← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2063463] [NEW] [ovn-octavia-provider] hairpin_snat_ip not set

 

Public bug reported:

At the moment, the OVN octavia provider does not set `hairpin_snat_ip`
out of the box which means that if a backend server is sending requests
to a load balancer which it is also a backend server of, it will get
that request where the source IP of the request is the floating IP of
the service.

The issue here is that there are two backend IPs, one floating and one
fixed and there is non-deterministic behaviour if `hairpin_snat_ip` is
not set.

We should ideally set `hairpin_snat_ip` to the internal IP so that it
always hairpins from that IP as opposed to many other IPs which will
make it easier to manage security groups as well.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2063463

Title:
  [ovn-octavia-provider] hairpin_snat_ip not set

Status in neutron:
  New

Bug description:
  At the moment, the OVN octavia provider does not set `hairpin_snat_ip`
  out of the box which means that if a backend server is sending
  requests to a load balancer which it is also a backend server of, it
  will get that request where the source IP of the request is the
  floating IP of the service.

  The issue here is that there are two backend IPs, one floating and one
  fixed and there is non-deterministic behaviour if `hairpin_snat_ip` is
  not set.

  We should ideally set `hairpin_snat_ip` to the internal IP so that it
  always hairpins from that IP as opposed to many other IPs which will
  make it easier to manage security groups as well.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2063463/+subscriptions