Public bug reported:
The latest neutron-lbaas stable/liberty repo, the loadbalancer VIP will
not forward http packets to its pool members.
http to pool members are OK, but http to loadbalancer VIP failed.
Look at the VIP's port security-group, and it is correctly wired to the
security-group-id.
stack@htb-1n-eng-dhcp8:~/devstack$ neutron router-list
+--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id | name |
external_gateway_info
|
+--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 6181d39e-9e0c-4209-a20a-7708b49f9adb | router1 | {"network_id":
"7bf2d2d9-c714-46fe-a785-d1f4f43f0520", "enable_snat": true,
"external_fixed_ips": [{"subnet_id": "cc99a75d-229a-47ef-801a-095f1afa590a",
"ip_address": "172.24.4.2"}]} |
| e31ca56f-eb2f-4903-a254-a91ac736074c | venus-lb2-1506387029 | {"network_id":
"7bf2d2d9-c714-46fe-a785-d1f4f43f0520", "enable_snat": true,
"external_fixed_ips": [{"subnet_id": "cc99a75d-229a-47ef-801a-095f1afa590a",
"ip_address": "172.24.4.3"}]} |
+--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
stack@htb-1n-eng-dhcp8:~/devstack$ neutron lbaas-loadbalancer-list
+--------------------------------------+-----------+-------------+---------------------+----------+
| id | name | vip_address |
provisioning_status | provider |
+--------------------------------------+-----------+-------------+---------------------+----------+
| 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | venus-lb2 | 10.199.88.5 | ACTIVE
| haproxy |
+--------------------------------------+-----------+-------------+---------------------+----------+
stack@htb-1n-eng-dhcp8:~/devstack$ neutron lbaas-loadbalancer-show venus-lb2
+---------------------+------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------+
| admin_state_up | True |
| description | |
| id | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 |
| listeners | {"id": "7db08049-472a-4d95-bd33-7a3c42bd4cb9"} |
| name | venus-lb2 |
| operating_status | ONLINE |
| provider | haproxy |
| provisioning_status | ACTIVE |
| tenant_id | eea91ed392d64bae8d9eb41310127f09 |
| vip_address | 10.199.88.5 |
| vip_port_id | f542905d-8fde-4562-a9a1-e337f2d3c01c |
| vip_subnet_id | f8627153-0817-4676-b493-38c9e079426a |
+---------------------+------------------------------------------------+
stack@htb-1n-eng-dhcp8:~/devstack$ neutron port-show
f542905d-8fde-4562-a9a1-e337f2d3c01c
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value
|
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True
|
| allowed_address_pairs |
|
| binding:host_id | htb-1n-eng-dhcp8
|
| binding:vif_details | {"port_filter": true}
|
| binding:vif_type | ovs
|
| binding:vnic_type | normal
|
| device_id | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1
|
| device_owner | neutron:LOADBALANCERV2
|
| extra_dhcp_opts |
|
| fixed_ips | {"subnet_id": "f8627153-0817-4676-b493-38c9e079426a",
"ip_address": "10.199.88.5"} |
| id | f542905d-8fde-4562-a9a1-e337f2d3c01c
|
| mac_address | fa:16:3e:7e:9e:5d
|
| name | loadbalancer-9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1
|
| network_id | 65fa3789-e47f-49b8-a200-169960fc4997
|
| port_security_enabled | True
|
| security_groups | 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77
|
| status | ACTIVE
|
| tenant_id | eea91ed392d64bae8d9eb41310127f09
|
+-----------------------+------------------------------------------------------------------------------------+
stack@htb-1n-eng-dhcp8:~/devstack$ neutron security-group-show
86fb9c1e-c9ea-4d03-a57f-b61d4b906d77
+----------------------+--------------------------------------------------------------------+
| Field | Value
|
+----------------------+--------------------------------------------------------------------+
| description | venus-lb2-1506387029 description
|
| id | 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77
|
| name | venus-lb2-1506387029
|
| security_group_rules | {
|
| | "remote_group_id": null,
|
| | "direction": "ingress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": "tcp",
|
| | "tenant_id": "eea91ed392d64bae8d9eb41310127f09",
|
| | "port_range_max": 88,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": 80,
|
| | "ethertype": "IPv4",
|
| | "id": "6113145b-9c52-462d-827c-0bfb67e2203f"
|
| | }
|
| | {
|
| | "remote_group_id": null,
|
| | "direction": "egress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": null,
|
| | "tenant_id": "eea91ed392d64bae8d9eb41310127f09",
|
| | "port_range_max": null,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": null,
|
| | "ethertype": "IPv6",
|
| | "id": "90fa1ff2-3e21-4ad1-8622-d150306689dc"
|
| | }
|
| | {
|
| | "remote_group_id": null,
|
| | "direction": "ingress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": "tcp",
|
| | "tenant_id": "eea91ed392d64bae8d9eb41310127f09",
|
| | "port_range_max": 22,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": 22,
|
| | "ethertype": "IPv4",
|
| | "id": "af3b5d3a-43b6-4845-85db-e75d5ece2c0b"
|
| | }
|
| | {
|
| | "remote_group_id": null,
|
| | "direction": "egress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": null,
|
| | "tenant_id": "eea91ed392d64bae8d9eb41310127f09",
|
| | "port_range_max": null,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": null,
|
| | "ethertype": "IPv4",
|
| | "id": "b05f418c-20a7-467f-aa16-df4d96302007"
|
| | }
|
| | {
|
| | "remote_group_id": null,
|
| | "direction": "ingress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": "icmp",
|
| | "tenant_id": "eea91ed392d64bae8d9eb41310127f09",
|
| | "port_range_max": null,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": null,
|
| | "ethertype": "IPv4",
|
| | "id": "d3a88685-8f60-4f2c-9bfa-c6c7d56ecf44"
|
| | }
|
| tenant_id | eea91ed392d64bae8d9eb41310127f09
|
+----------------------+--------------------------------------------------------------------+
stack@htb-1n-eng-dhcp8:~/devstack$
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1594969
Title:
stable/liberty lbaas http package not forwarded
Status in neutron:
New
Bug description:
The latest neutron-lbaas stable/liberty repo, the loadbalancer VIP
will not forward http packets to its pool members.
http to pool members are OK, but http to loadbalancer VIP failed.
Look at the VIP's port security-group, and it is correctly wired to the
security-group-id.
stack@htb-1n-eng-dhcp8:~/devstack$ neutron router-list
+--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id | name |
external_gateway_info
|
+--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 6181d39e-9e0c-4209-a20a-7708b49f9adb | router1 |
{"network_id": "7bf2d2d9-c714-46fe-a785-d1f4f43f0520", "enable_snat": true,
"external_fixed_ips": [{"subnet_id": "cc99a75d-229a-47ef-801a-095f1afa590a",
"ip_address": "172.24.4.2"}]} |
| e31ca56f-eb2f-4903-a254-a91ac736074c | venus-lb2-1506387029 |
{"network_id": "7bf2d2d9-c714-46fe-a785-d1f4f43f0520", "enable_snat": true,
"external_fixed_ips": [{"subnet_id": "cc99a75d-229a-47ef-801a-095f1afa590a",
"ip_address": "172.24.4.3"}]} |
+--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
stack@htb-1n-eng-dhcp8:~/devstack$ neutron lbaas-loadbalancer-list
+--------------------------------------+-----------+-------------+---------------------+----------+
| id | name | vip_address |
provisioning_status | provider |
+--------------------------------------+-----------+-------------+---------------------+----------+
| 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | venus-lb2 | 10.199.88.5 | ACTIVE
| haproxy |
+--------------------------------------+-----------+-------------+---------------------+----------+
stack@htb-1n-eng-dhcp8:~/devstack$ neutron lbaas-loadbalancer-show venus-lb2
+---------------------+------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------+
| admin_state_up | True |
| description | |
| id | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 |
| listeners | {"id": "7db08049-472a-4d95-bd33-7a3c42bd4cb9"} |
| name | venus-lb2 |
| operating_status | ONLINE |
| provider | haproxy |
| provisioning_status | ACTIVE |
| tenant_id | eea91ed392d64bae8d9eb41310127f09 |
| vip_address | 10.199.88.5 |
| vip_port_id | f542905d-8fde-4562-a9a1-e337f2d3c01c |
| vip_subnet_id | f8627153-0817-4676-b493-38c9e079426a |
+---------------------+------------------------------------------------+
stack@htb-1n-eng-dhcp8:~/devstack$ neutron port-show
f542905d-8fde-4562-a9a1-e337f2d3c01c
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value
|
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True
|
| allowed_address_pairs |
|
| binding:host_id | htb-1n-eng-dhcp8
|
| binding:vif_details | {"port_filter": true}
|
| binding:vif_type | ovs
|
| binding:vnic_type | normal
|
| device_id | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1
|
| device_owner | neutron:LOADBALANCERV2
|
| extra_dhcp_opts |
|
| fixed_ips | {"subnet_id":
"f8627153-0817-4676-b493-38c9e079426a", "ip_address": "10.199.88.5"} |
| id | f542905d-8fde-4562-a9a1-e337f2d3c01c
|
| mac_address | fa:16:3e:7e:9e:5d
|
| name | loadbalancer-9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1
|
| network_id | 65fa3789-e47f-49b8-a200-169960fc4997
|
| port_security_enabled | True
|
| security_groups | 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77
|
| status | ACTIVE
|
| tenant_id | eea91ed392d64bae8d9eb41310127f09
|
+-----------------------+------------------------------------------------------------------------------------+
stack@htb-1n-eng-dhcp8:~/devstack$ neutron security-group-show
86fb9c1e-c9ea-4d03-a57f-b61d4b906d77
+----------------------+--------------------------------------------------------------------+
| Field | Value
|
+----------------------+--------------------------------------------------------------------+
| description | venus-lb2-1506387029 description
|
| id | 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77
|
| name | venus-lb2-1506387029
|
| security_group_rules | {
|
| | "remote_group_id": null,
|
| | "direction": "ingress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": "tcp",
|
| | "tenant_id":
"eea91ed392d64bae8d9eb41310127f09", |
| | "port_range_max": 88,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": 80,
|
| | "ethertype": "IPv4",
|
| | "id": "6113145b-9c52-462d-827c-0bfb67e2203f"
|
| | }
|
| | {
|
| | "remote_group_id": null,
|
| | "direction": "egress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": null,
|
| | "tenant_id":
"eea91ed392d64bae8d9eb41310127f09", |
| | "port_range_max": null,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": null,
|
| | "ethertype": "IPv6",
|
| | "id": "90fa1ff2-3e21-4ad1-8622-d150306689dc"
|
| | }
|
| | {
|
| | "remote_group_id": null,
|
| | "direction": "ingress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": "tcp",
|
| | "tenant_id":
"eea91ed392d64bae8d9eb41310127f09", |
| | "port_range_max": 22,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": 22,
|
| | "ethertype": "IPv4",
|
| | "id": "af3b5d3a-43b6-4845-85db-e75d5ece2c0b"
|
| | }
|
| | {
|
| | "remote_group_id": null,
|
| | "direction": "egress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": null,
|
| | "tenant_id":
"eea91ed392d64bae8d9eb41310127f09", |
| | "port_range_max": null,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": null,
|
| | "ethertype": "IPv4",
|
| | "id": "b05f418c-20a7-467f-aa16-df4d96302007"
|
| | }
|
| | {
|
| | "remote_group_id": null,
|
| | "direction": "ingress",
|
| | "remote_ip_prefix": null,
|
| | "protocol": "icmp",
|
| | "tenant_id":
"eea91ed392d64bae8d9eb41310127f09", |
| | "port_range_max": null,
|
| | "security_group_id":
"86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", |
| | "port_range_min": null,
|
| | "ethertype": "IPv4",
|
| | "id": "d3a88685-8f60-4f2c-9bfa-c6c7d56ecf44"
|
| | }
|
| tenant_id | eea91ed392d64bae8d9eb41310127f09
|
+----------------------+--------------------------------------------------------------------+
stack@htb-1n-eng-dhcp8:~/devstack$
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1594969/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
