Bug #1910369 “Generated amphora images don't support UDP load ba...” : Bugs : charm-octavia-diskimage-retrofit

Revision history for this message

Vern Hart (vern) wrote on 2021-01-06:

#1

Subscribing field medium since we have a test amphora that works but this is just a temporary fix.

I realize that I didn't specifically mention that the amphora that doesn't work was created by the octavia-diskimage-retrofit charm based on ubuntu images synced using glance-simiplestreams-sync. I tried with both bionic and focal based images.

Revision history for this message

Dmitrii Shcherbakov (dmitriis) wrote on 2021-04-05:

#2

haproxy does not support UDP load-balancing
https://github.com/haproxy/haproxy/issues/62

I think we need images that support the use of LVS & keepalived to do that (I would expect that keepalived and ipvsadm need to be installed):

https://storyboard.openstack.org/#!/story/1657091
https://github.com/openstack/octavia/tree/stable/train/octavia/common/jinja/lvs

I am going to check if anything is missing in order to make it work.

Revision history for this message

Dmitrii Shcherbakov (dmitriis) wrote on 2021-04-06:

#3

Sources of elements for disk image builder (dib):

https://github.com/openstack-charmers/octavia-diskimage-retrofit/tree/master/src/elements (openstack-charmers-specific elements shipped with the snap)
https://github.com/openstack/diskimage-builder/tree/master/diskimage_builder/elements (disk-image-builder-specific)
https://github.com/openstack/octavia/tree/master/elements (Octavia-specific: includes ipvsadmin and keepalived-octavia)

The right elements seem to be included into the virt-dib invocation:

https://github.com/openstack-charmers/octavia-diskimage-retrofit/blob/2dad8d8d2b6615f406ad7339d92c4c1a3a6557d0/src/retrofit/retrofit.sh#L106-L108
virt-dib ${DEBUG} \
# ...
    ubuntu-cloud-archive ubuntu-ppa \
    haproxy-octavia rebind-sshd no-resolvconf amphora-agent \
    sos keepalived-octavia ipvsadmin pip-cache certs-ramfs \
    ubuntu-amphora-agent tuning bug189583

Will look further.

Revision history for this message

Dmitrii Shcherbakov (dmitriis) wrote on 2021-04-06:

#4

The diskimage-create.sh script from the Octavia repo builds a list of elements to include into an image by concatenating elements to the AMP_element_sequence variable:

https://opendev.org/openstack/octavia/src/commit/bd01ad94dcea3eca7636f1286ceed0753b563a28/diskimage-create/diskimage-create.sh#L459-L461
# Add keepalived-octavia element
AMP_element_sequence="$AMP_element_sequence keepalived-octavia"
AMP_element_sequence="$AMP_element_sequence ipvsadmin"

but then uses diskimage-builder as opposed to virt-dib used by octavia-diskimage-retrofit.

https://libguestfs.org/virt-dib.1.html
"Virt-dib is intended as safe replacement for diskimage-builder and its ramdisk-image-create mode"

This should not matter that much if the right elements get to the built image.

Revision history for this message

Dmitrii Shcherbakov (dmitriis) wrote on 2021-04-06:

#5

# deployed bionic-train with octavia `tox -e func-target bionic-train-ha`

juju ssh octavia-diskimage-retrofit/0
# the right elements are present on the octavia-diskimage-retrofit unit
$ sudo ls -1 /snap/octavia-diskimage-retrofit/current/usr/local/lib/elements/
amphora-agent
bug1895835
certs-ramfs
debian-networking
growrootfs
haproxy-octavia
ipvsadmin
keepalived-octavia
no-resolvconf
rebind-sshd
remove-sshd
root-passwd
sos
tuning
ubuntu-amphora-agent
ubuntu-archive
ubuntu-cloud-archive
ubuntu-ppa

# saved the image generated by the functional test
openstack image save --file /tmp/amphora-haproxy-x86_64-ubuntu-18.04-20210325 amphora-haproxy-x86_64-ubuntu-18.04-20210325
sudo guestmount -a /tmp/amphora-haproxy-x86_64-ubuntu-18.04-20210325 -i --ro /mnt/amphora

# ipvsadm and keepalived are present on the filesystem of the retrofitted image

find /mnt/amphora -name '*ipvsadm*'
/mnt/amphora/etc/rc2.d/S01ipvsadm
/mnt/amphora/etc/rc5.d/S01ipvsadm
/mnt/amphora/etc/rc0.d/K01ipvsadm
/mnt/amphora/etc/rc4.d/S01ipvsadm
/mnt/amphora/etc/rc3.d/S01ipvsadm
/mnt/amphora/etc/rc1.d/K01ipvsadm
/mnt/amphora/etc/default/ipvsadm
/mnt/amphora/etc/rc6.d/K01ipvsadm
/mnt/amphora/etc/ipvsadm.rules
/mnt/amphora/etc/init.d/ipvsadm
/mnt/amphora/var/lib/dpkg/info/ipvsadm.md5sums
/mnt/amphora/var/lib/dpkg/info/ipvsadm.postrm
/mnt/amphora/var/lib/dpkg/info/ipvsadm.list
/mnt/amphora/var/lib/dpkg/info/ipvsadm.conffiles
/mnt/amphora/var/lib/dpkg/info/ipvsadm.prerm
/mnt/amphora/var/lib/dpkg/info/ipvsadm.postinst
/mnt/amphora/sbin/ipvsadm-restore
/mnt/amphora/sbin/ipvsadm-save
/mnt/amphora/sbin/ipvsadm

find /mnt/amphora -name '*keepalived*'
/mnt/amphora/etc/rc2.d/S01keepalived
/mnt/amphora/etc/rc5.d/S01keepalived
/mnt/amphora/etc/rc0.d/K01keepalived
/mnt/amphora/etc/rc4.d/S01keepalived
/mnt/amphora/etc/rc3.d/S01keepalived
/mnt/amphora/etc/rc1.d/K01keepalived
/mnt/amphora/etc/systemd/system/multi-user.target.wants/keepalived.service
/mnt/amphora/etc/dbus-1/system.d/org.keepalived.Vrrp1.conf
/mnt/amphora/etc/default/keepalived
/mnt/amphora/etc/rc6.d/K01keepalived
/mnt/amphora/etc/keepalived
/mnt/amphora/etc/init.d/keepalived
/mnt/amphora/var/lib/dpkg/info/keepalived.postrm
/mnt/amphora/var/lib/dpkg/info/keepalived.conffiles
/mnt/amphora/var/lib/dpkg/info/keepalived.md5sums
/mnt/amphora/var/lib/dpkg/info/keepalived.list
/mnt/amphora/var/lib/dpkg/info/keepalived.prerm
/mnt/amphora/var/lib/dpkg/info/keepalived.postinst
/mnt/amphora/var/lib/systemd/deb-systemd-helper-enabled/keepalived.service.dsh-also
/mnt/amphora/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/keepalived.service

# deployed bionic-train with octavia `tox -e func-target bionic-train-ha`

juju ssh octavia-diskimage-retrofit/0
# the right elements are present on the octavia-diskimage-retrofit unit
$ sudo ls -1 /snap/octavia-diskimage-retrofit/current/usr/local/lib/elements/
amphora-agent
bug1895835
certs-ramfs
debian-networking
growrootfs
haproxy-octavia
ipvsadmin
keepalived-octavia
no-resolvconf
rebind-sshd
remove-sshd
root-passwd
sos
tuning
ubuntu-amphora-agent
ubuntu-archive
ubuntu-cloud-archive
ubuntu-ppa

# saved the image generated by the functional test
openstack image save --file /tmp/amphora-haproxy-x86_64-ubuntu-18.04-20210325 amphora-haproxy-x86_64-ubuntu-18.04-20210325
sudo guestmount -a /tmp/amphora-haproxy-x86_64-ubuntu-18.04-20210325 -i --ro /mnt/amphora

# ipvsadm and keepalived are present on the filesystem of the retrofitted image

find /mnt/amphora -name '*ipvsadm*'
/mnt/amphora/etc/rc2.d/S01ipvsadm
/mnt/amphora/etc/rc5.d/S01ipvsadm
/mnt/amphora/etc/rc0.d/K01ipvsadm
/mnt/amphora/etc/rc4.d/S01ipvsadm
/mnt/amphora/etc/rc3.d/S01ipvsadm
/mnt/amphora/etc/rc1.d/K01ipvsadm
/mnt/amphora/etc/default/ipvsadm
/mnt/amphora/etc/rc6.d/K01ipvsadm
/mnt/amphora/etc/ipvsadm.rules
/mnt/amphora/etc/init.d/ipvsadm
/mnt/amphora/var/lib/dpkg/info/ipvsadm.md5sums
/mnt/amphora/var/lib/dpkg/info/ipvsadm.postrm
/mnt/amphora/var/lib/dpkg/info/ipvsadm.list
/mnt/amphora/var/lib/dpkg/info/ipvsadm.conffiles
/mnt/amphora/var/lib/dpkg/info/ipvsadm.prerm
/mnt/amphora/var/lib/dpkg/info/ipvsadm.postinst
/mnt/amphora/sbin/ipvsadm-restore
/mnt/amphora/sbin/ipvsadm-save
/mnt/amphora/sbin/ipvsadm

find /mnt/amphora -name '*keepalived*'
/mnt/amphora/etc/rc2.d/S01keepalived
/mnt/amphora/etc/rc5.d/S01keepalived
/mnt/amphora/etc/rc0.d/K01keepalived
/mnt/amphora/etc/rc4.d/S01keepalived
/mnt/amphora/etc/rc3.d/S01keepalived
/mnt/amphora/etc/rc1.d/K01keepalived
/mnt/amphora/etc/systemd/system/multi-user.target.wants/keepalived.service
/mnt/amphora/etc/dbus-1/system.d/org.keepalived.Vrrp1.conf
/mnt/amphora/etc/default/keepalived
/mnt/amphora/etc/rc6.d/K01keepalived
/mnt/amphora/etc/keepalived
/mnt/amphora/etc/init.d/keepalived
/mnt/amphora/var/lib/dpkg/info/keepalived.postrm
/mnt/amphora/var/lib/dpkg/info/keepalived.conffiles
/mnt/amphora/var/lib/dpkg/info/keepalived.md5sums
/mnt/amphora/var/lib/dpkg/info/keepalived.list
/mnt/amphora/var/lib/dpkg/info/keepalived.prerm
/mnt/amphora/var/lib/dpkg/info/keepalived.postinst
/mnt/amphora/var/lib/systemd/deb-systemd-helper-enabled/keepalived.service.dsh-also
/mnt/amphora/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/keepalived.service

Revision history for this message

Dmitrii Shcherbakov (dmitriis) wrote on 2021-04-06:

#6

Download full text (31.3 KiB)

So I tried to replicate the scenario in the bug description, however, I was not able to reproduce the issue and the UDP traffic got to a backend successfully (see below). The created amphora has the right set of packages and configuration generated by the amphora-agent.

The scenario I tested with bionic-train (ML2/OVS):

external machine -> provider network -> qrouter ns (non-distributed, non-L3HA router) -> DNAT from LB FIP to LB VIP -> amphora with keepalived+LVS -> backend member IP -> bind9

It would be good to have more information on the networking setup used when the issue was encountered. Specifically, on whether LBs were attached directly to a provider network or via a router and using a FIP (if so, whether that router was distributed, which would be a problem, or L3HA/legacy). Likewise, it would be good to know whether OVN or ML2/OVS was used.

https://paste.ubuntu.com/p/BmcVxjMcxs/ (same as below for readability)

# deployed via `tox -e func-target bionic-train-ha`

So I tried to replicate the scenario in the bug description, however, I was not able to reproduce the issue and the UDP traffic got to a backend successfully (see below). The created amphora has the right set of packages and configuration generated by the amphora-agent.

The scenario I tested with bionic-train (ML2/OVS):

external machine -> provider network -> qrouter ns (non-distributed, non-L3HA router) -> DNAT from LB FIP to LB VIP -> amphora with keepalived+LVS -> backend member IP -> bind9

It would be good to have more information on the networking setup used when the issue was encountered. Specifically, on whether LBs were attached directly to a provider network or via a router and using a FIP (if so, whether that router was distributed, which would be a problem, or L3HA/legacy). Likewise, it would be good to know whether OVN or ML2/OVS was used.

https://paste.ubuntu.com/p/BmcVxjMcxs/ (same as below for readability)

# deployed via `tox -e func-target bionic-train-ha`

ubuntu@dmitriis-bastion:~$ openstack loadbalancer listener set --default-pool test-pool test-listener

ubuntu@dmitriis-bastion:~$ juju ssh octavia/0

ubuntu@juju-d9bf09-zaza-3b752ba3303f-10:~$ 
# cat > ~/.ssh/id_rsa
# <pasted the ssh key generated by zaza>
ubuntu@juju-d9bf09-zaza-3b752ba3303f-10:~$ ssh fc00:7449:7270:3ff8:f816:3eff:fe59:c494

# The VIP is present on the amphora interface 
ubuntu@amphora-5185e364-c3a6-4126-bebc-6fafea0fb807:~$ sudo ip netns exec amphora-haproxy ip a s 
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1458 qdisc fq state UP group default qlen 1000
    link/ether fa:16:3e:48:58:38 brd ff:ff:ff:ff:ff:ff
    inet 10.42.0.76/24 brd 10.42.0.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet 10.42.0.216/32 scope global eth1
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1458 qdisc fq state UP group default qlen 1000
    link/ether fa:16:3e:48:49:a5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.116/24 brd 192.168.0.255 scope global eth2
       valid_lft forever preferred_lft forever

# Network connectivity to the backend is present.
ubuntu@amphora-5185e364-c3a6-4126-bebc-6fafea0fb807:~$ sudo ip netns exec amphora-haproxy ping 192.168.0.199 
sudo: unable to resolve host amphora-5185e364-c3a6-4126-bebc-6fafea0fb807
PING 192.168.0.199 (192.168.0.199) 56(84) bytes of data.
64 bytes from 192.168.0.199: icmp_seq=1 ttl=64 time=5.30 ms
^C
--- 192.168.0.199 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.302/5.302/5.302/0.000 ms

ubuntu@amphora-5185e364-c3a6-4126-bebc-6fafea0fb807:~$ dpkg -l | grep ipvs
ii  ipvsadm                                1:1.28-3ubuntu0.18.04.1                         amd64        Linux Virtual Server support programs

ubuntu@amphora-5185e364-c3a6-4126-bebc-6fafea0fb807:~$ dpkg -l | grep keepalived
ii  keepalived                             1:1.3.9-1ubuntu0.18.04.2                        amd64        Failover and monitoring daemon for LVS clusters

ubuntu@amphora-5185e364-c3a6-4126-bebc-6fafea0fb807:~$ pgrep -af keep
1805 /usr/sbin/keepalived --log-facility=1 -f /var/lib/octavia/vrrp/octavia-keepalived.conf -p /var/lib/octavia/vrrp/octavia-keepalived.pid
1806 /usr/sbin/keepalived --log-facility=1 -f /var/lib/octavia/vrrp/octavia-keepalived.conf -p /var/lib/octavia/vrrp/octavia-keepalived.pid
1807 /usr/sbin/keepalived --log-facility=1 -f /var/lib/octavia/vrrp/octavia-keepalived.conf -p /var/lib/octavia/vrrp/octavia-keepalived.pid
2986 /usr/sbin/keepalived --log-facility=1 -f /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.conf -p /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.pid -r /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.vrrp.pid -c /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.check.pid
2987 /usr/sbin/keepalived --log-facility=1 -f /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.conf -p /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.pid -r /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.vrrp.pid -c /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.check.pid
2988 /usr/sbin/keepalived --log-facility=1 -f /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.conf -p /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.pid -r /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.vrrp.pid -c /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.check.pid

root@amphora-5185e364-c3a6-4126-bebc-6fafea0fb807:~# cat /var/lib/octavia/lvs/octavia-keepalivedlvs-74fc4e7e-9866-4858-b1de-6410383b7b75.conf 
# Configuration for Loadbalancer 4273ab40-b760-43b5-9a40-19f7490e3bbd
# Configuration for Listener 74fc4e7e-9866-4858-b1de-6410383b7b75

net_namespace amphora-haproxy

virtual_server 10.42.0.216 53 {
    lb_algo rr
    lb_kind NAT
    protocol UDP

# Configuration for Pool 1353a352-49bd-4bab-8ee4-61fe4f70586a
    # Configuration for Member 9a5a2a3d-5214-4566-a09f-f6711435ce61
    real_server 192.168.0.199 53 {
        weight 1

}

# the ipvs config is there:
root@amphora-5185e364-c3a6-4126-bebc-6fafea0fb807:~# ip netns exec amphora-haproxy ipvsadm --list
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
UDP  10.42.0.216:domain rr
  -> 192.168.0.199:domain         Masq    1      0          0

==============================================

openstack server add floating ip testvm 10.5.150.230

# ssh-ed into the backend VM and installed bind9 on it
ssh -i ~/.ssh/id_rsa_zaza ubuntu@10.5.150.230

ubuntu@testvm:~$ sudo apt update && sudo apt install -yqq bind9
The following additional packages will be installed:
  bind9-utils dns-root-data python3-ply
# ...

ubuntu@testvm:~$ ss -ul 'sport = 53'
State                 Recv-Q                Send-Q                                                    Local Address:Port                                   Peer Address:Port                Process                
UNCONN                0                     0                                                         192.168.0.199:domain                                      0.0.0.0:*                                          
UNCONN                0                     0                                                         192.168.0.199:domain                                      0.0.0.0:*                                          
UNCONN                0                     0                                                             127.0.0.1:domain                                      0.0.0.0:*                                          
UNCONN                0                     0                                                             127.0.0.1:domain                                      0.0.0.0:*                                          
UNCONN                0                     0                                                         127.0.0.53%lo:domain                                      0.0.0.0:*                                          
UNCONN                0                     0                                                                 [::1]:domain                                         [::]:*                                          
UNCONN                0                     0                                                                 [::1]:domain                                         [::]:*                                          
UNCONN                0                     0                                      [fe80::f816:3eff:feb0:9df7]%ens2:domain                                         [::]:*                                          
UNCONN                0                     0                                      [fe80::f816:3eff:feb0:9df7]%ens2:domain                                         [::]:*

# A local test to verify bind9 is working:

ubuntu@testvm:~$ nslookup 127.0.0.1 192.168.0.199
1.0.0.127.in-addr.arpa  name = localhost.

# in parallel to the above
ubuntu@testvm:~$ sudo tcpdump -n -i any dst port 53                                                 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode                          
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes                  
22:53:51.892763 IP 192.168.0.199.58537 > 192.168.0.199.53: 31056+ PTR? 1.0.0.127.in-addr.arpa. (40)

==============================================

# add a floating IP to the LB VIP
openstack floating ip set --port octavia-lb-4273ab40-b760-43b5-9a40-19f749

# check the security group rules for the project
ubuntu@dmitriis-bastion:~$ openstack security group rule list fb2f1280-8f00-44b9-9665-cb78e811a687    
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
| ID                                   | IP Protocol | Ethertype | IP Range  | Port Range | Remote Security Group                |
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
| 1ee04be6-32ac-4ecf-83a7-0b3f29d99a7d | None        | IPv4      | 0.0.0.0/0 |            | None                                 |
| 571fc7a4-e5c5-4464-b858-7fcbaad0aded | None        | IPv4      | 0.0.0.0/0 |            | fb2f1280-8f00-44b9-9665-cb78e811a687 |
| 7ac0689f-9a1a-4a7c-bcbd-bbe67cea4d57 | tcp         | IPv4      | 0.0.0.0/0 | 22:22      | None                                 |
| 8bce04ed-cbe3-437e-90e4-65d72c85cf15 | None        | IPv6      | ::/0      |            | fb2f1280-8f00-44b9-9665-cb78e811a687 |
| c39592c2-da03-41e3-baf2-be613ef5c7c8 | tcp         | IPv4      | 0.0.0.0/0 | 80:80      | None                                 |
| f2aa6066-6ccb-46d7-8f63-a6f772aac72e | None        | IPv6      | ::/0      |            | None                                 |                                                                                 
| f3fa9d2a-2d0d-4fe5-af8a-6f5163522709 | icmp        | IPv4      | 0.0.0.0/0 |            | None                                 |
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+

ubuntu@dmitriis-bastion:~$ openstack security group rule list fb2f1280-8f00-44b9-9665-cb78e811a687                                                                                                                 
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
| ID                                   | IP Protocol | Ethertype | IP Range  | Port Range | Remote Security Group                |
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
| 1ee04be6-32ac-4ecf-83a7-0b3f29d99a7d | None        | IPv4      | 0.0.0.0/0 |            | None                                 |
| 571fc7a4-e5c5-4464-b858-7fcbaad0aded | None        | IPv4      | 0.0.0.0/0 |            | fb2f1280-8f00-44b9-9665-cb78e811a687 |
| 7ac0689f-9a1a-4a7c-bcbd-bbe67cea4d57 | tcp         | IPv4      | 0.0.0.0/0 | 22:22      | None                                 |
| 8bce04ed-cbe3-437e-90e4-65d72c85cf15 | None        | IPv6      | ::/0      |            | fb2f1280-8f00-44b9-9665-cb78e811a687 |
| b2736861-4961-4c61-93d4-82b6337acf65 | udp         | IPv4      | 0.0.0.0/0 | 53:53      | None                                 |
| c39592c2-da03-41e3-baf2-be613ef5c7c8 | tcp         | IPv4      | 0.0.0.0/0 | 80:80      | None                                 |
| f2aa6066-6ccb-46d7-8f63-a6f772aac72e | None        | IPv6      | ::/0      |            | None                                 |
| f3fa9d2a-2d0d-4fe5-af8a-6f5163522709 | icmp        | IPv4      | 0.0.0.0/0 |            | None                                 |
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+

# try to resolve a name from the outside host via the FIP backed by a VIP

ubuntu@dmitriis-bastion:~$ nslookup 127.0.0.1 10.5.150.10
1.0.0.127.in-addr.arpa  name = localhost.

# the traffic gets past the qrouter namespace (the router is non-l3ha and not distributed) to the vip on the LB network

ubuntu@juju-d9bf09-zaza-3b752ba3303f-9:~$ sudo ip netns exec qrouter-4f5edf0f-999a-45bb-aaae-66de6fbd549c tcpdump -n -i any port 53    
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
23:30:44.129252 IP 10.5.0.5.41532 > 10.5.150.10.53: 58315+ PTR? 1.0.0.127.in-addr.arpa. (40)
23:30:44.129334 IP 10.5.0.5.41532 > 10.42.0.216.53: 58315+ PTR? 1.0.0.127.in-addr.arpa. (40)
23:30:44.134402 IP 10.42.0.216.53 > 10.5.0.5.41532: 58315* 1/0/0 PTR localhost. (63)
23:30:44.134431 IP 10.5.150.10.53 > 10.5.0.5.41532: 58315* 1/0/0 PTR localhost. (63)

4 packets captured
4 packets received by filter
0 packets dropped by kernel

# also appears at the amphora and gets forwarded to the backend
ubuntu@amphora-5185e364-c3a6-4126-bebc-6fafea0fb807:~$ sudo ip netns exec amphora-haproxy tcpdump -i any port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
23:30:43.696524 IP 10.5.0.5.41532 > 10.42.0.216.domain: 58315+ PTR? 1.0.0.127.in-addr.arpa. (40)
23:30:43.696633 IP 192.168.0.116.41532 > 192.168.0.199.domain: 58315+ PTR? 1.0.0.127.in-addr.arpa. (40)
23:30:43.699456 IP 192.168.0.199.domain > 192.168.0.116.41532: 58315* 1/0/0 PTR localhost. (63)
23:30:43.699479 IP 10.42.0.216.domain > 10.5.0.5.41532: 58315* 1/0/0 PTR localhost. (63)

4 packets captured
4 packets received by filter
0 packets dropped by kernel

# Ends up at the backend VM
ubuntu@testvm:~$ sudo tcpdump -n -i any port 53                                                     
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode                          
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes                  
23:30:44.136723 IP 192.168.0.116.41532 > 192.168.0.199.53: 58315+ PTR? 1.0.0.127.in-addr.arpa. (40) 
23:30:44.136949 IP 192.168.0.199.53 > 192.168.0.116.41532: 58315* 1/0/0 PTR localhost. (63)

Changed in charm-octavia-diskimage-retrofit:
status:	New → Incomplete
Changed in snap-octavia-diskimage-retrofit:
status:	New → Incomplete

Affects		Status	Importance	Assigned to	Milestone
	charm-octavia-diskimage-retrofit	Incomplete	Undecided	Unassigned
	snap-octavia-diskimage-retrofit	Incomplete	Undecided	Unassigned

charm-octavia-diskimage-retrofit

Generated amphora images don't support UDP load balancing

Bug Description

Other bug subscribers

Remote bug watches