[neutron] Floating ips instances not appear in tcpdump

Cristina Mayo admin at gsic.uva.es
Fri Nov 20 10:41:19 UTC 2020


I'm using installation guides with the self service network option (that includes ML2 plugin and linux bridge agent): https://docs.openstack.org/neutron/train/install/install-ubuntu.html (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/0?redirect=https%3A%2F%2Fdocs.openstack.org%2Fneutron%2Ftrain%2Finstall%2Finstall-ubuntu.html&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D)
What I mean is, for example, if I have an apache server running on an instance with a public ip address (floating ip). When I access to that apache server from whatever external network and I capture the traffic on the instance, all packages come from the same IP. I supposed that the controller node is retransmitting the packages and putting its ip address on them.
I capture some packets with tcpdump in this openstack instance with a public ip (floating_ip), for example: 172.24.4.228/32 (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/1?redirect=172.24.4.228%2F32&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D) and I have a controller node with a public IP, for example 172.24.4.100/32, (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/2?redirect=172.24.4.228%2F32&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D) the traces of traffic are something like this, but they should have others external sources IPs:

# tcpdump tcp and port 443 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens7, link-type EN10MB (Ethernet), capture size 262144 bytes
13:21:17.272668 IP 172.24.4.100 (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/3?redirect=172.24.4.228%2F32&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D): (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/4?redirect=172.24.4.228%2F32&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D)49718 (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/5?redirect=hermes.gsic.uva.es.49718&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D) > 172.24.4.228.https: Flags [S], seq 3072401769, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 911923475 ecr 0,sackOK,eol], length 0
13:21:17.272787 IP 172.24.4.228.https > 172.24.4.100 (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/6?redirect=172.24.4.228%2F32&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D): (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/7?redirect=172.24.4.228%2F32&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D)49718: (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/8?redirect=hermes.gsic.uva.es.49718%3A&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D) Flags [S.], seq 678353364, ack 3072401770, win 64308, options [mss 1410,sackOK,TS val 246556960 ecr 911923475,nop,wscale 7], length 0
13:21:17.273556 IP 172.24.4.10 (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/9?redirect=172.24.4.228%2F32&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D)0: (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/10?redirect=172.24.4.228%2F32&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D)49718 (https://link.getmailspring.com/link/1B1F2725-083F-4138-B760-1865E91E9D24@getmailspring.com/11?redirect=hermes.gsic.uva.es.49718&recipient=b3BlbnN0YWNrLWRpc2N1c3NAbGlzdHMub3BlbnN0YWNrLm9yZw%3D%3D) > 172.24.4.228.https: Flags [.], ack 1, win 2053, options [nop,nop,TS val 911923476 ecr 246556960], length 0

So, I can't filter the traffic (in this case http/https) received in the openstack instance because all have the same IP address. The only way that I can see the original ips are capturing packages on the controller node.
I don't have a lot experienced and I'd like to understand it. I hope I have explained better than before.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201120/02284375/attachment-0001.html>


More information about the openstack-discuss mailing list