OpenContrail

host-route via allow-address-pair doesn't work without disabling RPF

Bug #1593758 reported by eon on 2016-06-17

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
Trunk	Fix Committed	Medium	Unassigned	Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"
OpenContrail	New	Medium	Unassigned

Bug Description

In a scenario where there is a VRRP VIP between 2 VMs and a host-route via the VIP the ingress flow gets dropped.

The problem is that the interface-route-table that propagate the src prefix in the ingress vrouter table is not created because the VIP is not a real port.

P1 network

       VM_1 .......................... VM_2
        | ............................. |
       VMI_1 ...... <---- VIP ---> ... VMI_2
       (aap on vip) .................. (aap on vip)

              host-route via VIP to P1
                           |
                      P2 network

One workaround is to disable RPF P2 side but this can't be done using openstack APIs.

The other solution is to create interface-route-table on VMI_1 and VMI_2
to announce the P1 prefix since they have AAP on the VIP that has a host-route to P1

Observed on 2.21.x

See original description

eon (eon-5) on 2016-06-17

description:	updated
description:	updated
description:	updated

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-06-17: [Review update] master

Review in progress for https://review.opencontrail.org/21271
Submitter: Jean-Philippe Braun (<email address hidden>)

Nagabhushana R (bhushana) on 2016-06-23

Changed in opencontrail:
importance:	Undecided → Medium

eon (eon-5) on 2016-06-29

description:

updated

Revision history for this message

eon (eon-5) wrote on 2016-07-06:

Adding multiple interface-route-table for the same prefix doesn't work because only one route will be announced to vrouter agents

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-02:

Review in progress for https://review.opencontrail.org/22761
Submitter: Jean-Philippe Braun (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-05: A change has been merged

#12

Reviewed: https://review.opencontrail.org/22761
Committed: http://github.org/Juniper/contrail-neutron-plugin/commit/e177c13ab2420a790d8471f9414b55d270eec8bc
Submitter: Zuul
Branch: master

commit e177c13ab2420a790d8471f9414b55d270eec8bc
Author: Jean-Philippe Braun <email address hidden>
Date: Tue Aug 2 10:57:16 2016 +0200

Use route-table object for host-routes

Since route-table can be now used to specify routes with
next-hop IPs, we can remove the usage of interface-route-table
for host-routes.

This makes the code a lot simpler and the use cases with host-route
via allow-address-pair IP will work.

Closes-Bug: #1593758
Change-Id: If423e6647f46fc8101d2baf7868c65f2542b6f84

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.