Hi tao:
I have studied this situation for a time, and met almost same problem. I
have found that there are two ct actions with different zone id during
successful ovn-lb process. I have capture the related conntrack status as
below:(192.168.1.8 is vip, 192.168.1.2 is the ip after load balance):
tcp,orig=(src=192.168.11.25,dst=192.168.1.8,sport=49338,dport=22),reply=(src=192.168.1.2,dst=192.168.11.25,sport=22,dport=49338),zone=12,protoinfo=(state=ESTABLISHED)
tcp,orig=(src=192.168.11.25,dst=192.168.1.2,sport=49338,dport=22),reply=(src=192.168.1.2,dst=192.168.11.25,sport=22,dport=49338),zone=4,protoinfo=(state=ESTABLISHED)
But when I access the vip from VM which is on different network(the OVN
datapath id is differ), the access failed and the conntrack status is as below:
tcp,orig=(src=192.168.10.7,dst=192.168.1.8,sport=39206,dport=22),reply=(src=192.168.3.2,dst=192.168.10.7,sport=22,dport=39206),protoinfo=(state=SYN_SENT)
tcp,orig=(src=192.168.10.7,dst=192.168.1.8,sport=39206,dport=22),reply=(src=192.168.1.8,dst=192.168.10.7,sport=22,dport=39206),zone=17,protoinfo=(state=SYN_SENT)
obviously, one ct action without any zone id !!
I guess this may be a reason for link failure. But I have no idea about the
root cause.
Can anyone tell me the root cause? Thank you !
+--------------+
| VIP | 192.168.1.8/24 [ovn-datapath1]
+--------------+
|
|
+--------------+
| POOL |
+--------------+
|
|
|
|----------------------------------------------------|
| |
| |
+--------------+ +--------------+ +--------------+
| member1 | | member2 | | member3 |
+--------------+ +--------------+ +--------------+
| 192.168.1.2 | | 192.168.11.25| |192.168.10.7|
+--------------+ +--------------+ +--------------+
[ovn-datapath1] [ovn-datapath1] [ovn-datapath3]
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
