[R2.20]DM: VM FIP functionality broken
Bug #1468209 reported by
amit surana
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R2.20 |
Fix Committed
|
Critical
|
Suresh Balineni | |||
Trunk |
Fix Committed
|
Critical
|
Suresh Balineni |
Bug Description
DM pushes NAT rules to the MX in order to support FIP functionality for BMS. However, it is seen that DM is also pushing NAT rules to the MX for FIPs associated to VMs. This breaks flows coming from/going to VM FIP.
This is what happens:
1. VM pings external server. This packet has its source IP translated to FIP.
2. External server responds.
3. The dest-ip of the response from the external server gets NATd on the MX to the VMs private IP (this step should happen on the source vRouter).
4. When this packet hits the vRouter on the compute node, it is found to belong to an incorrect vrf and so is dropped with error invalid nh.
information type: | Proprietary → Public |
To post a comment you must log in.
Review in progress for https:/ /review. opencontrail. org/12021
Submitter: Suresh Balineni (<email address hidden>)