yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1786272] [NEW] Connection between two virtual routers does not work with DVR

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brian Haley <1786272@xxxxxxxxxxxxxxxxxx>
Date: Thu, 09 Aug 2018 14:29:28 -0000
Reply-to: Bug 1786272 <1786272@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

In DVR environment, connection over two virtual routers is not reachable
if VMs are on different computes but works if they are on the same
compute.  Here is a reproducer:

    $ openstack network create AP1Site
    $ openstack network create AP2Site
    $ openstack network create Wan
    $ openstack subnet create --gateway=10.10.210.254 --network AP1Site --subnet-range 10.10.210.0/24 AP1_sub
    $ openstack subnet create --gateway=10.10.220.254 --network AP2Site --subnet-range 10.10.220.0/24 AP2_sub
    $ openstack subnet create --gateway=10.10.200.254 --network Wan --subnet-range 10.10.200.0/24 Wan_sub
    $ openstack router create AP2-RT
    $ openstack router create AP1-RT
    $ openstack port create --network AP1Site --fixed-ip subnet=AP1_sub,ip-address=10.10.210.10 AP1Port-AP1Internal
    $ openstack port create --network AP2Site --fixed-ip subnet=AP2_sub,ip-address=10.10.220.10 AP2Port-AP2Internal
    $ openstack port create --network Wan --fixed-ip subnet=Wan_sub,ip-address=10.10.200.10 AP1-WANPort
    $ openstack port create --network Wan --fixed-ip subnet=Wan_sub,ip-address=10.10.200.20 AP2-WANPort
    $ nova boot --flavor <flavor> --image <image name> --nic port-id=<AP1Port-AP1Internal port id> AP1
    $ nova boot --flavor <flavor> --image <image name> --nic port-id=<AP2Port-AP2Internal port id> AP2
    $ openstack router add port AP2-RT AP2-WANPort
    $ openstack router add port AP1-RT AP1-WANPort
    $ openstack router add subnet AP2-RT AP2_sub
    $ openstack router add subnet AP1-RT AP1_sub
    $ openstack router set --route destination=10.10.220.0/24,gateway=10.10.200.20 AP1-RT 
    $ openstack router set --route destination=10.10.210.0/24,gateway=10.10.200.10 AP2-RT

  Set default routing on AP1.
    $ ip route add default via 10.10.210.254 dev eth0

VMs can't ping each other and can't ping the gateways either.

This is not using a shared network as another related bug mentions.

I want to discuss this at the l3 team meeting to make sure this isn't
just a limitation in a DVR environment, but I would think in the case
where the two VMs on different subnets were on different computes, the
traffic should be going via the centralized router, but would like to
confirm with others.

** Affects: neutron
     Importance: Undecided
     Assignee: Brian Haley (brian-haley)
         Status: New


** Tags: l3-dvr-backlog

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1786272

Title:
  Connection between two virtual routers does not work with DVR

Status in neutron:
  New

Bug description:
  In DVR environment, connection over two virtual routers is not
  reachable if VMs are on different computes but works if they are on
  the same compute.  Here is a reproducer:

      $ openstack network create AP1Site
      $ openstack network create AP2Site
      $ openstack network create Wan
      $ openstack subnet create --gateway=10.10.210.254 --network AP1Site --subnet-range 10.10.210.0/24 AP1_sub
      $ openstack subnet create --gateway=10.10.220.254 --network AP2Site --subnet-range 10.10.220.0/24 AP2_sub
      $ openstack subnet create --gateway=10.10.200.254 --network Wan --subnet-range 10.10.200.0/24 Wan_sub
      $ openstack router create AP2-RT
      $ openstack router create AP1-RT
      $ openstack port create --network AP1Site --fixed-ip subnet=AP1_sub,ip-address=10.10.210.10 AP1Port-AP1Internal
      $ openstack port create --network AP2Site --fixed-ip subnet=AP2_sub,ip-address=10.10.220.10 AP2Port-AP2Internal
      $ openstack port create --network Wan --fixed-ip subnet=Wan_sub,ip-address=10.10.200.10 AP1-WANPort
      $ openstack port create --network Wan --fixed-ip subnet=Wan_sub,ip-address=10.10.200.20 AP2-WANPort
      $ nova boot --flavor <flavor> --image <image name> --nic port-id=<AP1Port-AP1Internal port id> AP1
      $ nova boot --flavor <flavor> --image <image name> --nic port-id=<AP2Port-AP2Internal port id> AP2
      $ openstack router add port AP2-RT AP2-WANPort
      $ openstack router add port AP1-RT AP1-WANPort
      $ openstack router add subnet AP2-RT AP2_sub
      $ openstack router add subnet AP1-RT AP1_sub
      $ openstack router set --route destination=10.10.220.0/24,gateway=10.10.200.20 AP1-RT 
      $ openstack router set --route destination=10.10.210.0/24,gateway=10.10.200.10 AP2-RT

    Set default routing on AP1.
      $ ip route add default via 10.10.210.254 dev eth0

  VMs can't ping each other and can't ping the gateways either.

  This is not using a shared network as another related bug mentions.

  I want to discuss this at the l3 team meeting to make sure this isn't
  just a limitation in a DVR environment, but I would think in the case
  where the two VMs on different subnets were on different computes, the
  traffic should be going via the centralized router, but would like to
  confirm with others.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1786272/+subscriptions
Follow ups

[Bug 1786272] Re: Connection between two virtual routers does not work with DVR
From: OpenStack Infra, 2018-11-08