[Openstack] Openstack Kilo, problems with SCTP and neutron DVR...

Brian Haley brian.haley at hpe.com
Thu Dec 10 03:56:40 UTC 2015 

On 12/09/2015 05:44 PM, Daniel.Balsiger at swisscom.com wrote:
> Hi Brian
>
> Thank you for the fast reply. It is very appreciated.
>
> I cannot check if it works without DVR on that particular cloud. I have other users there and I dont wanna touch the (sort-of) production setup. Nobody seems to use SCTP and DVR just works fine for usual TCP/UDP workloads.
>
> However I can try the Liberty release on top of some other nodes in my lab:
> 1. I will try Liberty (without neutron DVR) and see if it works there.
> 2. In case it does I will do the same thing with DVR and hope it still works. ;)
>
> I will have to wait until next week to check that. I ll keep u informed.

I did just try this with Mitaka code, DVR enabled, and it worked going to the 
fixed-ip, but failed going to the floating-ip.  I'll restack without DVR but it 
doesn't seem to be getting forwarded, since I never see the iptables security 
group rule allowing SCTP get hit.

-Brian


> ________________________________________
> From: Brian Haley <brian.haley at hpe.com>
> Sent: Wednesday, December 9, 2015 3:42 PM
> To: Balsiger Daniel, INI-INO-ECO-MXT; openstack at lists.openstack.org
> Subject: Re: [Openstack] Openstack Kilo, problems with SCTP and neutron DVR...
>
> Hi Daniel,
>
> On 12/09/2015 05:57 AM, Daniel.Balsiger at swisscom.com wrote:
>> Hello everybody.
>>
>>
>> I am not sure if it is the right place to ask this question, please direct me to
>> the right list in case it is not.
>>
>> I am running OpenStack Kilo on top of Ubuntu 14.04 with neutron DVR (openvswitch
>> agents, l2population, vxlan overlay)
>>
>>
>> When assigning a public floating IP to a VM and connect from outside by SCTP I
>> cannot see any SCTP packet arriving in the VM. (I can see it on the
>> corresponding compute node br-ex interface though)
>>
>>
>> Security Groups are set up to allow incoming IP protocol 132 from everywhere.
>>
>> SCTP connections are working fine from VM to VM as well (tested with sctp_darn)
>>
>>
>> Is anybody facing the same problem ? Any hints to find out where those packets
>> are dropped/lost ?
>>
>>
>> I already checked the qrouter-* and fip-* namespaces on the corresponding
>> compute node. Did not see anything blocking/dropping those packets in the
>> iptables setup there.
>>
>>
>> Any help is appreciated. Thank you in advance.
>
> Can you verify it works without DVR and/or with the latest Liberty code?  There
> have been a number of bugs fixed in the DVR space since Kilo, and perhaps
> something needs to be backported.
>
> Thanks,
>
> -Brian
>

More information about the Openstack mailing list