yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1873375] [NEW] Can not use vrrp in a dvr openstack environment

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: XiaoYu Zhu <1873375@xxxxxxxxxxxxxxxxxx>
Date: Fri, 17 Apr 2020 01:28:21 -0000
Reply-to: Bug 1873375 <1873375@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

We are trying to use vrrp between two VMs in a dvr environment, but it
failed.

According to https://review.opendev.org/#/c/716302/ ,for creating
additional ports in Neutron to allocate some IP address which will be
then used as VIP in keepalive ,it has stopped setting arp entries of
those unbound ports in qrouter namespace.This commit tried to insure
instance can use a VIP with DVR.

Now suppose we have two compute nodes cmp1 and cmp2，
vm1 on cmp1,qrouter1 on cmp1
vm2 on cmp2,qrouter2 on cmp2
different subnet
using dvr.

vm2 has a VIP 10.0.0.123 ,while creating an unbound port in Neutron with 10.0.0.123
vm1 ping 10.0.0.123
request from vm1 will be sended to qrouter1, qrouter1 does not have arp entry of 10.0.0.123, it will send arp request
however, when vm2 receive the arp request, the source-mac has being changed to qrouter2's mac by br-tun.
vm2 will send arp response to qrouter2, which means qrouter1 will never receive the arp response, finally, ping failed.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: arp dvr vrrp

** Description changed:

  We are trying to use vrrp between two VMs in a dvr environment, but it
  failed.
  
  According to https://review.opendev.org/#/c/716302/ ,for creating
  additional ports in Neutron to allocate some IP address which will be
  then used as VIP in keepalive ,it has stopped setting arp entries of
  those unbound ports in qrouter namespace.This commit tried to insure
  instance can use a VIP with DVR.
  
  Now suppose we have two compute nodes cmp1 and cmp2，
  vm1 on cmp1,qrouter1 on cmp1
  vm2 on cmp2,qrouter2 on cmp2
- same subnet
+ different subnet
  using dvr.
  
  vm2 has a VIP 10.0.0.123 ,while creating an unbound port in Neutron with 10.0.0.123
  vm1 ping 10.0.0.123
  request from vm1 will be sended to qrouter1, qrouter1 does not have arp entry of 10.0.0.123, it will send arp request
  however, when vm2 receive the arp request, the source-mac has being changed to qrouter2's mac by br-tun.
  vm2 will send arp response to qrouter2, which means qrouter1 will never receive the arp response, finally, ping failed.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1873375

Title:
  Can not use vrrp in a dvr openstack environment

Status in neutron:
  New

Bug description:
  We are trying to use vrrp between two VMs in a dvr environment, but it
  failed.

  According to https://review.opendev.org/#/c/716302/ ,for creating
  additional ports in Neutron to allocate some IP address which will be
  then used as VIP in keepalive ,it has stopped setting arp entries of
  those unbound ports in qrouter namespace.This commit tried to insure
  instance can use a VIP with DVR.

  Now suppose we have two compute nodes cmp1 and cmp2，
  vm1 on cmp1,qrouter1 on cmp1
  vm2 on cmp2,qrouter2 on cmp2
  different subnet
  using dvr.

  vm2 has a VIP 10.0.0.123 ,while creating an unbound port in Neutron with 10.0.0.123
  vm1 ping 10.0.0.123
  request from vm1 will be sended to qrouter1, qrouter1 does not have arp entry of 10.0.0.123, it will send arp request
  however, when vm2 receive the arp request, the source-mac has being changed to qrouter2's mac by br-tun.
  vm2 will send arp response to qrouter2, which means qrouter1 will never receive the arp response, finally, ping failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1873375/+subscriptions