Re: [Openstack] Openstack Kilo, problems with SCTP and neutron DVR...

[Brian Haley]

On 12/09/2015 05:44 PM, daniel.balsi...@swisscom.com wrote:
Hi BrianThank you for the fast reply. It is very appreciated.

I cannot check if it works without DVR on that particular cloud. I have other 
users there and I dont wanna touch the (sort-of) production setup. Nobody seems 
to use SCTP and DVR just works fine for usual TCP/UDP workloads.

However I can try the Liberty release on top of some other nodes in my lab:
1. I will try Liberty (without neutron DVR) and see if it works there.
2. In case it does I will do the same thing with DVR and hope it still works. ;)

I will have to wait until next week to check that. I ll keep u informed.
I did just try this with Mitaka code, DVR enabled, and it worked going to the 
fixed-ip, but failed going to the floating-ip.  I'll restack without DVR but it 
doesn't seem to be getting forwarded, since I never see the iptables security 
group rule allowing SCTP get hit.
-Brian


________________________________________
From: Brian Haley <brian.ha...@hpe.com>
Sent: Wednesday, December 9, 2015 3:42 PM
To: Balsiger Daniel, INI-INO-ECO-MXT; openstack@lists.openstack.org
Subject: Re: [Openstack] Openstack Kilo, problems with SCTP and neutron DVR...

Hi Daniel,

On 12/09/2015 05:57 AM, daniel.balsi...@swisscom.com wrote:
Hello everybody.


I am not sure if it is the right place to ask this question, please direct me to
the right list in case it is not.

I am running OpenStack Kilo on top of Ubuntu 14.04 with neutron DVR (openvswitch
agents, l2population, vxlan overlay)


When assigning a public floating IP to a VM and connect from outside by SCTP I
cannot see any SCTP packet arriving in the VM. (I can see it on the
corresponding compute node br-ex interface though)


Security Groups are set up to allow incoming IP protocol 132 from everywhere.

SCTP connections are working fine from VM to VM as well (tested with sctp_darn)


Is anybody facing the same problem ? Any hints to find out where those packets
are dropped/lost ?


I already checked the qrouter-* and fip-* namespaces on the corresponding
compute node. Did not see anything blocking/dropping those packets in the
iptables setup there.


Any help is appreciated. Thank you in advance.
Can you verify it works without DVR and/or with the latest Liberty code?  There
have been a number of bugs fixed in the DVR space since Kilo, and perhaps
something needs to be backported.

Thanks,

-Brian


_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack