© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
The vrf translate looks to be wrong. The incoming packet falls in vrf 1 and the vrf translate says go to vrf 20. Post DNAT (6.1.2.3 to 5.1.2.3), there is no route for 5.1.2.3 in vrf 20 (which is the FIP vrf) and so the packet is discarded. The vrf translate should've been
1->1.
Furthermore:
1) This bug is seen even if the source VM is in the left_fip_vn (meaning, not NAT for source VM).
2) This bug is only seen if there is a service-chain connecting right_fip_vn and left_fip_vn. If the two VNs are connected via a regular network policy, the vrf translate rule is setup correctly on the destination compute.