Juniper Openstack

[R2.20]DM:Overlapping subnets not supported for BMS/FIP scenario

  1. Series r3.1
  2. Bug #1469296
Bug #1469296 reported by amit surana
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R2.20
Won't Fix
Medium
Suresh Balineni
R3.1
Fix Committed
Medium
Suresh Balineni
Juniper Openstack r3.1.1.0
Trunk
Fix Committed
Medium
Suresh Balineni
Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"

Bug Description

MX does the NAT for BMS FIP. If BMSs belong to overlapping subnets, their respective NAT configurations will collide in the NAT pool section of the config and get rejected. Not sure if this will work if the overlapping subnets are mapped to different si-* interfaces (belonging to different FPCs). Even if the latter works, we do not have a way to make this work in 2.20.

This limitation does not apply to contrail VMs.

Below config snippet shows the problem.

edit]
root@cmbu-tasman# show groups __contrail__ services | display set
set groups __contrail__ services service-set sv-_contrail_l3_6206_vn nat-rules sv-_contrail_l3_6206_vn-sn-rule
set groups __contrail__ services service-set sv-_contrail_l3_6206_vn nat-rules sv-_contrail_l3_6206_vn-dn-rule
set groups __contrail__ services service-set sv-_contrail_l3_6206_vn next-hop-service inside-service-interface si-2/0/0.12411
set groups __contrail__ services service-set sv-_contrail_l3_6206_vn next-hop-service outside-service-interface si-2/0/0.12412
set groups __contrail__ services service-set sv-_contrail_l3_6207_vn nat-rules sv-_contrail_l3_6207_vn-sn-rule
set groups __contrail__ services service-set sv-_contrail_l3_6207_vn nat-rules sv-_contrail_l3_6207_vn-dn-rule
set groups __contrail__ services service-set sv-_contrail_l3_6207_vn next-hop-service inside-service-interface si-2/0/0.100
set groups __contrail__ services service-set sv-_contrail_l3_6207_vn next-hop-service outside-service-interface si-2/0/0.101
set groups __contrail__ services nat rule sv-_contrail_l3_6206_vn-sn-rule match-direction input
set groups __contrail__ services nat rule sv-_contrail_l3_6206_vn-sn-rule term term_2_1_1_3 from source-address 2.1.1.3/32
set groups __contrail__ services nat rule sv-_contrail_l3_6206_vn-sn-rule term term_2_1_1_3 then translated source-prefix 7.1.1.4/32
set groups __contrail__ services nat rule sv-_contrail_l3_6206_vn-sn-rule term term_2_1_1_3 then translated translation-type basic-nat44
set groups __contrail__ services nat rule sv-_contrail_l3_6206_vn-dn-rule match-direction output
set groups __contrail__ services nat rule sv-_contrail_l3_6206_vn-dn-rule term term_7_1_1_4 from destination-address 7.1.1.4/32
set groups __contrail__ services nat rule sv-_contrail_l3_6206_vn-dn-rule term term_7_1_1_4 then translated destination-prefix 2.1.1.3/32
set groups __contrail__ services nat rule sv-_contrail_l3_6206_vn-dn-rule term term_7_1_1_4 then translated translation-type dnat-44
set groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-sn-rule match-direction input
set groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-sn-rule term term_2_1_1_3 from source-address 2.1.1.3/32
set groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-sn-rule term term_2_1_1_3 then translated source-prefix 8.1.1.4/32
set groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-sn-rule term term_2_1_1_3 then translated translation-type basic-nat44
set groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-dn-rule match-direction output
set groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-dn-rule term term_8_1_1_4 from destination-address 8.1.1.4/32
set groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-dn-rule term term_8_1_1_4 then translated destination-prefix 2.1.1.3/32
set groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-dn-rule term term_8_1_1_4 then translated translation-type dnat-44

[edit]
root@cmbu-tasman# commit
[edit groups __contrail__ services nat rule sv-_contrail_l3_6207_vn-dn-rule]
  'term term_8_1_1_4'
    With translation-type dnat-44, same pool cannot be shared by multiple rules or terms
error: configuration check-out failed

See original description
amit surana (asurana-t)
description: updated
Vedamurthy Joshi (vedujoshi)
tags: added: bms releasenote
chhandak (chhandak)
information type: Proprietary → Public
Revision history for this message
amit surana (asurana-t) wrote :

Nischal, Suresh - this limitation can be removed by adding the following configuration:

 set groups __contrail__ services nat allow-overlapping-nat-pools

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Bug update]

bug update...

Nagabhushana R (bhushana)
no longer affects: juniperopenstack/r3.0
no longer affects: juniperopenstack/r3.1
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/23188
Submitter: Suresh Balineni (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/23188
Committed: http://github.org/Juniper/contrail-controller/commit/d6eefaa7ce832cac829f50c15b121f848dc31855
Submitter: Zuul
Branch: master

commit d6eefaa7ce832cac829f50c15b121f848dc31855
Author: sbalineni <email address hidden>
Date: Wed Aug 10 15:42:21 2016 -0700

[DM]: Generate allow overlapping subnets config

CLI : set groups __contrail__ services nat allow-overlapping-nat-pools
XML Config:
root@cmbu-lakewood# show services nat | display xml
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<configuration junos:changed-seconds="1470867780" junos:changed-localtime="2016-08-10 15:23:00 PDT">
<services>
<nat>
<allow-overlapping-nat-pools/>
</nat>
</services>
</configuration>
<cli>
<banner>[edit]</banner>
</cli>
</rpc-reply>

Change-Id: I026dc391d0536a34fd753bb41eefec876ea2b78f
Closes-Bug: #1469296

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1

Review in progress for https://review.opencontrail.org/23332
Submitter: Suresh Balineni (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/23332
Committed: http://github.org/Juniper/contrail-controller/commit/d90ef478e9ab5c6f29a9439f12173bcc97266f81
Submitter: Zuul
Branch: R3.1

commit d90ef478e9ab5c6f29a9439f12173bcc97266f81
Author: sbalineni <email address hidden>
Date: Wed Aug 10 15:42:21 2016 -0700

[DM]: Generate allow overlapping subnets config

CLI : set groups __contrail__ services nat allow-overlapping-nat-pools
XML Config:
root@cmbu-lakewood# show services nat | display xml
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<configuration junos:changed-seconds="1470867780" junos:changed-localtime="2016-08-10 15:23:00 PDT">
<services>
<nat>
<allow-overlapping-nat-pools/>
</nat>
</services>
</configuration>
<cli>
<banner>[edit]</banner>
</cli>
</rpc-reply>

Change-Id: I026dc391d0536a34fd753bb41eefec876ea2b78f
Closes-Bug: #1469296

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.