Public bug reported:
Ubuntu: 20.04
OpenStack: Ussuri
Networking: OVN (20.03.x)
Network topology:
Geneve overlay network for project networks, router has snat disabled
and the project network and the external network are all in the same
address scope and subnet pool. OVN routers are simply acting as L3
routers and instances on the project network can be directly accessed by
the address assigned to their port (with appropriate route configuration
in the outside of openstack world).
Issue:
Its possible to create and then associate a floating IP on the external
network with an instance attached to the project network - however this
does not work - access to the instance via the FIP is broken, as is
access to its fixed IP (when this worked OK before).
Thoughts:
The concept of a FIP is very much NAT centric, and in the described
configuration NAT is very much disabled. This idea seems to have worked
way back in icehouse, however does not work at Ussuri. If this is not a
supported network model, the association of the FIP to the instance
should error with an appropriate message that NAT is not supported to
the in-path router to the external network.
** Affects: neutron
Importance: Undecided
Status: New
** Affects: neutron (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- [ovn] fip assignment to router with snat disabled broken
+ [ovn] fip assignment to instance via router with snat disabled is broken
** Description changed:
+ Ubuntu: 20.04
+ OpenStack: Ussuri
+ Networking: OVN (20.03.x)
+
Network topology:
Geneve overlay network for project networks, router has snat disabled
and the project network and the external network are all in the same
address scope and subnet pool. OVN routers are simply acting as L3
routers and instances on the project network can be directly accessed by
the address assigned to their port (with appropriate route configuration
in the outside of openstack world).
Issue:
Its possible to create and then associate a floating IP on the external
network with an instance attached to the project network - however this
does not work - access to the instance via the FIP is broken, as is
access to its fixed IP (when this worked OK before).
Thoughts:
The concept of a FIP is very much NAT centric, and in the described
configuration NAT is very much disabled. This idea seems to have worked
way back in icehouse, however does not work at Ussuri. If this is not a
supported network model, the association of the FIP to the instance
should error with an appropriate message that NAT is not supported to
the in-path router to the external network.
** Also affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1924765
Title:
[ovn] fip assignment to instance via router with snat disabled is
broken
Status in neutron:
New
Status in neutron package in Ubuntu:
New
Bug description:
Ubuntu: 20.04
OpenStack: Ussuri
Networking: OVN (20.03.x)
Network topology:
Geneve overlay network for project networks, router has snat disabled
and the project network and the external network are all in the same
address scope and subnet pool. OVN routers are simply acting as L3
routers and instances on the project network can be directly accessed
by the address assigned to their port (with appropriate route
configuration in the outside of openstack world).
Issue:
Its possible to create and then associate a floating IP on the
external network with an instance attached to the project network -
however this does not work - access to the instance via the FIP is
broken, as is access to its fixed IP (when this worked OK before).
Thoughts:
The concept of a FIP is very much NAT centric, and in the described
configuration NAT is very much disabled. This idea seems to have
worked way back in icehouse, however does not work at Ussuri. If this
is not a supported network model, the association of the FIP to the
instance should error with an appropriate message that NAT is not
supported to the in-path router to the external network.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1924765/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
