Juniper Openstack

VM on FIP VN can't ping VIP/FIP if VM on same compute as active LBaaS instance

Bug #1568960 reported by amit surana on 2016-04-11

This bug affects 3 people

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R2.20	Fix Committed	Medium	Manish Singh	Juniper Openstack r2.23 "r2.23"
R2.21.x	Fix Committed	Medium	Manish Singh	Juniper Openstack r2.21.2
R2.22.x	Fix Committed	Medium	Manish Singh	Juniper Openstack r2.22.2
R3.0	Fix Committed	Medium	Manish Singh	Juniper Openstack r3.0.2.0
Trunk	Fix Committed	Medium	Manish Singh	Juniper Openstack r3.1.0.0-fcs

Bug Description

LBaaS is configured and FIP is assigned to the VIP. Now, if a VM is instantiated on the FIP VN and it happens to land on the same compute as the active LBaaS instance, then the VM is unable to ping the FIP assigned to the VIP.

The routes in the L3 FIP VRF looks correct and the stitched MAC is present for the FIP (and has the correct nh). However, the MAC route in the L2 VRF is wrong and is pointing to the compute that has the standby VRF.

EVPN route table on the agent shows that even though the local route has higher preference (of 200), the route received from the remote agent (the one that has the sby instance) is preferred.

There are several other issues too: a single ping is resulting in 4 flows being setup; one pair of flows without dnat and other with dnat enabled.

Configured encap is VxLAN.

root@csol2-node15:~# rt --dump 18 | grep 16.24.0.5\/32
16.24.0.5/32 32 PT - 94 2:b6:d:54:42:e7(227292)
root@csol2-node15:~# nh --get 94
Id:94 Type:Encap Fmly: AF_INET Rid:0 Ref_cnt:6 Vrf:16
              Flags:Valid, Policy,
              EncapFmly:0806 Oif:30 Len:14
              Encap Data: 02 b6 0d 54 42 e7 00 00 5e 00 01 00 08 00

root@csol2-node15:~# rt --dump 18 --family bridge | grep 42:e7
227292 2:b6:d:54:42:e7 LDf 7 43
root@csol2-node15:~# nh --get 43
Id:43 Type:Tunnel Fmly: AF_INET Rid:0 Ref_cnt:43 Vrf:0
              Flags:Valid, Vxlan,
              Oif:0 Len:14 Flags Valid, Vxlan, Data:90 e2 ba 50 b9 68 90 e2 ba 4c 67 f8 08 00
              Vrf:0 Sip:172.16.180.15 Dip:172.16.180.14

root@csol2-node15:~# flow -l | grep 16.24.0.4 -C2

116308<=>386752 13.169.55.3:10129 1 (16->18)
16.24.0.4:0
(Gen: 8, K(nh):94, Action:N(S), Flags:, S(nh):94, Stats:0/0, SPort 61677)

--
(Gen: 7, K(nh):425, Action:F, Flags:, S(nh):7, Stats:0/0, SPort 65313)

174452<=>188020 16.24.0.4:10129 1 (18)
16.24.0.5:0
(Gen: 7, K(nh):395, Action:F, Flags:, S(nh):395, Stats:1233/120834, SPort 49303)
--

188020<=>174452 16.24.0.5:10129 1 (18)
16.24.0.4:0
(Gen: 5, K(nh):395, Action:F, Flags:, S(nh):94, Stats:0/0, SPort 54053)

--
(Gen: 10, K(nh):209, Action:F, Flags:, S(nh):209, Stats:1/76, SPort 49378)

386752<=>116308 16.24.0.4:10129 1 (16->16)
16.24.0.5:0
(Gen: 14, K(nh):94, Action:N(D), Flags:, S(nh):395, Stats:1233/120834, SPort 60017)

See original description

Tags:

amit surana (asurana-t) on 2016-04-11

description:	updated
tags:	added: soln

Revision history for this message

Naveen N (naveenn) wrote on 2016-04-12:

1> EVPN route for FIP would point to receive NH, and if EVPN route points to receive NH mac stitching would not be present hence ARP resolution would fail.
2> When this FIP EVPN route are relayed back, ensure next hop points to receive NH for BGP peer path

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-19: [Review update] R3.0

Review in progress for https://review.opencontrail.org/19435
Submitter: Naveen N (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-19: [Review update] master

Review in progress for https://review.opencontrail.org/19436
Submitter: Naveen N (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-19: [Review update] R2.21.x

#10

Review in progress for https://review.opencontrail.org/19455
Submitter: Naveen N (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-19: [Review update] R2.22.x

#12

Review in progress for https://review.opencontrail.org/19456
Submitter: Naveen N (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-19: [Review update] R2.20

#14

Review in progress for https://review.opencontrail.org/19457
Submitter: Naveen N (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-20: A change has been merged

#16

Reviewed: https://review.opencontrail.org/19455
Committed: http://github.org/Juniper/contrail-controller/commit/165e7e8d4ae46291361d792c759247c38ef24818
Submitter: Zuul
Branch: R2.21.x

commit 165e7e8d4ae46291361d792c759247c38ef24818
Author: Naveen N <email address hidden>
Date: Tue Apr 19 20:51:51 2016 +0530

* Install FIP EVPN routes received from control-node

Currently FIP evpn routes points to receive NH,
and this path once reflected from control-node were not
added to agent oper DB resulting in bridge table route for
floating-ip to be wrong in case of active-backup scenario.
Closes-bug:#1568960,#1571938

Change-Id: I309cfb6145279cf9e07b7200a5de841e446ec9d2

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-21:

#17

Reviewed: https://review.opencontrail.org/19435
Committed: http://github.org/Juniper/contrail-controller/commit/1ea02df0a91de7528b026e17985dff494e419bdb
Submitter: Zuul
Branch: R3.0

commit 1ea02df0a91de7528b026e17985dff494e419bdb
Author: Naveen N <email address hidden>
Date: Tue Apr 19 14:53:03 2016 +0530

* Install FIP EVPN routes received from control-node

Change-Id: I6759ebd4577505d12b530bb3cc8262d54a703f1a

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-21:

#18

Reviewed: https://review.opencontrail.org/19457
Committed: http://github.org/Juniper/contrail-controller/commit/1c518a8f4ff9ae6e9c7dce950f4726e27fc58ad7
Submitter: Zuul
Branch: R2.20

commit 1c518a8f4ff9ae6e9c7dce950f4726e27fc58ad7
Author: Naveen N <email address hidden>
Date: Tue Apr 19 20:51:51 2016 +0530

* Install FIP EVPN routes received from control-node

Change-Id: I309cfb6145279cf9e07b7200a5de841e446ec9d2

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-22:

#19

Reviewed: https://review.opencontrail.org/19436
Committed: http://github.org/Juniper/contrail-controller/commit/8631919904412b4d84eebbea4814bc1c5c9ef18c
Submitter: Zuul
Branch: master

commit 8631919904412b4d84eebbea4814bc1c5c9ef18c
Author: Naveen N <email address hidden>
Date: Tue Apr 19 14:53:03 2016 +0530

* Install FIP EVPN routes received from control-node

Change-Id: I6759ebd4577505d12b530bb3cc8262d54a703f1a

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-04-22:

#20

Reviewed: https://review.opencontrail.org/19456
Committed: http://github.org/Juniper/contrail-controller/commit/fce6773242e069c06acd6f18569cca812d150c82
Submitter: Zuul
Branch: R2.22.x

commit fce6773242e069c06acd6f18569cca812d150c82
Author: Naveen N <email address hidden>
Date: Tue Apr 19 20:51:51 2016 +0530

* Install FIP EVPN routes received from control-node

Change-Id: I309cfb6145279cf9e07b7200a5de841e446ec9d2

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.