Floating IPs not removed on rfp interface in qrouter
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Brian Haley |
Bug Description
Recently upgraded from liberty to newton. We had a lot of Active Floating IPs configured at the time.
DVR setup, with 2 VMs on same network, and both with Floating IPs, FIPA and FIPB.
- ssh into both FIPA and FIPB works from external source like laptop
- SSH from one VM into another works via internal fixed IP ONLY(for example, ssh into floating of VMA, then ssh into fixed IP of VM B, or vice versa)
- ping from one VM to floating IP of other *appears* to work. But even after deleting VM, pings continued. I suspect the rfp interface is responding to ICMP since it has FIP address configured
Noticed that qrouter contained several /32 FIP addresses configured on rfp interface, but new Floating IPs we created were not being added as secondary IP addresses.
Fix for bug https:/
It removed the logic to both add and remove Floating IP on rfp - now the add/remove_
So it seems any pre-existing FIPs added as secondary IP address in qrouter remain as zombies. Attaching/
As you can see below, lot of FIPs on 10.4.0.0/16 external network. Some correspond to VMs/floating IPs that were deleted. Others are still active but experiencing issue described above.
Manually removing the IP immediately fixed our issue (ssh to floating IP from VM to VM worked immediately)
root@barney:~# ip netns exec qrouter-
1: lo: <LOOPBACK,
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: rfp-37176403-c: <BROADCAST,
link/ether 76:2f:be:73:9b:fc brd ff:ff:ff:ff:ff:ff
inet 169.254.31.142/31 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.253.15/32 brd 10.4.253.15 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.253.118/32 brd 10.4.253.118 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.252.103/32 brd 10.4.252.103 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.252.105/32 brd 10.4.252.105 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.254.4/32 brd 10.4.254.4 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.254.52/32 brd 10.4.254.52 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.253.41/32 brd 10.4.253.41 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.254.228/32 brd 10.4.254.228 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.254.229/32 brd 10.4.254.229 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.253.212/32 brd 10.4.253.212 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.252.118/32 brd 10.4.252.118 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet 10.4.252.48/32 brd 10.4.252.48 scope global rfp-37176403-c
valid_lft forever preferred_lft forever
inet6 fe80::742f:
valid_lft forever preferred_lft forever
11: qr-43981e59-30: <BROADCAST,
link/ether fa:16:3e:42:a2:ec brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/16 brd 172.16.255.255 scope global qr-43981e59-30
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
40083: qr-6b09eb9d-40: <BROADCAST,
link/ether fa:16:3e:21:f8:fd brd ff:ff:ff:ff:ff:ff
inet 192.168.42.100/24 brd 192.168.42.255 scope global qr-6b09eb9d-40
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
46229: qr-39850654-40: <BROADCAST,
link/ether fa:16:3e:f5:06:20 brd ff:ff:ff:ff:ff:ff
inet 10.127.0.1/16 brd 10.127.255.255 scope global qr-39850654-40
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
tags: | removed: needs-attention |
tags: | added: newton-backport-potential ocata-backport-potential |
With the Floating IPs remaining on rfp- interface, definitely an issue. A VM pinging another floating IP - the reply is NOT from the VM, but the qrouter namespace that is actually responding locally
VMA with FIP 10.4.253.32 and fixed IP 172.16.198.250 tries to ping VMB (10.4.254.43) which I manually removed from rfp device. I see ping being NATT'd and going out rfp, as well as 2 ICMP replies:
root@barney:~# ip netns exec qrouter- 37176403- cfb0-478d- b51c-971d89597c f5 tcpdump -l -evvvnn -i any host 10.4.254.43
14:50:38.404521 In fa:16:3e:82:08:39 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 31859, offset 0, flags [DF], proto ICMP (1), length 84)
172.16.198.250 > 10.4.254.43: ICMP echo request, id 26843, seq 11, length 64
14:50:38.404573 Out 76:2f:be:73:9b:fc ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 31859, offset 0, flags [DF], proto ICMP (1), length 84)
10.4.254.32 > 10.4.254.43: ICMP echo request, id 26843, seq 11, length 64
14:50:38.404590 In b2:63:de:da:b5:48 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 62, id 31859, offset 0, flags [DF], proto ICMP (1), length 84)
10.4.254.32 > 10.4.254.43: ICMP echo request, id 26843, seq 11, length 64
14:50:38.404904 Out 76:2f:be:73:9b:fc ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 16514, offset 0, flags [none], proto ICMP (1), length 84)
10.4.254.43 > 10.4.254.32: ICMP echo reply, id 26843, seq 11, length 64
14:50:38.404930 In b2:63:de:da:b5:48 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 62, id 16514, offset 0, flags [none], proto ICMP (1), length 84)
10.4.254.43 > 10.4.254.32: ICMP echo reply, id 26843, seq 11, length 64
14:50:38.404939 Out fa:16:3e:42:a2:ec ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 61, id 16514, offset 0, flags [none], proto ICMP (1), length 84)
10.4.254.43 > 172.16.198.250: ICMP echo reply, id 26843, seq 11, length 64
When I ping VMC, 10.4.153.41, which still has IP on rfp, looks like qrouter is generating ICMP reply internally. This explains why ping appears to work but ssh does not:
root@barney:~# ip netns exec qrouter- 37176403- cfb0-478d- b51c-971d89597c f5 tcpdump -l -evvvnn -i any host 10.4.253.41
14:48:16.131074 In fa:16:3e:82:08:39 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 40544, offset 0, flags [DF], proto ICMP (1), length 84)
172.16.198.250 > 10.4.253.41: ICMP echo request, id 24022, seq 10, length 64
14:48:16.131134 Out fa:16:3e:42:a2:ec ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 5429, offset 0, flags [none], proto ICMP (1), length 84)
10.4.253.41 > 172.16.198.250: ICMP echo reply, id 24022, seq 10, length 64