yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1122335] Re: Pinging a floating ip from an instance without floating can fail

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 21 Feb 2013 08:59:06 -0000
Reply-to: Bug 1122335 <1122335@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Fix Committed => Fix Released

** Changed in: nova
    Milestone: None => grizzly-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1122335

Title:
  Pinging a floating ip from an instance without floating can fail

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  This is a fairly complicated networking problem that can happen when
  using an external gateway with fixed and floating ips on different
  interfaces that have no natting in between.

  Basically it works as follows:

  If you ping an a floating ip from an instance with only a fixed ip,
  the traffic will be sent to the default gateway. If the default
  gateway has a route to the floating ip, it will then be sent to the
  host of the instance with the floating ip. Unfortunately the source
  address will be on the fixed network which will cause the receiving
  host to drop the packet due to rp_filter. Essentially, the route for
  the fixed range is on a different interface so it the kernel assumes
  the packet is spoofed and drops it.

  In order for this scenario to work properly, it is necessary to snat
  packets on the source host that are going to the floating range.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1122335/+subscriptions