The l3 agent mode is as follows:
Network:dvr_snat
Compute:dvr_no_external
1.Create a DVR. Then add interface and gateway to the DVR.
2.Create a vm and associate a floating ip to the vm.
3.Check snat ns on network nodes for the DVR.
4.the following iptables rule is missed in the snat namespace:
"-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat"
This results in that snat rules will work instead of floating ip when accessing to the internet.
Adding following code at [1] can fix this:
self.snat_iptables_manager.ipv4['nat'].add_rule('snat',
'-j $float-snat')
[1]https://github.com/openstack/neutron/blob/master/neutron/agent/l3/dvr_edge_router.py#L197
Did you check the fipnamespace.
The float-snat chain should be there in the fipnamespace.