Juniper Openstack

with fabric SNAT enabled, ping to the fabric IP failed with source as the secondary IP

Bug #1751197 reported by Vinoth Kannan Ganapathy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
Trunk
Fix Committed
Undecided
Naveen N
Juniper Openstack r5.0.0

Bug Description

with fabric SNAT enabled, ping to the fabric IP failed with source as the secondary IP

create VN, and enabled fabric SNAT
launch two VMs and configure AAP between the ports, where one of the VMI gets the VIP ip as secondary
ping fabric ip with source as secondary IP , which fails

ubuntu@dsnat-vip-vm1:~$ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:26:3a:df:66:8b brd ff:ff:ff:ff:ff:ff
    inet 172.16.2.3/24 brd 172.16.2.255 scope global eth0
    inet 172.16.2.100/24 scope global secondary eth0
    inet6 fe80::26:3aff:fedf:668b/64 scope link
       valid_lft forever preferred_lft forever
ubuntu@dsnat-vip-vm1:~$
ubuntu@dsnat-vip-vm1:~$
ubuntu@dsnat-vip-vm1:~$ ping 10.204.217.112
PING 10.204.217.112 (10.204.217.112) 56(84) bytes of data.
64 bytes from 10.204.217.112: icmp_req=1 ttl=61 time=1.01 ms
64 bytes from 10.204.217.112: icmp_req=2 ttl=61 time=0.462 ms
^C
--- 10.204.217.112 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.462/0.736/1.010/0.274 ms
ubuntu@dsnat-vip-vm1:~$ ping -h
Usage: ping [-LRUbdfnqrvVaAD] [-c count] [-i interval] [-w deadline]
            [-p pattern] [-s packetsize] [-t ttl] [-I interface]
            [-M pmtudisc-hint] [-m mark] [-S sndbuf]
            [-T tstamp-options] [-Q tos] [hop1 ...] destination
ubuntu@dsnat-vip-vm1:~$ ping -I 172.16.2.3 10.204.217.112
PING 10.204.217.112 (10.204.217.112) from 172.16.2.3 : 56(84) bytes of data.
64 bytes from 10.204.217.112: icmp_req=1 ttl=61 time=1.05 ms
64 bytes from 10.204.217.112: icmp_req=2 ttl=61 time=0.452 ms
64 bytes from 10.204.217.112: icmp_req=3 ttl=61 time=0.337 ms
64 bytes from 10.204.217.112: icmp_req=4 ttl=61 time=0.451 ms
64 bytes from 10.204.217.112: icmp_req=5 ttl=61 time=0.344 ms
^C
--- 10.204.217.112 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.337/0.526/1.050/0.267 ms
ubuntu@dsnat-vip-vm1:~$ ping -I 172.16.2.100 10.204.217.112
PING 10.204.217.112 (10.204.217.112) from 172.16.2.100 : 56(84) bytes of data.

Tags: vrouter
Sudheendra Rao (sudheendra-k)
information type: Proprietary → Public
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/40581
Submitter: Naveen N (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/40581
Committed: http://github.com/Juniper/contrail-controller/commit/ab1dcb0d5426a6e5e30d96805ca04e24ff53e63a
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit ab1dcb0d5426a6e5e30d96805ca04e24ff53e63a
Author: Naveen N <email address hidden>
Date: Tue Mar 13 15:48:52 2018 +0530

* Apply distributed SNAT for secondary IP and AAP

1> If packet matches seconday IP or AAP then consider that as
valid source IP for traffic to reach underlay
2> If VM has a floating-ip and floating-ip VN is enabled for
distributed SNAT then add VMI with router id as floating-ip
such that packet can undergo SNAT

Change-Id: I128971c9704147b3030f7ec6d83872427584ede9
Closes-bug: #1751197,#1752278

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.