Description of problem: Traffic between Two VM having FIP is not working if the VM are in the same compute node when Openstack is installed with Opendaylight as the network controller. The packet is dropped by security groups which is implemented using ovs-conntrack. The netfilter fails to receive some of the packets submitted from the pipeline and marks it as invalid. Version-Release number of selected component (if applicable): How reproducible: A Openstack setup with opendaylight is required. Steps to Reproduce: 1.Spawn two VM in the same compute node. 2.Assosiate FIP both the vms 3.SSH from vm1 to vm2 using the FIP Actual results: SSH should succeed. Expected results: SSH is failing Additional info: Thread regarding the issue ovs-discuss[1]. A similar issue is observed in Ovn controller as well. [1]https://mail.openvswitch.org/pipermail/ovs-discuss/2017-June/044613.html
This bug is for tracking an immediate fix for OpenDaylight/NetVirt. BZ 1464061 is still there to track the long-term fix in Open vSwitch.
Verified with: opendaylight-8.0.0-2.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086