Load-balancer not passing traffic correctly when accessed via floating-IP
Hi all,
I have a multi-node Juno lab on CentOS 7.1 with one controller node, one network node, and two compute nodes.
I am using haproxy for lbaas, and am finding that while I can create a working VIP/pool et al that passes traffic on the internal VIP address, the floating-ip I have associated with it fails to respond or otherwise pass traffic. The floating-ips that I have associated with the individual instances themselves pass traffic no problem however.
I see that the VIP floating-ip is responding to ARP requests, but will not ping or return a SYN-ACK for configured ports despite being allowed by the security group. I am not seeing any log errors that look like they would point to this specifically. I do see some errors in the ovs-vswitchd.log relating to non-existent devices, but I wouldn't think them related (need to sort that separately).
Any ideas where to start looking in order to track this down? Any help would be much appreciated!
Curl against the VIP from a peer instance:
[fedora@web-84ffe0f7-9169-4c29-8be5-d2f4ba443019 ~]$ curl -v http://192.168.1.200/server.txt
* Hostname was NOT found in DNS cache
* Trying 192.168.1.200...
* Connected to 192.168.1.200 (192.168.1.200) port 80 (#0)
> GET /server.txt HTTP/1.1
> User-Agent: curl/7.37.0
> Host: 192.168.1.200
> Accept: */*
>
< HTTP/1.1 200 OK
* Server nginx/1.6.3 is not blacklisted
< Server: nginx/1.6.3
< Date: Thu, 30 Apr 2015 23:53:14 GMT
< Content-Type: text/plain
< Content-Length: 41
< Last-Modified: Thu, 30 Apr 2015 18:28:58 GMT
< ETag: "5542746a-29"
< Accept-Ranges: bytes
<
web-6744ff64-8b4c-4c60-9823-ee891d37adc3
* Connection #0 to host 192.168.1.200 left intact
[fedora@web-84ffe0f7-9169-4c29-8be5-d2f4ba443019 ~]$
Curl against the pool member instance's floating-IP:
[nmckay@bistromath ~]$ curl -v http://10.12.21.204/server.txt
* Hostname was NOT found in DNS cache
* Trying 10.12.21.204...
* Connected to 10.12.21.204 (10.12.21.204) port 80 (#0)
> GET /server.txt HTTP/1.1
> User-Agent: curl/7.36.0
> Host: 10.12.21.204
> Accept: */*
>
< HTTP/1.1 200 OK
* Server nginx/1.6.3 is not blacklisted
< Server: nginx/1.6.3
< Date: Thu, 30 Apr 2015 23:52:01 GMT
< Content-Type: text/plain
< Content-Length: 41
< Last-Modified: Thu, 30 Apr 2015 18:28:58 GMT
< Connection: keep-alive
< ETag: "5542746a-29"
< Accept-Ranges: bytes
<
web-6744ff64-8b4c-4c60-9823-ee891d37adc3
* Connection #0 to host 10.12.21.204 left intact
[nmckay@bistromath ~]$
Curl against the VIP's floating IP:
[nmckay@bistromath ~]$ curl -v http://10.12.21.205/server.txt
* Hostname was NOT found in DNS cache
* Trying 10.12.21.205...
* connect to 10.12.21.205 port 80 failed: Operation timed out
* Failed to connect to 10.12.21.205 port 80: Operation timed out
* Closing connection 0
curl: (7) Failed to connect to 10.12.21.205 port 80: Operation timed out
[nmckay@bistromath ~]$
Tcpdump output showing ARP response:
[nmckay@bistromath ~]$ sudo tcpdump -i em2 host 10.12.21.205 ...
Can you ping the VIP from some other node in the same subnet?
I can ping the VIP fixed address from an instance on the same subnet.
I cannot ping the floating address associated with the VIP from a node on the same subnet.
The network node is responding to ARP requests for the floating address however.
LBaas Service quick setup check test