VM on FIP VN can't ping VIP/FIP if VM on same compute as active LBaaS instance
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R2.20 |
Fix Committed
|
Medium
|
Manish Singh | |||
R2.21.x |
Fix Committed
|
Medium
|
Manish Singh | |||
R2.22.x |
Fix Committed
|
Medium
|
Manish Singh | |||
R3.0 |
Fix Committed
|
Medium
|
Manish Singh | |||
Trunk |
Fix Committed
|
Medium
|
Manish Singh |
Bug Description
LBaaS is configured and FIP is assigned to the VIP. Now, if a VM is instantiated on the FIP VN and it happens to land on the same compute as the active LBaaS instance, then the VM is unable to ping the FIP assigned to the VIP.
The routes in the L3 FIP VRF looks correct and the stitched MAC is present for the FIP (and has the correct nh). However, the MAC route in the L2 VRF is wrong and is pointing to the compute that has the standby VRF.
EVPN route table on the agent shows that even though the local route has higher preference (of 200), the route received from the remote agent (the one that has the sby instance) is preferred.
There are several other issues too: a single ping is resulting in 4 flows being setup; one pair of flows without dnat and other with dnat enabled.
Configured encap is VxLAN.
root@csol2-
16.24.0.5/32 32 PT - 94 2:b6:d:
root@csol2-
Id:94 Type:Encap Fmly: AF_INET Rid:0 Ref_cnt:6 Vrf:16
Encap Data: 02 b6 0d 54 42 e7 00 00 5e 00 01 00 08 00
root@csol2-
227292 2:b6:d:54:42:e7 LDf 7 43
root@csol2-
Id:43 Type:Tunnel Fmly: AF_INET Rid:0 Ref_cnt:43 Vrf:0
Oif:0 Len:14 Flags Valid, Vxlan, Data:90 e2 ba 50 b9 68 90 e2 ba 4c 67 f8 08 00
Vrf:0 Sip:172.16.180.15 Dip:172.16.180.14
root@csol2-
116308<=>386752 13.169.55.3:10129 1 (16->18)
(Gen: 8, K(nh):94, Action:N(S), Flags:, S(nh):94, Stats:0/0, SPort 61677)
--
(Gen: 7, K(nh):425, Action:F, Flags:, S(nh):7, Stats:0/0, SPort 65313)
174452<=>188020 16.24.0.4:10129 1 (18)
(Gen: 7, K(nh):395, Action:F, Flags:, S(nh):395, Stats:1233/120834, SPort 49303)
--
188020<=>174452 16.24.0.5:10129 1 (18)
(Gen: 5, K(nh):395, Action:F, Flags:, S(nh):94, Stats:0/0, SPort 54053)
--
(Gen: 10, K(nh):209, Action:F, Flags:, S(nh):209, Stats:1/76, SPort 49378)
386752<=>116308 16.24.0.4:10129 1 (16->16)
(Gen: 14, K(nh):94, Action:N(D), Flags:, S(nh):395, Stats:1233/120834, SPort 60017)
description: | updated |
tags: | added: soln |
1> EVPN route for FIP would point to receive NH, and if EVPN route points to receive NH mac stitching would not be present hence ARP resolution would fail.
2> When this FIP EVPN route are relayed back, ensure next hop points to receive NH for BGP peer path