Pinging a floating ip from an instance without floating can fail
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
Vish Ishaya |
Bug Description
This is a fairly complicated networking problem that can happen when using an external gateway with fixed and floating ips on different interfaces that have no natting in between.
Basically it works as follows:
If you ping an a floating ip from an instance with only a fixed ip, the traffic will be sent to the default gateway. If the default gateway has a route to the floating ip, it will then be sent to the host of the instance with the floating ip. Unfortunately the source address will be on the fixed network which will cause the receiving host to drop the packet due to rp_filter. Essentially, the route for the fixed range is on a different interface so it the kernel assumes the packet is spoofed and drops it.
In order for this scenario to work properly, it is necessary to snat packets on the source host that are going to the floating range.
Changed in nova: | |
importance: | Undecided → Low |
Changed in nova: | |
milestone: | none → grizzly-3 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | grizzly-3 → 2013.1 |
Fix proposed to branch: master /review. openstack. org/21689
Review: https:/