L3 DVR ARP population gets incorrect MAC address in some cases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Slawek Kaplonski |
Bug Description
L3 dvr router is setting permanent arp entries in qrouter's namespace for all ports plugged to the subnets which are connected to the router.
In most cases it's fine, but as it uses MAC address defined in Neutron DB for that (which is fine in general) it may cause connectivity problem in specific conditions.
It happens for example with Octavia as Octavia creates unbound ports just to allocate IP address for their VIP in Neutron's db. And Octavia then sets this IP address in allowed_
But in DVR case such IP address is populated in arp cache with mac address from own port, it don't works fine when is configured as additional IP on interface with different MAC.
Octavia is only one, most common known example of such use case, but we know that there are other users who are doing something similar with keepalived on their instances.
So as this additional port is always "unbound", and "unbound" means that such port is basically just entry in Neutron DB, I think that there is no need to set it in arp cache. Only bound ports should be set there.
Changed in neutron: | |
importance: | Undecided → High |
tags: | added: neutron-proactive-backport-potential |
Fix proposed to branch: master /review. opendev. org/716302
Review: https:/