Ask Your Question
1

How proxy ARP works been enabled on the ‘fg’ device in the FIP namespace (DVR DNAT) ?

asked 2015-10-13 05:40:00 -0500

What exactly proxy ARP does been configured as above in regards of incoming ( from Internet ) requests to connect to virtual machines having FIP assigned ? Does usual qg-xxxxxx port in standard qrouter-namespace have similar functionality ?

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted
1

answered 2015-10-13 12:00:54 -0500

dbaxps gravatar image

I believe post http://assafmuller.com/2015/04/15/dis...
is addressing both questions:-

1.When the outside world wants to contact the VM’s floating IP, the FIP namespace will reply that 192.168.1.3 is available via the fg’s device MAC address (An awful lie, but a useful one… Such is the life of a proxy). The traffic will be forwarded to the machine, in through a NIC connected to br-ex and in to the FIP’s namespace ‘fg’ device. The FIP namespace will use its route to 192.168.1.3 and route it out its fpr veth device. The message will be received by the qrouter namespace: 192.168.1.3 is configured on its rfp device, its iptables rules will replace the packet’s destination IP with the VM’s fixed IP of 10.0.0.4 and off to the VM the message goes.

2. Legacy routers provide floating IPs connectivity by performing 1:1 NAT between the VM’s fixed IP and its floating IP inside the router namespace. Additionally, the L3 agent throws out a gratuitous ARP when it configures the floating IP on the router’s external device. This is done to advertise to the external network that the floating IP is reachable via the router’s external device’s MAC address. Floating IPs are configured as /32 prefixes on the router’s external device and so the router answers any ARP requests for these addresses. Legacy routers are of course scheduled only on a select subgroup of nodes known as network nodes
edit flag offensive delete link more
0

answered 2016-04-13 10:03:23 -0500

Haifa Al Nasseri gravatar image

Question I'm having an issue with similar area, as I can connect to the instance from the network node just because the node can connect the qg port the instance associated with the instance floating IP address. But I can't connect to it from other nodes because network node reply back to the arp request of the other nodes-using floating IP related to qg- but the other nodes never gets the reply. Any though?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-10-13 05:40:00 -0500

Seen: 690 times

Last updated: Apr 13 '16