Ask Your Question

How proxy ARP works been enabled on the ‘fg’ device in the FIP namespace (DVR DNAT) ?

asked 2015-10-13 05:40:00 -0500

What exactly proxy ARP does been configured as above in regards of incoming ( from Internet ) requests to connect to virtual machines having FIP assigned ? Does usual qg-xxxxxx port in standard qrouter-namespace have similar functionality ?

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted

answered 2015-10-13 12:00:54 -0500

dbaxps gravatar image

I believe post
is addressing both questions:-

1.When the outside world wants to contact the VM’s floating IP, the FIP namespace will reply that is available via the fg’s device MAC address (An awful lie, but a useful one… Such is the life of a proxy). The traffic will be forwarded to the machine, in through a NIC connected to br-ex and in to the FIP’s namespace ‘fg’ device. The FIP namespace will use its route to and route it out its fpr veth device. The message will be received by the qrouter namespace: is configured on its rfp device, its iptables rules will replace the packet’s destination IP with the VM’s fixed IP of and off to the VM the message goes.

2. Legacy routers provide floating IPs connectivity by performing 1:1 NAT between the VM’s fixed IP and its floating IP inside the router namespace. Additionally, the L3 agent throws out a gratuitous ARP when it configures the floating IP on the router’s external device. This is done to advertise to the external network that the floating IP is reachable via the router’s external device’s MAC address. Floating IPs are configured as /32 prefixes on the router’s external device and so the router answers any ARP requests for these addresses. Legacy routers are of course scheduled only on a select subgroup of nodes known as network nodes
edit flag offensive delete link more

answered 2016-04-13 10:03:23 -0500

Haifa Al Nasseri gravatar image

Question I'm having an issue with similar area, as I can connect to the instance from the network node just because the node can connect the qg port the instance associated with the instance floating IP address. But I can't connect to it from other nodes because network node reply back to the arp request of the other nodes-using floating IP related to qg- but the other nodes never gets the reply. Any though?

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-10-13 05:40:00 -0500

Seen: 925 times

Last updated: Apr 13 '16