neutron

[OVN] Floating IP <=> Floating IP across subnets

Bug #2038978 reported by Mohammed Naser on 2023-10-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	In Progress	High	Mohammed Naser

Bug Description

When using OVN, if you have a virtual router with a gateway that is in subnet A, and has a port that has a floating IP attached to it from subnet B, they seem to not be reachable.

https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385253.html

There was a fix brought into OVN with this not long ago, it introduces an option called `options:add_route` to `true`.

see: https://mail.openvswitch.org/pipermail/ovs-dev/2021-July/385255.html

I think we should do this in order to mirror the same behaviour in ML2/OVS since we install scope link routes.

Tags:

Revision history for this message

Mohammed Naser (mnaser) wrote on 2023-10-11:

I've confirmed this together with dpawlik in an environment where this is broken, adding add_route has indeed fixed this issue for that nat record.

now the trick would be to add_route only if the subnet doesnt match the connected one, similar to how we can onlink routes

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-10-11: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/897953

Changed in neutron:
status:	New → In Progress

Revision history for this message

Mohammed Naser (mnaser) wrote on 2023-10-11: Re: [OVN] ARP + Floating IP issues

FYI, anyone that is running into this, the temporary workaround which restored connectivity was:

# find the NAT mapping for the FIP that is _outside_ the external gw subnet
$ ovn-nbctl find NAT external_ip=X.Y.Z.158
_uuid : 3935eb7d-dee9-4e6f-b645-f43c9fe441ff
allowed_ext_ips : []
exempted_ext_ips : []
external_ids : {"neutron:fip_external_mac"="fa:16:3e:ff:88:8a", "neutron:fip_id"="1c37787b-0b47-4802-93bc-58bccd5fb731", "neutron:fip_network_id"="7abff1a9-a103-46d0-979a-1f1e599f4f41", "neutron:fip_port_id"="d060e81c-6e7e-4d5a-b0ba-81d550193d02", "neutron:revision_number"="234", "neutron:router_name"=neutron-b97179c7-abe4-4e28-908b-952ff8abd8c4}
external_ip : "X.Y.Z.158"
external_mac : "fa:16:3e:ff:88:8a"
external_port_range : ""
gateway_port : []
logical_ip : "192.168.240.166"
logical_port : "d060e81c-6e7e-4d5a-b0ba-81d550193d02"
options : {}
type : dnat_and_snat

# enable options:add_route
$ ovn-nbctl set nat 3935eb7d-dee9-4e6f-b645-f43c9fe441ff options:add_route="true"

Upon doing this, connectivity was restored!

Mohammed Naser (mnaser) on 2023-10-11

summary:

- [OVN] ARP + Floating IP issues
+ [OVN] Floating IP <=> Floating IP across subnets

Brian Haley (brian-haley) on 2023-10-17

tags:	added: ovn
Changed in neutron:
importance:	Undecided → High
assignee:	nobody → Mohammed Naser (mnaser)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.