[Bug 2075495] Re: ipv6 dnat_and_snat does not work in distributed mode
Reason li
2075495 at bugs.launchpad.net
Thu Aug 1 08:11:02 UTC 2024
** Description changed:
Description of problem:
- When I use the following command to configure the ipv6 floating IP, the function does not work properly.
+ When I use the following command to configure the ipv6 distributed floating IP, the function does not work properly.
ovn-nbctl lr-nat-add ROUTER TYPE EXTERNAL_IP LOGICAL_IP [LOGICAL_PORT
EXTERNAL_MAC]
version: main
Examples:
(ovn-sb-db)[root at control03 /]# ovn-nbctl lr-nat-add 10f6f37a-afb3-46a9-9aa6-91371cdeba1c dnat_and_snat 3333::8f fa16::f816:3eff:fe80:fb38 744e11a6-aa99-4b56-9258-e5429bed043b fa:16:3e:19:ba:cc
(ovn-sb-db)[root at control03 /]# ovn-nbctl show 10f6f37a-afb3-46a9-9aa6-91371cdeba1c
router 10f6f37a-afb3-46a9-9aa6-91371cdeba1c (neutron-278772e5-a800-4c2f-b74f-237dc7b35c8c) (aka route_test_ipv6nat)
- port lrp-44f7bde4-5ecd-44fd-8b95-d87fe60dd750
- mac: "fa:16:3e:58:c8:02"
- networks: ["fa16::1/64"]
- port lrp-d135efaa-ff60-4047-a512-24fe592ebb6a
- mac: "fa:16:3e:f0:f3:d0"
- networks: ["123.123.0.1/24"]
- port lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe
- mac: "fa:16:3e:19:ba:35"
- networks: ["192.168.0.106/24", "3333::d1/120"]
- gateway chassis: [324e165cbbeefd8f611f8d6ad0ccca6c e4d7d407ee471b88ffe74fc779a26fcf 41ada164f3652920346ca3ed20e6513d]
- nat 8c503bae-a471-4b2f-87ce-2ab585460bee
- external ip: "3333::8f"
- logical ip: "fa16::f816:3eff:fe80:fb38"
- type: "dnat_and_snat"
+ port lrp-44f7bde4-5ecd-44fd-8b95-d87fe60dd750
+ mac: "fa:16:3e:58:c8:02"
+ networks: ["fa16::1/64"]
+ port lrp-d135efaa-ff60-4047-a512-24fe592ebb6a
+ mac: "fa:16:3e:f0:f3:d0"
+ networks: ["123.123.0.1/24"]
+ port lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe
+ mac: "fa:16:3e:19:ba:35"
+ networks: ["192.168.0.106/24", "3333::d1/120"]
+ gateway chassis: [324e165cbbeefd8f611f8d6ad0ccca6c e4d7d407ee471b88ffe74fc779a26fcf 41ada164f3652920346ca3ed20e6513d]
+ nat 8c503bae-a471-4b2f-87ce-2ab585460bee
+ external ip: "3333::8f"
+ logical ip: "fa16::f816:3eff:fe80:fb38"
+ type: "dnat_and_snat"
(ovn-sb-db)[root at control03 /]# ovn-nbctl list nat
_uuid : 8c503bae-a471-4b2f-87ce-2ab585460bee
allowed_ext_ips : []
exempted_ext_ips : []
external_ids : {}
external_ip : "3333::8f"
external_mac : "fa:16:3e:19:ba:cc"
external_port_range : ""
gateway_port : []
logical_ip : "fa16::f816:3eff:fe80:fb38"
logical_port : "744e11a6-aa99-4b56-9258-e5429bed043b"
options : {stateless="false"}
type : dnat_and_snat
Everything works fine up to this point, so keep checking ovn-sb's table port_binding
(ovn-sb-db)[root at control03 /]# ovn-sbctl list port_binding 4b4ccff5-f030-4c66-b6eb-b7dd43db4f2c
_uuid : 4b4ccff5-f030-4c66-b6eb-b7dd43db4f2c
additional_chassis : []
additional_encap : []
chassis : []
datapath : b92d5cbf-08a4-49c1-ae24-3a0d7b0b1782
encap : []
external_ids : {"neutron:cidrs"="192.168.0.106/24 3333::d1/120", "neutron:device_id"="278772e5-a800-4c2f-b74f-237dc7b35c8c", "neutron:device_owner"="network:router_gateway", "neutron:network_name"=neutron-b6546c61-312a-47ac-9124-d19c9b871e92, "neutron:port_name"="", "neutron:project_id"="", "neutron:revision_number"="51", "neutron:security_group_ids"=""}
gateway_chassis : []
ha_chassis_group : []
logical_port : "3e9af04c-1e53-42e8-943a-b46ecec15fbe"
mac : [router]
nat_addresses : ["fa:16:3e:19:ba:35 192.168.0.106 is_chassis_resident(\"cr-lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe\")"]
options : {peer=lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe}
parent_port : []
port_security : []
requested_additional_chassis: []
requested_chassis : []
tag : []
tunnel_key : 3
type : patch
up : false
virtual_parent : []
I found that nat_addresses has no information about ipv6
nat_addresses should have something like this "fa:16:3e:19:ba:cc 3333::8f is_chassis_resident(\"744e11a6-aa99-4b56-9258-e5429bed043b\")"
I add what is missing above to nat_addresses by hand,then ipv6
distributed floating IP is functional
So I think there's something wrong with ovn-northd.
Reading the code in northd.c, I see that the get_nat_addresses function
only checks the external_ip address in IPV4 format.Is this why the ipv6
configuration was skipped?
northd.c Line 2381
static char **
get_nat_addresses(const struct ovn_port *op, size_t *n, bool routable_only,
- bool include_lb_ips,
- const struct lr_stateful_record *lr_stateful_rec)
+ bool include_lb_ips,
+ const struct lr_stateful_record *lr_stateful_rec)
{
......
- /* Get NAT IP addresses. */
- for (size_t i = 0; i < op->od->nbr->n_nat; i++) {
- ......
- char *error = ip_parse_masked(nat->external_ip, &ip, &mask);
- if (error || mask != OVS_BE32_MAX) {
- free(error);
- continue;
- }
+ /* Get NAT IP addresses. */
+ for (size_t i = 0; i < op->od->nbr->n_nat; i++) {
+ ......
+ char *error = ip_parse_masked(nat->external_ip, &ip, &mask);
+ if (error || mask != OVS_BE32_MAX) {
+ free(error);
+ continue;
+ }
I think IPV6 address verification should be added here. Please kindly
confirm this problem
** Description changed:
Description of problem:
When I use the following command to configure the ipv6 distributed floating IP, the function does not work properly.
ovn-nbctl lr-nat-add ROUTER TYPE EXTERNAL_IP LOGICAL_IP [LOGICAL_PORT
EXTERNAL_MAC]
version: main
Examples:
- (ovn-sb-db)[root at control03 /]# ovn-nbctl lr-nat-add 10f6f37a-afb3-46a9-9aa6-91371cdeba1c dnat_and_snat 3333::8f fa16::f816:3eff:fe80:fb38 744e11a6-aa99-4b56-9258-e5429bed043b fa:16:3e:19:ba:cc
+ # ovn-nbctl lr-nat-add 10f6f37a-afb3-46a9-9aa6-91371cdeba1c dnat_and_snat 3333::8f fa16::f816:3eff:fe80:fb38 744e11a6-aa99-4b56-9258-e5429bed043b fa:16:3e:19:ba:cc
- (ovn-sb-db)[root at control03 /]# ovn-nbctl show 10f6f37a-afb3-46a9-9aa6-91371cdeba1c
+ # ovn-nbctl show 10f6f37a-afb3-46a9-9aa6-91371cdeba1c
router 10f6f37a-afb3-46a9-9aa6-91371cdeba1c (neutron-278772e5-a800-4c2f-b74f-237dc7b35c8c) (aka route_test_ipv6nat)
port lrp-44f7bde4-5ecd-44fd-8b95-d87fe60dd750
mac: "fa:16:3e:58:c8:02"
networks: ["fa16::1/64"]
port lrp-d135efaa-ff60-4047-a512-24fe592ebb6a
mac: "fa:16:3e:f0:f3:d0"
networks: ["123.123.0.1/24"]
port lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe
mac: "fa:16:3e:19:ba:35"
networks: ["192.168.0.106/24", "3333::d1/120"]
gateway chassis: [324e165cbbeefd8f611f8d6ad0ccca6c e4d7d407ee471b88ffe74fc779a26fcf 41ada164f3652920346ca3ed20e6513d]
nat 8c503bae-a471-4b2f-87ce-2ab585460bee
external ip: "3333::8f"
logical ip: "fa16::f816:3eff:fe80:fb38"
type: "dnat_and_snat"
- (ovn-sb-db)[root at control03 /]# ovn-nbctl list nat
+ # ovn-nbctl list nat
_uuid : 8c503bae-a471-4b2f-87ce-2ab585460bee
allowed_ext_ips : []
exempted_ext_ips : []
external_ids : {}
external_ip : "3333::8f"
external_mac : "fa:16:3e:19:ba:cc"
external_port_range : ""
gateway_port : []
logical_ip : "fa16::f816:3eff:fe80:fb38"
logical_port : "744e11a6-aa99-4b56-9258-e5429bed043b"
options : {stateless="false"}
type : dnat_and_snat
Everything works fine up to this point, so keep checking ovn-sb's table port_binding
- (ovn-sb-db)[root at control03 /]# ovn-sbctl list port_binding 4b4ccff5-f030-4c66-b6eb-b7dd43db4f2c
+ # ovn-sbctl list port_binding 4b4ccff5-f030-4c66-b6eb-b7dd43db4f2c
_uuid : 4b4ccff5-f030-4c66-b6eb-b7dd43db4f2c
additional_chassis : []
additional_encap : []
chassis : []
datapath : b92d5cbf-08a4-49c1-ae24-3a0d7b0b1782
encap : []
external_ids : {"neutron:cidrs"="192.168.0.106/24 3333::d1/120", "neutron:device_id"="278772e5-a800-4c2f-b74f-237dc7b35c8c", "neutron:device_owner"="network:router_gateway", "neutron:network_name"=neutron-b6546c61-312a-47ac-9124-d19c9b871e92, "neutron:port_name"="", "neutron:project_id"="", "neutron:revision_number"="51", "neutron:security_group_ids"=""}
gateway_chassis : []
ha_chassis_group : []
logical_port : "3e9af04c-1e53-42e8-943a-b46ecec15fbe"
mac : [router]
nat_addresses : ["fa:16:3e:19:ba:35 192.168.0.106 is_chassis_resident(\"cr-lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe\")"]
options : {peer=lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe}
parent_port : []
port_security : []
requested_additional_chassis: []
requested_chassis : []
tag : []
tunnel_key : 3
type : patch
up : false
virtual_parent : []
I found that nat_addresses has no information about ipv6
nat_addresses should have something like this "fa:16:3e:19:ba:cc 3333::8f is_chassis_resident(\"744e11a6-aa99-4b56-9258-e5429bed043b\")"
- I add what is missing above to nat_addresses by hand,then ipv6
- distributed floating IP is functional
+ I shut down ovn-northd for now and add what is missing above to
+ nat_addresses by hand,then ipv6 distributed floating IP is functional.
So I think there's something wrong with ovn-northd.
Reading the code in northd.c, I see that the get_nat_addresses function
only checks the external_ip address in IPV4 format.Is this why the ipv6
configuration was skipped?
northd.c Line 2381
static char **
get_nat_addresses(const struct ovn_port *op, size_t *n, bool routable_only,
bool include_lb_ips,
const struct lr_stateful_record *lr_stateful_rec)
{
......
/* Get NAT IP addresses. */
for (size_t i = 0; i < op->od->nbr->n_nat; i++) {
......
char *error = ip_parse_masked(nat->external_ip, &ip, &mask);
if (error || mask != OVS_BE32_MAX) {
free(error);
continue;
}
I think IPV6 address verification should be added here. Please kindly
confirm this problem
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ovn in Ubuntu.
https://bugs.launchpad.net/bugs/2075495
Title:
ipv6 dnat_and_snat does not work in distributed mode
Status in ovn package in Ubuntu:
New
Bug description:
Description of problem:
When I use the following command to configure the ipv6 distributed floating IP, the function does not work properly.
ovn-nbctl lr-nat-add ROUTER TYPE EXTERNAL_IP LOGICAL_IP [LOGICAL_PORT
EXTERNAL_MAC]
version: main
Examples:
# ovn-nbctl lr-nat-add 10f6f37a-afb3-46a9-9aa6-91371cdeba1c dnat_and_snat 3333::8f fa16::f816:3eff:fe80:fb38 744e11a6-aa99-4b56-9258-e5429bed043b fa:16:3e:19:ba:cc
# ovn-nbctl show 10f6f37a-afb3-46a9-9aa6-91371cdeba1c
router 10f6f37a-afb3-46a9-9aa6-91371cdeba1c (neutron-278772e5-a800-4c2f-b74f-237dc7b35c8c) (aka route_test_ipv6nat)
port lrp-44f7bde4-5ecd-44fd-8b95-d87fe60dd750
mac: "fa:16:3e:58:c8:02"
networks: ["fa16::1/64"]
port lrp-d135efaa-ff60-4047-a512-24fe592ebb6a
mac: "fa:16:3e:f0:f3:d0"
networks: ["123.123.0.1/24"]
port lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe
mac: "fa:16:3e:19:ba:35"
networks: ["192.168.0.106/24", "3333::d1/120"]
gateway chassis: [324e165cbbeefd8f611f8d6ad0ccca6c e4d7d407ee471b88ffe74fc779a26fcf 41ada164f3652920346ca3ed20e6513d]
nat 8c503bae-a471-4b2f-87ce-2ab585460bee
external ip: "3333::8f"
logical ip: "fa16::f816:3eff:fe80:fb38"
type: "dnat_and_snat"
# ovn-nbctl list nat
_uuid : 8c503bae-a471-4b2f-87ce-2ab585460bee
allowed_ext_ips : []
exempted_ext_ips : []
external_ids : {}
external_ip : "3333::8f"
external_mac : "fa:16:3e:19:ba:cc"
external_port_range : ""
gateway_port : []
logical_ip : "fa16::f816:3eff:fe80:fb38"
logical_port : "744e11a6-aa99-4b56-9258-e5429bed043b"
options : {stateless="false"}
type : dnat_and_snat
Everything works fine up to this point, so keep checking ovn-sb's table port_binding
# ovn-sbctl list port_binding 4b4ccff5-f030-4c66-b6eb-b7dd43db4f2c
_uuid : 4b4ccff5-f030-4c66-b6eb-b7dd43db4f2c
additional_chassis : []
additional_encap : []
chassis : []
datapath : b92d5cbf-08a4-49c1-ae24-3a0d7b0b1782
encap : []
external_ids : {"neutron:cidrs"="192.168.0.106/24 3333::d1/120", "neutron:device_id"="278772e5-a800-4c2f-b74f-237dc7b35c8c", "neutron:device_owner"="network:router_gateway", "neutron:network_name"=neutron-b6546c61-312a-47ac-9124-d19c9b871e92, "neutron:port_name"="", "neutron:project_id"="", "neutron:revision_number"="51", "neutron:security_group_ids"=""}
gateway_chassis : []
ha_chassis_group : []
logical_port : "3e9af04c-1e53-42e8-943a-b46ecec15fbe"
mac : [router]
nat_addresses : ["fa:16:3e:19:ba:35 192.168.0.106 is_chassis_resident(\"cr-lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe\")"]
options : {peer=lrp-3e9af04c-1e53-42e8-943a-b46ecec15fbe}
parent_port : []
port_security : []
requested_additional_chassis: []
requested_chassis : []
tag : []
tunnel_key : 3
type : patch
up : false
virtual_parent : []
I found that nat_addresses has no information about ipv6
nat_addresses should have something like this "fa:16:3e:19:ba:cc 3333::8f is_chassis_resident(\"744e11a6-aa99-4b56-9258-e5429bed043b\")"
I shut down ovn-northd for now and add what is missing above to
nat_addresses by hand,then ipv6 distributed floating IP is
functional.
So I think there's something wrong with ovn-northd.
Reading the code in northd.c, I see that the get_nat_addresses
function only checks the external_ip address in IPV4 format.Is this
why the ipv6 configuration was skipped?
northd.c Line 2381
static char **
get_nat_addresses(const struct ovn_port *op, size_t *n, bool routable_only,
bool include_lb_ips,
const struct lr_stateful_record *lr_stateful_rec)
{
......
/* Get NAT IP addresses. */
for (size_t i = 0; i < op->od->nbr->n_nat; i++) {
......
char *error = ip_parse_masked(nat->external_ip, &ip, &mask);
if (error || mask != OVS_BE32_MAX) {
free(error);
continue;
}
I think IPV6 address verification should be added here. Please kindly
confirm this problem
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/2075495/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list