Reviewed: https://review.openstack.org/289172 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=a388f78c8cb4b1c860bfc11029b5210955f1932d Submitter: Jenkins Branch: master
commit a388f78c8cb4b1c860bfc11029b5210955f1932d Author: Hong Hui Xiao <[email protected]> Date: Thu May 12 05:48:15 2016 +0000 DVR: Pings to floatingip returns with fixed-ip on same network Pinging a floatingip of VM1 from a second VM(VM2) which has SNAT enabled connected to a DVR router on the same network returns with fixed-ip address rather than the floatingip address. The NAT forwarding rules for floatingip in the router namespace does not check for the in coming port and tries to add the rule for all in coming ports. This causes the packets that are originating from the router namespace to be modified and forwarded directly to the VM2 fixed ip instead of forwarding the traffic to the SNAT namespace. The fix in here will make sure that for all routers, the floatingip forwarding rules will be applied only to the 'rfp-' internal ports and not to all ports. Change-Id: I9453beffd94bf685afd74b0820506fb6b7c996c4 Closes-Bug: #1462154 Co-Authored-By: Hong Hui Xiao <[email protected]> ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1462154 Title: With DVR Pings to floating IPs replied with fixed-ips if VMs are on the same network Status in neutron: Fix Released Bug description: On my single node devstack setup, there are 2 VMs hosted. VM1 has no floating IP assigned. VM2 has a floating IP assigned. From VM1, ping to VM2 using the floating IP. Ping output reports the replies comes from VM2's fixed ip address. The reply should be from VM2's floating ip address. This is a DVR problem as it doesn't happen when the L3 agent's mode is 'legacy'. This may be a problem with the NAT rules defined by the DVR L3-agent. I used the latest neutron code on the master branch to reproduce, The agent_mode is set to 'dvr_snat'. Here is how the problem is reproduced: VM1 and VM2 runs on the same host. VM1 has fixed IP of 10.11.12.4, no floating-ip associated. VM2 has fixed IP of 10.11.12.5 floating-ip=10.127.10.226 Logged into VM1 from the qrouter namespace. From VM1, ping to 10.127.10.226, ping output at VM1 reports ping replies are from the VM2's fixed IP address # ssh [email protected] [email protected]'s password: $ ping 10.127.10.226 PING 10.127.10.226 (10.127.10.226): 56 data bytes 64 bytes from 10.11.12.5: seq=0 ttl=64 time=4.189 ms 64 bytes from 10.11.12.5: seq=1 ttl=64 time=1.254 ms 64 bytes from 10.11.12.5: seq=2 ttl=64 time=2.386 ms 64 bytes from 10.11.12.5: seq=3 ttl=64 time=2.064 ms ^C --- 10.127.10.226 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 1.254/2.473/4.189 ms $ If I associate a floating IP on VM1 then repeat the same test, ping reports the replies comes from VM2's floating IP: # ssh [email protected] [email protected]'s password: $ ping 10.127.10.226 PING 10.127.10.226 (10.127.10.226): 56 data bytes 64 bytes from 10.127.10.226: seq=0 ttl=63 time=16.750 ms 64 bytes from 10.127.10.226: seq=1 ttl=63 time=2.417 ms 64 bytes from 10.127.10.226: seq=2 ttl=63 time=1.558 ms 64 bytes from 10.127.10.226: seq=3 ttl=63 time=1.042 ms 64 bytes from 10.127.10.226: seq=4 ttl=63 time=2.770 ms ^C --- 10.127.10.226 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 1.042/4.907/16.750 ms $ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1462154/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
