We shouldn't schedule routers on compute nodes for DVR environments
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
networking-ovn |
Fix Released
|
High
|
venkata anil |
Bug Description
When we deploy a DVR environment where we want allow to have FIPs in compute nodes we'll need to configure bridge-mappings on them so that they have external connectivity.
Having bridge-mappings configured on compute nodes make them eligible on router scheduling so it may be possible that a router is scheduled on a compute node. In Neutron reference implementation we only do SNAT on controllers so we should follow the same approach in networking-ovn and only schedule routers on controller nodes.
Right now we have the following problem:
R1 scheduled on compute node C1, C2, C3 (L3HA).
VMs in compute nodes C4, C5, ..., CN using R1 for SNAT.
If during a maintenance operation, C1, C2 and C3 have to be rebooted, all the VMs running in C4, ..., CN can't get through SNAT (even though floating IP's and east-west traffic would still work).
As we don't yet have distributed SNAT, the quicker fix would be to work out a way to decide which nodes are eligible right now for scheduling a router and not using the bridge-mappings criteria anymore.
Changed in networking-ovn: | |
status: | New → In Progress |
Changed in networking-ovn: | |
importance: | Undecided → High |
Want to address this issue with https:/ /review. openstack. org/#/c/ 486098/