Direct Server Return load balancer does not work in Red Hat OpenStack Platform with ML2/OVN plugin

Solution Verified - Updated -

Issue

  • Implement a Direct Server Return load balancer on a instance of Red Hat OpenStack Platform.
    Note: Direct Server Return load balancer is also known as Direct Routing load balancer. The name may vary depending on the load balancing software.
  • VIP of the load balancer has been added to allowed-address-pairs of the ports.
  • However, the Direct Server Return load balancer doesn't work.
    Client cannot connect to the server via the load balancer.
  • Packet captures indicates that ACK packets are dropped when client send the packets to the load balancer.
 Client                       Loadbalancer                                              Server
   InstanceA                    InstanceB                                                 InstanceC
   aa:aa:aa:aa:aa:aa            bb:bb:bb:bb:bb:bb                                         cc:cc:cc:cc:cc:cc
   10.0.0.1                     10.0.0.100(VIP)                                           10.0.0.100(VIP)
     |                           |                                                         |
     |  TCP SYN                  |                                                         |
     |  src: aa:aa:aa:aa:aa:aa   |                                                         |
     |       10.0.0.1            |                                                         |
     |  dst: bb:bb:bb:bb:bb:bb   |                                                         |
     |       10.0.0.100          |                                                         |
     |-------------------------->|                                                         |
     |                           |  TCP SYN                                                |
     |                           |  src: bb:bb:bb:bb:bb:bb                                 |
     |                           |       10.0.0.1                                          |
     |                           |  dst: cc:cc:cc:cc:cc:cc                                 |
     |                           |       10.0.0.100                                        |
     |                           |---------------------------> eth1 - - - - > eth1 ------->|
     |                           |                           computeA       computeB       |
     |              TCP SYN+ACK                                                            |
     |              src: cc:cc:cc:cc:cc:cc                                                 |
     |                   10.0.0.100                                                        |
     |              dst: aa:aa:aa:aa:aa:aa                                                 |
     |                   10.0.0.1                                     VLAN 3               |
     |<------------------------------------------------------- eth1 < - - - - eth1 <-------|
     |                           |                           computeA       computeB       |
     |  TCP ACK                  |                                                         |
     |  src: aa:aa:aa:aa:aa:aa   |                                                         |
     |       10.0.0.1            |                                                         |
     |  dst: bb:bb:bb:bb:bb:bb   |                                                         |
     |       10.0.0.100          |                                                         |
     |---------------------->*   |                                                         |
     |                   dropped |                                                         |
     |                    here   |                                                         |
     |                           |                                                         |
  • This issue doesn't occur on ML2/OVS environment.

Environment

  • Red Hat OpenStack Platform 16.1
  • Red Hat OpenStack Platform 16.2
  • Red Hat OpenStack Platform 17.0
  • ML2/OVN

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content