Juniper Openstack

[R2.20]DM: VM FIP functionality broken

Bug #1468209 reported by amit surana on 2015-06-24

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R2.20	Fix Committed	Critical	Suresh Balineni	Juniper Openstack r2.20-fcs
Trunk	Fix Committed	Critical	Suresh Balineni	Juniper Openstack r3.0-fcs

Bug Description

DM pushes NAT rules to the MX in order to support FIP functionality for BMS. However, it is seen that DM is also pushing NAT rules to the MX for FIPs associated to VMs. This breaks flows coming from/going to VM FIP.

This is what happens:

1. VM pings external server. This packet has its source IP translated to FIP.
2. External server responds.
3. The dest-ip of the response from the external server gets NATd on the MX to the VMs private IP (this step should happen on the source vRouter).
4. When this packet hits the vRouter on the compute node, it is found to belong to an incorrect vrf and so is dropped with error invalid nh.

Tags:

OpenContrail Admin (ci-admin-f) on 2015-06-24

information type:

Proprietary → Public

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-24: [Review update] R2.20

Review in progress for https://review.opencontrail.org/12021
Submitter: Suresh Balineni (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-24: A change has been merged

Reviewed: https://review.opencontrail.org/12021
Committed: http://github.org/Juniper/contrail-controller/commit/357ed7b0c10b88b97c8d03d3845f8581287ddadb
Submitter: Zuul
Branch: R2.20

commit 357ed7b0c10b88b97c8d03d3845f8581287ddadb
Author: sbalineni <email address hidden>
Date: Wed Jun 24 14:35:55 2015 -0700

DM: NAT rules should be applied to only BMS VMIs.

- Push NAT rules only for VMIs associated to BMS
- vrf name : _cotrail_[l2|l3]_{vn_id}_{vn_name}
- export policy should have 'reject' for NAT vrf

Change-Id: I497c2d10274d124d0adc98d8c2eb9390e5b640cb
Closes-Bug: #1468209

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-25: [Review update] master

Review in progress for https://review.opencontrail.org/12043
Submitter: Suresh Balineni (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-26: A change has been merged

Reviewed: https://review.opencontrail.org/12043
Committed: http://github.org/Juniper/contrail-controller/commit/91fbdb6187dc2932e3ccc0c7435365a1e88a5b73
Submitter: Zuul
Branch: master

commit 91fbdb6187dc2932e3ccc0c7435365a1e88a5b73
Author: sbalineni <email address hidden>
Date: Thu Jun 25 14:08:30 2015 -0700

DM: fixes ported from R2.20

Change-Id: Ie5e87314202a45b7863960d9d68a29121d30a22a
Closes-Bug: #1468209
Closes-Bug: #1468145
Closes-Bug: #1468143
Closes-Bug: #1466721
Closes-Bug: #1466719
Closes-Bug: #1466717
Closes-Bug: #1466437

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.