Public bug reported: The latest neutron-lbaas stable/liberty repo, the loadbalancer VIP will not forward http packets to its pool members.
http to pool members are OK, but http to loadbalancer VIP failed. Look at the VIP's port security-group, and it is correctly wired to the security-group-id. stack@htb-1n-eng-dhcp8:~/devstack$ neutron router-list +--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | name | external_gateway_info | +--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 6181d39e-9e0c-4209-a20a-7708b49f9adb | router1 | {"network_id": "7bf2d2d9-c714-46fe-a785-d1f4f43f0520", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "cc99a75d-229a-47ef-801a-095f1afa590a", "ip_address": "172.24.4.2"}]} | | e31ca56f-eb2f-4903-a254-a91ac736074c | venus-lb2-1506387029 | {"network_id": "7bf2d2d9-c714-46fe-a785-d1f4f43f0520", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "cc99a75d-229a-47ef-801a-095f1afa590a", "ip_address": "172.24.4.3"}]} | +--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ stack@htb-1n-eng-dhcp8:~/devstack$ neutron lbaas-loadbalancer-list +--------------------------------------+-----------+-------------+---------------------+----------+ | id | name | vip_address | provisioning_status | provider | +--------------------------------------+-----------+-------------+---------------------+----------+ | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | venus-lb2 | 10.199.88.5 | ACTIVE | haproxy | +--------------------------------------+-----------+-------------+---------------------+----------+ stack@htb-1n-eng-dhcp8:~/devstack$ neutron lbaas-loadbalancer-show venus-lb2 +---------------------+------------------------------------------------+ | Field | Value | +---------------------+------------------------------------------------+ | admin_state_up | True | | description | | | id | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | | listeners | {"id": "7db08049-472a-4d95-bd33-7a3c42bd4cb9"} | | name | venus-lb2 | | operating_status | ONLINE | | provider | haproxy | | provisioning_status | ACTIVE | | tenant_id | eea91ed392d64bae8d9eb41310127f09 | | vip_address | 10.199.88.5 | | vip_port_id | f542905d-8fde-4562-a9a1-e337f2d3c01c | | vip_subnet_id | f8627153-0817-4676-b493-38c9e079426a | +---------------------+------------------------------------------------+ stack@htb-1n-eng-dhcp8:~/devstack$ neutron port-show f542905d-8fde-4562-a9a1-e337f2d3c01c +-----------------------+------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | htb-1n-eng-dhcp8 | | binding:vif_details | {"port_filter": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | | device_owner | neutron:LOADBALANCERV2 | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "f8627153-0817-4676-b493-38c9e079426a", "ip_address": "10.199.88.5"} | | id | f542905d-8fde-4562-a9a1-e337f2d3c01c | | mac_address | fa:16:3e:7e:9e:5d | | name | loadbalancer-9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | | network_id | 65fa3789-e47f-49b8-a200-169960fc4997 | | port_security_enabled | True | | security_groups | 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77 | | status | ACTIVE | | tenant_id | eea91ed392d64bae8d9eb41310127f09 | +-----------------------+------------------------------------------------------------------------------------+ stack@htb-1n-eng-dhcp8:~/devstack$ neutron security-group-show 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77 +----------------------+--------------------------------------------------------------------+ | Field | Value | +----------------------+--------------------------------------------------------------------+ | description | venus-lb2-1506387029 description | | id | 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77 | | name | venus-lb2-1506387029 | | security_group_rules | { | | | "remote_group_id": null, | | | "direction": "ingress", | | | "remote_ip_prefix": null, | | | "protocol": "tcp", | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": 88, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": 80, | | | "ethertype": "IPv4", | | | "id": "6113145b-9c52-462d-827c-0bfb67e2203f" | | | } | | | { | | | "remote_group_id": null, | | | "direction": "egress", | | | "remote_ip_prefix": null, | | | "protocol": null, | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": null, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": null, | | | "ethertype": "IPv6", | | | "id": "90fa1ff2-3e21-4ad1-8622-d150306689dc" | | | } | | | { | | | "remote_group_id": null, | | | "direction": "ingress", | | | "remote_ip_prefix": null, | | | "protocol": "tcp", | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": 22, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": 22, | | | "ethertype": "IPv4", | | | "id": "af3b5d3a-43b6-4845-85db-e75d5ece2c0b" | | | } | | | { | | | "remote_group_id": null, | | | "direction": "egress", | | | "remote_ip_prefix": null, | | | "protocol": null, | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": null, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": null, | | | "ethertype": "IPv4", | | | "id": "b05f418c-20a7-467f-aa16-df4d96302007" | | | } | | | { | | | "remote_group_id": null, | | | "direction": "ingress", | | | "remote_ip_prefix": null, | | | "protocol": "icmp", | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": null, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": null, | | | "ethertype": "IPv4", | | | "id": "d3a88685-8f60-4f2c-9bfa-c6c7d56ecf44" | | | } | | tenant_id | eea91ed392d64bae8d9eb41310127f09 | +----------------------+--------------------------------------------------------------------+ stack@htb-1n-eng-dhcp8:~/devstack$ ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1594969 Title: stable/liberty lbaas http package not forwarded Status in neutron: New Bug description: The latest neutron-lbaas stable/liberty repo, the loadbalancer VIP will not forward http packets to its pool members. http to pool members are OK, but http to loadbalancer VIP failed. Look at the VIP's port security-group, and it is correctly wired to the security-group-id. stack@htb-1n-eng-dhcp8:~/devstack$ neutron router-list +--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | name | external_gateway_info | +--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 6181d39e-9e0c-4209-a20a-7708b49f9adb | router1 | {"network_id": "7bf2d2d9-c714-46fe-a785-d1f4f43f0520", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "cc99a75d-229a-47ef-801a-095f1afa590a", "ip_address": "172.24.4.2"}]} | | e31ca56f-eb2f-4903-a254-a91ac736074c | venus-lb2-1506387029 | {"network_id": "7bf2d2d9-c714-46fe-a785-d1f4f43f0520", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "cc99a75d-229a-47ef-801a-095f1afa590a", "ip_address": "172.24.4.3"}]} | +--------------------------------------+----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ stack@htb-1n-eng-dhcp8:~/devstack$ neutron lbaas-loadbalancer-list +--------------------------------------+-----------+-------------+---------------------+----------+ | id | name | vip_address | provisioning_status | provider | +--------------------------------------+-----------+-------------+---------------------+----------+ | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | venus-lb2 | 10.199.88.5 | ACTIVE | haproxy | +--------------------------------------+-----------+-------------+---------------------+----------+ stack@htb-1n-eng-dhcp8:~/devstack$ neutron lbaas-loadbalancer-show venus-lb2 +---------------------+------------------------------------------------+ | Field | Value | +---------------------+------------------------------------------------+ | admin_state_up | True | | description | | | id | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | | listeners | {"id": "7db08049-472a-4d95-bd33-7a3c42bd4cb9"} | | name | venus-lb2 | | operating_status | ONLINE | | provider | haproxy | | provisioning_status | ACTIVE | | tenant_id | eea91ed392d64bae8d9eb41310127f09 | | vip_address | 10.199.88.5 | | vip_port_id | f542905d-8fde-4562-a9a1-e337f2d3c01c | | vip_subnet_id | f8627153-0817-4676-b493-38c9e079426a | +---------------------+------------------------------------------------+ stack@htb-1n-eng-dhcp8:~/devstack$ neutron port-show f542905d-8fde-4562-a9a1-e337f2d3c01c +-----------------------+------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | htb-1n-eng-dhcp8 | | binding:vif_details | {"port_filter": true} | | binding:vif_type | ovs | | binding:vnic_type | normal | | device_id | 9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | | device_owner | neutron:LOADBALANCERV2 | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "f8627153-0817-4676-b493-38c9e079426a", "ip_address": "10.199.88.5"} | | id | f542905d-8fde-4562-a9a1-e337f2d3c01c | | mac_address | fa:16:3e:7e:9e:5d | | name | loadbalancer-9b4d8297-0f6d-47c3-80fe-7a09e3c5f5f1 | | network_id | 65fa3789-e47f-49b8-a200-169960fc4997 | | port_security_enabled | True | | security_groups | 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77 | | status | ACTIVE | | tenant_id | eea91ed392d64bae8d9eb41310127f09 | +-----------------------+------------------------------------------------------------------------------------+ stack@htb-1n-eng-dhcp8:~/devstack$ neutron security-group-show 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77 +----------------------+--------------------------------------------------------------------+ | Field | Value | +----------------------+--------------------------------------------------------------------+ | description | venus-lb2-1506387029 description | | id | 86fb9c1e-c9ea-4d03-a57f-b61d4b906d77 | | name | venus-lb2-1506387029 | | security_group_rules | { | | | "remote_group_id": null, | | | "direction": "ingress", | | | "remote_ip_prefix": null, | | | "protocol": "tcp", | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": 88, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": 80, | | | "ethertype": "IPv4", | | | "id": "6113145b-9c52-462d-827c-0bfb67e2203f" | | | } | | | { | | | "remote_group_id": null, | | | "direction": "egress", | | | "remote_ip_prefix": null, | | | "protocol": null, | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": null, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": null, | | | "ethertype": "IPv6", | | | "id": "90fa1ff2-3e21-4ad1-8622-d150306689dc" | | | } | | | { | | | "remote_group_id": null, | | | "direction": "ingress", | | | "remote_ip_prefix": null, | | | "protocol": "tcp", | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": 22, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": 22, | | | "ethertype": "IPv4", | | | "id": "af3b5d3a-43b6-4845-85db-e75d5ece2c0b" | | | } | | | { | | | "remote_group_id": null, | | | "direction": "egress", | | | "remote_ip_prefix": null, | | | "protocol": null, | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": null, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": null, | | | "ethertype": "IPv4", | | | "id": "b05f418c-20a7-467f-aa16-df4d96302007" | | | } | | | { | | | "remote_group_id": null, | | | "direction": "ingress", | | | "remote_ip_prefix": null, | | | "protocol": "icmp", | | | "tenant_id": "eea91ed392d64bae8d9eb41310127f09", | | | "port_range_max": null, | | | "security_group_id": "86fb9c1e-c9ea-4d03-a57f-b61d4b906d77", | | | "port_range_min": null, | | | "ethertype": "IPv4", | | | "id": "d3a88685-8f60-4f2c-9bfa-c6c7d56ecf44" | | | } | | tenant_id | eea91ed392d64bae8d9eb41310127f09 | +----------------------+--------------------------------------------------------------------+ stack@htb-1n-eng-dhcp8:~/devstack$ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1594969/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp