Public bug reported: We are trying to use vrrp between two VMs in a dvr environment, but it failed.
According to https://review.opendev.org/#/c/716302/ ,for creating additional ports in Neutron to allocate some IP address which will be then used as VIP in keepalive ,it has stopped setting arp entries of those unbound ports in qrouter namespace.This commit tried to insure instance can use a VIP with DVR. Now suppose we have two compute nodes cmp1 and cmp2, vm1 on cmp1,qrouter1 on cmp1 vm2 on cmp2,qrouter2 on cmp2 different subnet using dvr. vm2 has a VIP 10.0.0.123 ,while creating an unbound port in Neutron with 10.0.0.123 vm1 ping 10.0.0.123 request from vm1 will be sended to qrouter1, qrouter1 does not have arp entry of 10.0.0.123, it will send arp request however, when vm2 receive the arp request, the source-mac has being changed to qrouter2's mac by br-tun. vm2 will send arp response to qrouter2, which means qrouter1 will never receive the arp response, finally, ping failed. ** Affects: neutron Importance: Undecided Status: New ** Tags: arp dvr vrrp ** Description changed: We are trying to use vrrp between two VMs in a dvr environment, but it failed. According to https://review.opendev.org/#/c/716302/ ,for creating additional ports in Neutron to allocate some IP address which will be then used as VIP in keepalive ,it has stopped setting arp entries of those unbound ports in qrouter namespace.This commit tried to insure instance can use a VIP with DVR. Now suppose we have two compute nodes cmp1 and cmp2, vm1 on cmp1,qrouter1 on cmp1 vm2 on cmp2,qrouter2 on cmp2 - same subnet + different subnet using dvr. vm2 has a VIP 10.0.0.123 ,while creating an unbound port in Neutron with 10.0.0.123 vm1 ping 10.0.0.123 request from vm1 will be sended to qrouter1, qrouter1 does not have arp entry of 10.0.0.123, it will send arp request however, when vm2 receive the arp request, the source-mac has being changed to qrouter2's mac by br-tun. vm2 will send arp response to qrouter2, which means qrouter1 will never receive the arp response, finally, ping failed. -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1873375 Title: Can not use vrrp in a dvr openstack environment Status in neutron: New Bug description: We are trying to use vrrp between two VMs in a dvr environment, but it failed. According to https://review.opendev.org/#/c/716302/ ,for creating additional ports in Neutron to allocate some IP address which will be then used as VIP in keepalive ,it has stopped setting arp entries of those unbound ports in qrouter namespace.This commit tried to insure instance can use a VIP with DVR. Now suppose we have two compute nodes cmp1 and cmp2, vm1 on cmp1,qrouter1 on cmp1 vm2 on cmp2,qrouter2 on cmp2 different subnet using dvr. vm2 has a VIP 10.0.0.123 ,while creating an unbound port in Neutron with 10.0.0.123 vm1 ping 10.0.0.123 request from vm1 will be sended to qrouter1, qrouter1 does not have arp entry of 10.0.0.123, it will send arp request however, when vm2 receive the arp request, the source-mac has being changed to qrouter2's mac by br-tun. vm2 will send arp response to qrouter2, which means qrouter1 will never receive the arp response, finally, ping failed. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1873375/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
