Bug 1534886 - [Netvirt] No connectivity to a router's internal address
Summary: [Netvirt] No connectivity to a router's internal address
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: opendaylight
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: 13.0 (Queens)
Assignee: Aswin Suryanarayanan
QA Contact: Itzik Brown
Whiteboard: odl_netvirt
Depends On: 1554233
TreeView+ depends on / blocked
Reported: 2018-01-16 08:26 UTC by Itzik Brown
Modified: 2018-10-18 07:20 UTC (History)
5 users (show)

Fixed In Version: opendaylight-8.0.0-9.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-06-27 13:42:10 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
OpenDaylight Bug NETVIRT-1064 None None None 2018-01-16 08:26:13 UTC
OpenDaylight gerrit 71137 None None None 2018-04-23 08:50:22 UTC
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 13:42:55 UTC

Description Itzik Brown 2018-01-16 08:26:13 UTC
Description of problem:
Ping to a router's interface from an instance fails unless a security group rule that allows ICMP is added

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Launch an instance
2. Ping to the router's internal address

Actual results:

Expected results:

Additional info:

Comment 4 Aswin Suryanarayanan 2018-02-19 12:50:48 UTC
Once the dependent ovs bug is merged, the temporary work around needs to be removed and we need to use the new ct_clear action in ODL pipeline.

Comment 5 Aswin Suryanarayanan 2018-03-12 13:13:53 UTC
The fix for 1501418 dosen't help to resolve the router ping issue. The ping reply packets generated is marked -trk in ovs pipeline and gets dropped. The bug 1554233 is raised for the same.

Comment 7 Aswin Suryanarayanan 2018-04-11 15:24:37 UTC
The issue seems to happen only in kernel datapath and not in dpdk. The bug is worked on and probably we will have an update by this week.

Comment 8 Aswin Suryanarayanan 2018-04-23 08:52:38 UTC
The dependent bug on ovs will take some time to be fixed hence a temporary workaround is added. This will try to resubmit the -trk packets once again to the netfilter , which in-turn the accurate state of the packet.

Comment 9 Aswin Suryanarayanan 2018-04-30 08:34:43 UTC
RH Gerrit => https://code.engineering.redhat.com/gerrit/#/c/137266/

Comment 13 Itzik Brown 2018-05-03 10:14:27 UTC
Checked with:

Comment 15 errata-xmlrpc 2018-06-27 13:42:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.