[Openstack] packets not reaching VM
Brian Haley
brian.haley at hpe.com
Wed Jun 22 14:46:10 UTC 2016
On 06/22/2016 03:42 AM, Priyanka wrote:
> Hi,
>
> We have a Openstack Juno setup with 1 controller+neutron node and 3 compute
> nodes. 1 VM (LB) has ipvsadm installed and two VMs act as back end server.
>
> On the server with ipvsadm I have eth0:0 IP as 192.168.1.21 which acts as
> application IP. The ipvsadm uses round robin scheme. This is done using commands
> as below:
>
> sudo ipvsadm -A -t 192.168.1.21:6000 -s rr
> sudo ipvsadm -a -t 192.168.1.21:6000 -r 192.168.1.77:6000 -g
> sudo ipvsadm -a -t 192.168.1.21:6000 -r 192.168.1.79:6000 -g
>
> where 192.168.1.77 and 192.168.1.79 are back end server VM IP.
>
> The problem is that the packets go out of the LB VM but never reach the back end
> server.
You had asked a similar question last week, and I had asked why you just weren't
using Neutron LBaaS to do this? Seems you are trying to implement your own
load-balancer inside a tenant VM.
Also, Juno is very old, using a newer release would give you access to Octavia
(LBaaS v2) that has more advanced features.
> In the tcpdumps on various interfaces show that the packet reach till qbr of the
> LB VM but donot reach the qvo interface of LB VM. Are there any rules that get
> applied here which block these packets. The packets from the client VM are sent
> to back end server by the LB VM by changing the destination MAC of the packets.
> The packets that leave LB VM to reach back end VM have source as the client VM
> IP and destination IP as 192.168.1.21 (application IP) and the src MAC of LB VM
> and dst MAC of backend server VM. Is this the reason for the packets to be
> blocked. Is there any way to allow these packets to flow to the back end server?
There are anti-spoofing rules installed that are most likely causing the packets
to get dropped.
-Brian
More information about the Openstack
mailing list