neutron

after FIP is assigned vm lost network connection

Bug #1882860 reported by Валерия Валерьевна Швецова
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Expired
Undecided
Unassigned

Bug Description

Description
===========
There are private (internal) and public (external for FIP) networks in OpenStack project, also there is router with gateway and external net and interface as internal net. After server is created without FIP and only internal net, it has Internet access. After FIP is assigned the vm looses its connection.

Steps to reproduce
==================

1. Create network_0:
  name: internal
  external: false
  provider_network_type: geneve
  provider_segmentation_id: 5555
  create_subnet: true
  cidr: 192.168.33.0/24
  no_gateway_ip: false
  allocation_pool_start: 192.168.33.5
  allocation_pool_end: 192.168.33.250
  enable_dhcp: true

2. Create network_1:
  name: external
  external: true
  provider_network_type: vlan
  provider_physical_network: datacentre
  provider_segmentation_id: 450
  create_subnet: true
  cidr: 10.100.148.0/22
  gateway_ip: 10.100.151.254
  allocation_pool_start: 10.100.149.5
  allocation_pool_end: 10.100.149.250
  enable_dhcp: false

3. Create router:
  name: router_1
  interfaces: [internal_subnet]
  network: external

4. Create server:
  flavor with ram: 1Gb, disk: 10Gb, vcpus: 1
  image: cirros-0.4.0-x86_64
  name: testing_config
  network: internal

5. Open virtual console using Horizon and log in, ping 8.8.8.8. It executes successfully

6. Create Create floating_ip:
  network: external
  server: testing_config

7. SSH virtual machine by assigned floating ip.

8. Ping 8.8.8.8. The command stucks

Expected result
===============
Successful ping on Step 8

Actual result
=============
Ping on Step 8 stucks

Environment
===========
I have deployed OpenStack Ussuri with 3 controllers and 2 computes with Pacemaker and PacemakerRemote.
OpenStack is containerized using Podman and all the containers are from tripleomaster and have tag 0b5ec707ab4c049281536e2bfbb1984c.

Neutron configuration:
[DEFAULT]
debug=False
log_dir=/var/log/neutron
control_exchange=neutron
bind_host=172.16.2.74
auth_strategy=keystone
core_plugin=ml2
host=overcloud-controller-0.localdomain
dns_domain=openstacklocal
dhcp_agents_per_network=3
dhcp_agent_notification=True
allow_overlapping_ips=True
global_physnet_mtu=1500
vlan_transparent=False
service_plugins=qos,ovn-router,trunk,segments
notify_nova_on_port_status_changes=True
notify_nova_on_port_data_changes=True
l3_ha=False
max_l3_agents_per_router=3
api_workers=12
rpc_workers=12
router_scheduler_driver=neutron.scheduler.l3_agent_scheduler.ChanceScheduler
allow_automatic_l3agent_failover=True
[database]
connection=mysql+pymysql://neutron:***************@172.16.2.100/ovs_neutron?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo
max_retries=-1
db_max_retries=-1
[keystone_authtoken]
www_authenticate_uri=http://172.16.2.100:5000
region_name=regionOne
memcached_servers=172.16.2.74:11211,172.16.2.54:11211,172.16.2.97:11211
auth_type=password
auth_url=http://172.16.2.100:5000
username=neutron
password=***********************
user_domain_name=Default
project_name=service
project_domain_name=Default
[oslo_concurrency]
lock_path=$state_path/lock
[oslo_messaging_notifications]
driver=noop
[oslo_messaging_rabbit]
heartbeat_timeout_threshold=60
[oslo_middleware]
enable_proxy_headers_parsing=True
[oslo_policy]
policy_file=/etc/neutron/policy.json
[agent]
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[nova]
auth_url=http://172.16.2.100:5000
username=nova
password=************
project_domain_name=Default
project_name=service
user_domain_name=Default
region_name=regionOne
endpoint_type=internal
auth_type=password
[placement]
auth_url=http://172.16.2.100:5000
username=nova
password=***************
project_domain_name=Default
project_name=service
user_domain_name=Default
region_name=regionOne
auth_type=password
[ovs]
igmp_snooping_enable=False
[quotas]
quota_port=500
quota_security_group=10
quota_firewall_rule=-1
quota_network_gateway=5
quota_packet_filter=100

Tags: ovn ussuri
Revision history for this message
Валерия Валерьевна Швецова (versus-vv) wrote :
Revision history for this message
Валерия Валерьевна Швецова (versus-vv) wrote :
Revision history for this message
Jakub Libosvar (libosvar) wrote :

Hi,

what version of OVN do you use? There was a recent bug for SNAT traffic:
https://github.com/ovn-org/ovn/commit/fda9a1dd3c995f25cad9e828e701f8b41d347bbb

It is fixed in OVN v20.06.0

Also I see you use VLAN provider network, which requires some extra settings to work with DVR. Do you have DVR enabled?

tags: added: ovn
Jakub Libosvar (libosvar)
Changed in neutron:
status: New → Incomplete
status: Incomplete → New
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.