Wednesday, 2022-01-12

« Tuesday, 2022-01-11 Index Thursday, 2022-01-13 »
*** ykarel_ is now known as ykarel06:13
opendevreviewSlawek Kaplonski proposed openstack/neutron-tempest-plugin master: Add new scenario test for VIP address added as allowed addr pair  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/79484107:50
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Make configure_for_func_testing compatible with e.g. Centos  https://review.opendev.org/c/openstack/neutron/+/79962507:56
opendevreviewLajos Katona proposed openstack/os-ken stable/xena: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82429907:57
opendevreviewLajos Katona proposed openstack/os-ken stable/wallaby: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82430007:58
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Cosmetic: Change ._ovn to ._nb_ovn to match ._sb_ovn  https://review.opendev.org/c/openstack/neutron/+/71876708:10
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Allow to use static Local IP openflow rules  https://review.opendev.org/c/openstack/neutron/+/81739908:23
opendevreviewLajos Katona proposed openstack/os-ken stable/victoria: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82430108:29
opendevreviewLajos Katona proposed openstack/os-ken stable/ussuri: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82430208:29
opendevreviewLajos Katona proposed openstack/os-ken stable/train: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82430308:30
opendevreviewRodolfo Alonso proposed openstack/neutron master: Remove "PortBindingMixin" class and related DB table  https://review.opendev.org/c/openstack/neutron/+/82400908:42
opendevreviewRodolfo Alonso proposed openstack/neutron stable/xena: [OVN] Allow only one physical network per bridge  https://review.opendev.org/c/openstack/neutron/+/82434408:45
opendevreviewRodolfo Alonso proposed openstack/neutron stable/wallaby: [OVN] Allow only one physical network per bridge  https://review.opendev.org/c/openstack/neutron/+/82434608:47
opendevreviewRodolfo Alonso proposed openstack/neutron stable/victoria: [OVN] Allow only one physical network per bridge  https://review.opendev.org/c/openstack/neutron/+/82434708:48
opendevreviewRodolfo Alonso proposed openstack/neutron stable/ussuri: [OVN] Allow only one physical network per bridge  https://review.opendev.org/c/openstack/neutron/+/82434808:48
opendevreviewLajos Katona proposed openstack/neutron master: Remove functions to enable Neutron's segments integration  https://review.opendev.org/c/openstack/neutron/+/81821809:05
opendevreviewRodolfo Alonso proposed openstack/networking-ovn stable/train: [OVN] Allow only one physical network per bridge  https://review.opendev.org/c/openstack/networking-ovn/+/82435909:06
*** elodille1 is now known as elodilles09:29
opendevreviewOleg Bondarev proposed openstack/neutron master: Local IP: skip ports with invalid ofport  https://review.opendev.org/c/openstack/neutron/+/82436309:42
opendevreviewMerged openstack/neutron master: Fix placement allocation update for port with network QoS policy  https://review.opendev.org/c/openstack/neutron/+/81542109:42
EugenMayerhow is OVS networking dealing with nat-reflection right now? is https://github.com/openstack/nova/commit/b61e1ea12cd41ea507b1f6496ec1413c93bd679b even applicable for OVS at all?09:52
opendevreviewLajos Katona proposed openstack/neutron master: BFD for Neutron, server side  https://review.opendev.org/c/openstack/neutron/+/80804610:00
opendevreviewLajos Katona proposed openstack/networking-odl master: Fix some requirements  https://review.opendev.org/c/openstack/networking-odl/+/82342810:08
ralonsohEugenMayer, you have FIPs if you need to access external services from a internal IP10:09
ralonsohand this is available in LB, OVS and OVN10:10
opendevreviewMerged openstack/neutron stable/xena: [OVN] Add reverse DNS records  https://review.opendev.org/c/openstack/neutron/+/82359410:38
opendevreviewMerged openstack/neutron stable/wallaby: [OVN] Add reverse DNS records  https://review.opendev.org/c/openstack/neutron/+/82359510:38
opendevreviewMerged openstack/neutron stable/victoria: [OVN] Add reverse DNS records  https://review.opendev.org/c/openstack/neutron/+/82359610:39
opendevreviewMerged openstack/neutron stable/ussuri: [OVN] Add reverse DNS records  https://review.opendev.org/c/openstack/neutron/+/82363110:39
opendevreviewElvira García Ruiz proposed openstack/networking-ovn stable/train: Always update router static route  https://review.opendev.org/c/openstack/networking-ovn/+/82437510:39
opendevreviewMerged openstack/neutron master: Disable tracebacks of eventlet.wsgi.server  https://review.opendev.org/c/openstack/neutron/+/81839110:39
EugenMayerralonsoh not sure what you mean, FIPs is short for floating ips right?10:47
ralonsohyes10:47
opendevreviewLuis Tomas Bolivar proposed openstack/neutron master: Ensure subports status is aligned with parent port  https://review.opendev.org/c/openstack/neutron/+/82437810:47
EugenMayerralonsoh the point here is, AFAICS the service A (client) which is trying to reach service B (target/backend) is using a gateway, which has the same ip as the external ip of service B. the external ip is used with some port forwardings for some few services, like here. So basically , the gw for service a has the same IP as the target external IP10:48
EugenMayerthis is classic nat-reflection, and it seems not to work right now. Or did i missunderstand you?10:49
ralonsohwith FIP you'll expose a different IP per port (or client/server)10:49
ralonsohthis is not nating through a single GW IP 10:50
ralonsohyou are exposing different IPs per service/port10:50
EugenMayeryes, but this is NATing, since i use port forwarding in this case10:50
ralonsohport forwarding uses FIP10:51
ralonsohhttps://docs.openstack.org/neutron/rocky/admin/config-fip-port-forwardings.html10:51
EugenMayerwell then it is simply not working10:52
ralonsohport forwarding is working fine10:52
EugenMayeri just ensure, actually the GW for service A is not the same as the external IP for the service B10:52
ralonsohwhat I don't know is the configuration you have or how are you using it10:52
EugenMayeryes port forwarding is working fine, also here. The point is the reflection is not10:52
EugenMayerGW IP: 1.1.1.110:53
EugenMayerServiceB IP: 2.2.2.2 on port 25 (fips port forwarding)10:53
EugenMayernow a VM from the internal network, tries to reach 2.2.2.2:25 and fails. The reason is nat reflection. Anything else, not inside the openstack stack, can reach 2.2.2.2:25 - does this make more sense to you?10:54
EugenMayersorry, might be a confusion here, so i try to remove that :)10:54
ralonsohthat should work: an internal VM using the GW should have access to service B port10:55
opendevreviewBence Romsics proposed openstack/neutron master: Make the dead vlan actually dead  https://review.opendev.org/c/openstack/neutron/+/82089711:00
opendevreviewBence Romsics proposed openstack/neutron master: DEBUG router ports in dead vlan  https://review.opendev.org/c/openstack/neutron/+/82438711:00
gibiralonsoh, slaweq: could one of you +A https://review.opendev.org/c/openstack/neutron/+/811746 ? Every dependency has been landed for it11:07
slaweqgibi: done11:08
gibislaweq: thanks!11:08
gibiand happy new year :)11:08
opendevreviewElvira García Ruiz proposed openstack/networking-ovn stable/train: Always update router static route  https://review.opendev.org/c/openstack/networking-ovn/+/82437511:08
opendevreviewBence Romsics proposed openstack/neutron master: Make the dead vlan actually dead  https://review.opendev.org/c/openstack/neutron/+/82089711:09
ralonsohgibi, sure11:12
ralonsohok, I was late...11:12
gibiralonsoh: thanks anyhow11:12
gibiand happy new year to you too11:12
ralonsohhappy new year!11:13
opendevreviewOleg Bondarev proposed openstack/neutron master: Add devstack plugin support for Local IP  https://review.opendev.org/c/openstack/neutron/+/81822811:33
EugenMayerralonsoh pitty that it does not. I will try to debug and get some traceroutes and tcpdumps11:41
opendevreviewMerged openstack/neutron stable/xena: Add wait event for metadataagent sb_idl  https://review.opendev.org/c/openstack/neutron/+/82382811:43
opendevreviewMamatisa Nurmatov proposed openstack/neutron-tempest-plugin master: Add local ip scenario tests  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82300711:46
opendevreviewMerged openstack/neutron stable/wallaby: Add wait event for metadataagent sb_idl  https://review.opendev.org/c/openstack/neutron/+/82382911:56
opendevreviewMerged openstack/os-ken stable/xena: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82429912:16
opendevreviewMerged openstack/os-ken stable/wallaby: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82430012:23
opendevreviewMerged openstack/os-ken stable/victoria: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82430112:23
opendevreviewMerged openstack/os-ken stable/ussuri: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82430212:23
opendevreviewMerged openstack/os-ken stable/train: Avoid logging MD5 password for BGP add neighbor  https://review.opendev.org/c/openstack/os-ken/+/82430312:23
opendevreviewOleg Bondarev proposed openstack/neutron master: Add devstack plugin support for Local IP  https://review.opendev.org/c/openstack/neutron/+/81822812:34
opendevreviewLajos Katona proposed openstack/networking-odl master: Fix some requirements  https://review.opendev.org/c/openstack/networking-odl/+/82342812:40
opendevreviewLajos Katona proposed openstack/neutron-lib master: Move API definitions of taas to neutron-lib  https://review.opendev.org/c/openstack/neutron-lib/+/82347512:52
opendevreviewLajos Katona proposed openstack/neutron-lib master: Move API definitions of taas to neutron-lib  https://review.opendev.org/c/openstack/neutron-lib/+/82347512:56
opendevreviewLajos Katona proposed openstack/neutron-lib master: Move API definitions of taas to neutron-lib  https://review.opendev.org/c/openstack/neutron-lib/+/82347513:03
opendevreviewMerged openstack/neutron stable/ussuri: Add wait event for metadataagent sb_idl  https://review.opendev.org/c/openstack/neutron/+/82385113:35
opendevreviewMerged openstack/neutron master: Ensure only the right events are processed  https://review.opendev.org/c/openstack/neutron/+/82381813:52
*** dasm|off is now known as dasm14:00
*** ykarel_ is now known as ykarel14:06
opendevreviewMerged openstack/neutron master: Allow to use static Local IP openflow rules  https://review.opendev.org/c/openstack/neutron/+/81739914:12
opendevreviewElvira García Ruiz proposed openstack/networking-ovn stable/train: Always update router static route  https://review.opendev.org/c/openstack/networking-ovn/+/82437514:13
EugenMayerralonsoh i'am a bit rusty with debugging package flow with OVN, it would be easy for me with tcpdump and bridges, but with linux namespaces i'am not very familiar with. What would be the way you would design this?14:14
EugenMayerralonsoh it seems like using any non FIPs port-forwarded target service, so e.g. our FIP for k8s without port forwarding - works without issues.14:17
EugenMayerJust the port-forwarded ones are problematic, if i understand it right14:18
EugenMayer(we are using xena, if this is relevant)14:18
ralonsohEugenMayer, sorry, I don't know how you use port forwarding without FIPs in Neutron14:19
EugenMayeri use FIPs with portfowarding - as you expected.14:19
ralonsohand what do you need to test?14:20
EugenMayerare you familiar with terraform ?14:21
ralonsohno14:21
EugenMayerok, maybe it helps using the docs. I used openstack classic port forwardin via fips without defining them via tf, and later with.14:22
EugenMayerBasically i expose a FIP using via https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_floatingip_v2 - so the FIP 14:22
EugenMayerthen i use port forwarding https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_portforwarding_v2 to forward the port to an VM14:23
EugenMayerbefore i had TF i did the setup using openstack cli tools. So it is all the way classic FIP + FIP forwardning. All based on vanilla OVN network, no manual hacking or custom cli adjustments. all via openstack rest API14:25
EugenMayerI used https://docs.openstack.org/neutron/latest/admin/config-fip-port-forwardings.html as my reference14:26
EugenMayerThis is a typical cli statement i used before using terraform: https://gist.github.com/EugenMayer/f7e45d5338679ca9821ed454b85c14fb - i would expect that this matches exactly what you call NAT via FIPs14:27
EugenMayerralonsoh anything else i could provide to make you sense that it is setup as expected / it should be done (or not) and it might be a bug?14:28
ralonsohEugenMayer, what you need to provide is how you are trying to connect to this port14:29
ralonsohjust to be able to replicate this issue14:29
EugenMayertelnet externalip port14:29
ralonsohfrom where?14:30
EugenMayeras simple as that right now. From the VM A to VM B via the external IP14:30
ralonsohare the VMs in the same host?14:30
EugenMayerVM A and VM B are both hosted on the same openstack.14:30
ralonsohdo you have DVR?14:30
EugenMayerNo DVR14:30
ralonsohby default OVN has DVR14:30
EugenMayerbut i deactivated it.14:31
EugenMayerThey are on the same compute, yes14:31
ralonsohok, I'll try to replicate this issue14:31
EugenMayeri jsut try using compute1 to compute2, so different computes to see if this can be reproduced this way14:32
opendevreviewMerged openstack/networking-ovn stable/train: Add wait event for metadataagent sb_idl  https://review.opendev.org/c/openstack/networking-ovn/+/82385314:33
EugenMayerralonsoh using a VM-A on compute1 and the target VM-B on compute2 does not work eithere14:34
opendevreviewOleg Bondarev proposed openstack/neutron master: Add Local IP policy rules  https://review.opendev.org/c/openstack/neutron/+/81643514:34
opendevreviewOleg Bondarev proposed openstack/neutron master: Add devstack plugin support for Local IP  https://review.opendev.org/c/openstack/neutron/+/81822814:34
opendevreviewTakashi Kajinami proposed openstack/neutron master: ml2 ovs: Deprecate unused [agent] veth_mtu  https://review.opendev.org/c/openstack/neutron/+/82444614:41
EugenMayerralonsoh let me know if you need anything else to debug here. As said, fairly new to OVN/OVS so my namespace-tooling is poor, but i'll try my best for sure14:42
*** jlibosva is now known as Guest30514:45
EugenMayerralonsoh i have some more facts which might limit the problem space. I have one 'internal' network. When the source VM is part internal, and the target VM is part of internal, it does not work.14:45
ralonsohEugenMayer, please, document this in a launchpad bug14:46
ralonsohso everyone is aware of it and can try to reproduce it14:46
EugenMayersure, any particular project? neutron?14:46
ralonsohyes14:46
EugenMayerralonsoh: https://bugs.launchpad.net/neutron/+bug/1957185 let me know if something is unclear or missing. Hopefully the informations are usefull14:54
ralonsohok14:54
opendevreviewLajos Katona proposed openstack/neutron-tempest-plugin master: QoS min pps API tests  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/80668914:56
opendevreviewTerry Wilson proposed openstack/neutron master: WIP Use neutron db for ovn agents  https://review.opendev.org/c/openstack/neutron/+/81885015:44
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/train: DNM Don't register workers cleanup during the module import  https://review.opendev.org/c/openstack/neutron/+/82445015:57
opendevreviewMerged openstack/neutron master: Enable min pps tempest tests  https://review.opendev.org/c/openstack/neutron/+/81174615:57
*** marlinc is now known as Guest31516:30
jpic__hi all, there's an old abandoned RFE i'd like to take over, is there a procedure for that?16:54
opendevreviewjpic proposed openstack/neutron-specs master: Update our RFE  https://review.opendev.org/c/openstack/neutron-specs/+/82446416:58
opendevreviewjpic proposed openstack/neutron-specs master: Start over from previous RFE  https://review.opendev.org/c/openstack/neutron-specs/+/82446516:58
ralonsohjpic__, I don't think lajoskatona was proposing to deprecate your spec17:48
ralonsohbut just adding more info17:48
ralonsohyou can use the old spec to amend yours, include more content, etc.17:48
lajoskatonajpic__:  For the "multiple routed provider network per compute" spec I just wanted to highlight the history of the topic17:53
lajoskatona jpic__: perhaps that helps to write your spec, and understand all the aspects of the problem, it can be important to read even the comments/discussions under the previous spec/RFE to understand why it was written or voted that way17:55
*** marlinc is now known as Guest32318:04
opendevreviewLajos Katona proposed openstack/os-ken master: Avoid missing key 'password' for neighbor_add  https://review.opendev.org/c/openstack/os-ken/+/82447618:17
opendevreviewMerged openstack/networking-ovn stable/train: Always update router static route  https://review.opendev.org/c/openstack/networking-ovn/+/82437519:49
opendevreviewMamatisa Nurmatov proposed openstack/neutron-tempest-plugin master: Add local ip scenario tests  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82300719:51
*** promethe- is now known as prometheanfire20:42
opendevreviewMerged openstack/neutron stable/train: Fix privileged create_netns function  https://review.opendev.org/c/openstack/neutron/+/82396321:29
*** dasm is now known as dasm|off22:45
*** marlinc is now known as Guest41723:00
« Tuesday, 2022-01-11 Index Thursday, 2022-01-13 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!