yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #74406
[Bug 1788614] [NEW] dvr floating IP not work
Public bug reported:
openstack Q
centos7.5
[root@compute02 ~]# uname -r
3.10.0-862.el7.x86_64
neutron L3 DVR enable
compute node:
There are 2 vm dvr (float IP) on compute02 that cannot access each other.
192.0.2.11 and 192.0.2.14 can be ping successfully
compute02:
vm1 vm2
192.0.2.11 192.0.2.14
192.168.16.13(float IP) 192.168.16.22(float IP)
[root@compute02 ~]# ip netns
qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a (id: 0)
fip-2b3cd7de-ff71-4be1-8d87-fb153469456a (id: 1)
[root@compute02 ~]# ip netns exec fip-2b3cd7de-ff71-4be1-8d87-fb153469456a ip route show
169.254.95.212/31 dev fpr-58b0f4c6-9 proto kernel scope link src 169.254.95.213
192.168.16.0/24 dev fg-690c809d-54 proto kernel scope link src 192.168.16.6
192.168.16.13 via 169.254.95.212 dev fpr-58b0f4c6-9
192.168.16.22 via 169.254.95.212 dev fpr-58b0f4c6-9
root@compute02 ~]# ip netns exec qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a ip route show
169.254.95.212/31 dev rfp-58b0f4c6-9 proto kernel scope link src 169.254.95.212
192.0.2.0/24 dev qr-3dad3c3e-4c proto kernel scope link src 192.0.2.1
[root@compute02 ~]# ip netns exec qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i rfp-58b0f4c6-9 ! -o rfp-58b0f4c6-9 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-PREROUTING -d 192.168.16.22/32 -i rfp-58b0f4c6-9 -j DNAT --to-destination 192.0.2.14
-A neutron-l3-agent-PREROUTING -d 192.168.16.13/32 -i rfp-58b0f4c6-9 -j DNAT --to-destination 192.0.2.11
-A neutron-l3-agent-float-snat -s 192.0.2.14/32 -j SNAT --to-source 192.168.16.22
-A neutron-l3-agent-float-snat -s 192.0.2.11/32 -j SNAT --to-source 192.168.16.13
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
[root@compute02 ~]# ip netns exec qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: @if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fa:68:2b:be:da:93 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.95.212/31 scope global rfp-58b0f4c6-9
valid_lft forever preferred_lft forever
inet6 fe80::f868:2bff:febe:da93/64 scope link
valid_lft forever preferred_lft forever
310: qr-3dad3c3e-4c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:4d:79:56 brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/24 brd 192.0.2.255 scope global qr-3dad3c3e-4c
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe4d:7956/64 scope link
valid_lft forever preferred_lft forever
[root@compute02 ~]# ip netns exec qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a tcpdump -i rfp-58b0f4c6-9 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rfp-58b0f4c6-9, link-type EN10MB (Ethernet), capture size 262144 bytes
21:29:07.754841 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 1, length 64
21:29:08.753192 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 2, length 64
21:29:09.753182 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 3, length 64
21:29:10.753210 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 4, length 64
21:29:11.753181 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 5, length 64
21:29:12.753200 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 6, length 64
21:29:13.753191 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 7, length 64
21:29:14.753170 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 8, length 64
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1788614
Title:
dvr floating IP not work
Status in neutron:
New
Bug description:
openstack Q
centos7.5
[root@compute02 ~]# uname -r
3.10.0-862.el7.x86_64
neutron L3 DVR enable
compute node:
There are 2 vm dvr (float IP) on compute02 that cannot access each other.
192.0.2.11 and 192.0.2.14 can be ping successfully
compute02:
vm1 vm2
192.0.2.11 192.0.2.14
192.168.16.13(float IP) 192.168.16.22(float IP)
[root@compute02 ~]# ip netns
qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a (id: 0)
fip-2b3cd7de-ff71-4be1-8d87-fb153469456a (id: 1)
[root@compute02 ~]# ip netns exec fip-2b3cd7de-ff71-4be1-8d87-fb153469456a ip route show
169.254.95.212/31 dev fpr-58b0f4c6-9 proto kernel scope link src 169.254.95.213
192.168.16.0/24 dev fg-690c809d-54 proto kernel scope link src 192.168.16.6
192.168.16.13 via 169.254.95.212 dev fpr-58b0f4c6-9
192.168.16.22 via 169.254.95.212 dev fpr-58b0f4c6-9
root@compute02 ~]# ip netns exec qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a ip route show
169.254.95.212/31 dev rfp-58b0f4c6-9 proto kernel scope link src 169.254.95.212
192.0.2.0/24 dev qr-3dad3c3e-4c proto kernel scope link src 192.0.2.1
[root@compute02 ~]# ip netns exec qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i rfp-58b0f4c6-9 ! -o rfp-58b0f4c6-9 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-PREROUTING -d 192.168.16.22/32 -i rfp-58b0f4c6-9 -j DNAT --to-destination 192.0.2.14
-A neutron-l3-agent-PREROUTING -d 192.168.16.13/32 -i rfp-58b0f4c6-9 -j DNAT --to-destination 192.0.2.11
-A neutron-l3-agent-float-snat -s 192.0.2.14/32 -j SNAT --to-source 192.168.16.22
-A neutron-l3-agent-float-snat -s 192.0.2.11/32 -j SNAT --to-source 192.168.16.13
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
[root@compute02 ~]# ip netns exec qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: @if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fa:68:2b:be:da:93 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.95.212/31 scope global rfp-58b0f4c6-9
valid_lft forever preferred_lft forever
inet6 fe80::f868:2bff:febe:da93/64 scope link
valid_lft forever preferred_lft forever
310: qr-3dad3c3e-4c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:16:3e:4d:79:56 brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/24 brd 192.0.2.255 scope global qr-3dad3c3e-4c
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe4d:7956/64 scope link
valid_lft forever preferred_lft forever
[root@compute02 ~]# ip netns exec qrouter-58b0f4c6-9b28-44ca-b593-88b5bae9494a tcpdump -i rfp-58b0f4c6-9 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rfp-58b0f4c6-9, link-type EN10MB (Ethernet), capture size 262144 bytes
21:29:07.754841 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 1, length 64
21:29:08.753192 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 2, length 64
21:29:09.753182 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 3, length 64
21:29:10.753210 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 4, length 64
21:29:11.753181 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 5, length 64
21:29:12.753200 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 6, length 64
21:29:13.753191 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 7, length 64
21:29:14.753170 IP 192.168.16.11 > 192.168.16.22: ICMP echo request, id 2606, seq 8, length 64
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1788614/+subscriptions
