Ask Your Question
2

Floating IP Problem Under JUNO DVR

asked 2014-10-30 15:19:14 -0500

gaud gravatar image

updated 2014-11-05 15:59:13 -0500

Floating IP Problem Under JUNO DVR

NOTE: This was converted to a bug report : https://bugs.launchpad.net/neutron/+b...

Type: Isolated issue for now

Presence: Juno 2014.2-1 RDO

Fix: Isolated issue for now

Description:

Whenever create FIP on a VM, it adds the FIP to ALL other compute nodes, a routing prefix in the FIP namespace, and IP interface alias on the qrouter. However, the iptables gets updated normally with only the DNAT for the particular IP of the VM on that compute node This causes the FIP proxy arp to answer ARP requests for ALL VM's on ALL compute nodes which results in compute nodes answering ARPs where they do not have the VM effectively blackholing traffic to that ip.

Here is a demonstration of the problem:

Before adding a vm+fip on compute4

[root@compute2 ~]# ip netns exec fip-616a6213-c339-4164-9dff-344ae9e04929 ip route show
default via 173.209.44.1 dev fg-6ede0596-3a
169.254.31.28/31 dev fpr-3a90aae6-3  proto kernel  scope link  src 169.254.31.29
173.209.44.0/24 dev fg-6ede0596-3a  proto kernel  scope link  src 173.209.44.6
173.209.44.4 via 169.254.31.28 dev fpr-3a90aae6-3



[root@compute3 neutron]# ip netns exec fip-616a6213-c339-4164-9dff-344ae9e04929 ip route show
default via 173.209.44.1 dev fg-26bef858-6b
169.254.31.238/31 dev fpr-3a90aae6-3  proto kernel  scope link  src 169.254.31.239
173.209.44.0/24 dev fg-26bef858-6b  proto kernel  scope link  src 173.209.44.5
173.209.44.3 via 169.254.31.238 dev fpr-3a90aae6-3



[root@compute4 ~]# ip netns exec fip-616a6213-c339-4164-9dff-344ae9e04929 ip route show
default via 173.209.44.1 dev fg-2919b6be-f4
173.209.44.0/24 dev fg-2919b6be-f4  proto kernel  scope link  src 173.209.44.8

after creating a new vm on compute4 and attaching a floating IP to it, we get this result. of course at this point, only the vm on compute4 is able to ping the public network

[root@compute2 ~]# ip netns exec fip-616a6213-c339-4164-9dff-344ae9e04929 ip route show
default via 173.209.44.1 dev fg-6ede0596-3a
169.254.31.28/31 dev fpr-3a90aae6-3  proto kernel  scope link  src 169.254.31.29
173.209.44.0/24 dev fg-6ede0596-3a  proto kernel  scope link  src 173.209.44.6
173.209.44.4 via 169.254.31.28 dev fpr-3a90aae6-3
173.209.44.7 via 169.254.31.28 dev fpr-3a90aae6-3



[root@compute3 neutron]# ip netns exec fip-616a6213-c339-4164-9dff-344ae9e04929 ip route show
default via 173.209.44.1 dev fg-26bef858-6b
169.254.31.238/31 dev fpr-3a90aae6-3  proto kernel  scope link  src 169.254.31.239
173.209.44.0/24 dev fg-26bef858-6b  proto kernel  scope link  src 173.209.44.5
173.209.44.3 via 169.254.31.238 dev fpr-3a90aae6-3
173.209.44.7 via 169.254.31.238 dev fpr-3a90aae6-3



[root@compute4 ~]# ip netns exec fip-616a6213-c339-4164-9dff-344ae9e04929 ip route show
default via 173.209.44.1 dev fg-2919b6be-f4
169.254.30.20/31 dev fpr-3a90aae6-3  proto kernel  scope link  src 169 ...
(more)
edit retag flag offensive close merge delete

Comments

Thank you for this post! It was driving me crazy that fip were turning into a black hole. I resolved it with the patch for this bug!

Thanks again!

capsali gravatar imagecapsali ( 2014-12-02 04:29:48 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
2

answered 2014-12-03 15:41:31 -0500

rbowen gravatar image
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

Stats

Asked: 2014-10-30 15:19:14 -0500

Seen: 1,113 times

Last updated: Dec 03 '14