2016-04-11 16:37:37 |
amit surana |
description |
LBaaS is configured and FIP is assigned to the VIP. Now, if a VM is instantiated on the FIP VN and it happens to land on the same compute as the active LBaaS instance, then the VM is unable to ping the FIP assigned to the VIP.
The routes in the L3 FIP VRF looks correct and the stitched MAC is present for the FIP (and has the correct nh). However, the MAC route in the L2 VRF is wrong and is pointing to the compute that has the standby VRF.
EVPN route table on the agent shows that even though the local route has higher preference (of 200), the route received from the remote agent (the one that has the sby instance) is preferred.
There are several other issues too: a single ping is resulting in 4 flows being setup; one pair of flows without dnat and other with dnat enabled.
Configured encap is VxLAN.
root@csol2-node15:~# rt --dump 18 | grep 16.24.0.5\/32
16.24.0.5/32 32 PT - 94 2:b6:d:54:42:e7(227292)
root@csol2-node15:~# nh --get 94
Id:94 Type:Encap Fmly: AF_INET Rid:0 Ref_cnt:6 Vrf:16
Flags:Valid, Policy,
EncapFmly:0806 Oif:30 Len:14
Encap Data: 02 b6 0d 54 42 e7 00 00 5e 00 01 00 08 00
root@csol2-node15:~# rt --dump 18 --family bridge | grep 42:e7
227292 2:b6:d:54:42:e7 LDf 7 43
root@csol2-node15:~# nh --get 43
Id:43 Type:Tunnel Fmly: AF_INET Rid:0 Ref_cnt:43 Vrf:0
Flags:Valid, Vxlan,
Oif:0 Len:14 Flags Valid, Vxlan, Data:90 e2 ba 50 b9 68 90 e2 ba 4c 67 f8 08 00
Vrf:0 Sip:172.16.180.15 Dip:172.16.180.14 |
LBaaS is configured and FIP is assigned to the VIP. Now, if a VM is instantiated on the FIP VN and it happens to land on the same compute as the active LBaaS instance, then the VM is unable to ping the FIP assigned to the VIP.
The routes in the L3 FIP VRF looks correct and the stitched MAC is present for the FIP (and has the correct nh). However, the MAC route in the L2 VRF is wrong and is pointing to the compute that has the standby VRF.
EVPN route table on the agent shows that even though the local route has higher preference (of 200), the route received from the remote agent (the one that has the sby instance) is preferred.
There are several other issues too: a single ping is resulting in 4 flows being setup; one pair of flows without dnat and other with dnat enabled.
Configured encap is VxLAN.
root@csol2-node15:~# rt --dump 18 | grep 16.24.0.5\/32
16.24.0.5/32 32 PT - 94 2:b6:d:54:42:e7(227292)
root@csol2-node15:~# nh --get 94
Id:94 Type:Encap Fmly: AF_INET Rid:0 Ref_cnt:6 Vrf:16
Flags:Valid, Policy,
EncapFmly:0806 Oif:30 Len:14
Encap Data: 02 b6 0d 54 42 e7 00 00 5e 00 01 00 08 00
root@csol2-node15:~# rt --dump 18 --family bridge | grep 42:e7
227292 2:b6:d:54:42:e7 LDf 7 43
root@csol2-node15:~# nh --get 43
Id:43 Type:Tunnel Fmly: AF_INET Rid:0 Ref_cnt:43 Vrf:0
Flags:Valid, Vxlan,
Oif:0 Len:14 Flags Valid, Vxlan, Data:90 e2 ba 50 b9 68 90 e2 ba 4c 67 f8 08 00
Vrf:0 Sip:172.16.180.15 Dip:172.16.180.14
root@csol2-node15:~# flow -l | grep 16.24.0.4 -C2
116308<=>386752 13.169.55.3:10129 1 (16->18)
16.24.0.4:0
(Gen: 8, K(nh):94, Action:N(S), Flags:, S(nh):94, Stats:0/0, SPort 61677)
--
(Gen: 7, K(nh):425, Action:F, Flags:, S(nh):7, Stats:0/0, SPort 65313)
174452<=>188020 16.24.0.4:10129 1 (18)
16.24.0.5:0
(Gen: 7, K(nh):395, Action:F, Flags:, S(nh):395, Stats:1233/120834, SPort 49303)
--
188020<=>174452 16.24.0.5:10129 1 (18)
16.24.0.4:0
(Gen: 5, K(nh):395, Action:F, Flags:, S(nh):94, Stats:0/0, SPort 54053)
--
(Gen: 10, K(nh):209, Action:F, Flags:, S(nh):209, Stats:1/76, SPort 49378)
386752<=>116308 16.24.0.4:10129 1 (16->16)
16.24.0.5:0
(Gen: 14, K(nh):94, Action:N(D), Flags:, S(nh):395, Stats:1233/120834, SPort 60017) |
|