neutron

  1. Bug #1445255
  2. Comment #18

Comment 18 for bug 1445255

Revision history for this message
Swaminathan Vasudevan (swaminathan-vasudevan) wrote : RE: [Bug 1445255] Re: DVR FloatingIP to unbound allowed_address_pairs does not work

Hi Tom,
Yes I do have a couple of patches in the review queue and once merges I will try to backport all the three patches.

Thanks
Swami

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Tom Verdaat
Sent: Saturday, April 30, 2016 3:25 AM
To: <email address hidden>
Subject: [Bug 1445255] Re: DVR FloatingIP to unbound allowed_address_pairs does not work

@Swaminathan any progress on the Mitaka backport? You mentioned an issue with the patch but that was 30 days ago.

Also any chance you could look at the Liberty backport? Looks like Nate's patch needs some attention but he doesn't seem to be getting any assistance :-(

--
You received this bug notification because you are a bug assignee.
https://bugs.launchpad.net/bugs/1445255

Title:
  DVR FloatingIP to unbound allowed_address_pairs does not work

Status in neutron:
  Fix Released

Bug description:
  I was trying to follow Aaron's guide here: http://blog.aaronorosen.com
  /implementing-high-availability-instances-with-neutron-using-vrrp/

  VRRP is working fine, but with DVR enabled there is no way to get a
  floatingIP address working with a vIP.

  There has been a discussion about this on #openstack-neutron on the
  16th of April 2015:

  [23:49:26] <kevinbenton> dguerri was trying to follow Aaron's guide here: http://blog.aaronorosen.com/implementing-high-availability-instances-with-neutron-using-vrrp/
  [23:49:35] <kevinbenton> and it doesn't work with DVR
  [23:50:49] <armax> kevinbenton: ok, but are we sure that’s because of an unbound port?
  [23:51:37] <kevinbenton> armax: seems to be
  [23:51:56] <kevinbenton> armax: no l3 agent will respond to an ARP request for the floating IP when i try it
  [23:52:57] <armax> kevinbenton: ok, now I am with you
  [23:53:53] <armax> kevinbenton: in aaron’s case the fip is associated to an unbound port
  [23:54:05] <armax> kevinbenton: and yet routing works fine
  [23:55:18] <armax> kevinbenton: I don’t think taht for such scenario DVR makes much sense
  [23:55:48] <armax> kevinbenton: because if we allowed to have teh FIP namespace to land on the dvr_snat agent
  [23:56:02] <armax> kevinbenton: you’re basically back to central routing
  [23:56:07] <kevinbenton> armax: right
  [23:56:11] <armax> kevinbenton: am I making any sense?
  [23:56:29] <armax> kevinbenton: I am not saying that lack of VRRP support is nice
  [23:56:37] <armax> kevinbenton: I am tryign to wrap my head around this
  [23:56:49] <kevinbenton> armax: i was thinking maybe there was some fallback logic where the SNAT one would host a floating IP if there wasn't another l3 agent that could handle it
  [23:57:16] <kevinbenton> armax: for example if one of the compute nodes wasn't running the l3 agent
  [23:57:35] <kevinbenton> armax: it would be the same scenario
  [23:57:37] <kevinbenton> armax: right?

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1445255/+subscriptions