neutron

ovn load balancer health monitor cause mac address conflict

Bug #1956034 reported by Ivan Zhang on 2021-12-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	High	Unassigned

Bug Description

The ovn octavia provider has added the support for health monitor in a commit one year ago:
https://opendev.org/openstack/ovn-octavia-provider/commit/8bbd8f1b62d7811433079bff8ce940fbdd041a0c

It reuse the OVN distributed DHCP port(device_owner="network:distributed"), whose mac address is allocated by neutron, but in the ovn's implementation, the health monitor message will be sent from this ip with a different mac address obtained from NB_Global table in northbound db. This breaks the ARP protocol and metadata request to ovn metadata agent will timeout. A possible fix is to use a different neutron port for the health monitor purpose.

Tags:

Ivan Zhang (sail4dream) on 2021-12-30

tags:

added: ovn-octavia-provider

Rodolfo Alonso (rodolfo-alonso-hernandez) on 2022-01-04

Changed in neutron:
importance:	Undecided → High

Revision history for this message

Slawek Kaplonski (slaweq) wrote on 2022-01-14:

Can You provide some more information about how to reproduce that issue and what versions of Neutron and OVN are You using?
I'm trying to reproduce it locally but I see only packets send from IP 118.0.0.0, not from the IP allocated to the "network:distributed" port:

16:05:32.911848 IP 118.0.0.0.20390 > 10.0.0.23.4567: Flags [S], seq 3739188146, win 65160, length 0
16:05:32.912094 IP 10.0.0.23.4567 > 118.0.0.0.20390: Flags [R.], seq 0, ack 3739188147, win 0, length 0

Changed in neutron:
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-03-16:

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status:	Incomplete → Expired

Revision history for this message

Gabriel Barazer (gabriel-h) wrote on 2022-03-21:

Hi, the incorrect IP address observed in the trace seems to be related to bug https://bugs.launchpad.net/neutron/+bug/1965530

However even after fixing this bug, the healthchecks are observed correctly in the instance and with the correct source MAC (the one defined in the NB_Global table), but it does indeed breaks access to the metadata agent.

Luis Tomas Bolivar (ltomasbo) on 2022-10-17

Changed in neutron:
status:	Expired → Fix Released

Revision history for this message

Ching Kuo (genekuo) wrote on 2023-01-23:

Hi,

Is this bug actually fixed? I'm still observing the same issue in Zed version deployed using Kolla-Ansible.

IUUC, the bug I reported is a duplicated to this one.
https://bugs.launchpad.net/networking-ovn/+bug/2003717

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.