neutron

allowed-address-pair between dvr east-west networks does not work at all

Bug #1859638 reported by LIU Yulong
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
New
Undecided
Unassigned

Bug Description

ENV: devstack with master branch neutron
HEAD: ab24a11f13cdfdf623a4b696f469aa621d59405b

Reproduce:
1. network1 + subnet1: 192.168.1.0/24
2. network2 + subnet2: 192.168.2.0/24
3. dvr router with attached subnets: subnet1, subnet2
4. VM1 (192.168.1.10) and VM2 (192.168.1.11) created from network1, VM3 (192.168.2.20) from network2
5. create a port from network1 and its fixed-IP-1 (192.168.1.100) will be used as VIP
6. set VM1 & VM2 port allowed-address-pair: openstack port set --allowed-address ip-address=192.168.1.100 VM1-port/VM2-port
7. set the VIP to the NIC inside the VM1 or VM2
8. try to access/ping VIP fixed-IP-1 (192.168.1.100) from VM3

Excepted behavior:
pingable, 192.168.2.20 can reach 192.168.1.100

Actual behavior: not reachable

Revision history for this message
James Denton (james-denton) wrote :

We are waiting on https://review.opendev.org/#/c/601336/ to resolve a similar issue. Not sure if it's completely related, but definitely affecting the use of allowed address pairs w/ DVR for us.

Revision history for this message
LIU Yulong (dragon889) wrote :

Sorry, I forget the bug 1774459....

Revision history for this message
LIU Yulong (dragon889) wrote :

Patch https://review.opendev.org/#/c/601336/ seems not handle the VIP traffic cross dvr east-west network.

Removed the duplicated mark.

LIU Yulong (dragon889)
summary: - VIP between dvr east-west networks does not work at all
+ allowed-address-pair between dvr east-west networks does not work at all
Bernard Cafarelli (bcafarel)
tags: added: neutron-proactive-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.