neutron

Assigning a FIP to a VIP port does not work, if the VIP resides in a subnet that is associated with a DVR router residing in a service node with no default gateway.

Bug #1356464 reported by Swaminathan Vasudevan on 2014-08-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	High	Vivekanandan Narasimhan	neutron 2014.2 "juno"

Bug Description

With DVR routers for FIP to work, there has to be a FIP Namespace that should be created and an IR Namespace.
But when a LBaaS VIP port is created on a Subnet that is part of the DVR router, the IR Namespace is not created for the VIP port since that port is not a Compute Port.

There are some corner cases here, when there are VMs in a node then the IR's for that subnet is already created and so the FIP namespace also will be created.

The issue will only be seen if the compute and the VIP ports are separated apart.

Tags:

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2014-08-13:

This is a well-known integration issue between centralized Advanced Services like LB and Distributed Virtual Routing.

tags:	added: lbaas
Changed in neutron:
status:	New → Confirmed

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2014-08-13:

I am slightly confused by the title of this report:

Assigning a FIP to a VIP port does not work, if the VIP resides in a subnet that is associated with a DVR router residing in "dvr_snat" node without nova service

What do you mean by 'without nova service'? Are you saying that for the VIP to work should always 'land' on a compute host rather than the network node?

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2014-08-13:

Can we clarify the bug report title? Many thanks.

Revision history for this message

Swaminathan Vasudevan (swaminathan-vasudevan) wrote on 2014-08-13:

No what I mean here is if an admin wanted to have a controller node separate from the compute node, then any VMs that the admin is creating for the LBaaS member pool will end up being in the "Compute Node" and the "VIP" port will end up where the LBaaS agent is running. In this case the LBaaS agent will be running in the Service Node.
So the VIP and the VMs will be on separate nodes.

summary:

Assigning a FIP to a VIP port does not work, if the VIP resides in a
- subnet that is associated with a DVR router residing in "dvr_snat" node
- without nova service.
+ subnet that is associated with a DVR router residing in a service node
+ with no default gateway.

Carl Baldwin (carl-baldwin) on 2014-08-13

Changed in neutron:
importance:	Undecided → High

Swaminathan Vasudevan (swaminathan-vasudevan) on 2014-08-13

Changed in neutron:
assignee:	nobody → Swaminathan Vasudevan (swaminathan-vasudevan)

Carl Baldwin (carl-baldwin) on 2014-08-13

Changed in neutron:
milestone:	none → juno-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-14: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/114141

Changed in neutron:
status:	Confirmed → In Progress

OpenStack Infra (hudson-openstack) on 2014-08-20

Changed in neutron:
assignee:	Swaminathan Vasudevan (swaminathan-vasudevan) → Vivekanandan Narasimhan (vivekanandan-narasimhan)

OpenStack Infra (hudson-openstack) on 2014-08-22

Changed in neutron:
assignee:	Vivekanandan Narasimhan (vivekanandan-narasimhan) → Swaminathan Vasudevan (swaminathan-vasudevan)

OpenStack Infra (hudson-openstack) on 2014-08-22

Changed in neutron:
assignee:	Swaminathan Vasudevan (swaminathan-vasudevan) → Vivekanandan Narasimhan (vivekanandan-narasimhan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-27: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/114141
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1deb787c15a0f24c6c079c5e5fe122dc54188cdf
Submitter: Jenkins
Branch: master

commit 1deb787c15a0f24c6c079c5e5fe122dc54188cdf
Author: Swaminathan Vasudevan <email address hidden>
Date: Wed Aug 13 23:38:56 2014 -0700

Fix DVR to service LBaaS VIP Ports

    Currently, DVR router namespaces are created only
    when there is a valid VM port on the compute
    node, or for the gateway-port on the service node.
    But when an LBaaS VIP port is created the l3 agent
    does not create a DVR namespace to service the VIP port.
    This fix enables DVR namespaces to be created to
    service the LBaaS VIP port.

    Also, this fix enables L2 Agent running in DVR
    mode, to add-in OVS rules to enable packets to
    be routed to such LBaaS VIP Ports which are
    resident on DVR routed interfaces.

    Therefore, with this fix both East-West and
    North-South traffic will be serviced by DVR
    for LBaas VIP Ports.

DocImpact

Authored-by: Swaminathan Vasudevan <email address hidden>
Co-Authored-By: Vivekanandan Narasimhan <email address hidden>

Change-Id: I698b971d50721fb0512a11569f7d3139d0d456f3
Closes-Bug: #1356464

Changed in neutron:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-09-04

Changed in neutron:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-10-16

Changed in neutron:
milestone:	juno-3 → 2014.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.