On Mon, Nov 17, 2025 at 07:51:15PM +0000, Jeremy Stanley wrote: :On 2025-11-17 14:23:23 -0500 (-0500), Jonathan Proulx wrote: :[...] :> So you do have clients with "private" network addreses using floating ip :> that access your AFS cell normally? :[...] : :Yes, currently one of the public cloud providers who donates resources to :OpenDev has, for reasons I don't understand, mandated that only user-defined :RFC-1918 networks can be attached to server instances so that all Internet :access from server instances requires NAT. We have OpenAFS 1.8.13 currently :running on Ubuntu 24.04 LTS virtual machine instances in three regions there, :all connecting to the Internet through floating IPs, which is how they :communicate with our Internet-connected AFS fileservers (all of which are in :other cloud providers). OK either I'm subtly screwing up my neutron config in a way only AFS notices (quite possible) or they're using a different neutron plugin. I replicated that which is very near our setup, except the server are 1 hop away in the same room, and as soon as I add the Floating IP I loose connection to all the fileservers. The qrouter netns for the router on the private network exists on the hypervisor and all three network nodes (in test) and when it's working I see inbound traffic from the fileserver in this netns on of the controllers but the outbound traffic on the hypervisor 's qrouter netns. When I set the floating ip all traffic appears on the hypervisor's netns, which honestly with DVR is what I expected. So this is somewhat multiply odd, I would expect the first case with asymmetric paths to be more broken than the second. Also Friday when I first hit this I was seeing ICMP unreachables on the fileserver (and not inside the VM) but right now it seems like there's no errors and packets match on both ends of the connection it's just not working... For now I'm going to presume it's me and sift through my neutron configs to see if I'm setting conflicting or otherwise nonsensical options. -Jon -- Jonathan Proulx (he/him) Sr. Technical Architect The Infrastructure Group MIT CSAIL