← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #33446

[Bug 1462154] [NEW] With DVR Pings to floating IPs replied with fixed-ips

  Thread PreviousDate PreviousThread Next 
Public bug reported:

On my single node devstack setup, there are 2 VMs hosted.  VM1 has no floating IP assigned.  VM2 has a floating IP assigned.  From VM1, ping to VM2 using the floating IP.  Ping output reports the replies comes from VM2's fixed ip address.
The reply should be from VM2's floating ip address.

This is a DVR problem as it doesn't happen when the L3 agent's mode is
'legacy'.

This may be a problem with the NAT rules defined by the DVR L3-agent.

I used the latest neutron code on the master branch to reproduce, The
agent_mode is set to 'dvr_snat'.


Here is how the problem is reproduced:

VM1 and VM2 runs on the same host.

VM1 has fixed IP of 10.11.12.4, no floating-ip associated.
VM2 has fixed IP of 10.11.12.5  floating-ip=10.127.10.226

Logged into VM1 from the qrouter namespace.

>From VM1, ping to 10.127.10.226, ping output at VM1 reports
ping replies are from the VM2's fixed IP address

# ssh cirros@10.11.12.4
cirros@10.11.12.4's password: 
$ ping 10.127.10.226
PING 10.127.10.226 (10.127.10.226): 56 data bytes
64 bytes from 10.11.12.5: seq=0 ttl=64 time=4.189 ms
64 bytes from 10.11.12.5: seq=1 ttl=64 time=1.254 ms
64 bytes from 10.11.12.5: seq=2 ttl=64 time=2.386 ms
64 bytes from 10.11.12.5: seq=3 ttl=64 time=2.064 ms
^C
--- 10.127.10.226 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.254/2.473/4.189 ms
$ 


If I associate a floating IP on VM1 then repeat the same test, ping reports the replies comes from VM2's floating IP:

# ssh cirros@10.11.12.4
cirros@10.11.12.4's password: 
$ ping 10.127.10.226
PING 10.127.10.226 (10.127.10.226): 56 data bytes
64 bytes from 10.127.10.226: seq=0 ttl=63 time=16.750 ms
64 bytes from 10.127.10.226: seq=1 ttl=63 time=2.417 ms
64 bytes from 10.127.10.226: seq=2 ttl=63 time=1.558 ms
64 bytes from 10.127.10.226: seq=3 ttl=63 time=1.042 ms
64 bytes from 10.127.10.226: seq=4 ttl=63 time=2.770 ms
^C
--- 10.127.10.226 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.042/4.907/16.750 ms
$

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1462154

Title:
  With DVR Pings to floating IPs replied with fixed-ips

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  On my single node devstack setup, there are 2 VMs hosted.  VM1 has no floating IP assigned.  VM2 has a floating IP assigned.  From VM1, ping to VM2 using the floating IP.  Ping output reports the replies comes from VM2's fixed ip address.
  The reply should be from VM2's floating ip address.

  This is a DVR problem as it doesn't happen when the L3 agent's mode is
  'legacy'.

  This may be a problem with the NAT rules defined by the DVR L3-agent.

  I used the latest neutron code on the master branch to reproduce, The
  agent_mode is set to 'dvr_snat'.

  
  Here is how the problem is reproduced:

  VM1 and VM2 runs on the same host.

  VM1 has fixed IP of 10.11.12.4, no floating-ip associated.
  VM2 has fixed IP of 10.11.12.5  floating-ip=10.127.10.226

  Logged into VM1 from the qrouter namespace.

  From VM1, ping to 10.127.10.226, ping output at VM1 reports
  ping replies are from the VM2's fixed IP address

  # ssh cirros@10.11.12.4
  cirros@10.11.12.4's password: 
  $ ping 10.127.10.226
  PING 10.127.10.226 (10.127.10.226): 56 data bytes
  64 bytes from 10.11.12.5: seq=0 ttl=64 time=4.189 ms
  64 bytes from 10.11.12.5: seq=1 ttl=64 time=1.254 ms
  64 bytes from 10.11.12.5: seq=2 ttl=64 time=2.386 ms
  64 bytes from 10.11.12.5: seq=3 ttl=64 time=2.064 ms
  ^C
  --- 10.127.10.226 ping statistics ---
  4 packets transmitted, 4 packets received, 0% packet loss
  round-trip min/avg/max = 1.254/2.473/4.189 ms
  $ 

  
  If I associate a floating IP on VM1 then repeat the same test, ping reports the replies comes from VM2's floating IP:

  # ssh cirros@10.11.12.4
  cirros@10.11.12.4's password: 
  $ ping 10.127.10.226
  PING 10.127.10.226 (10.127.10.226): 56 data bytes
  64 bytes from 10.127.10.226: seq=0 ttl=63 time=16.750 ms
  64 bytes from 10.127.10.226: seq=1 ttl=63 time=2.417 ms
  64 bytes from 10.127.10.226: seq=2 ttl=63 time=1.558 ms
  64 bytes from 10.127.10.226: seq=3 ttl=63 time=1.042 ms
  64 bytes from 10.127.10.226: seq=4 ttl=63 time=2.770 ms
  ^C
  --- 10.127.10.226 ping statistics ---
  5 packets transmitted, 5 packets received, 0% packet loss
  round-trip min/avg/max = 1.042/4.907/16.750 ms
  $

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1462154/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next