[Expired for neutron because there has been no activity for 60 days.]
** Changed in: neutron
Status: Incomplete => Expired
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
VXLAN Overlay ping issue when Gateway IP is set to one of local NIC's
Status in neutron:
Status in OpenStack Security Advisory:
This issue is being treated as a potential security risk under
embargo. Please do not make any public mention of embargoed (private)
security vulnerabilities before their coordinated publication by the
OpenStack Vulnerability Management Team in the form of an official
OpenStack Security Advisory. This includes discussion of the bug or
associated fixes in public forums such as mailing lists, code review
systems and bug trackers. Please also avoid private disclosure to
other individuals not already approved for access to this information,
and provide this same reminder to those who are made aware of the
issue prior to publication. All discussion should remain confined to
this private bug report, and any proposed fixes should be added to the
bug as attachments.
There's an issue when a VXLAN overlay VM tries to ping an overlay IP
address that is also the same as one of the host machine's local IP
addresses. In my setup, I've tried pinging the overlay VM's router's
IP address. Here are the details:
VXLAN Id is 100 (this number is immaterial, what matters is that we
use VXLAN for tenant traffic)
enp21s0f0: 220.127.116.11/24 (This interface is used to contact the controller as
well as for encapsulated datapath traffic.
qbr89a962f7-9b: Linux Bridge to which the Overlay VM connects. No IP
address on this one.
qbr89a962f7-9b 8000.56f6fefb9d5c no qvb89a962f7-9b
qbr89a962f7-9b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::54f6:feff:fefb:9d5c prefixlen 64 scopeid 0x20<link>
ether 56:f6:fe:fb:9d:5c txqueuelen 0 (Ethernet)
RX packets 916 bytes 27072 (26.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 780 (780.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I am using a previously unused NIC named eno1 for this example. When
eno1 has no IP address, ping from the overlay VM to the router is
successful. ARP on the VM shows the correct MAC resolution. When I set
eno1 to 10.0.1.1, ARP on the overlay VM show's qbr89a962f7-9b's MAC
address and ping never succeeds.
When things work OK ARP for 10.0.1.1 is fa:16:3e:0c:52:6d
When eno1 is set to 10.0.1.1 ARP resolution is incorrect, 10.0.1.1
resolves to 56:f6:fe:fb:9d:5c and ping never succeeds. I've deleted
ARPs to ensure that resolution is triggered. It appears as of the OVS
br-int never received the ARP request.
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp