Comment 0 for bug 1945306
Revision history for this message
| Hua Zhang (zhhuabj) wrote north-south traffic not working when VM and main router are not on the same host | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Some newly created VM's are not able to reach "outside" resources (e.g. apt repositories) on then l3ha + dvr env, I can easily reproduce this problem as long as VM and main router are not on the same host, and 'apt update' command can not be run inside VM, so the north-south traffic is broken.
Here are steps to easily reproduce it.
1, set up wallaby or ussuri vrrp + dvr env (it works on train, not work on ussuri and wallaby)
2, create a test vm, query host by: nova show <VM> |grep host
3, query main router by: neutron l3-agent-
4, make sure VM and main router are not on the same host
5, on main router host, it will fail to run: ip netns exec snat-xxx ping <VM-IP> -c1
I've done some bisect, I found:
15.3.4 (bionic-train) - no problem
1c2e10f859 - no problem
16.4.0 (bionic-ussuri) - has problem
16.0.0-0ubuntu3 - has problem, and also have multiple active routers problem
16.0.0~
16.1.0 (focal) - has problem, and also have multiple active routers problem
16.2.0 (focal) - has problem
16.3.0 (focal) - has problem
16.4.0 (focal-ussuri) - has problem
focal-wallaby - has problem
Because I often have multiple standby issue with some commit id (eg: 14dd3e95ca) so that I can't continue bisect.
I also used 'ovs-appctl ofproto/trace' and tcpdump to do some debugs, the results are as follows.
train - works
sg-xxx -> vm - https:/
tcpdump on sg-xxx - https:/
tcpdump on vm's tap - https:/
tcpdump on qr-xxx - https:/
ussuri - not work
sg-xxx -> vm - https:/
tcpdump on sg-xxx - https:/
tcpdump on vm's tap - https:/
tcpdump on qr-xxx - https:/
It looks like VM can't get arp reply for sg-xxx interface,