ~(keystone_admin)]# ps -f --pid 6755 | fold -s -w 82

root      6755     1  0 08:01 ?        00:00:00 /usr/bin/python
--router_id=1cf08ea2-959f-4206-b2f1-a9b4708399c1 --state_path=/var/lib/neutron
--metadata_port=9697 --verbose

The nameserver proxy adds two HTTP headers to the request:
    X-Forwarded-For: with the instance's IP address
    X-Neutron-Router-ID: with the uuid of the Neutron router
and proxies it to a Unix domain socket with name

 3. Metadata agent receives request and queries the Neutron service
The metadata agent listens on this Unix socket. It is a normal Linux service that runs in the main operating system IP namespace, and so it is able to reach the Neutron  and Nova metadata services. Its configuration file has all the information required to do so.
edit flag offensive delete link more

answered 2015-04-06 15:11:28 -0500

Basically your qrouter namespace has a PREROUTING rule that redirects the HTTP request to a listener at port 9697

ip netns exec qrouter-664c634a-d7f4-4886-a0f0-702c2f5acfac iptables-save | grep 

ip netns exec qrouter-664c634a-d7f4-4886-a0f0-702c2f5acfac netstat -tlp

run these commands to get a better idea of what's going on.

The listener in this case is the Neutron metadata proxy service that in turn proxies the metadata request to the Nova metadata service.

The links @dbaxps should be helpful this was just a simpler version of what's going on.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-04-06 11:00:53 -0500

Seen: 1,518 times

Last updated: Apr 06 '15