yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1182143] Re: asymmetric routes in nova network with external gateway and routing_source_ip

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Fri, 19 Sep 2014 11:07:56 -0000
Reply-to: Bug 1182143 <1182143@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** No longer affects: nova/grizzly

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1182143

Title:
  asymmetric routes in nova network with external gateway and
  routing_source_ip

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  This is a somewhat complex setup, but using an external gateway it is
  best if fixed network traffic is bridged untouched and floating
  network traffic is routed out through the public interface. The
  current iptables/ebtables setup forces bridged traffic to be routed if
  it is going to the networks listed in force_snat_range. This causes
  the snat for the routing_source_ip to be hit. This all works fine if
  /proc/sys/net/bridge/bridge-nf-call-iptables is set to 0.

  Unfortunately if the above sysctl is set to 1 then the bridged traffic
  also hits the fallback rule and is snatted as well. A small change
  would allow us to support both versions, which is: if force_snat_range
  is set, only do the fallback routing for those networks. This allows
  the bridged traffic to fall through and not get touched by the SNAT
  rules.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1182143/+subscriptions