<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Arial",sans-serif;
color:#7F7F7F;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">We have seen this kind of behaviour and it was because the qrouter had the following rules :<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">-A neutron-l3-agent-float-snat -s <fixed ip>/32 -j SNAT --to-source <floating-ip><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">That meant that whenever traffic wasn’t going between instances in the same network (ie. Had to go through the router), it would NAT
it to the floating IP even if the other server was in a directly connected network.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">To see if this is happening for you, you could try adding a rule in your security groups to allow VM1s floating IP to access VM2 and/or
vice versa. You could also do a tcpdump on the router’s interfaces to the networks to see if you are getting some translation issues.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US">Dan.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#7F7F7F;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Gustavo Randich [mailto:gustavo.randich@gmail.com]
<br>
<b>Sent:</b> Friday, 3 June 2016 7:40 AM<br>
<b>To:</b> openstack-operators@lists.openstack.org; openstack@lists.openstack.org<br>
<b>Subject:</b> [Openstack-operators] problem with DVR in Kilo and floating IPs<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Using DVR in Kilo, I've the following issue:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<blockquote style="margin-left:30.0pt;margin-right:0cm">
<div>
<p class="MsoNormal">- VM1 is in tenant network 1 (fixed IP 10.97.2.4)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- VM2 is in tenant network 2 (fixed IP 10.97.0.4)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- a router connects both networks<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- VM1 and VM2 both have floating IPs<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- I can ping from VM1 to VM2 using fixed / internal IP<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- I cannot SSH from VM1 to VM2 using fixed IP, because of "ssh_exchange_identification: read: Connection reset by peer"<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- iperf output between both VMs using fixed IP is strange (see below)<o:p></o:p></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If I remove floating IP in VM2 (target VM), SSH and iperf begin to work OK<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The problem is not present with two VM1 in the *same* tenant network and both having floating IPs<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Any ideas?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">------------<o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">VM1# tracepath 10.97.0.4<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> 1?: [LOCALHOST] pmtu 1500<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> 1: 10.97.2.1 0.322ms<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> 1: 10.97.2.1 0.436ms<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> 2: 10.97.0.4 0.962ms reached<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> Resume: pmtu 1500 hops 2 back 4<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">VM1# ping 10.97.0.4<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">PING 10.97.0.4 (10.97.0.4) 56(84) bytes of data.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">64 bytes from <a href="http://10.97.0.4">10.97.0.4</a>: icmp_seq=1 ttl=61 time=1.23 ms<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">^C<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">--- 10.97.0.4 ping statistics ---<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">1 packets transmitted, 1 received, 0% packet loss, time 0ms<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">rtt min/avg/max/mdev = 1.231/1.231/1.231/0.000 ms<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">VM1# ssh 10.97.0.4<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">ssh_exchange_identification: read: Connection reset by peer<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">VM1# iperf -c 10.97.0.4<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">------------------------------------------------------------<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Client connecting to 10.97.0.4, TCP port 5001<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">TCP window size: 85.0 KByte (default)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">------------------------------------------------------------<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">[ 3] local 10.97.2.4 port 47014 connected with 10.97.0.4 port 5001<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">[ ID] Interval Transfer Bandwidth<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">[ 3] 0.0-10.0 sec 0.00 ▒ ▒▒s 14746824734997131264 Bytes/sec<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">VM2# # iperf -s<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">------------------------------------------------------------<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Server listening on TCP port 5001<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">TCP window size: 85.3 KByte (default)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">------------------------------------------------------------<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">[ 4] local 10.97.0.4 port 5001 connected with 10.182.0.58 port 47014<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">[ ID] Interval Transfer Bandwidth<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">[ 4] 0.0- 0.0 sec 14.1 KBytes 9.36 Mbits/sec<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>