Public bug reported:
L3 dvr router is setting permanent arp entries in qrouter's namespace for all
ports plugged to the subnets which are connected to the router.
In most cases it's fine, but as it uses MAC address defined in Neutron DB for
that (which is fine in general) it may cause connectivity problem in specific
conditions.
It happens for example with Octavia as Octavia creates unbound ports just to
allocate IP address for their VIP in Neutron's db. And Octavia then sets this
IP address in allowed_address_pair of other ports which are plugged to
Amphora's VMs.
But in DVR case such IP address is populated in arp cache with mac address from
own port, it don't works fine when is configured as additional IP on interface
with different MAC.
Octavia is only one, most common known example of such use case, but we
know that there are other users who are doing something similar with
keepalived on their instances.
So as this additional port is always "unbound", and "unbound" means that
such port is basically just entry in Neutron DB, I think that there is
no need to set it in arp cache. Only bound ports should be set there.
** Affects: neutron
Importance: Undecided
Assignee: Slawek Kaplonski (slaweq)
Status: In Progress
** Tags: l3-dvr-backlog
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1869887
Title:
L3 DVR ARP population gets incorrect MAC address in some cases
Status in neutron:
In Progress
Bug description:
L3 dvr router is setting permanent arp entries in qrouter's namespace for all
ports plugged to the subnets which are connected to the router.
In most cases it's fine, but as it uses MAC address defined in Neutron DB for
that (which is fine in general) it may cause connectivity problem in specific
conditions.
It happens for example with Octavia as Octavia creates unbound ports just to
allocate IP address for their VIP in Neutron's db. And Octavia then sets this
IP address in allowed_address_pair of other ports which are plugged to
Amphora's VMs.
But in DVR case such IP address is populated in arp cache with mac address
from own port, it don't works fine when is configured as additional IP on
interface with different MAC.
Octavia is only one, most common known example of such use case, but
we know that there are other users who are doing something similar
with keepalived on their instances.
So as this additional port is always "unbound", and "unbound" means
that such port is basically just entry in Neutron DB, I think that
there is no need to set it in arp cache. Only bound ports should be
set there.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1869887/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
