© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Problem:-
In DVR, when a floating ip is associated with a port, existing connections to external network will be hung(and unresponsive).
The connection may be any TCP, UDP, ICMP connections which are tracked in conntrack.
Packet routing to external network before assigning floating ip:-
Before assigning floating-ip, existing connections will be using SNAT gateway to reach external network because of [2].
Packet routing to external network after assigning floating ip:-
When a floating ip is associated, packets to external network are routed through fip namespace because of ip rule[3].
This rule[3] has higher priority over [2]. And then SNAT iptables rule [4] is applied on packets.
Root cause of the issue:-
But for existing connections to external network only ip rule [3] is applied and
SNAT [4] is not applied because of connection tracking entry [5].
So these packets enter into fip namespace and to external network with local ip and will never get reply packets, hence the
connections will be in hung state.
[2] 167772161: from 10.0.0.1/24 lookup 167772161
ip route show table 167772161
default via 10.0.0.7 dev qr-8804a198-ea
[3] 32777: from 10.0.0.8 lookup 16
[4] SNAT all -- * * 10.0.0.8 0.0.0.0/0 to:172.168.1.16
[5] icmp 1 29 src=10.0.0.8 dst=8.8.8.8 [UNREPLIED] src=8.8.8.8 dst=10.0.0.8 mark=0 use=1