On 08/05/2016 02:32 PM, Armando M. wrote:
>
> Looking at the health trend for DVR [1], the test hasn't failed in a
> while, so I wonder if this is induced by the proposed switch, even
> though I can't correlate it just yet (still waiting for caffeine to
kick
> in). Perhaps we can give ourselves today to look into it and pull the
> trigger for 351450 <https://review.openstack.org/#/c/351450/
<https://review.openstack.org/#/c/351450/>> on Monday?
>
> [1]
http://status.openstack.org/openstack-health/#/job/gate-tempest-dsvm-neutron-dvr
<http://status.openstack.org/openstack-health/#/job/gate-tempest-dsvm-neutron-dvr>
The only functional difference in the new code that happens in the gate
is the iptables rule:
local default_dev=""
default_dev=$(ip route | grep ^default | awk '{print $5}')
sudo iptables -t nat -A POSTROUTING -o $default_dev -s
$FLOATING_RANGE -j MASQUERADE
I skipped this in [0], to give us further data points....clasping at straws
still.
[0] https://review.openstack.org/#/c/351876/
I haven't been able to reproduce it either, but it's unclear how packets would
get into a VM on an island since there is no router interface, and the VM can't
respond even if it did get it.
I do see outbound pings from the connected VM get to eth0, hit the masquerade
rule, and continue on their way. But those packets get dropped at my ISP since
they're in the 10/8 range, so perhaps something in the datacenter where this is
running is responding? Grasping at straws is right until we see the results of
Armando's test patch.
-Brian
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
