MAC of VIP not updated in VRF in a VRRP scenario
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Juniper Openstack |
New
|
Undecided
|
Naveen N | ||
OpenContrail |
New
|
Undecided
|
Naveen N |
Bug Description
Using a simple setup where I have 2 VRRP nodes with keepalived and a client VM on the same subnet that pings the VIP.
The VIP is configured using allow address pairs.
Looking at the VRF of the client machine port I can see that the VIP MAC is not updated when the master VRRP node goes down:
# rt --dump 10 | grep 15.15.15.15/32
15.15.15.15/32 32 LP 40 28 2:81:ca:
# rt --dump 10 | grep 15.15.15.15/32
15.15.15.15/32 32 LP 40 28 2:81:ca:
(keepalived stopped on master)
# rt --dump 10 | grep 15.15.15.15/32
15.15.15.15/32 32 LP 29 29 2:81:ca:
# rt --dump 10 | grep 15.15.15.15/32
15.15.15.15/32 32 LP 29 29 2:81:ca:
We can see the route change (mpls label and nh updated) but not the MAC.
As a result if an ARP request is made on the VIP by the client it gets the wrong MAC so the connection doesn't work anymore.
Using the noping tool instead of ping should show this behaviour.
Changed in opencontrail: | |
assignee: | nobody → Naveen N (naveenn) |
Changed in juniperopenstack: | |
assignee: | nobody → Naveen N (naveenn) |
ICMP and ARP tcpdump capture with ping where you can see the failover working fine. You can see GARP from keepalived but no explicit ARP request to 15.15.15.15 (the VIP). So the ARP table is updated by the VM OS according to the GARP.