yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1220611] Re: Packets not routed to guest VMs

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Nicolae Paladi <n.paladi@xxxxxxxxx>
Date: Mon, 09 Sep 2013 13:56:45 -0000
Reply-to: Bug 1220611 <1220611@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Changed in: neutron
       Status: Incomplete => Invalid

** Converted to question:
   https://answers.launchpad.net/neutron/+question/235402

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1220611

Title:
  Packets not routed to guest VMs

Status in OpenStack Neutron (virtual network service):
  Invalid

Bug description:
  Hi,

  on a multi-node setup of OpenStack with Neutron, packets are not routed to
  the guest VMs that are not located on the same host as the controller VM.

  Guest VMs are started and running as expected.

  * Using:
    openvswitch
    tenant_network_type: vlan

  below are the generated iptables rules:

  ip netns exec  qrouter-<router-id> iptables-save

  # Generated by iptables-save v1.4.7 on Wed Sep  4 11:44:47 2013
  *filter
  :INPUT ACCEPT [45:4396]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [73:6748]
  :quantum-filter-top - [0:0]
  :quantum-l3-agent-FORWARD - [0:0]
  :quantum-l3-agent-INPUT - [0:0]
  :quantum-l3-agent-OUTPUT - [0:0]
  :quantum-l3-agent-local - [0:0]
  -A INPUT -j quantum-l3-agent-INPUT 
  -A FORWARD -j quantum-filter-top 
  -A FORWARD -j quantum-l3-agent-FORWARD 
  -A OUTPUT -j quantum-filter-top 
  -A OUTPUT -j quantum-l3-agent-OUTPUT 
  -A quantum-filter-top -j quantum-l3-agent-local 
  -A quantum-l3-agent-INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9697 -j ACCEPT 
  COMMIT
  # Completed on Wed Sep  4 11:44:47 2013
  # Generated by iptables-save v1.4.7 on Wed Sep  4 11:44:47 2013
  *nat
  :PREROUTING ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  :OUTPUT ACCEPT [10:840]
  :quantum-l3-agent-OUTPUT - [0:0]
  :quantum-l3-agent-POSTROUTING - [0:0]
  :quantum-l3-agent-PREROUTING - [0:0]
  :quantum-l3-agent-float-snat - [0:0]
  :quantum-l3-agent-snat - [0:0]
  :quantum-postrouting-bottom - [0:0]
  -A PREROUTING -j quantum-l3-agent-PREROUTING 
  -A POSTROUTING -j quantum-l3-agent-POSTROUTING 
  -A POSTROUTING -j quantum-postrouting-bottom 
  -A OUTPUT -j quantum-l3-agent-OUTPUT 
  -A quantum-l3-agent-POSTROUTING ! -i qg-7f6f13dc-1e ! -o qg-7f6f13dc-1e -m conntrack ! --ctstate DNAT -j ACCEPT 
  -A quantum-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 
  -A quantum-l3-agent-snat -j quantum-l3-agent-float-snat 
  -A quantum-l3-agent-snat -s 10.0.101.0/24 -j SNAT --to-source 10.64.201.1 
  -A quantum-l3-agent-snat -s 10.0.105.0/24 -j SNAT --to-source 10.64.201.1 
  -A quantum-l3-agent-snat -s 10.0.103.0/24 -j SNAT --to-source 10.64.201.1 
  -A quantum-postrouting-bottom -j quantum-l3-agent-snat 
  COMMIT
  # Completed on Wed Sep  4 11:44:47 2013
  # Generated by iptables-save v1.4.7 on Wed Sep  4 11:44:47 2013
  *mangle
  :PREROUTING ACCEPT [34548:10656570]
  :INPUT ACCEPT [34484:10652802]
  :FORWARD ACCEPT [10:840]
  :OUTPUT ACCEPT [844:83664]
  :POSTROUTING ACCEPT [857:84756]
  COMMIT
  # Completed on Wed Sep  4 11:44:47 2013

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1220611/+subscriptions