When an isolated network using provider networks for tenants (meaning without virtual routers: DVR or network node), metadata access occurs in the qdhcp ip netns rather than the qrouter netns.
The following options are set in the dhcp_agent.ini file:
force_metadata = True
enable_isolated_metadata = True
VMs on the provider tenant network are unable to access metadata as packets are dropped due to checksum.
When we added the following in the qdhcp netns, VMs regained access to metadata:
When an isolated network using provider networks for tenants (meaning without virtual routers: DVR or network node), metadata access occurs in the qdhcp ip netns rather than the qrouter netns.
The following options are set in the dhcp_agent.ini file: isolated_ metadata = True
force_metadata = True
enable_
VMs on the provider tenant network are unable to access metadata as packets are dropped due to checksum.
When we added the following in the qdhcp netns, VMs regained access to metadata:
iptables -t mangle -A OUTPUT -o ns-+ -p tcp --sport 80 -j CHECKSUM --checksum-fill
It seems this setting was recently removed from the qrouter netns [0] but it never existed in the qdhcp to begin with.
[0] https:/ /review. opendev. org/#/c/ 654645/
Related LP Bug #1831935 /bugs.launchpad .net/charm- neutron- openvswitch/ +bug/1831935/ comments/ 10
See https:/