SFC fails to route traffic when multiple compute nodes are involved
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
networking-sfc |
Invalid
|
Critical
|
Fred S |
Bug Description
The bug: if there are more than 1 compute node in the environment sfc traffic will not be routed between them.
--------
Reproduce:
Environment with 1 controller, 2 compute nodes (3 physical machines): C (controller), N1 (compute1), N2 (compute2).
1. Create network and subnet
2. Launch 4 vms in this network:
VM1 (traffic source) on N1
VM2 (service 1) on N1
VM3 (service 2) on N2
VM4 (destination) on N1
3. Setup sfc:
create two port pairs for VM2 and VM3
create two port-pair-groups for VM2 and VM3
create classifier with logical-source-port = VM1_port, protocol = icmp
create chain with two port-pair-groups (VM2's group should go first) and classifier
4. On vms, run:
VM1 runs: ping VM4
VM2 and VM3 runs: tcpdump icmp -i eth0 -n
Result: Pings will not return. VM2's tcpdump will print icmp packets going through, while VM3 will print nothing.
If I recreate the port chain to include only VM2's port pair group everything works.
It seems that the bug occurs when an element of the port chain is located on a different compute node than the previous element in the traffic route.
-----------
Another setup when the bug occurs:
3 vms, source and service on N1, destination on N2. Two icmp classifiers with logical-source-port = source vm port and destination vm port.
In this case the packets will successfully reach destination vm but fail when going back. If I remove the second classifier for destination vm (so returning packets will not go through service vm) everything works again.
-----------
This bug has been reproduced on both liberty and mitaka. For liberty I used networking-sfc v1.0.0 from pip package, for mitaka I installed sfc from master branch, commit d3235cc3a9dbb60
Environment setup:
Mirantis openstack 8.0 liberty, 9.0 mitaka
Neutron versions: 7.0.4 liberty, 8.1.2 mitaka
Virtual machines run clean ubuntu 15.10
Changed in networking-sfc: | |
status: | New → Triaged |
importance: | Undecided → Critical |
Changed in networking-sfc: | |
status: | Triaged → In Progress |
assignee: | nobody → Farhad Sunavala (fsbiz) |
openvswitch-agent logs report no errors but here they are