← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #88056

[Bug 1957185] [NEW] NAT reflection with OVN on xena not working

  Thread PreviousDate PreviousThread Next 
Public bug reported:

---- Problem
When a VM-A located in network 'INTRANET' tries to reach a VM-B also located in network 'INTRANET', but using a FIP with port forwarding, the connection does not work.

So if on of my FIPs has the IP 1.1.1.1 and that fip forwards port 25 to
VM-B i do this on VM-A

telnet 1.1.1.1 25

The connection stalls.

---- Setup

I have the following setup
 - Xena
 - OVN
 - DVR disabled
 - Multiple FIPs
 - multiple computes, one controller
 - Since non DVR, all FIPs are routed through the controller

The topology looks like this
 - 'INTRANET' network
 - 'K8S' network

---- Additional observation

- It does not matter if VM-A and VM-B are located on the same or different computes
- A VM-C located in network K8S can reach VM-B
- A VM-D located in network K8S can reach VM-C located in K8S using a non-port forward FIP
- Connection to 1.1.1.1 from the outer world are working without any issues

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1957185

Title:
  NAT reflection with OVN on xena not working

Status in neutron:
  New

Bug description:
  ---- Problem
  When a VM-A located in network 'INTRANET' tries to reach a VM-B also located in network 'INTRANET', but using a FIP with port forwarding, the connection does not work.

  So if on of my FIPs has the IP 1.1.1.1 and that fip forwards port 25
  to VM-B i do this on VM-A

  telnet 1.1.1.1 25

  The connection stalls.

  ---- Setup

  I have the following setup
   - Xena
   - OVN
   - DVR disabled
   - Multiple FIPs
   - multiple computes, one controller
   - Since non DVR, all FIPs are routed through the controller

  The topology looks like this
   - 'INTRANET' network
   - 'K8S' network

  ---- Additional observation

  - It does not matter if VM-A and VM-B are located on the same or different computes
  - A VM-C located in network K8S can reach VM-B
  - A VM-D located in network K8S can reach VM-C located in K8S using a non-port forward FIP
  - Connection to 1.1.1.1 from the outer world are working without any issues

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1957185/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next