yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #69380
[Bug 1733852] [NEW] Incorrect ARP entries in new DVR routers for Octavia VRRP addresses
Public bug reported:
Hi,
I am running Ocata Neutron with OVS DVR, l2_population is on, and Ocata
Octavia is also installed. Under a certain circumstance, I am getting
incorrect ARP entries in the routers for the VRRP address of the
loadbalancers created.
Here is the ARP table for a router that preexisted a Load Balancer creation :
[root@<shnip> ~]# ip netns exec qrouter-6b5fe9df-eab2-4147-b95f-419d0c620344 ip neigh
10.2.2.11 dev qr-458b6819-4f lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.1 dev qr-458b6819-4f lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.2 dev qr-458b6819-4f lladdr fa:16:3e:70:0e:8c PERMANENT
[root@<shnip> ~]#
After creating a loadbalancer, ports are created for the load balancer instance in the project network and the vrrp address (but as far as I understand, the vrrp port is just there to reserve the IP):
[root@<shnip> /]# openstack port show 9bb862a7-fdb5-487e-94f5-4fac8b55d5d2
+-----------------------+-------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | ip_address='10.2.2.8', mac_address='fa:16:3e:78:82:cb' |
| binding_host_id | <shnip> |
| binding_profile | |
| binding_vif_details | ovs_hybrid_plug='True', port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2017-11-22T10:35:11Z |
| description | |
| device_id | 3355a8e7-95fe-4f15-8233-3ffcbb935d5c |
| device_owner | compute:None |
| dns_assignment | fqdn='amphora-8cc77a78-359e-4829-968b-2d026869d845.cloud.<shnip>.', hostname |
| | ='amphora-8cc77a78-359e-4829-968b-2d026869d845', ip_address='10.2.2.5' |
| dns_name | amphora-8cc77a78-359e-4829-968b-2d026869d845 |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.2.2.5', subnet_id='0c8633c6-96a1-4c0e-a73f-212eddfd6172' |
| id | 9bb862a7-fdb5-487e-94f5-4fac8b55d5d2 |
| ip_address | None |
| mac_address | fa:16:3e:78:82:cb |
| name | octavia-lb-vrrp-8cc77a78-359e-4829-968b-2d026869d845 |
| network_id | 8d365ce2-d909-410d-991c-7f503a65d67b |
| option_name | None |
| option_value | None |
| port_security_enabled | False |
| project_id | 905d2c54fe08456abee3c44feb1d8e05 |
| qos_policy_id | None |
| revision_number | 18 |
| security_groups | 355790da-7eec-4685-b92e-7a6e2cd1ba1e |
| status | ACTIVE |
| subnet_id | None |
| updated_at | 2017-11-22T12:04:36Z |
+-----------------------+-------------------------------------------------------------------------------------------+
[root@<shnip> /]# openstack port show 85848204-7127-4080-bdde-dccef083f330
+-----------------------+-------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------------+
| admin_state_up | DOWN |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2017-11-22T10:35:04Z |
| description | None |
| device_id | 0f0f57b3-d0a7-45d3-bddb-e5353c9d9134 |
| device_owner | neutron:LOADBALANCERV2 |
| dns_assignment | fqdn='host-10-2-2-8.cloud.<shnip>.', hostname='host-10-2-2-8', |
| | ip_address='10.2.2.8' |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.2.2.8', subnet_id='0c8633c6-96a1-4c0e-a73f-212eddfd6172' |
| id | 85848204-7127-4080-bdde-dccef083f330 |
| ip_address | None |
| mac_address | fa:16:3e:d0:3c:aa |
| name | loadbalancer-0f0f57b3-d0a7-45d3-bddb-e5353c9d9134 |
| network_id | 8d365ce2-d909-410d-991c-7f503a65d67b |
| option_name | None |
| option_value | None |
| port_security_enabled | False |
| project_id | c053ae2460e741008fa0ea908ae7da8c |
| qos_policy_id | None |
| revision_number | 6 |
| security_groups | 355790da-7eec-4685-b92e-7a6e2cd1ba1e |
| status | DOWN |
| subnet_id | None |
| updated_at | 2017-11-22T10:35:10Z |
+-----------------------+-------------------------------------------------------------------------------------------+
[root@<shnip> /]#
The router ARP table is updated as I would expect :
[root@<shnip> ~]# ip netns exec qrouter-6b5fe9df-eab2-4147-b95f-419d0c620344 ip neigh
10.2.2.11 dev qr-458b6819-4f lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.1 dev qr-458b6819-4f lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.2 dev qr-458b6819-4f lladdr fa:16:3e:70:0e:8c PERMANENT
10.2.2.8 dev qr-458b6819-4f lladdr fa:16:3e:78:82:cb PERMANENT
10.2.2.5 dev qr-458b6819-4f lladdr fa:16:3e:78:82:cb PERMANENT
[root@<shnip> ~]#
However, if I create a new router and attach an interface to the project subnet, the ARP table is populated with the MAC address of the vrrp port that was created. This prevents traffic from flowing as the MAC should either be absent (so it can ARP itself) or the MAC for the active port.
[root@<shnip> ~]# ip netns exec qrouter-a5158caa-893c-4e6e-babf-141125f1e476 ip neigh
10.2.2.2 dev qr-f8e750c0-31 lladdr fa:16:3e:70:0e:8c PERMANENT
10.2.2.1 dev qr-f8e750c0-31 lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.11 dev qr-f8e750c0-31 lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.5 dev qr-f8e750c0-31 lladdr fa:16:3e:78:82:cb PERMANENT
10.2.2.8 dev qr-f8e750c0-31 lladdr fa:16:3e:d0:3c:aa PERMANENT
[root@<shnip> ~]#
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1733852
Title:
Incorrect ARP entries in new DVR routers for Octavia VRRP addresses
Status in neutron:
New
Bug description:
Hi,
I am running Ocata Neutron with OVS DVR, l2_population is on, and
Ocata Octavia is also installed. Under a certain circumstance, I am
getting incorrect ARP entries in the routers for the VRRP address of
the loadbalancers created.
Here is the ARP table for a router that preexisted a Load Balancer creation :
[root@<shnip> ~]# ip netns exec qrouter-6b5fe9df-eab2-4147-b95f-419d0c620344 ip neigh
10.2.2.11 dev qr-458b6819-4f lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.1 dev qr-458b6819-4f lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.2 dev qr-458b6819-4f lladdr fa:16:3e:70:0e:8c PERMANENT
[root@<shnip> ~]#
After creating a loadbalancer, ports are created for the load balancer instance in the project network and the vrrp address (but as far as I understand, the vrrp port is just there to reserve the IP):
[root@<shnip> /]# openstack port show 9bb862a7-fdb5-487e-94f5-4fac8b55d5d2
+-----------------------+-------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | ip_address='10.2.2.8', mac_address='fa:16:3e:78:82:cb' |
| binding_host_id | <shnip> |
| binding_profile | |
| binding_vif_details | ovs_hybrid_plug='True', port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2017-11-22T10:35:11Z |
| description | |
| device_id | 3355a8e7-95fe-4f15-8233-3ffcbb935d5c |
| device_owner | compute:None |
| dns_assignment | fqdn='amphora-8cc77a78-359e-4829-968b-2d026869d845.cloud.<shnip>.', hostname |
| | ='amphora-8cc77a78-359e-4829-968b-2d026869d845', ip_address='10.2.2.5' |
| dns_name | amphora-8cc77a78-359e-4829-968b-2d026869d845 |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.2.2.5', subnet_id='0c8633c6-96a1-4c0e-a73f-212eddfd6172' |
| id | 9bb862a7-fdb5-487e-94f5-4fac8b55d5d2 |
| ip_address | None |
| mac_address | fa:16:3e:78:82:cb |
| name | octavia-lb-vrrp-8cc77a78-359e-4829-968b-2d026869d845 |
| network_id | 8d365ce2-d909-410d-991c-7f503a65d67b |
| option_name | None |
| option_value | None |
| port_security_enabled | False |
| project_id | 905d2c54fe08456abee3c44feb1d8e05 |
| qos_policy_id | None |
| revision_number | 18 |
| security_groups | 355790da-7eec-4685-b92e-7a6e2cd1ba1e |
| status | ACTIVE |
| subnet_id | None |
| updated_at | 2017-11-22T12:04:36Z |
+-----------------------+-------------------------------------------------------------------------------------------+
[root@<shnip> /]# openstack port show 85848204-7127-4080-bdde-dccef083f330
+-----------------------+-------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-------------------------------------------------------------------------------------------+
| admin_state_up | DOWN |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2017-11-22T10:35:04Z |
| description | None |
| device_id | 0f0f57b3-d0a7-45d3-bddb-e5353c9d9134 |
| device_owner | neutron:LOADBALANCERV2 |
| dns_assignment | fqdn='host-10-2-2-8.cloud.<shnip>.', hostname='host-10-2-2-8', |
| | ip_address='10.2.2.8' |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.2.2.8', subnet_id='0c8633c6-96a1-4c0e-a73f-212eddfd6172' |
| id | 85848204-7127-4080-bdde-dccef083f330 |
| ip_address | None |
| mac_address | fa:16:3e:d0:3c:aa |
| name | loadbalancer-0f0f57b3-d0a7-45d3-bddb-e5353c9d9134 |
| network_id | 8d365ce2-d909-410d-991c-7f503a65d67b |
| option_name | None |
| option_value | None |
| port_security_enabled | False |
| project_id | c053ae2460e741008fa0ea908ae7da8c |
| qos_policy_id | None |
| revision_number | 6 |
| security_groups | 355790da-7eec-4685-b92e-7a6e2cd1ba1e |
| status | DOWN |
| subnet_id | None |
| updated_at | 2017-11-22T10:35:10Z |
+-----------------------+-------------------------------------------------------------------------------------------+
[root@<shnip> /]#
The router ARP table is updated as I would expect :
[root@<shnip> ~]# ip netns exec qrouter-6b5fe9df-eab2-4147-b95f-419d0c620344 ip neigh
10.2.2.11 dev qr-458b6819-4f lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.1 dev qr-458b6819-4f lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.2 dev qr-458b6819-4f lladdr fa:16:3e:70:0e:8c PERMANENT
10.2.2.8 dev qr-458b6819-4f lladdr fa:16:3e:78:82:cb PERMANENT
10.2.2.5 dev qr-458b6819-4f lladdr fa:16:3e:78:82:cb PERMANENT
[root@<shnip> ~]#
However, if I create a new router and attach an interface to the project subnet, the ARP table is populated with the MAC address of the vrrp port that was created. This prevents traffic from flowing as the MAC should either be absent (so it can ARP itself) or the MAC for the active port.
[root@<shnip> ~]# ip netns exec qrouter-a5158caa-893c-4e6e-babf-141125f1e476 ip neigh
10.2.2.2 dev qr-f8e750c0-31 lladdr fa:16:3e:70:0e:8c PERMANENT
10.2.2.1 dev qr-f8e750c0-31 lladdr fa:16:3e:f0:45:c9 PERMANENT
10.2.2.11 dev qr-f8e750c0-31 lladdr fa:16:3e:3c:df:9c PERMANENT
10.2.2.5 dev qr-f8e750c0-31 lladdr fa:16:3e:78:82:cb PERMANENT
10.2.2.8 dev qr-f8e750c0-31 lladdr fa:16:3e:d0:3c:aa PERMANENT
[root@<shnip> ~]#
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1733852/+subscriptions
Follow ups
