-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
rhos-18.0.14 FR 4
-
None
Load balancer service is not accessible via floating ip.
1. Connectivity is not established at all.
2. Connectivity is not established even from another internal subnet.
VM3 (subnet-2) >>> http://10.0.0.44:80 (VM1 subnet-1) - ok
VM3 (subnet-2) >>> http://10.0.0.45:6443 (OVN LB3 VIP subnet-1) - timeout
VM3 (subnet-2) >>> http://10.102.9.185:6443 (FIP assigned to OVN LB3 VIP) - timeout
External client >>> http://10.102.9.185:6443 (FIP) - timeout
3. The SYN is received by the pool member, the SYN/ACK is replied back by the pool member, but the SYN/ACK does not reach the client.
There is OVN load balancer configured to receive connections for floating ip 10.102.2.150 on port 6443 and forward the connections to VM1 (10.0.0.44) that is running a web service.
External client >>> FIP: 10.102.2.150:6443 - provider network 10.102.9.130/26 >>> virtual router >>> subnet 10.0.0.0/26 >>> OVN Loadbalancer (listener: 10.0.0.17:6443) >>> VM1 (10.0.0.44:80)
The connection is getting timeout.
There is VM2 (10.0.0.50) on the same subnet as OVN load balancer, it can successfully access the web service at 10.0.0.17:6443 or 10.102.2.150:6443.
$ openstack loadbalancer show port-forwarding-0001 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | admin_state_up | True | | availability_zone | None | | created_at | 2026-01-21T10:53:24 | | description | | | flavor_id | None | | id | 6041b274-7fa5-4265-bd3b-c325def80578 | | listeners | eb8fccd1-f043-4c9f-aaf1-a3c3d28860f6 | | name | port-forwarding-0001 | | operating_status | ONLINE | | pools | 7f33eb9f-ebe3-4e47-83b0-a4579d1e8100 | | project_id | 81a3ae3fc1d6480ebbcfde002d57817a | | provider | ovn | | provisioning_status | ACTIVE | | updated_at | 2026-01-21T10:54:02 | | vip_address | 10.0.0.17 | | vip_network_id | 4131d18c-1279-46b1-aea9-137f60f32d3a | | vip_port_id | c215f990-d5ea-4026-a03d-97ffaed76781 | | vip_qos_policy_id | None | | vip_subnet_id | 00f69e9f-9a5a-4bf4-b0f7-213396e5e194 | | vip_vnic_type | normal | | vip_sg_ids | | | tags | None | | additional_vips | [] | +---------------------+--------------------------------------+ $ openstack loadbalancer listener show eb8fccd1-f043-4c9f-aaf1-a3c3d28860f6 +-----------------------------+--------------------------------------+ | Field | Value | +-----------------------------+--------------------------------------+ | admin_state_up | True | | connection_limit | -1 | | created_at | 2026-01-21T10:53:37 | | default_pool_id | 7f33eb9f-ebe3-4e47-83b0-a4579d1e8100 | | default_tls_container_ref | None | | description | | | id | eb8fccd1-f043-4c9f-aaf1-a3c3d28860f6 | | insert_headers | None | | l7policies | None | | loadbalancers | 6041b274-7fa5-4265-bd3b-c325def80578 | | name | port-forwarding-0001-listener-6443 | | operating_status | ONLINE | | project_id | 81a3ae3fc1d6480ebbcfde002d57817a | | protocol | TCP | | protocol_port | 6443 | | provisioning_status | ACTIVE | | sni_container_refs | [] | | timeout_client_data | 50000 | | timeout_member_connect | 5000 | | timeout_member_data | 50000 | | timeout_tcp_inspect | 0 | | updated_at | 2026-01-21T10:54:02 | | client_ca_tls_container_ref | None | | client_authentication | NONE | | client_crl_container_ref | None | | allowed_cidrs | None | | tls_ciphers | None | | tls_versions | None | | alpn_protocols | None | | tags | None | | hsts_max_age | | | hsts_include_subdomains | | | hsts_preload | | +-----------------------------+--------------------------------------+ $ openstack loadbalancer pool show 7f33eb9f-ebe3-4e47-83b0-a4579d1e8100 +----------------------+--------------------------------------+ | Field | Value | +----------------------+--------------------------------------+ | admin_state_up | True | | created_at | 2026-01-21T10:53:46 | | description | | | healthmonitor_id | | | id | 7f33eb9f-ebe3-4e47-83b0-a4579d1e8100 | | lb_algorithm | SOURCE_IP_PORT | | listeners | eb8fccd1-f043-4c9f-aaf1-a3c3d28860f6 | | loadbalancers | 6041b274-7fa5-4265-bd3b-c325def80578 | | members | 57586366-559e-426b-b3f1-0758abbe15f9 | | name | port-forwarding-0001-pool-6443 | | operating_status | ONLINE | | project_id | 81a3ae3fc1d6480ebbcfde002d57817a | | protocol | TCP | | provisioning_status | ACTIVE | | session_persistence | None | | updated_at | 2026-01-21T10:54:02 | | tls_container_ref | None | | ca_tls_container_ref | None | | crl_container_ref | None | | tls_enabled | False | | tls_ciphers | None | | tls_versions | None | | tags | None | | alpn_protocols | None | +----------------------+--------------------------------------+ $ openstack loadbalancer member show 7f33eb9f-ebe3-4e47-83b0-a4579d1e8100 57586366-559e-426b-b3f1-0758abbe15f9 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | address | 10.0.0.44 | | admin_state_up | True | | created_at | 2026-01-21T10:54:01 | | id | 57586366-559e-426b-b3f1-0758abbe15f9 | | name | port-forwarding-0001-member-6443 | | operating_status | NO_MONITOR | | project_id | 81a3ae3fc1d6480ebbcfde002d57817a | | protocol_port | 80 | | provisioning_status | ACTIVE | | subnet_id | 00f69e9f-9a5a-4bf4-b0f7-213396e5e194 | | updated_at | 2026-01-21T10:54:02 | | weight | 1 | | monitor_port | None | | monitor_address | None | | backup | False | | tags | None | | vnic_type | normal | +---------------------+--------------------------------------+
openstack network show 34347148-b803-438a-8544-b7c066199149
-------------------------{}------------------------------------+
| Field | Value |
-------------------------{}------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2026-01-23T09:01:54Z |
| description | |
| dns_domain | |
| id | 34347148-b803-438a-8544-b7c066199149 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_qinq | None |
| is_vlan_transparent | None |
| l2_adjacency | True |
| mtu | 1500 |
| name | sergey-vpc1:subn-1 |
| port_security_enabled | True |
| project_id | c81a8800b9a84bbaace3ab7a8813fb42 |
| provider:network_type | geneve |
| provider:physical_network | None |
| provider:segmentation_id | 49098 |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | 7395ef25-f074-4db8-b8b5-7c8497772794 |
| tags | |
| updated_at | 2026-01-23T09:01:55Z |
-------------------------{}------------------------------------+
