neutron

DVR FIP agent gateway does not pass traffic directed at fixed IP

Bug #1557290 reported by Ryan Tidwell on 2016-03-15

This bug report is a duplicate of: Bug #1577488: [RFE]"Fast exit" for compute node egress flows when using DVR. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Confirmed	Low	Swaminathan Vasudevan

Bug Description

When using DVR, if traffic is sent to the fixed IP of an instance using the FIP gateway as the next-hop it is dropped by the FIP gateway. The FIP gateway should act as a generic gateway to both fixed IP's and floating IP's. This is an enabler for north-south DVR without using floating IP's. I believe the FIP gateway just needs routes to point to fixed IP's the appropriate qrouter. The address scope of the external network and tenant networks should be the same if direct routing to the fixed IP is to be supported. Once this is fixed, BGP can announce the FIP gateway IP as the next-hop for each fixed IP host route accessible on the given compute node.

Tags:

Hirofumi Ichihara (ichihara-hirofumi) on 2016-03-15

tags:

added: l3-dvr-backlog

Revision history for this message

Hirofumi Ichihara (ichihara-hirofumi) wrote on 2016-03-15:

How do we pass fixed IP traffic to FIP agent gateway? Where from?

Changed in neutron:
importance:	Undecided → Wishlist

Swaminathan Vasudevan (swaminathan-vasudevan) on 2016-03-16

Changed in neutron:
status:	New → Confirmed

Revision history for this message

Ryan Tidwell (ryan-tidwell) wrote on 2016-03-16:

Traffic can be directed at the FIP agent gateway when upstream routers either have static routes for each fixed IP or if upstream routers learn the host route via a routing protocol like BGP. I encountered this issue while doing some development on Neutron BGP. I had written some code that announces a host route for each fixed IP using the FIP gateway as the next-hop. I did not include this code in Mitaka because it was late enough in the cycle that this was not going to get fixed. Leaving that code in Mitaka would effectively push routes into the infrastructure that would cause traffic to black-hole and I was concerned that it would look like buggy. If we can get this fixed it's not a heavy lift to get north-south DVR working with both IPv4 and IPv6.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-18: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/294335

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-24: Change abandoned on neutron (master)

Change abandoned by Swaminathan Vasudevan (<email address hidden>) on branch: master
Review: https://review.openstack.org/294335
Reason: I will be pushing a alternate on to this patch.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-25: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/297468

Swaminathan Vasudevan (swaminathan-vasudevan) on 2016-03-30

summary:

- DVR FIP agent gateway does not pass traffic directed at fixed IP
+ [RFE]DVR FIP agent gateway does not pass traffic directed at fixed IP

Revision history for this message

Carl Baldwin (carl-baldwin) wrote on 2016-03-30: Re: [RFE]DVR FIP agent gateway does not pass traffic directed at fixed IP

I'm not sure this should be an RFE. From one point of view, one would expect this to work since a central router will route the fixed IP. Should it just be a bug? Either way, I think it should be fixed. I'll add the rfe tag to match the subject and we can decide if it should be an rfe.

tags:	added: rfe
Changed in neutron:
status:	Confirmed → Triaged

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2016-03-31:

Status update:

http://eavesdrop.openstack.org/meetings/neutron_drivers/2016/neutron_drivers.2016-03-31-22.00.log.html#l-277

tags:

removed: rfe

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2016-03-31:

Can be treated as regular bug, if in the process we end up documenting some internals for DVR in the form a devref I could only praise the effort.

Changed in neutron:
milestone:	none → newton-1
summary:	- [RFE]DVR FIP agent gateway does not pass traffic directed at fixed IP + DVR FIP agent gateway does not pass traffic directed at fixed IP
Changed in neutron:
importance:	Wishlist → Low

Armando Migliaccio (armando-migliaccio) on 2016-06-03

Changed in neutron:
milestone:	newton-1 → newton-2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-07-05: Change abandoned on neutron (master)

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/297468
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2016-07-05:

#10

New owner?

Changed in neutron:
status:	Triaged → Incomplete
milestone:	newton-2 → none

Swaminathan Vasudevan (swaminathan-vasudevan) on 2016-08-10

Changed in neutron:
status:	Incomplete → Confirmed
assignee:	nobody → Swaminathan Vasudevan (swaminathan-vasudevan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-18:

#11

Change abandoned by Swaminathan Vasudevan (<email address hidden>) on branch: master
Review: https://review.openstack.org/297468
Reason: The parent patch is sufficient to address all the issues, so abandoning this patch.