Floating IPs don't work with LBaaS V2 Loadbalancers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Hong Hui Xiao |
Bug Description
Summary:
With LBaaS V2, create a loadbalancer and two member instances. Assign floating IPs to the instances, and to the loadbalancers. The instances are accessible via their FIPS, but the loadbalancer is not. The loadbalancer does work via the its fixed IP.
Reproduced in devstack on master as of Wed, Sept 9, 2015.
# ===== BEGIN local.conf =====
[[local|localrc]]
# The name of the RECLONE environment variable is a bit misleading. It doesn't actually
# reclone repositories, rather it uses git fetch to make sure the repos are current.
RECLONE=True
#RECLONE=False
# Load the external LBaaS plugin.
#enable_plugin neutron-lbaas https:/
enable_plugin neutron-lbaas https:/
#enable_plugin neutron-lbaas /media/
DATABASE_
ADMIN_PASSWORD=
SERVICE_
SERVICE_
RABBIT_
# Enable Logging
LOGFILE=
VERBOSE=True
LOG_COLOR=True
SCREEN_
# Pre-requisite
ENABLED_
# Horizon
#ENABLED_
# Nova
ENABLED_
IMAGE_URLS+=",https:/
ENABLED_
# Neutron
ENABLED_
# Enable LBaaS V2
ENABLED_
#ENABLED_
# Cinder
ENABLED_
# enable DVR
Q_PLUGIN=ml2
Q_ML2_TENANT_
Q_DVR_MODE=dvr_snat
LOGFILE=
# Old log files are automatically removed after 7 days to keep things neat. Change
# the number of days by setting ``LOGDAYS``.
LOGDAYS=2
# ===== END local.conf =====
# ===== BEGIN local.sh =====
#!/usr/bin/env bash
set -x
# Sample ``local.sh`` that configures two simple webserver instances and sets
# up a Neutron LBaaS Version 2 loadbalancer.
# Keep track of the DevStack directory
TOP_DIR=$(cd $(dirname "$0") && pwd)
BOOT_DELAY=60
# Import common functions
source ${TOP_DIR}
# Use openrc + stackrc for settings
source ${TOP_DIR}/stackrc
# Destination path for installation ``DEST``
DEST=${
# Additional Variables
IMAGE_NAME="cirros"
SUBNET_
cat > ${TOP_DIR}
#!/bin/sh
MYIP=\$
while true; do
echo -e "HTTP/1.0 200 OK\r\n\r\nWelcome to \$MYIP\r\n" | sudo nc -l -p 80
done
EOF
cat > ${TOP_DIR}
#!/bin/sh
MYIP=\$
while true; do
echo -e "HTTP/1.0 200 OK\r\n\r\nWelcome to \$MYIP port 443" | sudo nc -l -p 443
done
EOF
chmod 755 ${TOP_DIR}
chmod 755 ${TOP_DIR}
if is_service_enabled nova; then
# Get OpenStack demo user auth
source ${TOP_DIR}/openrc demo demo
# Create an SSH key to use for the instances
HOST=$(echo $HOSTNAME | cut -d"." -f1)
DEVSTACK_
DEVSTACK_
DEVSTACK_
rm -f ${DEVSTACK_
ssh-keygen -b 2048 -t rsa -f ${DEVSTACK_
nova keypair-add --pub_key=
# Add tcp/22,80 and icmp to default security group
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default tcp 80 80 0.0.0.0/0
nova secgroup-add-rule default tcp 443 443 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
# Get Image id
IMAGE_
# Get Network id
NET_
SUBNET_
FIP_
FIP_
# FIP_ID_3=$(neutron floatingip-create public|grep "| id " |awk '{print $4}')
# FIP_ID_4=$(neutron floatingip-create public|grep "| id " |awk '{print $4}')
FIP_1=$(neutron floatingip-show $FIP_ID_1 | grep "| floating_ip_address " | awk {'print $4 }')
FIP_2=$(neutron floatingip-show $FIP_ID_2 | grep "| floating_ip_address " | awk {'print $4 }')
# FIP_3=$(neutron floatingip-show $FIP_ID_3 | grep "| floating_ip_address " | awk {'print $4 }')
# FIP_4=$(neutron floatingip-show $FIP_ID_4 | grep "| floating_ip_address " | awk {'print $4 }')
PORT_
PORT_
# PORT_ID_3=$(neutron port-create private | grep "| id " | awk '{print $4}')
# PORT_ID_4=$(neutron port-create private | grep "| id " | awk '{print $4}')
neutron floatingip-
neutron floatingip-
# neutron floatingip-
# neutron floatingip-
IP_1=$(neutron floatingip-show $FIP_ID_1 | grep "| fixed_ip_address " | awk '{print $4}')
IP_2=$(neutron floatingip-show $FIP_ID_2 | grep "| fixed_ip_address " | awk '{print $4}')
# IP_3=$(neutron floatingip-show $FIP_ID_3 | grep "| fixed_ip_address " | awk '{print $4}')
# IP_4=$(neutron floatingip-show $FIP_ID_4 | grep "| fixed_ip_address " | awk '{print $4}')
# Boot some instances
# NOVA_BOOT_
NOVA_
nova boot ${NOVA_BOOT_ARGS} port-id=$PORT_ID_1 node1 --poll
nova boot ${NOVA_BOOT_ARGS} port-id=$PORT_ID_2 node2 --poll
# nova boot ${NOVA_BOOT_ARGS} port-id=$PORT_ID_3 node3
# nova boot ${NOVA_BOOT_ARGS} port-id=$PORT_ID_4 node4
# echo "Waiting ${BOOT_DELAY} seconds for instances to boot"
# sleep ${BOOT_DELAY}
nova list
ssh-keygen -R ${FIP_1}
ssh-keygen -R ${FIP_2}
# ssh-keygen -R ${FIP_3}
# ssh-keygen -R ${FIP_4}
# Run a simple web server on the instances
sleep 20 # getting "connection refused", might not be fully running yet.
scp -i ${DEVSTACK_
scp -i ${DEVSTACK_
# scp -i ${DEVSTACK_
# scp -i ${DEVSTACK_
screen_process node1 "ssh -i ${DEVSTACK_
screen_process node2 "ssh -i ${DEVSTACK_
# screen_process node3 "ssh -i ${DEVSTACK_
# screen_process node4 "ssh -i ${DEVSTACK_
fi
if is_service_enabled q-lbaasv2; then
echo "AJM: beginning LB setup"
ip netns
neutron lbaas-loadbalan
# neutron lbaas-loadbalan
sleep 10
echo "AJM: after loadbalancer create"
ip netns
neutron lbaas-listener-
# neutron lbaas-listener-
sleep 10
echo "AJM: after listener-create"
ip netns
neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
# neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener listener2 --protocol HTTP --name pool2
sleep 10
echo "AJM: after pool create"
ip netns
neutron lbaas-member-create --subnet ${SUBNET_NAME} --address ${IP_1} --protocol-port 80 pool1
neutron lbaas-member-create --subnet ${SUBNET_NAME} --address ${IP_2} --protocol-port 80 pool1
echo "AJM: after member create"
ip netns
# neutron lbaas-member-create --subnet ${SUBNET_NAME} --address ${IP_3} --protocol-port 80 pool2
# neutron lbaas-member-create --subnet ${SUBNET_NAME} --address ${IP_4} --protocol-port 80 pool2
FIP_
LB1_
echo "AJM: after fip create"
ip netns
# FIP_ID_
# LB2_VIP_
neutron floatingip-
echo "AJM: at the end"
ip netns
# neutron floatingip-
# neutron lbaas-member-create --subnet ${SUBNET_NAME} --address ${IP1} --protocol-port 443 pool2
fi
# ===== END local.sh
ubuntu@
+------
| id | fixed_ip_address | floating_ip_address | port_id |
+------
| 1192f5d0-
| 67846392-
| ca36b325-
+------
ubuntu@
Welcome to 10.0.0.5
ubuntu@
Welcome to 10.0.0.4
ubuntu@
Welcome to 10.0.0.5
ubuntu@
Welcome to 10.0.0.4
ubuntu@
Welcome to 10.0.0.4
ubuntu@
Welcome to 10.0.0.5
ubuntu@
curl: (7) Failed to connect to 172.24.4.6 port 80: No route to host
Changed in neutron: | |
assignee: | nobody → Hong Hui Xiao (xiaohhui) |
The reason of this bug seems to be that you are using DVR. First of all, I can't see any benefit using DVR in a all in one env(You are deploying devstack all in one host, right?).
And I can't see the bug with a legacy router. But I do see the bug in DVR. There are forwarding rules for floatingip of vms but no forwarding rules for the vip port. So, you can't reach the vip's floatingip.
I will look into it more.