TTL manipulation when doing SNAT+DNAT for BGPaaS
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.0 |
Fix Committed
|
Medium
|
Divakar Dharanalakota | |||
R3.1 |
Fix Committed
|
Medium
|
Divakar Dharanalakota | |||
R3.2 |
Fix Committed
|
Medium
|
Divakar Dharanalakota | |||
Trunk |
Fix Committed
|
Medium
|
Divakar Dharanalakota |
Bug Description
When doing SNAT+DNAT for bgpaas it would it be useful to use a new fixed
TTL value for the forward flow. The client VM typically uses a TTL of 1
for its eBGP session by default - this causes problems if user forgets to configure multi hop on the bgp session. Note that the client thinks it's
setting up the session to the default GW and DNS server IPs, so it's not
intuitive to use multi hop.
Proposed fix (from Divakar) is to have agent maintain TTL in flow entry
and when Vrouter sees a non-zero TTL, it copies this value to the packet.
The fixed value can be hard coded value like 64 or can be picked up from
net.ipv4.
There are 2 additional items that would be nice to have:
- If the incoming TTL for the forward flow is 1, then vRouter sets the
outgoing TTL in reverse packet going back to the VM to 1 as well
- If the incoming TTL for the forward flow is 255, then vRouter sets the
outgoing TTL in reverse packet going back to the VM to 255 as well
The second item is useful if the client VM is using GTSM for BGP session.
See https:/
The first item is just to further the illusion that the bgp server(s) are
directly connected to the client VM.
Review in progress for https:/ /review. opencontrail. org/19629
Submitter: Divakar Dharanalakota (<email address hidden>)