** Description changed: - In one of the cloud environment, the FIP attached to the Octavia - Loadbalancer VIP is not reachable. After analysis, we found the ARP - entry for SNAT IP is missing in the qrouter namespace where Amphora VM - is running. And so the return packets are not forwarded from qrouter to - snat on active l3-agent node. + [Impact] + Load Balancers deployed on the cloud are unreachable + + [Test Case] + 1. Deploy openstack with atleast 4 compute nodes with networking features DVR SNAT+L3HA + 2. Execute the script test_snat_arp_entry.sh + 3. The script loops for 20 times creating network, router and connecting router to external, internal network and checking if ARP entries are populated properly on qrouter namespaces + 4. The script stops if arp entries are missing. + 5. If the script runs for 20 loops, then there are no issues. + + [Regression Potential] + The issue only happens a few times when a router is created, external gateway set and internal subnet attached to router in quick succession. In other cases, the arp entry of snat is already added. + The fix just adds extra logic to add arp entry retrieving snat information from the router. In working cases, this extra logic will execute commands to add arp entry twice which should not cause further issues. + + [Original Bug Report] + In one of the cloud environment, the FIP attached to the Octavia Loadbalancer VIP is not reachable. After analysis, we found the ARP entry for SNAT IP is missing in the qrouter namespace where Amphora VM is running. And so the return packets are not forwarded from qrouter to snat on active l3-agent node. Version: Ubuntu Ussuri packages (16.3.2 point release) DVR+SNAT+L3HA enabled Expectation is to have PERMANENT arp entry for snat ip on qrouter namespace on all compute nodes 192.168.33.238 dev qr-4ee692e0-7a lladdr fa:16:3e:25:6a:73 used 38/38/38 probes 0 PERMANENT How to reproduce: Attaching a script to simulate the problem (without octavia) with following steps 1. network/subnet/router is created, network attached to router 2. verify if qrouter on all compute nodes has arp entries related to snat ip 3. if arp entries exists, delete network/subnet/router 4. Repeat steps 1,2,3 until missing arp entry is observed. I am able to reproduce missing arp entry sometimes in 3rd loop and sometimes in 6th loop. Observed arp entries for snat ip is updated at the following places [1] [2] but get_snat_interfaces() and get_ports_by_subnet() are not updated with snat ip in non-working cases. [1] https://opendev.org/openstack/neutron/src/commit/dfd04115b059c2263cdd8ac44ccc2ec47614bcc3/neutron/agent/l3/dvr_local_router.py#L570 [2] https://opendev.org/openstack/neutron/src/commit/dfd04115b059c2263cdd8ac44ccc2ec47614bcc3/neutron/agent/l3/dvr_local_router.py#L317
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933092 Title: snat arp entry missing in qrouter namespace To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1933092/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
