packets not reaching VM
We have a Openstack Juno setup with 1 controller+neutron node and 3 compute nodes. 1 VM (LB) has ipvsadm installed and two VMs act as back end server.
On the server with ipvsadm I have eth0:0 IP as 192.168.1.21 which acts as application IP. The ipvsadm uses round robin scheme. This is done using commands as below:
sudo ipvsadm -A -t 192.168.1.21:6000 -s rr
sudo ipvsadm -a -t 192.168.1.21:6000 -r 192.168.1.77:6000 -g
sudo ipvsadm -a -t 192.168.1.21:6000 -r 192.168.1.79:6000 -g
where 192.168.1.77 and 192.168.1.79 are back end server VM IP.
The problem is that the packets go out of the LB VM but never reach the back end server.
In the tcpdumps on various interfaces show that the packet reach till qbr of the LB VM but donot reach the qvo interface of LB VM. Are there any rules that get applied here which block these packets. The packets from the client VM are sent to back end server by the LB VM by changing the destination MAC of the packets.
The packets that leave LB VM to reach back end VM have source as the client VM IP and destination IP as 192.168.1.21 (application IP) and the src MAC of LB VM and dst MAC of backend server VM. Is this the reason for the packets to be blocked. Is there any way to allow these packets to flow to the back end server?
Please help us regarding this.
The host has many VMs thus a huge list when iptables -S is done. The LB VM IP is 192.168.1.75
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N neutron-filter-top
-N neutron-openvswi-FORWARD
-N neutron-openvswi-INPUT
-N neutron-openvswi-OUTPUT
-N neutron-openvswi-i10a4632b-9
-N neutron-openvswi-i131bf200-3
-N neutron-openvswi-i319ad1b9-b
-N neutron-openvswi-i3fb9dd53-d
-N neutron-openvswi-i4f240dc1-6
-N neutron-openvswi-i578e7d84-b
-N neutron-openvswi-i5c7b6b9f-d
-N neutron-openvswi-i5e93d25e-1
-N neutron-openvswi-i5fcd8d22-3
-N neutron-openvswi-i610385e2-d
-N neutron-openvswi-i93321459-0
-N neutron-openvswi-ib094e27b-1
-N neutron-openvswi-ib9882cfd-4
-N neutron-openvswi-ic2dad3ae-c
-N neutron-openvswi-ie8321530-4
-N neutron-openvswi-local
-N neutron-openvswi-o10a4632b-9
-N neutron-openvswi-o131bf200-3
-N neutron-openvswi-o319ad1b9-b
-N neutron-openvswi-o3fb9dd53-d
-N neutron-openvswi-o4f240dc1-6
-N neutron-openvswi-o578e7d84-b
-N neutron-openvswi-o5c7b6b9f-d
-N neutron-openvswi-o5e93d25e-1
-N neutron-openvswi-o5fcd8d22-3
-N neutron-openvswi-o610385e2-d
-N neutron-openvswi-o93321459-0
-N neutron-openvswi-ob094e27b-1
-N neutron-openvswi-ob9882cfd-4
-N neutron-openvswi-oc2dad3ae-c
-N neutron-openvswi-oe8321530-4
-N neutron-openvswi-s10a4632b-9
-N neutron-openvswi-s131bf200-3
-N neutron-openvswi-s319ad1b9-b
-N neutron-openvswi-s3fb9dd53-d
-N neutron-openvswi-s4f240dc1-6
-N neutron-openvswi-s578e7d84-b
-N neutron-openvswi-s5c7b6b9f-d
-N neutron-openvswi-s5e93d25e-1
-N neutron-openvswi-s5fcd8d22-3
-N neutron-openvswi-s610385e2-d
-N neutron-openvswi-s93321459-0
-N neutron-openvswi-sb094e27b-1
-N neutron-openvswi-sb9882cfd-4
-N neutron-openvswi-sc2dad3ae-c
-N neutron-openvswi-se8321530-4
-N neutron-openvswi-sg-chain
-N neutron-openvswi-sg-fallback
-A INPUT -j neutron-openvswi-INPUT
-A FORWARD -j neutron-filter-top
-A FORWARD -j neutron-openvswi-FORWARD
-A OUTPUT -j neutron-filter-top
-A OUTPUT -j neutron-openvswi-OUTPUT
-A neutron-filter-top -j neutron-openvswi-local
-A neutron-openvswi-FORWARD -m physdev --physdev-out tap5fcd8d22-30 --physdev-is-bridged -j neutron-openvswi-sg-chain
-A neutron-openvswi-FORWARD -m physdev --physdev-in tap5fcd8d22-30 --physdev-is-bridged -j neutron-openvswi-sg-chain
-A neutron-openvswi-FORWARD -m physdev --physdev-out tap319ad1b9-bb --physdev-is-bridged -j neutron-openvswi-sg-chain
-A neutron-openvswi-FORWARD -m physdev --physdev-in tap319ad1b9-bb --physdev-is-bridged -j neutron-openvswi-sg-chain
-A neutron-openvswi-FORWARD -m physdev --physdev-out tape8321530-46 --physdev-is-bridged -j neutron-openvswi-sg-chain
-A neutron-openvswi-FORWARD -m physdev --physdev-in tape8321530-46 --physdev-is-bridged -j neutron-openvswi-sg-chain
-A neutron-openvswi-FORWARD -m physdev --physdev-out tap93321459-0e --physdev-is-bridged -j neutron-openvswi-sg-chain
-A neutron-openvswi-FORWARD -m ...
