DVR fixed IP reachability with floating IP

asked 2016-09-13 14:55:44 -0600

mattmix gravatar image

OpenStack Mitaka with Neutron 8.1.2

I have an external network and tenant network that are part of the same address scope. On centralized routers this means that I can directly reach the tenant network (routed rfc1918) from outside the OpenStack environment and can connect to either the floating or fixed when a floating IP is assigned.

I've now migrated to DVR and can connect to the fixed IP only when there is no floating IP present but connections to the floating IP always work fine. Using tcpdump on my workstation, I see the SYN+ACK packet return from the VM but then nothing. Using tcpdump on the rfp- interface on the qrouter- namespace on the compute node, I see the SYN+ACK packet go out without any SNAT transform, but all subsequent packets in that connection are transformed to the floating IP.

Shouldn't this work like the centralized router case? I should be able to originate connections to the fixed IP without it being SNAT'd in the replies.

edit retag flag offensive close merge delete