Ask Your Question
0

Octavia Pike DVR HA floating ip problem

asked 2018-03-02 09:16:51 -0500

b.bezak gravatar image

updated 2018-03-05 15:09:36 -0500

Octavia Pike DVR HA floating ip problem, latest build.

This bug looks fixed, not bound floating ip is being created in SNAT namespace: https://bugs.launchpad.net/neutron/+bug/1583694 (https://bugs.launchpad.net/neutron/+b...) https://git.openstack.org/cgit/openstack/neutron/commit/?id=8b4bb9c0b057da175f2d773f8257de3e571aed4e (https://git.openstack.org/cgit/openst...)

VIP works well in vxlan networks, however VIP cannot be reached via floating IP. it is a DVR HA setup.

SNAT namespace:

#

-A neutron-l3-agent-OUTPUT -d 146.213.172.18/32 -j DNAT --to-destination 192.168.0.15 -A neutron-l3-agent-POSTROUTING ! -i qg-35d599d9-40 ! -o qg-35d599d9-40 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d 146.213.172.18/32 -j DNAT --to-destination 192.168.0.15 -A neutron-l3-agent-float-snat -s 192.168.0.15/32 -j SNAT --to-source 146.213.172.18 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-35d599d9-40 -m connmark --mark 0x4010000/0xffff0000 -j ACCEPT -A neutron-l3-agent-snat -o qg-35d599d9-40 -j SNAT --to-source 146.213.172.17 -A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 146.213.172.17

#

packets are going to snat namespace: 146.213.192.167 > 146.213.172.18: ICMP echo request, id 56271, seq 904, length 64

however apparently those are not being routed to the VIP, but VIP is reachable directly from SNAT namespace

telnet 192.168.0.15 443 Trying 192.168.0.15... Connected to 192.168.0.15. Escape character is '^]'.

netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 146.213.172.1 0.0.0.0 UG 0 0 0 qg-35d599d9-40 146.213.172.0 0.0.0.0 255.255.255.0 U 0 0 0 qg-35d599d9-40 169.254.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ha-6585c53d-42 169.254.192.0 0.0.0.0 255.255.192.0 U 0 0 0 ha-6585c53d-42 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 sg-610ad56a-70

# EDIT

probably this is related to address scopes in DVR HA setup. I have raised a neutron bug for it: https://bugs.launchpad.net/neutron/+bug/1753434 (https://bugs.launchpad.net/neutron/+b...)

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2018-03-13 10:20:52 -0500

johnsom gravatar image

Thanks for tracking that down and opening a neutron bug for it! Others are likely to run into that as well. johnsom

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-03-02 09:16:51 -0500

Seen: 96 times

Last updated: Mar 13