yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1927691] Re: Port forwading does only work between VMs in the same neutron network

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1927691@xxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Jul 2021 04:17:19 -0000
Reply-to: Bug 1927691 <1927691@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1927691

Title:
  Port forwading does only work between VMs in the same neutron network

Status in neutron:
  Expired

Bug description:
  First of all, I'm not really sure if this is a bug, or some sort of
  configuration error on our side.. But I'm having issues with the port
  forwarding in neutron.

  Openstack ussuri, running on Bionic
  neutron-l3-agent	2:16.2.0-0ubuntu1~cloud0
  openvswitch-switch      2.13.1-0ubuntu0.20.04.1~cloud0

  My scenario:
  - Create two networks (net1 and net2), and attach a router to each of them
  - Create two VMs in net1, one in net2
  - Attach a "plain" FIP to VM-1 and VM-3
  - Create a FIP for the port forwarding, and create a port forwarding rule pointing to VM-2 (i.e map FIP:80 to VM-2:8000)
  - Login to VM-2 and start listening to tcp 8000 with "python3 -m http.server 8000"

  What I expect:
  curl http://FIP:80 should give a response from VM-2:8000 from both VM-1, VM-3 and externally

  What happens:
  The port forwarding only works for VM-1. In other words, only between VMs in the same neutron network.

  --

  I've done some debugging with tcpdump on my network nodes within the
  netns of the qrouter. When I try to connect from either VM-3 or
  externally, I observe the packets arriving on the qrouter's external
  interface and they get dropped "somewhere". I've failed to
  understand/discover where and/or by what.

  In the dumps, we have the following IP addresses. All FIPs are in 10.212.136.0/21:
  VM-1 (net1): 192.168.0.92    (FIP: 10.212.143.126)
  VM-2 (net1): 192.168.0.35    (No FIP, but port forwarding rule on 10.212.141.76 80->8000)
  VM-3 (net2): 192.168.111.213 (FIP: 10.212.138.184)
  Router of net1: 192.168.0.1 / 10.212.140.143

  Iptables for the qrouter that hosts the FIP with port forwarding:
  http://paste.openstack.org/show/805020/

  tcpdump on the qrouter interal interface when doing "curl http://FIP"; from VM-1 (this works, but is of course rather useless):
  http://paste.openstack.org/show/805021/

  tcpdump on the qrouter external interface when doing "curl http://FIP"; from VM-3 (this is identical for connections from machines outside of our openstack environment - and no packets appear on the internal interface):
  http://paste.openstack.org/show/805022/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1927691/+subscriptions

References

[Bug 1927691] [NEW] Port forwading does only work between VMs in the same neutron network
From: Lars Erik Pedersen, 2021-05-07