Bug 1568012
Summary: | [NetvirtIssues] In a VLAN tenant network, after removal of a Floating IP from an instance there is no connectivity to an external Ip | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Itzik Brown <itbrown> |
Component: | opendaylight | Assignee: | Sridhar Gaddam <sgaddam> |
Status: | CLOSED ERRATA | QA Contact: | Itzik Brown <itbrown> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 13.0 (Queens) | CC: | aadam, asuryana, itbrown, jschluet, knylande, mkolesni, nyechiel, sgaddam, trozet |
Target Milestone: | ga | Keywords: | Triaged |
Target Release: | 13.0 (Queens) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | NetvirtIssues | ||
Fixed In Version: | opendaylight-8.0.0-11.el7ost | Doc Type: | Known Issue |
Doc Text: |
Connecting to an external IP fails when associating a floating IP to an instance then disassociating the floating IP. This situation happens in a tenant VLAN network when:
* a VM spawned on a non-NAPT switch is associated with a floating IP and
* the floating IP is removed.
This results in a missing flow (sporadically) in the FIB table of NAPT switch.
Due to the missing FIB table entry, the VM loses connectivity to the public network.
Associating the floating IP to the VM restores connectivity to the public network. As long as the floating IP is associated with the VM, it will be able to connect to the internet. However, you will lose a public IP/floating IP from the external network.
|
Story Points: | --- |
Clone Of: | Environment: |
N/A
|
|
Last Closed: | 2018-06-27 13:51:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Itzik Brown
2018-04-16 15:12:38 UTC
I tried the same use-case in a multi-node setup where NAPT switch is scheduled on a different Compute node and not on the Compute node where the VM is spawned, but could not reproduce the issue. Tried multiple times but the use-case seems to work fine. @Itzik, please attach logs to this BZ and if possible try to provide me access to the setup when the issue is seen - I can take a close look at it. The removal of FIP was causing the external learned ip's to be removed. This solved by https://git.opendaylight.org/gerrit/#/c/69777/ On bare metal it doesn't work with 8.0.0-11 To be clear it's bare metal with VLAN setup. Some updates: ------------- This issue is seen only with VLAN tenant networks and NOT with VxLAN tenant networks. +---------------------------+ | 8.8.8.8 (External Server) | +-----------+---------------+ | +------+-------------+----------------------+ | External Network (FLAT/VLAN) | | ---+-------------------------------+-------+ | | Tenant VLAN Network | | | | | | | +-+------+---------+ +-----------+---------+ | | | ComputeNode | | NAPT Switch | | hosting VM | | | | (10.0.0.8) | +------------------+ +---------------------+ So, in a VLAN tenant network when the issue was reproduced, the problem was a missing Table-21 entry after DNAT (sample flow *) for the return traffic from 8.8.8.8 to VM. I had a look at the config datastore and there was no flow in the config store as well. [*] table=21, priority=42,ip,metadata=0x30d46/0xfffffe,nw_dst=10.0.0.8 actions=set_field:fa:16:3e:62:20:80->eth_dst,load:0x700->NXM_NX_REG6[],resubmit(,220) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086 |