Juniper Openstack

BGPaaS: vRouter drops SYN segment if sourced from non-VMI IP

Bug #1569702 reported by amit surana
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.0
Fix Committed
Medium
Manish Singh
Juniper Openstack r3.0.2.0
Trunk
Fix Committed
Medium
Manish Singh
Juniper Openstack r3.1.0.0-fcs

Bug Description

If BGP VM is configured to use a loopback IP as the source ip of the BGP peering session (as opposed to the primary instance ip assigned to the VMI), then vRouter drops the packet. Seems like the source IP of the packet is checked when determining which CN to connect to (via gw or dns ip); and because the source-IP isn't the VMI primary instance ip, the packet is dropped. This check should be changed to look at the VMI instance IP rather than the source-ip of the incoming packet.

Tags: bgpaas vrouter
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/19280
Submitter: Manish Singh (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19280
Committed: http://github.org/Juniper/contrail-controller/commit/6386fc5514b3859085e2c3fad6d24762593b7d07
Submitter: Zuul
Branch: R3.0

commit 6386fc5514b3859085e2c3fad6d24762593b7d07
Author: Manish <email address hidden>
Date: Thu Apr 14 10:39:09 2016 +0530

Non VMI IP was not working in bgp as service.

Problem:
Bgp as service selects control-node to connect by identying if destination IP is
gateway or DNS. To identify gateway/dns it was trying to locate subnet using
source sent in packet. Source in this case was non-Vm IP which will fail and
hence session will not get established.

Solution:
Instead of using source IP, use VM interface primary ip address.

Change-Id: Iabaf6f1e7323f75ef8da6b64664f520aeb578494
Closes-bug: #1569702

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/19387
Submitter: Manish Singh (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19387
Committed: http://github.org/Juniper/contrail-controller/commit/ac3036d7dd9fe12d03d91d9442bb18d30b8b7203
Submitter: Zuul
Branch: master

commit ac3036d7dd9fe12d03d91d9442bb18d30b8b7203
Author: Manish <email address hidden>
Date: Thu Apr 14 10:39:09 2016 +0530

Non VMI IP was not working in bgp as service.

Problem:
Bgp as service selects control-node to connect by identying if destination IP is
gateway or DNS. To identify gateway/dns it was trying to locate subnet using
source sent in packet. Source in this case was non-Vm IP which will fail and
hence session will not get established.

Solution:
Instead of using source IP, use VM interface primary ip address.

Change-Id: Iabaf6f1e7323f75ef8da6b64664f520aeb578494
Closes-bug: #1569702

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.