perryzou_317374
May 25, 2017Altocumulus
VIP is not working
Great ones, Would you help take a look at my problem. Thanks. I have an Openstack instance with F5 lbaasv2. It uses under cloud F5 VE instance with VXLAN overlay. But I won't be able reach vip of created loadbalancer. F5 VE received ARP request about vip, but it won't reply. In addition, there is no any packets captured on tunnel-vxlan-1.
F5 11.6.1 OpenStack: mitaka root@controller1: pip list | grep f5 f5-icontrol-rest (1.3.0) f5-openstack-agent (9.3.0b2) f5-openstack-lbaasv2-driver (9.3.0b2) f5-sdk (2.3.2)
active loadbalancer
neutron lbaas-loadbalancer-list
+--------------------------------------+---------+--------------+---------------------+------------+
| id | name | vip_address | provisioning_status | provider |
+--------------------------------------+---------+--------------+---------------------+------------+
| 0ad55dfc-6f79-4619-9ed7-78fa566add4b | test-lb | 192.168.0.14 | ACTIVE | f5networks |
+--------------------------------------+---------+--------------+---------------------+------------+
virtual address in F5 VE
root@(host-192)(cfg-sync Standalone)(Active)(/Project_3b04b644e8a642f4acbc4275f2488d22)(tmos) list ltm virtual-address
ltm virtual-address Project_0ad55dfc-6f79-4619-9ed7-78fa566add4b {
address 192.168.0.14
auto-delete false
description test-lb:
mask 255.255.255.255
partition Project_3b04b644e8a642f4acbc4275f2488d22
traffic-group /Common/traffic-group-1
}
active members
root@(host-192)(cfg-sync Standalone)(Active)(/Project_3b04b644e8a642f4acbc4275f2488d22)(tmos) list ltm pool
ltm pool Project_7c5c7b3b-02c7-4fdb-add2-497dc7e4cc05 {
description Project_7c5c7b3b-02c7-4fdb-add2-497dc7e4cc05:
members {
192.168.0.8%0:http {
address 192.168.0.8
}
192.168.0.9%0:http {
address 192.168.0.9
}
}
partition Project_3b04b644e8a642f4acbc4275f2488d22
}
member works
root@controller1:~ ip netns exec qdhcp-aa9bfd8f-721b-4a42-8bc7-8e6497e861af curl 192.168.0.8
Welcome to 192.168.0.8
won't reach vip
root@controller1:~ ip netns exec qdhcp-aa9bfd8f-721b-4a42-8bc7-8e6497e861af curl 192.168.0.14
curl: (7) Failed to connect to 192.168.0.14 port 80: No route to host
root@controller1:~
From management console, no traffic is observed on statistics of virtual server.
there is no fdb entry for vip port on controllers.
root@controller1:/var/log/neutron bridge fdb | grep fa:16:3e:2c:61:8a
root@controller1:/var/log/neutron neutron port-list | grep 192.168.0.14
| 85eefe74-1c87-46a9-bb5a-350955bf3d3c | loadbalancer-0ad55dfc-6f79-4619-9ed7-78fa566add4b | fa:16:3e:2c:61:8a | {"subnet_id": "511da169-7aa9-45ae-bcd7-fb9044613320", "ip_address": "192.168.0.14"} |
arp broadcast could be observed on interface of data (used for Overlay). There is no arp reply observed.
[root@host-192:Active:Standalone] Project_3b04b644e8a642f4acbc4275f2488d22 tcpdump -ni lb-data -vvv
tcpdump: listening on lb-data, link-type EN10MB (Ethernet), capture size 96 bytes
08:06:55.838413 IP (tos 0x0, ttl 62, id 17884, offset 0, flags [none], proto: UDP (17), length: 78) 10.153.36.74.27778 > 192.168.250.4.4789: [no cksum] UDP, length 50
08:06:56.838079 IP (tos 0x0, ttl 62, id 17975, offset 0, flags [none], proto: UDP (17), length: 78) 10.153.36.74.27778 > 192.168.250.4.4789: [no cksum] UDP, length 50
open with wireshark
6 7.461238 fa:16:3e:30:c1:3d Broadcast ARP 92 Who has 192.168.0.14? Tell 192.168.0.2
no any traffic is observed on tunnel-vxlan-1 interface in F5 VE instance, even when curl vip.
12: tunnel-vxlan-1: mtu 1500 qdisc noqueue
link/ether fa:16:3e:5b:2c:53 peer 00:00:00:00:00:00
inet 192.168.0.5/22 brd 192.168.3.255 scope global tunnel-vxlan-1
inet6 fe80::f816:3eff:fe5b:2c53/64 scope link
valid_lft forever preferred_lft forever