[Bug 2077430] Re: [OVN] two routers connected to the same network do not work properly

[Damian Dąbrowski]

** Description changed:

- 
  # Problem Description
  
  I have:
  
  - 2 VMs connected to inner-net
  - inner-router(with default gateway in outer-net and a port in inner-net)
  - outer router(with default gateway in public network and a port in outer-net)
  
  NOTE: I don't have any static routes defined for these routers.
  
  Graphical visualization can be found here:
  https://i.ibb.co/gzjd604/Screenshot-from-2024-08-20-13-26-55.png
  
  This scenario works perfectly fine for OVS ML2 driver(VMs have Internet
  connectivity), but not for OVN.
  
  I noticed that gateway port for inner-router is DOWN(you can see this on
  the above screenshot) which looks quite suspicious.
  
  I applied https://review.opendev.org/c/openstack/neutron/+/907504 but it
  didn't solve the problem.
+ 
+ # Further Investigation
+ 
+ I noticed that inner-router's gateway interface does not have a chassis
+ assigned:
+ 
+ ```
+ router 7a5baad4-657d-42fc-bf35-1b8e4115050e (neutron-028eb3f7-af0b-4080-87d6-e84b24675b6d) (aka inner-router)
+     port lrp-a221d264-8fa3-4430-99f7-f453887b96aa
+         mac: "fa:16:3e:af:b0:ae"
+         networks: ["10.10.0.60/24"]
+     port lrp-9ac7815d-75dc-4198-aa94-bfe5ad5431e2
+         mac: "fa:16:3e:05:30:57"
+         networks: ["10.0.0.1/24"]
+     nat 8fca2dfd-2284-4e18-98be-137606f0f0b9
+         external ip: "10.10.0.60"
+         logical ip: "10.0.0.0/24"
+         type: "snat"
+ ```
+ 
+ I fixed it with `ovn-nbctl lrp-set-gateway-chassis
+ lrp-a221d264-8fa3-4430-99f7-f453887b96aa
+ efcb326f-f18c-4b65-9da9-260dd0e2e603`.
+ 
+ Now everything looks good. Internet connectivity is working and neutron
+ gateway port(10.10.0.60) is ACTIVE instead of DOWN.
  
  # How to reproduce the issue
  
  (assuming that you have a test environment with 'public' network already
  defined)
  
  ```
  openstack network create outer-net --external --disable-port-security
  openstack subnet create --network outer-net --subnet-range 10.10.0.0/24 outer-subnet
  openstack router create outer-router --external-gateway public
  openstack router add subnet outer-router outer-subnet
  
  openstack network create inner-net --disable-port-security
  openstack subnet create --network inner-net --subnet-range 10.0.0.0/24 inner-subnet
  openstack router create --external-gateway outer-net inner-router
  openstack router add subnet inner-router inner-subnet
  
  openstack server create \
  --network inner-net \
  --image 'cirros' \
  --flavor 'tempest1' \
  vm-inner-1
  ```
  
  Then, log in to vm-inner-1 and try to ping 8.8.8.8.
  For OVS it works, for OVN it doesn't.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/2077430

Title:
  [OVN] two routers connected to the same network do not work properly

Status in neutron package in Ubuntu:
  New

Bug description:
  # Problem Description

  I have:

  - 2 VMs connected to inner-net
  - inner-router(with default gateway in outer-net and a port in inner-net)
  - outer router(with default gateway in public network and a port in outer-net)

  NOTE: I don't have any static routes defined for these routers.

  Graphical visualization can be found here:
  https://i.ibb.co/gzjd604/Screenshot-from-2024-08-20-13-26-55.png

  This scenario works perfectly fine for OVS ML2 driver(VMs have
  Internet connectivity), but not for OVN.

  I noticed that gateway port for inner-router is DOWN(you can see this
  on the above screenshot) which looks quite suspicious.

  I applied https://review.opendev.org/c/openstack/neutron/+/907504 but
  it didn't solve the problem.

  # Further Investigation

  I noticed that inner-router's gateway interface does not have a
  chassis assigned:

  ```
  router 7a5baad4-657d-42fc-bf35-1b8e4115050e (neutron-028eb3f7-af0b-4080-87d6-e84b24675b6d) (aka inner-router)
      port lrp-a221d264-8fa3-4430-99f7-f453887b96aa
          mac: "fa:16:3e:af:b0:ae"
          networks: ["10.10.0.60/24"]
      port lrp-9ac7815d-75dc-4198-aa94-bfe5ad5431e2
          mac: "fa:16:3e:05:30:57"
          networks: ["10.0.0.1/24"]
      nat 8fca2dfd-2284-4e18-98be-137606f0f0b9
          external ip: "10.10.0.60"
          logical ip: "10.0.0.0/24"
          type: "snat"
  ```

  I fixed it with `ovn-nbctl lrp-set-gateway-chassis
  lrp-a221d264-8fa3-4430-99f7-f453887b96aa
  efcb326f-f18c-4b65-9da9-260dd0e2e603`.

  Now everything looks good. Internet connectivity is working and
  neutron gateway port(10.10.0.60) is ACTIVE instead of DOWN.

  # How to reproduce the issue

  (assuming that you have a test environment with 'public' network
  already defined)

  ```
  openstack network create outer-net --external --disable-port-security
  openstack subnet create --network outer-net --subnet-range 10.10.0.0/24 outer-subnet
  openstack router create outer-router --external-gateway public
  openstack router add subnet outer-router outer-subnet

  openstack network create inner-net --disable-port-security
  openstack subnet create --network inner-net --subnet-range 10.0.0.0/24 inner-subnet
  openstack router create --external-gateway outer-net inner-router
  openstack router add subnet inner-router inner-subnet

  openstack server create \
  --network inner-net \
  --image 'cirros' \
  --flavor 'tempest1' \
  vm-inner-1
  ```

  Then, log in to vm-inner-1 and try to ping 8.8.8.8.
  For OVS it works, for OVN it doesn't.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/2077430/+subscriptions