neutron

[ovn] Multihomed backend (IPv4 + IPv6) with floating IP unreachable

Bug #2059716 reported by Mohammed Naser
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Incomplete
Undecided
Fernando Royo

Bug Description

We've got an interesting scenario where one of the backends of a load balancer is not reachable given the following test environment:

2x networks
- provider network, IPv4 + IPv6 subnets
- tenant network (Geneve), IPv4 + IPv6 subnets

3x VMs
- 2x single port, 2 IP addresses on the tenant network
- 1x single port, 2 IP addresses on the tenant network + floating IP (IPv4 only) attached

Load balancer:
- Using single tenant network, with floating IP (IPv4 only) attached
- OVN provider

With the setup above, the VM with the floating IP attached will not be reachable by the load balancer (aka, hitting it multiple times will timeout 1/3 of the time). If you remove the floating IP and re-attach it, it works.

In troubleshooting, we've noticed that when removing the IPv6 subnet from the tenant network resolves this, so I suspect that it's somehow to do with that.

Brian Haley (brian-haley)
tags: added: ovn-octavia-provider
Revision history for this message
yatin (yatinkarel) wrote :

Thanks mnaser for the report.

Can you also update OpenStack and OVN versions involved, may be it's something known, will check with froyo or Luis regarding this.

Changed in neutron:
status: New → Incomplete
Fernando Royo (froyoredhat)
Changed in neutron:
assignee: nobody → Fernando Royo (froyoredhat)
Revision history for this message
Fernando Royo (froyoredhat) wrote :
Download full text (3.2 KiB)

Hi Mohammed,

I run a fresh devstack (master branch) and making these assumptions:

- LB VIP is attached to tenant subnet IPv4 ( I also try giving --vip-network-id tenant) but the LB VIP is always getting LB VIP on IPv4 subnet
- Members are attached using the IPv4 address (ovn-provider doesn't allow mixing IPv4 and IPv6)

and then run these commands:

openstack network create tenant
openstack subnet create --subnet-range 192.168.100.0/24 --network tenant subnet1
openstack subnet create --ip-version 6 --subnet-range 2001:db8:0:1::/64 --network tenant subnet1ipv6
openstack router create r1
openstack router add subnet r1 subnet1
openstack router add subnet r1 subnet1ipv6
openstack router set --external-gateway public r1

openstack security group create sec1
openstack security group rule create --protocol tcp --dst-port 22 sec1
openstack security group rule create --protocol tcp --dst-port 80 sec1
openstack security group rule create --protocol icmp sec1

openstack server create --image cirros-0.6.2-x86_64-disk --flavor m1.small --security-group sec1 --network=tenant --user-data 80.sh vm1 --wait
openstack server create --image cirros-0.6.2-x86_64-disk --flavor m1.small --security-group sec1 --network=tenant --user-data 80.sh vm2 --wait
openstack server create --image cirros-0.6.2-x86_64-disk --flavor m1.small --security-group sec1 --network=tenant --user-data 80.sh vm3 --wait

SUBNET1=$(openstack subnet show subnet1 -c id -f value)
SUBNET1IPV6=$(openstack subnet show subnet1ipv6 -c id -f value)

IPVM01=$(openstack port list --server vm1 -f json | grep ip_address | cut -d":" -f2 | sed 's/"//g' | tr -d ' ' | head -n 1)
IPVM02=$(openstack port list --server vm2 -f json | grep ip_address | cut -d":" -f2 | sed 's/"//g' | tr -d ' ' | head -n 1)
IPVM03=$(openstack port list --server vm3 -f json | grep ip_address | cut -d":" -f2 | sed 's/"//g' | tr -d ' ' | head -n 1)
IPVM03IPv6=$(openstack port list --server vm3 -f json | grep ip_address | sed 's/"//g' | tr -d ' ' | sed -n 2p | sed 's/ip_address://g')

openstack loadbalancer create --name lb1 --vip-subnet-id subnet1 --provider ovn
openstack loadbalancer listener create --name listener1 --protocol TCP --protocol-port 80 lb1
openstack loadbalancer pool create --name pool1 --protocol TCP --listener listener1 --lb-algorithm SOURCE_IP_PORT
openstack loadbalancer member create --name vm1 --address $IPVM01 --subnet-id $SUBNET1 --protocol-port 80 pool1
openstack loadbalancer member create --name vm2 --address $IPVM02 --subnet-id $SUBNET1 --protocol-port 80 pool1
openstack loadbalancer member create --name vm3 --address $IPVM03 --subnet-id $SUBNET1 --protocol-port 80 pool1

PORTVM3=$(openstack port list --fixed-ip ip-address=$IPVM03 -c ID -f value)
openstack floating ip create --port $PORTVM3 public

LBVIP=$(openstack loadbalancer show lb1 -c vip_address -f value)
PORTLBVIP=$(openstack port list --fixed-ip ip-address=$LBVIP -c ID -f value)
openstack floating ip create --port $PORTLBVIP public

FIP_LB=$(openstack floating ip list --fixed-ip-address $LBVIP -c 'Floating IP Address' -f value)

for i in `seq 1 100`; do curl $FIP_LB; done

No errors on that (x100) curl over the FIP_LB, getting responses from al...

Read more...

Revision history for this message
Cristian Contescu (ckristi) wrote (last edit ):

Hi Fernando,

Mohammed has reported the bug on our behalf.

Our current environment is running the following versions of various networking components:
* octavia: 11.0.1
* ovn-octavia-provider: 4.0.1
* neutron-server: 21.2.1.dev48

on top of OVN 22.03.

There is a slight change in the setup you've done which makes one of the members to not be reachable in the above environment: the VM which becomes unreachable via the LB IP gets a floating IP attached before its IP is added as a member to the loadbalancer. Basically moving this part:

```
PORTVM3=$(openstack port list --fixed-ip ip-address=$IPVM03 -c ID -f value)
openstack floating ip create --port $PORTVM3 public

```
before the first `openstack loadbalancer member create...` command in your test.

Let us know if this changes anything on your side. We can consistently replicate it in our environment.

All the best,
Cristi

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.