Egress UDP traffic is dropped
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Unassigned |
Bug Description
Hello!
I've encountered the error while becnhmarking UDP traffic between two instances. Any help would be apreciated.
I've got two instances (test1: 172.31.200.232, test2: 172.31.200.234) located in one external network on separate compute nodes. Testing via iperf3 brought me to fail:
root@test1:~# iperf3 -s
root@test2:~# iperf3 -c 172.31.200.234 -u
Connecting to host 172.31.200.234, port 5201
iperf3: error - unable to read from stream socket: Resource temporarily unavailable
While, when I put together these instances on the same compute node, everything is fine:
root@test1:~# iperf3 -s
root@test2:~# iperf3 -c 172.31.200.234 -u
Connecting to host 172.31.200.234, port 5201
[ 4] local 172.31.200.232 port 57176 connected to 172.31.200.234 port 5201
[ ID] Interval Transfer Bandwidth Total Datagrams
[ 4] 0.00-1.00 sec 120 KBytes 983 Kbits/sec 15
[ 4] 1.00-2.00 sec 128 KBytes 1.05 Mbits/sec 16
[ 4] 2.00-3.00 sec 128 KBytes 1.05 Mbits/sec 16
[ 4] 3.00-3.22 sec 40.0 KBytes 1.46 Mbits/sec 5
My security groups allow UDP and TCP traffic.
Openstack Queens, openvswitch v.2.9
Firewall_driver is 'openvswitch', can it be the cause?
Thanks,
Annie
UDP egress should always be allowed unless you have modified them. Are you sure you have the ingress rules set correctly for all the ports iperf might be using?
Also, to rule out the openvswitch firewall you can always change to iptables_hybrid and re-test to make sure.