[ovn-octavia-provider] hairpin_snat_ip not set
Bug #2063463 reported by
Mohammed Naser
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
New
|
Wishlist
|
Unassigned | ||
Bug Description
At the moment, the OVN octavia provider does not set `hairpin_snat_ip` out of the box which means that if a backend server is sending requests to a load balancer which it is also a backend server of, it will get that request where the source IP of the request is the floating IP of the service.
The issue here is that there are two backend IPs, one floating and one fixed and there is non-deterministic behaviour if `hairpin_snat_ip` is not set.
We should ideally set `hairpin_snat_ip` to the internal IP so that it always hairpins from that IP as opposed to many other IPs which will make it easier to manage security groups as well.
| Changed in neutron: | |
| importance: | Undecided → Wishlist |
| tags: | added: ovn- |
| tags: |
added: ovn-octavia-provider removed: ovn- |
Revision history for this message
| Mohammed Naser (mnaser) wrote | #1 |
To post a comment you must log in.
This feels more like a bug rather than a wishlist because the source IP that the backends get traffic from can be unpredictable, as opposed to just being the VIP which would be predictable..