OpenStack Compute (nova)

floating ip association doesn't correctly assigned to interface specified

Bug #1089709 reported by Ryan Richard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Invalid
Undecided
Unassigned

Bug Description

nova-network specific: [unknown if effects quantum]
Folsom: [looks to effect Grizzly as well]

When creating floating IP pools, an interface is able to be specified. However, when associating the floating IP to an instance it doesn't get assigned to the correct interface. Due to the logic in the code, nova will decide to associate the floating IP the interface that is set as the FLAG public_interface over the interface that is specified when the pool is created.

It would make more sense to switch the order of operations from "FLAG or database setting" to "database setting or FLAG" considering the database setting is more specific.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/17993

Changed in nova:
assignee: nobody → Ryan Richard (ryan-richard)
status: New → In Progress
Revision history for this message
Ryan Richard (ryan-richard) wrote :

Folsom Fix:

interface = floating_ip['interface'] or FLAGS.public_interface

Revision history for this message
Ryan Richard (ryan-richard) wrote :

Looking to get discussion on this to see if my request makes sense.

The fix I propose seems fix the IP association but still breaks floating IPs since the public interface is still used for outbound connectivity.

Thoughts?

Changed in nova:
assignee: Ryan Richard (ryan-richard) → nobody
Ryan Richard (ryan-richard)
Changed in nova:
status: In Progress → Incomplete
Revision history for this message
Vish Ishaya (vishvananda) wrote :

The code is correct. The flag is used as an override so that one can have heterogeneous nodes where the public_interface is different across nodes. For example:

Node 1:
  public_interface=eth0

Node 2:
  public_interface=eth1

If you want to use the interface from the database do not set public_interface. That is why it defaults to None.

Changed in nova:
status: Incomplete → Invalid
Revision history for this message
Ryan Richard (ryan-richard) wrote :

It doesn't make sense to me that I would have to disable a flag to get something more specific to work. If I pass an interface to the floating pool, I expect that to take effect regardless of what I have set in public_interface. It's also confusing that I can specify an interface, the database will show that interface but when I assign the floating IP it doesn't apply it to the interface I want.

Removing the public_interface flag causes the default iptables SNAT rules to watch eth0 which for some installations will be an issue. Specifically, let's say eth0 is my management newtork and eth1 is my default gateway and fixed network interface, I have to have the public_interface flag set to eth1 for instances to be able to reach external networks.

The reason why this hasn't really come up before is that traffic flow and routing will be an issue if you want floating IP traffic to go out a different interface than the default gatway. Very few deployments would ever need to design something different but it does come up. This would be more common for the VLAN manager where you may want to have a floating pool for each vlan.

This may not be a huge problem since Quantum is here but it's come up for a few deployments.

Revision history for this message
Vish Ishaya (vishvananda) wrote :

I understand that it is confusing, but the current implementation is necessary to support heterogeneous nodes as I stated above. I agree that It would be less confusing if the public_interface were set to None by default. In fact, I thought this was already the case, but I see that it isn't. Unfortunately it is probably to late in the cycle to change default values so it will just have to be noted that you need to explicitly set public_interface= to use multiple floating pools.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.