Bug 1475273 - [ODL/NetVirt] Traffic between two VMs having FIP is not working if the VMs are in the same compute node
Summary: [ODL/NetVirt] Traffic between two VMs having FIP is not working if the VMs ar...
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: opendaylight
Version: 10.0 (Newton)
Hardware: All
OS: All
Target Milestone: beta
: 13.0 (Queens)
Assignee: Aswin Suryanarayanan
QA Contact: Itzik Brown
Depends On:
TreeView+ depends on / blocked
Reported: 2017-07-26 11:04 UTC by Aswin Suryanarayanan
Modified: 2018-10-18 07:18 UTC (History)
3 users (show)

Fixed In Version: opendaylight-8.0.0-1.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-06-27 13:33:47 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
OpenDaylight gerrit 60991 None None None 2017-08-02 10:43:26 UTC
Red Hat Bugzilla 1464061 None None None Never
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 13:34:57 UTC

Internal Links: 1464061

Description Aswin Suryanarayanan 2017-07-26 11:04:42 UTC
Description of problem:
Traffic between Two VM having FIP is not working if the VM are in the same compute node when Openstack is installed with Opendaylight as the network controller.

The packet is dropped by security groups which is implemented using ovs-conntrack. The netfilter fails to receive some of the packets submitted from the pipeline and marks it as invalid.

Version-Release number of selected component (if applicable):

How reproducible:
A Openstack setup with opendaylight is required.
Steps to Reproduce:
1.Spawn two VM in the same compute node. 
2.Assosiate  FIP both the vms
3.SSH from vm1 to vm2 using the FIP

Actual results:
SSH should succeed.

Expected results:
SSH is failing

Additional info: Thread regarding the issue ovs-discuss[1]. A similar issue is observed in Ovn controller as well.


Comment 1 Nir Yechiel 2017-07-26 11:19:49 UTC
This bug is for tracking an immediate fix for OpenDaylight/NetVirt. BZ 1464061 is still there to track the long-term fix in Open vSwitch.

Comment 8 Itzik Brown 2018-03-22 06:50:17 UTC
Verified with:

Comment 10 errata-xmlrpc 2018-06-27 13:33:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.