Not able to reach instance through floating IP - Kilo
Hello,
I created a 3 node setup with neutron node in Kilo, but facing an issue with the instance floating IP reachability Instance can ping the qrouter interface and instance is reachable through namespace. Security groups are configured to allow all traffic.
One thing I noticed is the qg-c3e2cbcf-5a interface is created in br-int. Compared with a juno setup and I could see that interface was showing in br-ex.
Tried a port mirroring and see if the traffic is reaching br-int, but it is not.
Please see the OVS configuration
[root@network ~]# ovs-vsctl show
f9d088fd-ef7a-4dff-820d-35e6796a96ae
Bridge br-int
fail_mode: secure
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port "qr-7055d1c9-0e"
tag: 2
Interface "qr-7055d1c9-0e"
type: internal
Port "tape9bbd694-98"
tag: 2
Interface "tape9bbd694-98"
type: internal
Port br-int
Interface br-int
type: internal
Port "snooper0"
Interface "snooper0"
Port "qg-c3e2cbcf-5a"
tag: 1
Interface "qg-c3e2cbcf-5a"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port "gre-0a0a6466"
Interface "gre-0a0a6466"
type: gre
options: {df_default="true", in_key=flow, local_ip="10.10.100.101", out_key=flow, remote_ip="10.10.100.102"}
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Bridge br-ex
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port br-ex
Interface br-ex
type: internal
ovs_version: "2.3.1"
Name space details
[root@network ~]# ip netns list
qdhcp-6641ac5a-8983-43ca-bd59-9d3849c1821c
qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14
[root@network ~]# ip netns exec qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
9: qr-7055d1c9-0e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:cb:e8:cb brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/24 brd 172.16.0.255 scope global qr-7055d1c9-0e
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fecb:e8cb/64 scope link
valid_lft forever preferred_lft forever
10: qg-c3e2cbcf-5a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:02:f5:4a brd ff:ff:ff:ff:ff:ff
inet 100.100.100.3/24 brd 100.100.100.255 scope global qg-c3e2cbcf-5a
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe02:f54a/64 scope link
valid_lft forever preferred_lft forever
root@network ~]# ip netns exec qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14 iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-c3e2cbcf-5a ! -o qg-c3e2cbcf-5a -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-c3e2cbcf-5a -j SNAT --to-source 100.100.100.3
-A neutron-l3-agent-snat -m mark ! --mark 0x2 -m ...add a comment
