Bug 1704596 - FIP traffix does not work on OVN-DVR setup when using VLAN tenant network type
Summary: FIP traffix does not work on OVN-DVR setup when using VLAN tenant network type
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-networking-ovn
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Jakub Libosvar
QA Contact: Eran Kuris
URL:
Whiteboard:
: 1830743 (view as bug list)
Depends On: 1766930 2009222 2101937 2102017
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-04-30 07:46 UTC by Eran Kuris
Modified: 2023-10-06 18:16 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-03-25 13:47:47 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1828891 0 None None None 2019-05-13 21:01:55 UTC
OpenStack gerrit 658923 0 None MERGED Floating IP does not work with VLAN tenant networks 2021-02-16 09:14:14 UTC
OpenStack gerrit 666160 0 None MERGED Floating IP does not work with VLAN tenant networks 2021-02-16 09:14:14 UTC
Red Hat Issue Tracker OSP-514 0 None None None 2022-06-28 20:38:25 UTC
Red Hat Knowledge Base (Solution) 5049901 0 None None None 2020-05-05 14:49:07 UTC

Description Eran Kuris 2019-04-30 07:46:59 UTC 
Description of problem:
When we are trying to use FIP traffic to instances on OVN-DVR setup while using VLAN tenant network type the traffic does not pass. 
Because of limitations with VLAN tenant network type, we can't have distributed VLAN routing.  
Vlan routing is centralized whether  the deployment is DVR or not

Version-Release number of selected component (if applicable):
OpenStack/13.0-RHEL-7/2019-04-23.1
python-networking-ovn-metadata-agent-4.0.3-6.el7ost.noarch
openvswitch-ovn-host-2.9.0-103.el7fdp.x86_64
puppet-ovn-12.4.0-2.el7ost.noarch
python-networking-ovn-4.0.3-6.el7ost.noarch
novnc-0.6.1-1.el7ost.noarch
openvswitch-ovn-central-2.9.0-103.el7fdp.x86_64
openvswitch-ovn-common-2.9.0-103.el7fdp.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Deploy OVN-DVR setup with VLAN tenant network type support
2. Create a VLAN network 
3. Create an External network with a router  
4. Boot instance & Assign FIP to the VM 
5. open security group access

Ping to the FIP of the instance.
Actual results:
Traffic blocked 

Expected results:
Traffic pass 

Additional info:
Comment 1 Numan Siddique 2019-04-30 07:49:50 UTC 
python-networking-ovn should not set external_mac in the NAT table for the FIP which belongs to the logical port of a VLAN tenant logical switch.
Otherwise, the compute node which is binding the logical port will send the GARP where as the routing for VLAN tenant networks is centralized.
Comment 2 Brian Haley 2020-02-04 20:26:47 UTC 
The upstream fix for this broke something else and was reverted, so this will need more investigation.  Re-assigning to default maintainer.
Comment 3 Andreas Karis 2020-05-05 14:19:46 UTC 
*** Bug 1830743 has been marked as a duplicate of this bug. ***
Comment 9 Jakub Libosvar 2021-03-25 13:47:47 UTC 
This will be fixed in OSP 16
Note You need to log in before you can comment on or make changes to this bug.