Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-12914

BZ#2268207 [ML2/OVN] Floating IP commnunications are broken for Master octavia amphora HA VIP

XMLWordPrintable

    • False
    • False
    • No Docs Impact
    • python-networking-ovn-7.4.2-2.20220409154886.el8ost
    • None
    • Hide
      Cause: Virtual ports created with a custom device_owner was loosing the type.virtual on OVN NB DB as soon traffic was sent/received over it.

      Consequence: The Port Binding associated to the VIP port is recreated as soon Virtual Port change the type. Loosing the Chassis and virtual-parents info. In DVR envs, with distributed Floating IP, traffic over the FIP attached to the VIP is not replied.

      Fix: Virtual ports that would be use to redirect traffic over VM ports needs to be created using device_owner value of 'virtual_port'. Special case for Octavia, that is creating VIP LB ports using device_owner 'Octavia' is also covered.
      Show
      Cause: Virtual ports created with a custom device_owner was loosing the type.virtual on OVN NB DB as soon traffic was sent/received over it. Consequence: The Port Binding associated to the VIP port is recreated as soon Virtual Port change the type. Loosing the Chassis and virtual-parents info. In DVR envs, with distributed Floating IP, traffic over the FIP attached to the VIP is not replied. Fix: Virtual ports that would be use to redirect traffic over VM ports needs to be created using device_owner value of 'virtual_port'. Special case for Octavia, that is creating VIP LB ports using device_owner 'Octavia' is also covered.
    • Bug Fix
    • Proposed
    • Moderate

      Description of problem:

      One of our VIP customers is trying to use Floating IP address to enable external access to Octavia HA VIP. He followed steps described in https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html-single/using_octavia_for_load_balancing-as-a-service/index#http-lb-float-ip_create-non-secure-http-lbs , but failed to get functional setup: real ha_ip is reachable for other instances and they can establish HTTPS connections to it, while communications are not established for floating IP address associated with real ha_ip.

      During remote session we tried to isolate a root cause by using client VM connected to client tenant network with client FIP attached and running on client compute. Client VM was used to connect to FIP address associated with real ha_ip. Both floating IP addresses were in the same external network. We found out that client compute node sends ARP requests for destination floating IP address, they arrive at destination compute node, but there is no reply from OVN. So ARP is unresolved and communications are not established.

      For some reason, ha_ip Neutron port had admin_state_up set to down because port was in disabled state. So Octavia setup is slightly different from our general recommendations at https://access.redhat.com/solutions/6629051. Nonetheless, enabling the port didn't help.

      Customer is able to consistently reproduce this problem for Octavia amphora-based loadbalancers. Regular instances using floating IP addresses are not affected by anything
      similar. Information about available data will be provided privately.

      At this point this problem is not severe blocker for customer, but this may change in the future.

      Version-Release number of selected component (if applicable):
      Red Hat OpenStack Platform release 16.2.6 (Train)

      How reproducible:
      Follow recommendations from https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html-single/using_octavia_for_load_balancing-as-a-service/index#http-lb-float-ip_create-non-secure-http-lbs

      Actual results:
      FIP is not reachable for external entities

      Expected results:
      FIP is reachable for external entities and they can use it to communicate with ha_ip

          There are no Sub-Tasks for this issue.

              froyo@redhat.com Fernando Royo
              jira-bugzilla-migration RH Bugzilla Integration
              Toni Freger Toni Freger
              rhos-dfg-networking-squad-neutron
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: